Re: [Pearg] Website fingerprinting with QUIC
Prateek Mittal <pmittal@princeton.edu> Mon, 22 February 2021 21:59 UTC
Return-Path: <mittal.prateek@gmail.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF7413A20CB for <pearg@ietfa.amsl.com>; Mon, 22 Feb 2021 13:59:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_DOTEDU=1.999] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=princeton-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eD-Bz_a4u2mS for <pearg@ietfa.amsl.com>; Mon, 22 Feb 2021 13:59:09 -0800 (PST)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0AC43A20CA for <pearg@irtf.org>; Mon, 22 Feb 2021 13:59:08 -0800 (PST)
Received: by mail-wr1-x429.google.com with SMTP id n4so20665336wrx.1 for <pearg@irtf.org>; Mon, 22 Feb 2021 13:59:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=princeton-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xPoY9dYeSbGYNQ8zyXuRqXzHqusVnRQG1prtDefOt+U=; b=lUANrbtj6O1eoka5CewSoJYYeDLVGQ68o5i5d93ZLeXCOTgeVZn+DtAG5bwuMgI+aH w6+s5YyqitNwa2RwuXQDdxL6T4UCgGX1CIzVhI1CjHokO8nHKys2jU4SsuGh1J+sIKBR JX8GRZbVeyU9F42PSZ1JBJMvDZWlFdYVzleD9X0dZYlWcMt3G81WCfMKVYl2L/DPJXJE pV0JFFLMGHzGyMMU7v5V5aV3uQXIwv2mmZ0yFIQms1YxwDPAwpAKt37g/GzmOmVopskd S3wDZxmG9ogkJ35XUQvAOCd7hMHfpxbh7cm8qCfjyksukjHMJiaG0SyN9iL++zkeJ76Y TjIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xPoY9dYeSbGYNQ8zyXuRqXzHqusVnRQG1prtDefOt+U=; b=WeV041rqnln8XDI6E3PI/JuuAeQg0zwep5YuIlpfepEr9u8WS104GLGTrWextaeDMY 8d8SLvX2B+P5ozZ18Y283KJkmoMuDCkpMIC6wziLXnHly+6fZnbF5LhTcuLlglYkUVBa x5V4ChYfd7MYipY9DtWay8DA+KI3TxOJhIIxeDBhUd+wTsAAEjJWV2eTw2OwTTgm8Qin sWCOqgaK7U7C6rruPKRGg1tnXM1NJc+k9edd5SZpFtT0Ye7n3Xx7z4SFrO6qgM8Gg84A svFjMJjCMzrUUe8uqyykIU2UUqixT4n6qiYw5mpJrXOix/Gtzhx6/ECwKvX6k2CzZGOa 80Pg==
X-Gm-Message-State: AOAM533EeyRCwG4oQWNm/9e1jThpsd80bvWkPcrrLlyWdkrpy/WDFrz3 Xy5+uYH1T4DH1PxJobHx1B32VNbLucFHhSS4CRQ=
X-Google-Smtp-Source: ABdhPJydMa38Ub9Hn22lywNaJCHJbHnHQ5KPLkyu2SKJOSmPyMVeRmCywiYgRqaCrMuXhzTDVsuC5bOpSplBkgpL+vY=
X-Received: by 2002:a5d:6b45:: with SMTP id x5mr22603560wrw.415.1614031146798; Mon, 22 Feb 2021 13:59:06 -0800 (PST)
MIME-Version: 1.0
References: <4d4dbbd4-c929-0e3f-de93-7790b1d7d7ea@huitema.net> <885f2d73557a4fbeb2803703d9187809@epfl.ch> <1eb61b9d-dbca-bc9f-e96d-af609671942b@huitema.net>
In-Reply-To: <1eb61b9d-dbca-bc9f-e96d-af609671942b@huitema.net>
From: Prateek Mittal <pmittal@princeton.edu>
Date: Mon, 22 Feb 2021 16:58:55 -0500
Message-ID: <CAEijGRUvTwmbQ7+BGjE==PpWUw+7OYk21QysZ=QVNASSPCLfog@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: Siby Sandra Deepthy <sandra.siby@epfl.ch>, "pearg@irtf.org" <pearg@irtf.org>, Jean-Pierre Smith <jean-pierre.smith@inf.ethz.ch>, Adrian Perrig <aperrig@inf.ethz.ch>
Content-Type: multipart/alternative; boundary="0000000000002950bd05bbf3e980"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/u0Igs7WtGcEEe-cJu21m9DBVMc4>
X-Mailman-Approved-At: Mon, 22 Feb 2021 14:19:51 -0800
Subject: Re: [Pearg] Website fingerprinting with QUIC
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 21:59:11 -0000
