Re: [EToSat] FW: Website Fingerprinting on Early QUIC Traffic
"Border, John" <John.Border@hughes.com> Thu, 04 February 2021 20:29 UTC
Return-Path: <prvs=466992d664=john.border@hughes.com>
X-Original-To: etosat@ietfa.amsl.com
Delivered-To: etosat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ABA73A17C8 for <etosat@ietfa.amsl.com>; Thu, 4 Feb 2021 12:29:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hughes.com header.b=ndxVX85y; dkim=pass (1024-bit key) header.d=hughes.com header.b=MbGDfHZd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28ocjBAErb6r for <etosat@ietfa.amsl.com>; Thu, 4 Feb 2021 12:29:41 -0800 (PST)
Received: from mx0a-00115402.pphosted.com (mx0a-00115402.pphosted.com [148.163.150.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6A4D3A17CA for <etosat@ietf.org>; Thu, 4 Feb 2021 12:29:41 -0800 (PST)
Received: from pps.filterd (m0118426.ppops.net [127.0.0.1]) by mx0a-00115402.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 114KTagf012685; Thu, 4 Feb 2021 20:29:39 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hughes.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=3152018; bh=n9CDELINJDujzwQVSy/NA/RkLnoMS4pmqOOxAmYgrOY=; b=ndxVX85yfHrcNeCIIA3R9r0gdbgurSODUssrB5K8f//OHnbM+NkVPKhvKVXBsUgpApEL tQq+I8G2LI5vUBJ8mZoXavztK6P8IF/JdGX/oq/uDphjmaFP48+I1uQwDkk8DRHNEOvg /eSwlUX8loPDNRhJBPKZ8k7/+IEAa4NSYQlzRc/8gruePBaEsYBoUDoQS+Kmy4KfMnJP ShYuSwbI+YILliDt8reJFA0G9TBG8oUc9CIybQFTjgMOuKoJoDcg2/nbFiEstDGGvLf+ da0r/JgvUyCBm4oBtTmmdwCXD771xTAVLQboWkj9tf0Tt6+6q9MjwVis2/jhgHppbNai 1A==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2107.outbound.protection.outlook.com [104.47.58.107]) by mx0a-00115402.pphosted.com with ESMTP id 36d0pa5pwr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 04 Feb 2021 20:29:38 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Acxr+9xDs8zQwV5lvW7iJQPxa33aYcEDP6oqXuHKw2VIhKZmndQ6mhrDtkJ2LcDPEGtpO7Bo48/9SACWg6S9An77EKuiFysjfEwNz4TX+tjkGMPrMdDC/fAxRoZcHNz+y/Pf/cN4wvqQSYY+t6R0sGurIfxv7IKFoFsxm6GM7GwCuBvqRuzg0E6duCvbODq5++HjSLoc6NXOs1mTHgcBkSfjiSF5h7iS9qTp+X5O5EMUf5xJzPY5XNCwi1XcrDastY/AgsT92u+z3LUw4yJdLpGpmr4XMsBXE6HAlpIp/3E8IREK7uQFH9H0lUu6BDRclgfrZxgVAAlBl1KrJgaC3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n9CDELINJDujzwQVSy/NA/RkLnoMS4pmqOOxAmYgrOY=; b=kIkMihMvJETtpEmE8sWNAFYSkxvQZDfarBlaPBfQqhBTsZRff4Om8Kdrcx6J8hes7PzUNYPtnm1p7uYaDtKIUfZNxz7KTCKjWyZBIfiGLG3b9y2nXshQkaKd1R49hScy7N8BF0Y0mw45ykJn4CvCSMA6b8OEPXhtI8Vxe1PRJhA1E2UmglWqftzwxIuf0CKz28QAJNs+pUO/+WtTouMsYFbMMKCuYEEKyREgA6qGayFxdygyXsvqC9wIbhNWwrwAy8G9H03QB1fZH1iNAAfn2eroJNUKjshAbPwEIlLhSQhfTk3TS3ai53W+MPN1oY+4cf1TwCuHddN0dCnc08e1qg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hughes.com; dmarc=pass action=none header.from=hughes.com; dkim=pass header.d=hughes.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hughes.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n9CDELINJDujzwQVSy/NA/RkLnoMS4pmqOOxAmYgrOY=; b=MbGDfHZdX9Z1LNIilU2iRw3VZxFwkPK68Y4SmIAwBtwvmGk/2aYfZkmOWAsj8horfskExwMxXBVFklEpLeKyZZJKU/RmXtgG6Ey7IOUnTFuXUCONvulPGbh6AEtk17yGyTRCWeTkutqMez7NaCtlPdHrxPD2GGD8R1N57xUQsUw=
