IETF Logo Mail Archive

Re: [EToSat] FW: Website Fingerprinting on Early QUIC Traffic

Christian Huitema <huitema@huitema.net> Thu, 04 February 2021 20:17 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: etosat@ietfa.amsl.com
Delivered-To: etosat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C8963A17B4 for <etosat@ietfa.amsl.com>; Thu, 4 Feb 2021 12:17:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cbmVoLSifJ3s for <etosat@ietfa.amsl.com>; Thu, 4 Feb 2021 12:17:15 -0800 (PST)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CC0C3A17B6 for <etosat@ietf.org>; Thu, 4 Feb 2021 12:17:15 -0800 (PST)
Received: from xse484.mail2web.com ([66.113.197.230] helo=xse.mail2web.com) by mx135.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1l7l3q-000A3M-Hi for etosat@ietf.org; Thu, 04 Feb 2021 21:17:12 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4DWqb233vzzPJS for <etosat@ietf.org>; Thu, 4 Feb 2021 12:17:02 -0800 (PST)
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1l7l3m-0006Yj-8g for etosat@ietf.org; Thu, 04 Feb 2021 12:17:02 -0800
Received: (qmail 6587 invoked from network); 4 Feb 2021 20:17:01 -0000
Received: from unknown (HELO [192.168.1.106]) (Authenticated-user:_huitema@huitema.net@[172.58.43.208]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <etosat@ietf.org>; 4 Feb 2021 20:17:00 -0000
To: etosat@ietf.org
References: <BL0PR11MB330087E4983E401E2101E276E4B79@BL0PR11MB3300.namprd11.prod.outlook.com> <MN2PR11MB364783B8FB4A9221D73070C990B39@MN2PR11MB3647.namprd11.prod.outlook.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <72740964-976a-1e42-2104-52697a3a496c@huitema.net>
Date: Thu, 04 Feb 2021 12:17:00 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <MN2PR11MB364783B8FB4A9221D73070C990B39@MN2PR11MB3647.namprd11.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------9F5D3E82BA07EE341C5FEACB"
Content-Language: en-US
X-Originating-IP: 66.113.197.230
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5zGFFoTDPM8FUgarAdxxdv742UuDhyzVYcwl2RB+0Aaes15 yd21W6DZz5Jw5tYbbQch55uqY3MhMgFAHq5BxPxPXn36fLqvhISQ5ykyqUZqUd1jhnM/Mbva2XLV /LIEzaL2KoAZhJekBPedneT7f699flPWRQ6LkhzTE9iYKYvkEoPAgTtUp75uqlx0KezvZHXmt4KZ 8uof/cFjSibVtemvWQaaSSaRcFTFxaRvADgOuFdAU5fRzM/QzQW9/IoH33AG8ECuCwECazCwODtO F78PiyQEs+dlGXUJLWZ+Gc08Nmllke3azHdKmySKNUVQl4ntlVxnbS8qIO7oudHyb2T1t0DNtlpu 9/j54C+9KfQPluPQHHIQ/hjX8s5UcsOm8JZqy4TFaO7Oawv4tcQOp8LxvCrJPmnnTHzVkpybMK7Z Te2KiOojQ29oDb9/XiQyH3UVmM65ILKePxcrIG9nD1eCC/9N3HswhrQ+2bGrjQGyzqsQ8ZpR+9NA PyZNieblXJv94Hfpe9sG4LVTWytPhXFwGplHcpVCCoX989hgB8R+yAQDZvsWpz1i3RJfF18v/Hne DT7eFSO+OzNks5EL9peV/JyOAnHFPPbQ/f8W5POJ8vJ5ihK/fUNrpvspygsrZm6hlxXR75o2wznO xKWvQIQEHhXMkO1SRMQu0OHkc1g9J9M+m4WpRRDP6YzwkAPgQJZhqrHZwNo1MuwxPnNKfH+0/MGq Nu62OcOjGsY+VLFRUqNI8o+LqWbXFG6KY/KLzoKu6XIW6MMYRHnpOfhaFIt2UV8ShebT8U8Xw9HT DfreWbQeenkBgCkHD2SXa1nUnMlyw14COxXx7UdMZrbv8eRjpuzLPc2VvAqe6FQiaiKH0BjKjv1P 4OTNlksev6kNmdNBFNa0IY/JLHAmsnKl/dxe8AUy9furwzjHps/+CPPDQ++QLcvZOcS+BJG+m3Ce FykYp15CIK9zGJHbSMTxEpqbZAkeAc5FoBC3+rm7DidFTvY4ocfmWv3Fe9Iziczdq+A=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/etosat/Jux4vyQerU-KLF3RWzrQ5JQzVoU>
Subject: Re: [EToSat] FW: Website Fingerprinting on Early QUIC Traffic
X-BeenThere: etosat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "The EToSat list is a non-WG mailing list used to discuss performance implications of running encrypted transports such as QUIC over satellite." <etosat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/etosat>, <mailto:etosat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/etosat/>
List-Post: <mailto:etosat@ietf.org>
List-Help: <mailto:etosat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/etosat>, <mailto:etosat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2021 20:17:17 -0000