Hello everyone, I thought you might be interested in our PETS 2021 paper on this topic: https://petsymposium.org/2021/files/papers/issue2/popets-2021-0017.pdf The dataset is available at: https://github.com/jpcsmith/wf-in-the-age-of-quic Thanks, Prateek On Mon, Feb 22, 2021 at 12:14 PM Christian Huitema <huitema@huitema.net> wrote: > I will certainly be happy to review papers or otherwise collaborate. > > > -- Christian Huitema > > > On 2/22/2021 7:14 AM, Siby Sandra Deepthy wrote: > > Hi Christian, > > > Some of my colleagues and I are currently working on this problem. If > there are others working/interested in this area, we'd be happy to chat! > > > Regards, > > Sandra > ------------------------------ > *From:* Pearg <pearg-bounces@irtf.org> <pearg-bounces@irtf.org> on behalf > of Christian Huitema <huitema@huitema.net> <huitema@huitema.net> > *Sent:* Thursday, February 4, 2021 9:51:59 PM > *To:* pearg@irtf.org > *Subject:* [Pearg] Website fingerprinting with QUIC > > > I just saw this paper: Website Fingerprinting on Early QUIC Traffic, > https://arxiv.org/abs/2101.11871 > <https://urldefense.com/v3/__https:/arxiv.org/abs/2101.11871__;!!Emaut56SYw!kXz4ZIkt-vgb-C_c-7Zccfeyn0EVJivN7iQUAvXg6BorOv_W2qbbDVXLDsB0DoW-tw$> > . > > The authors describe how they trains models to recognize web sites from > observations of traffic pattern, using features like packet observed in > both directions of traffic and classification of packets as > short/medium/full length. They claim that such fingerprinting is easier > when the transport is using QUIC than when it is using HTTPS. There are > some limitations in this paper. They test against an early version of > Google QUIC, not the latest IETF version. They use only the Chrome client, > thus have to consider just one rendering sequence. They force the clients > to clear their caches and thus download the full sites, which makes > identification easier. And they use somewhat charged language, like "the > insecurity characteristic of QUIC", when they merely demonstrated > vulnerability to traffic fingerprinting. But then, yes, the results are > interesting. > > When I see papers like that, I am always of two minds. On one hand, I know > that some features of the QUIC transport like PING or PAD frames make it > easy to pad packet sizes and to inject traffic that does not interfere with > the application, and that proper use of such padding and injection might > disturb the finger printing models used by censors. On the other hand, I am > aware of the tit-for-tat competition that will ensue, with better > obfuscation driving development of more efficient finger printing models. > Still, I wonder whether someone is working on that today: train > fingerprinting models using techniques similar to those in the paper, and > then compare how different models of padding and packet injection disturb > this fingerprinting. > > -- Christian Huitema > > > > -- > Pearg mailing list > Pearg@irtf.org > https://www.irtf.org/mailman/listinfo/pearg > -- Prateek Mittal Associate Professor Princeton University http://www.princeton.edu/~pmittal/
- [Pearg] Website fingerprinting with QUIC Christian Huitema
- Re: [Pearg] Website fingerprinting with QUIC Siby Sandra Deepthy
- Re: [Pearg] Website fingerprinting with QUIC Christian Huitema
- Re: [Pearg] Website fingerprinting with QUIC Prateek Mittal
- Re: [Pearg] Website fingerprinting with QUIC Ali Hussain