Received: from MN2PR11MB3647.namprd11.prod.outlook.com (2603:10b6:208:ec::26) by MN2PR11MB4727.namprd11.prod.outlook.com (2603:10b6:208:26f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.17; Thu, 4 Feb 2021 20:29:23 +0000
Received: from MN2PR11MB3647.namprd11.prod.outlook.com ([fe80::d900:f506:5d9a:fecd]) by MN2PR11MB3647.namprd11.prod.outlook.com ([fe80::d900:f506:5d9a:fecd%3]) with mapi id 15.20.3805.024; Thu, 4 Feb 2021 20:29:23 +0000
From: "Border, John" <John.Border@hughes.com>
To: Christian Huitema <huitema@huitema.net>, "etosat@ietf.org" <etosat@ietf.org>
Thread-Topic: [EToSat] FW: Website Fingerprinting on Early QUIC Traffic
Thread-Index: Adb4ADng+8PbQk0AT1u0nE4+1v60qgDA4+NQAAu6CQAAAGz64A==
Date: Thu, 04 Feb 2021 20:29:23 +0000
Message-ID: <MN2PR11MB3647FE3F3D2D841F4D50E93C90B39@MN2PR11MB3647.namprd11.prod.outlook.com>
References: <BL0PR11MB330087E4983E401E2101E276E4B79@BL0PR11MB3300.namprd11.prod.outlook.com> <MN2PR11MB364783B8FB4A9221D73070C990B39@MN2PR11MB3647.namprd11.prod.outlook.com> <72740964-976a-1e42-2104-52697a3a496c@huitema.net>
In-Reply-To: <72740964-976a-1e42-2104-52697a3a496c@huitema.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: huitema.net; dkim=none (message not signed) header.d=none;huitema.net; dmarc=none action=none header.from=hughes.com;
x-originating-ip: [139.85.223.9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f660b46d-1d4e-44ab-e95e-08d8c94b8eff
x-ms-traffictypediagnostic: MN2PR11MB4727:
x-microsoft-antispam-prvs: <MN2PR11MB47278950ED15BFF946A476E490B39@MN2PR11MB4727.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AbophpHAHuQKHgVtsxH8d4T8QOjv+SO+Fm+o0nvsAtMZYHss+thuIB1hAV5by6DmLBWaXJb9s070U4qOpEBQbeQlFXL/I8b4nBp+ABYFFE68VjDPF5h0MuA1HJRwTiXg25YH5AWePnc1ZGhMCW9r+NcOGfctUe9HpR0DxgNvVDgEX/TS1I5rypuTrxrxRHsuPg+EeVza7uV76UWeCOMsKD3LXaCagojpGnIqJfXOHw67rjc27rKD2zlEh21H0xVgUzJR3dOtf1kaK3h6xRDij5mYsscMwuis74PKHhvLFOlhDuZxxbYCY2hCaaxt+SxzytaSQCYoeOiMCIt8+aE/pEFdhD9bEATUzg8ZRjwGjuTH+9Sd6TN1f520404VZRMJDxwv1uaam4a/F5assumqip/m6DHgRDNc7KHxRqBWkRvUCaf282tYllop3jz5uMZs37ND4iTC+vUyIgcl3EbQsYhXV0A2OomjduCgnVDy06tbkmIhgYW4PDCYZ7/fEYfnngNz6MwhO152QtN2PwK1ChUqxVpLIUe/+jnwypoWnPVOQ6iS05PnjNqnB3W2dmRwvJC4CoOqCftX3mIfb1MTz91qgy7ejodYvR2aNsgmJYw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3647.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(6029001)(376002)(39860400002)(366004)(346002)(396003)(136003)(53546011)(6506007)(64756008)(66476007)(66446008)(966005)(110136005)(26005)(8676002)(186003)(83380400001)(33656002)(166002)(2906002)(66946007)(66574015)(86362001)(71200400001)(5660300002)(478600001)(316002)(76116006)(55016002)(9686003)(52536014)(7696005)(66556008)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: