NDLI: Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2

Please wait, while we are loading the content...

Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2

Content Provider	Semantic Scholar
Author	Halvemaan, K. C. N.
Copyright Year	2017
Abstract	Users of routing networks such as The Second-Generation Onion Router (Tor) expect a high level of anonymity, however, website fingerprinting of Tor traffic can be done with a high accuracy based on metadata of the encrypted data in the Transmission Control Protocol / Internet Protocol (TCP/IP) stream. An eavesdropper listening in on the traffic between the client and the guard node can get an accurate assumption of what website a user has visited by comparing the current stream to a labelled stream from a database that has been collected beforehand. This paper gives a comparison of website fingerprinting attacks between a Tor Browser Bundle (TBB) using just Hypertext Transfer Protocol 1.1 (HTTP/1.1) and a TBB using Hypertext Transfer Protocol 2 (HTTP/2). HTTP/2 has not been enabled by default in the TBB because the code has not been audited and the security implications of enabling it have not been examined. This paper contributes to this study of the implications of using HTTP/2 in TBB. In closed-world experiments an average accuracy of 88.036% (s = 2.0164%) was achieved for HTTP/1.1 and an average accuracy of 86.4585% (s = 3.0871%) for HTTP/2. When training with HTTP/1.1 and testing with HTTP/2 an average accuracy of 64.687% (s = 6.6631%) was achieved. When training with HTTP/2 and testing with HTTP/1.1 an average accuracy of 54.667% (s = 3.5286%) was achieved. The accuracy of an attacker’s website fingerprinting attack will suffer between 20% and 40% when doing a website fingerprinting attack when the Hypertext Transfer Protocol (HTTP) version differs in his model from the one used by its target.
File Format	PDF HTM / HTML
Alternate Webpage(s)	http://ipv4.delaat.net/rp/2016-2017/p55/presentation.pdf
Alternate Webpage(s)	http://ipv4.delaat.net/rp/2016-2017/p55/report.pdf
Language	English
Access Restriction	Open
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in