Re: [Pearg] Website fingerprinting with QUIC
Ali Hussain <alihussain448@gmail.com> Wed, 24 February 2021 07:21 UTC
Return-Path: <alihussain448@gmail.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 347133A0CE5 for <pearg@ietfa.amsl.com>; Tue, 23 Feb 2021 23:21:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.746
X-Spam-Level:
X-Spam-Status: No, score=-1.746 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V627UXHkdnQ1 for <pearg@ietfa.amsl.com>; Tue, 23 Feb 2021 23:21:25 -0800 (PST)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58E763A0CE9 for <pearg@irtf.org>; Tue, 23 Feb 2021 23:21:25 -0800 (PST)
Received: by mail-qt1-x834.google.com with SMTP id a2so753467qtw.12 for <pearg@irtf.org>; Tue, 23 Feb 2021 23:21:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QBNxeoy/weiGjlm0pST89efQLleARuis2uCCDr+aaMM=; b=DfMwGoCqWWQjE92nujlIiQZ4KOoi378pLkIdEPDPlpAjIIWTMoQNlgIeS1PMUQV3mP z8lsEYZ52Z7yzInLbmTLwkqmcn8dZ4XyqyX4mhSmxL3YzEXVgq0wLSpWFX/hAZJydNU+ REsPtEAfdy4s58aZye0FgYdDbPl+F2dZHE3iQsOmUKiHI3vimffrJymizIUGhmjxJ57u +D/ty+ptYh4L0JW6SDBg1hf3Cuh1uHizY5ihhFrOPpPcIG9cdL96h/bWeVLwfVAM4sJY Q/s3MsPhIgbVFzWaw1KcNqJbvc1BeP3SJ6DrjoU0mNKbA6ZxSv/49qBdg+iiWG7yUNjM wwoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QBNxeoy/weiGjlm0pST89efQLleARuis2uCCDr+aaMM=; b=igcAbGRYO7Kq/jQj/Lh3H+Y8Hz4OcdqVosqNcy+VEYChFtKOvuPfU4kfL9yMDK43Ix 7pJweIOmtOYDbZh5c4HBMtOkAysgUXErz68lnrExKdAGqtbDo7aN/IEKSxpncOlaoyZF NmGFqfFg506e19L/Jrd6bC32wQbbk2quvKZBsa/ImgqJNoqi5NJe5oiTxjmZuos3TyXn ONC5TdPAuGeQpwxBqN7Am3BOB+LqhtgjIld9p4WI17otGY8OBlmIju+kN/vrZE5ng6i9 e2tg+pco3trsEIodaTwmY7+R2uTGUJBTh4I5jBSpQuRGilDq0C5cn6WKTj+yx5P3WydX f4bA==
X-Gm-Message-State: AOAM530p9a5dF6TOGsxMDgv1L92yvYsoGuFFp9keiFwunijL+jwZ40l8 kENvJ1dlOIQFln2L8ofw5Xhr9o7B4GaK0XtEfBw=
X-Google-Smtp-Source: ABdhPJxYjUq+wclPwqkp/TG19GfRvfjIQr4fhy/r7PzTrr1ziAQfxJXDW75xLHHed/hID9Tz393mGg80CDBpxqF56wY=
X-Received: by 2002:ac8:8c3:: with SMTP id y3mr27589971qth.388.1614151283962; Tue, 23 Feb 2021 23:21:23 -0800 (PST)
MIME-Version: 1.0
References: <4d4dbbd4-c929-0e3f-de93-7790b1d7d7ea@huitema.net> <885f2d73557a4fbeb2803703d9187809@epfl.ch>
In-Reply-To: <885f2d73557a4fbeb2803703d9187809@epfl.ch>
From: Ali Hussain <alihussain448@gmail.com>
Date: Wed, 24 Feb 2021 15:21:11 +0800
Message-ID: <CAL_L_AxUfjPJg+jt7SPd28h5SeYx2cJHGVnY8W-BrTvr9XC7BA@mail.gmail.com>
To: Siby Sandra Deepthy <sandra.siby@epfl.ch>
Cc: Christian Huitema <huitema@huitema.net>, "pearg@irtf.org" <pearg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000e4f4df05bc0fe1ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/s4eUuB5Bz-eWD0BaP04ks0yDIMk>
Subject: Re: [Pearg] Website fingerprinting with QUIC
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2021 07:21:27 -0000
Hi Sandra, I would be interested to join the review of literature around this topic. Thanks, Regards, Ali Hussain On Mon, 22 Feb 2021, 11:20 pm Siby Sandra Deepthy, <sandra.siby@epfl.ch> wrote: > Hi Christian, > > > Some of my colleagues and I are currently working on this problem. If > there are others working/interested in this area, we'd be happy to chat! > > > Regards, > > Sandra > ------------------------------ > *From:* Pearg <pearg-bounces@irtf.org> on behalf of Christian Huitema < > huitema@huitema.net> > *Sent:* Thursday, February 4, 2021 9:51:59 PM > *To:* pearg@irtf.org > *Subject:* [Pearg] Website fingerprinting with QUIC > > > I just saw this paper: Website Fingerprinting on Early QUIC Traffic, > https://arxiv.org/abs/2101.11871 > <https://urldefense.com/v3/__https:/arxiv.org/abs/2101.11871__;!!Emaut56SYw!kXz4ZIkt-vgb-C_c-7Zccfeyn0EVJivN7iQUAvXg6BorOv_W2qbbDVXLDsB0DoW-tw$> > . > > The authors describe how they trains models to recognize web sites from > observations of traffic pattern, using features like packet observed in > both directions of traffic and classification of packets as > short/medium/full length. They claim that such fingerprinting is easier > when the transport is using QUIC than when it is using HTTPS. There are > some limitations in this paper. They test against an early version of > Google QUIC, not the latest IETF version. They use only the Chrome client, > thus have to consider just one rendering sequence. They force the clients > to clear their caches and thus download the full sites, which makes > identification easier. And they use somewhat charged language, like "the > insecurity characteristic of QUIC", when they merely demonstrated > vulnerability to traffic fingerprinting. But then, yes, the results are > interesting. > > When I see papers like that, I am always of two minds. On one hand, I know > that some features of the QUIC transport like PING or PAD frames make it > easy to pad packet sizes and to inject traffic that does not interfere with > the application, and that proper use of such padding and injection might > disturb the finger printing models used by censors. On the other hand, I am > aware of the tit-for-tat competition that will ensue, with better > obfuscation driving development of more efficient finger printing models. > Still, I wonder whether someone is working on that today: train > fingerprinting models using techniques similar to those in the paper, and > then compare how different models of padding and packet injection disturb > this fingerprinting. > > -- Christian Huitema > > > -- > Pearg mailing list > Pearg@irtf.org > https://www.irtf.org/mailman/listinfo/pearg >
- [Pearg] Website fingerprinting with QUIC Christian Huitema
- Re: [Pearg] Website fingerprinting with QUIC Siby Sandra Deepthy
- Re: [Pearg] Website fingerprinting with QUIC Christian Huitema
- Re: [Pearg] Website fingerprinting with QUIC Prateek Mittal
- Re: [Pearg] Website fingerprinting with QUIC Ali Hussain