ZkenM3M9vDqbPlz8mL9ajiZqZ9IF6qH4tS1yGaTXjgicHsc7W+85fYX/dcs8wIXW8xWY6cPmLHYsrjjf6PEpi8vnl8jUMpseo4iO7BUotdJyGujlLpHVC/QczhdZAl41oIpCQkgth3d5JylFMeOgONHdqFGn9RScSvYhBczfeEfmaX6Z0zT2ysr55J7S9Iu6tG3xuxHgVVQQQD3lItDfVEybwyaN6xaz4iaizXj6kFuGUC0MzdJ3j2zjyYpXk1ODc/UA1RvjSz3ajnKL91sjX7JBUQOhYqtrJkqfSL1av4NdyYnIZCjpUp+tk6Zo20tzgB6M13i2riQWfCR6XPI2wLAHPaYSgGflDdtAvfX1X3Bm5LC4GO4XwCgIpsTODUdqN6QEJHn7ll4KTnvVuke1dhTSkfS6ypj0b3Y+BGf5nCHKg+KXeR55G+VjX1lB3iti1UTqJTV5Is0iV5h39jqVv12UDrWAv7t4Tp6QOotHPC6iRcln0ZriS2EPkCRgwDGRy2eKqNlCxkSS6oTPvP0e4vyMPKUrbASrgxwmV28Q7RC2mw5EDCBkVoWOJMHP1asfZmLzgcvk5DQvGcUaDWxfOrF7zaaH7VBAfxAHxNdq0m/ELBu/YduZExjqwovGJzb+HU7W3yiqX3HXXjSERvVW3wePATNIdob7NEUaV9eUJndxc/SFJB2wKRoaeZ4ZnvBgI9rPADUQajxzPG/ZCMPsNHlBlYKqnn4jFoxxIHNTy/puhSKo7z+ZV1GFTdEDQoT8uu//IsjQwZvDWklea+GrOQlMnbYN/eqhtXq/Bo8z0dM5kYLSAr7NgyCyqYh6Sng9NqIqHRNJ8+fVUA29gzcJqcerwVaRT7LQ68014TMHbW0Z22d3vhX6AJxbXMFFpOprtpQjDCqJ/ugXq7J9Jl/nlx9lqRX1sOHL5/q85MktyuJbCg1KbJUVfOAYlWdoSJ8JBSBzTJl8W4+0O2HKC3y6I6DZ3kPSqqp8vB0C3r5B9JIBuJ43s0BpmEkg4l1bNk4VqfoO9DW0lu/0zCeeJJ4mTEnHunGStap1apff8JmQj/VWvprjgJ9MaJzgu+cuHQMt02NjCqbZz+ziFyxDfSaVQP+dbslJXZeK9rhY0ykYerARY+zT+ULZhGm5Yc8kJXKkLdGr2lplDelrkZ8ulF+szWXgdIep3zLin1Z8rd9r54lgHTfHU9DBuQIG5MnRKFcpeoMid7mXKSaQZ5VFdTOob6PS/BqFq4f0lTIoIAiAIfJQtj82JqFOcF7tmNTSyqQpoRd6c1jtmBv5Oq6XeCTgq0tkw2bslWA6L9qKG3hBkTbIu/uaJExfTX60fyMs0fWm
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3647FE3F3D2D841F4D50E93C90B39MN2PR11MB3647namp_"
MIME-Version: 1.0
X-OriginatorOrg: hughes.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB3647.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f660b46d-1d4e-44ab-e95e-08d8c94b8eff
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Feb 2021 20:29:23.0382 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e1f3187-4610-4ce2-bad1-b92f4ba36ab3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mT1nEmqkY3vYQ4DEkyZdDlugbtUVw/lTFe9soPKHtLdxtMO7h5dUrQqxwRZltyfOdDmlBvMmDWBCd1gjqsZ5WA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4727
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-04_10:2021-02-04, 2021-02-04 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/etosat/Mv9mFDnrEPjWJrkdMYKe2hcbkzk>
Subject: Re: [EToSat] FW: Website Fingerprinting on Early QUIC Traffic
X-BeenThere: etosat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "The EToSat list is a non-WG mailing list used to discuss performance implications of running encrypted transports such as QUIC over satellite." <etosat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/etosat>, <mailto:etosat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/etosat/>
List-Post: <mailto:etosat@ietf.org>
List-Help: <mailto:etosat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/etosat>, <mailto:etosat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2021 20:29:44 -0000
Its public From: EToSat <etosat-bounces@ietf.org> On Behalf Of Christian Huitema Sent: Thursday, February 04, 2021 3:17 PM To: etosat@ietf.org Subject: Re: [EToSat] FW: Website Fingerprinting on Early QUIC Traffic **EXTERNAL EMAIL** There are some limitations in this paper. They test against an early version of Google QUIC, not the latest IETF version. They use only the Chrome client, thus have to consider just one rendering sequence. They force the