Can we overcome. FEARLESS engineering

Transcription

1 Can we overcome this

2 With this?

3 Actually Tor

4 The real question is: Can we overcome this

5 using fingerprinting?

6 UT DALLAS Erik Jonsson School of Engineering & Computer Science Adaptive Encrypted Traffic Fingerprinting With Bidirectional Dependence Khaled Al-Naami Latifur Khan Swarup Chandra Ahmad Mustafa Zhiqiang Lin Kevin Hamlen Bhavani Thuraisingham This work is funded by NSF, AFOSR, and NSA.

7 Outline Attack BIND Defenses Experiments Base rate fallacy Adaptive Learning

8 Outline

9 Traffic fingerprinting

10 Website Fingerprinting (WFP) A Traffic Analysis (TA) attack. Threatens web navigation privacy. Attackers learn information about a website accessed by the user. Website = Fingerprint = Signature

11 Website Fingerprinting The Goal is to identify the websites Can harm certain individuals Journalists Activists Bloggers Can also help identify threats Bad people

12 WFP Diagram Tor

13 How about mobile apps? Apps Fingerprinting Threatens apps navigation privacy. Attackers learn information about apps accessed by the user. App = Fingerprint = Signature

14 App Fingerprinting Adversarial view: targeted attacks on well-known vulnerable apps Marketing view: advertisement network bandwidth management app recommendations

15 Apps Fingerprinting

16 Encrypted Data

17 Outline

18 BIND: fingerprinting with BI-directioNal Dependence BIND

19 BIND Observation is that traffic exchanged in the two directions of a connection depend upon each other. Therefore, design a new fingerprinting mechanism (BIND) that leverages this sequence dependence.

20

21 Outline

22 Arms Race Defenders morph packets Attackers BIND

23 Attackers and Defenders Arms Race The competition between attackers and defenders is continually evolving Attackers collect the packets and apply ML. Defenders morph packets (website A to look like website B) The coarser the features, the more resistant BIND: coarse-feature approach

24 Defenses (DTS Distribution-Based) DTS: Direct Target Sampling A: Src Webpage B: Target Webpage DA and DB (Packet Length Distributions) For every packet of length i from A sample packet of length j from DB if j > i then pad i to j and send else send i Continue sampling by adding dummy packets until distance L1(A, B) < 0.3

25 Defenses (TM - Distribution-Based) TM: Traffic Morphing Similar to DTS but sample to pad packets using convex optimization (to minimize padding overhead) Y = AX pmf of target Probabilities to be calc. pmf of source s: packet size

26 Defenses (TM - Distribution-Based) Continue sampling by adding dummy packets until distance L1(A, B) < 0.3

27

28 Outline

29 Closed-world scenario

30 Open-world scenario

31 Closed-world vs Open-world Item Closed-world Open-world Set Finite set of websites - Monitored - Non-Monitored Classification Multi-class (websites) Binary Goal Predict website Predict if a Monitored or nonmonitored website Universe -> M M Closed-world (Finite) Open-world (Infinite & Diverse)

32 Datasets and setup

33 Apps dataset collection process

34 Summary of previous and proposed approaches

35 Closed world w/o Defenses Accuracy %

36 Open world w/o Defenses TPR and FPR %

37 Closed world w/ Traffic Morphing Defense

38 Open world w/ Traffic Morphing/Tamaraw

39 Running Time (cw)

40 Running Time (ow) WKNN and BINDWKNN (> 30 min) due to weight computations. BINDRF (< 60 sec) Yet, BINDRF outperformed BINDWKNN (or WKNN)

41 Outline

42 Base Detection Rate (BDR) Open-world actual classif ed D -D M tp fn -M fp tn

43 BDR prior probability of a targeted client

44 Outline

45 Adaptive Learning

46 Adaptive Learning

47 Adaptive Learning

48 Conclusion A coarse-feature extraction approach (BIND) over encrypted data Capturing dependences between consecutive packet sequences Across multiple domains HTTPS, Tor, Smartphone Apps Closed-world and open-world settings The approach is more resilient to defenses BDR Adaptive Learning

49 Future work Incremental Learning Change Point Detection Multi-tab browsing Tor New defenses Work presented represents attacker Implementing a more successful defense that BIND can t evade

50 Thank you! Questions?