There are some limitations in this paper. They test against an early 
version of Google QUIC, not the latest IETF version. They use only the 
Chrome client, thus have to consider just one rendering sequence. They 
force the clients to clear their caches and thus download the full 
sites, which makes identification easier. And they use somewhat charged 
language, like "the insecurity characteristic of QUIC", when they merely 
demonstrated vulnerability to traffic fingerprinting. But then, yes, the 
results are interesting.

Is it OK to forward this to the privacy research group (PEARG)?

-- Christian Huitema


On 2/4/2021 6:42 AM, Border, John wrote:
>
> FYI
>
> *Subject:* Website Fingerprinting on Early QUIC Traffic
>
> Website Fingerprinting on Early QUIC Traffic
>
> https://arxiv.org/abs/2101.11871 <https://arxiv.org/abs/2101.11871>
>
> Cryptographic protocols have been widely used to protect the user's 
> privacy and avoid exposing private information. QUIC (Quick UDP 
> Internet Connections), as an alternative to traditional HTTP, 
> demonstrates its unique transmission characteristics: based on UDP for 
> encrypted resource transmission, accelerating web page rendering. 
> However, existing encrypted transmission schemes based on TCP are 
> vulnerable to website fingerprinting (WFP) attacks, allowing 
> adversaries to infer the users' visited websites by eavesdropping on 
> the transmission channel. Whether QUIC protocol can effectively 
> resisting to such attacks is worth investigating. In this work, we 
> demonstrated the extreme vulnerability of QUIC under WFP attacks by 
> comparing attack results under well-designed conditions. We also study 
> the transferability of features, which enable the adversary to use 
> proven effective features on a special protocol attacking a new 
> protocol. This study shows that QUIC is more vulnerable to WFP attacks 
> than HTTPS in the early traffic scenario but is similar in the normal 
> scenario. The maximum attack accuracy on QUIC is 56.8 % and 73 % 
> higher than on HTTPS utilizing Simple features and Transfer features. 
> The insecurity characteristic of QUIC explains the dramatic gap. We 
> also find that features are transferable between protocols, and the 
> feature importance is partially inherited on normal traffic due to the 
> relatively fixed browser rendering sequence and the similar 
> request-response model of protocols. However, the transferability is 
> inefficient when on early traffic, as QUIC and HTTPS show 
> significantly different vulnerability when considering early traffic. 
> We also show that attack accuracy on QUIC could reach 95.4 % with only 
> 40 packets and just using simple features, whereas only 60.7 % when on 
> HTTPS.
>
>
> _______________________________________________
> EToSat mailing list
> EToSat@ietf.org
> https://www.ietf.org/mailman/listinfo/etosat

v2.23.0 | Report a Bug | By Email