clients to clear their caches and thus download the full sites, which makes identification easier. And they use somewhat charged language, like "the insecurity characteristic of QUIC", when they merely demonstrated vulnerability to traffic fingerprinting. But then, yes, the results are interesting. Is it OK to forward this to the privacy research group (PEARG)? -- Christian Huitema On 2/4/2021 6:42 AM, Border, John wrote: FYI Subject: Website Fingerprinting on Early QUIC Traffic Website Fingerprinting on Early QUIC Traffic https://arxiv.org/abs/2101.11871<https://urldefense.com/v3/__https:/arxiv.org/abs/2101.11871__;!!Emaut56SYw!kXz4ZIkt-vgb-C_c-7Zccfeyn0EVJivN7iQUAvXg6BorOv_W2qbbDVXLDsB0DoW-tw$> Cryptographic protocols have been widely used to protect the user's privacy and avoid exposing private information. QUIC (Quick UDP Internet Connections), as an alternative to traditional HTTP, demonstrates its unique transmission characteristics: based on UDP for encrypted resource transmission, accelerating web page rendering. However, existing encrypted transmission schemes based on TCP are vulnerable to website fingerprinting (WFP) attacks, allowing adversaries to infer the users' visited websites by eavesdropping on the transmission channel. Whether QUIC protocol can effectively resisting to such attacks is worth investigating. In this work, we demonstrated the extreme vulnerability of QUIC under WFP attacks by comparing attack results under well-designed conditions. We also study the transferability of features, which enable the adversary to use proven effective features on a special protocol attacking a new protocol. This study shows that QUIC is more vulnerable to WFP attacks than HTTPS in the early traffic scenario but is similar in the normal scenario. The maximum attack accuracy on QUIC is 56.8 % and 73 % higher than on HTTPS utilizing Simple features and Transfer features. The insecurity characteristic of QUIC explains the dramatic gap. We also find that features are transferable between protocols, and the feature importance is partially inherited on normal traffic due to the relatively fixed browser rendering sequence and the similar request-response model of protocols. However, the transferability is inefficient when on early traffic, as QUIC and HTTPS show significantly different vulnerability when considering early traffic. We also show that attack accuracy on QUIC could reach 95.4 % with only 40 packets and just using simple features, whereas only 60.7 % when on HTTPS. _______________________________________________ EToSat mailing list EToSat@ietf.org<mailto:EToSat@ietf.org> https://www.ietf.org/mailman/listinfo/etosat<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/etosat__;!!Emaut56SYw!kXz4ZIkt-vgb-C_c-7Zccfeyn0EVJivN7iQUAvXg6BorOv_W2qbbDVXLDsBG0AM-xQ$>
- [EToSat] FW: Website Fingerprinting on Early QUIC… Border, John
- Re: [EToSat] FW: Website Fingerprinting on Early … Christian Huitema
- Re: [EToSat] FW: Website Fingerprinting on Early … Border, John