Re: [Pearg] Website fingerprinting with QUIC

Ali Hussain <> Wed, 24 February 2021 07:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 347133A0CE5 for <>; Tue, 23 Feb 2021 23:21:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.746
X-Spam-Status: No, score=-1.746 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id V627UXHkdnQ1 for <>; Tue, 23 Feb 2021 23:21:25 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 58E763A0CE9 for <>; Tue, 23 Feb 2021 23:21:25 -0800 (PST)
Received: by with SMTP id a2so753467qtw.12 for <>; Tue, 23 Feb 2021 23:21:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QBNxeoy/weiGjlm0pST89efQLleARuis2uCCDr+aaMM=; b=DfMwGoCqWWQjE92nujlIiQZ4KOoi378pLkIdEPDPlpAjIIWTMoQNlgIeS1PMUQV3mP z8lsEYZ52Z7yzInLbmTLwkqmcn8dZ4XyqyX4mhSmxL3YzEXVgq0wLSpWFX/hAZJydNU+ REsPtEAfdy4s58aZye0FgYdDbPl+F2dZHE3iQsOmUKiHI3vimffrJymizIUGhmjxJ57u +D/ty+ptYh4L0JW6SDBg1hf3Cuh1uHizY5ihhFrOPpPcIG9cdL96h/bWeVLwfVAM4sJY Q/s3MsPhIgbVFzWaw1KcNqJbvc1BeP3SJ6DrjoU0mNKbA6ZxSv/49qBdg+iiWG7yUNjM wwoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QBNxeoy/weiGjlm0pST89efQLleARuis2uCCDr+aaMM=; b=igcAbGRYO7Kq/jQj/Lh3H+Y8Hz4OcdqVosqNcy+VEYChFtKOvuPfU4kfL9yMDK43Ix 7pJweIOmtOYDbZh5c4HBMtOkAysgUXErz68lnrExKdAGqtbDo7aN/IEKSxpncOlaoyZF NmGFqfFg506e19L/Jrd6bC32wQbbk2quvKZBsa/ImgqJNoqi5NJe5oiTxjmZuos3TyXn ONC5TdPAuGeQpwxBqN7Am3BOB+LqhtgjIld9p4WI17otGY8OBlmIju+kN/vrZE5ng6i9 e2tg+pco3trsEIodaTwmY7+R2uTGUJBTh4I5jBSpQuRGilDq0C5cn6WKTj+yx5P3WydX f4bA==
X-Gm-Message-State: AOAM530p9a5dF6TOGsxMDgv1L92yvYsoGuFFp9keiFwunijL+jwZ40l8 kENvJ1dlOIQFln2L8ofw5Xhr9o7B4GaK0XtEfBw=
X-Google-Smtp-Source: ABdhPJxYjUq+wclPwqkp/TG19GfRvfjIQr4fhy/r7PzTrr1ziAQfxJXDW75xLHHed/hID9Tz393mGg80CDBpxqF56wY=
X-Received: by 2002:ac8:8c3:: with SMTP id y3mr27589971qth.388.1614151283962; Tue, 23 Feb 2021 23:21:23 -0800 (PST)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Ali Hussain <>
Date: Wed, 24 Feb 2021 15:21:11 +0800
Message-ID: <>
To: Siby Sandra Deepthy <>
Cc: Christian Huitema <>, "" <>
Content-Type: multipart/alternative; boundary="000000000000e4f4df05bc0fe1ae"
Archived-At: <>
Subject: Re: [Pearg] Website fingerprinting with QUIC
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Feb 2021 07:21:27 -0000

Hi Sandra,

I would be interested to join the review of literature around this topic.


Ali Hussain

On Mon, 22 Feb 2021, 11:20 pm Siby Sandra Deepthy, <>

> Hi Christian,
> Some of my colleagues and I are currently working on this problem. If
> there are others working/interested in this area, we'd be happy to chat!
> Regards,
> Sandra
> ------------------------------
> *From:* Pearg <> on behalf of Christian Huitema <
> *Sent:* Thursday, February 4, 2021 9:51:59 PM
> *To:*
> *Subject:* [Pearg] Website fingerprinting with QUIC
> I just saw this paper: Website Fingerprinting on Early QUIC Traffic,
> <;!!Emaut56SYw!kXz4ZIkt-vgb-C_c-7Zccfeyn0EVJivN7iQUAvXg6BorOv_W2qbbDVXLDsB0DoW-tw$>
> .
> The authors describe how they trains models to recognize web sites from
> observations of traffic pattern, using features like packet observed in
> both directions of traffic and classification of packets as
> short/medium/full length. They claim that such fingerprinting is easier
> when the transport is using QUIC than when it is using HTTPS. There are
> some limitations in this paper. They test against an early version of
> Google QUIC, not the latest IETF version. They use only the Chrome client,
> thus have to consider just one rendering sequence. They force the clients
> to clear their caches and thus download the full sites, which makes
> identification easier. And they use somewhat charged language, like "the
> insecurity characteristic of QUIC", when they merely demonstrated
> vulnerability to traffic fingerprinting. But then, yes, the results are
> interesting.
> When I see papers like that, I am always of two minds. On one hand, I know
> that some features of the QUIC transport like PING or PAD frames make it
> easy to pad packet sizes and to inject traffic that does not interfere with
> the application, and that proper use of such padding and injection might
> disturb the finger printing models used by censors. On the other hand, I am
> aware of the tit-for-tat competition that will ensue, with better
> obfuscation driving development of more efficient finger printing models.
> Still, I wonder whether someone is working on that today: train
> fingerprinting models using techniques similar to those in the paper, and
> then compare how different models of padding and packet injection disturb
> this fingerprinting.
> -- Christian Huitema
> --
> Pearg mailing list