Re: [Pearg] Website fingerprinting with QUIC

Christian Huitema <huitema@huitema.net> Mon, 22 February 2021 17:14 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5419A3A1DF2 for <pearg@ietfa.amsl.com>; Mon, 22 Feb 2021 09:14:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.488
X-Spam-Level:
X-Spam-Status: No, score=-2.488 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K4SrQ-czRlWN for <pearg@ietfa.amsl.com>; Mon, 22 Feb 2021 09:13:58 -0800 (PST)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD2913A1F84 for <pearg@irtf.org>; Mon, 22 Feb 2021 09:13:25 -0800 (PST)
Received: from xse436.mail2web.com ([66.113.197.182] helo=xse.mail2web.com) by mx136.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1lEEls-000Yi7-Fv for pearg@irtf.org; Mon, 22 Feb 2021 18:13:23 +0100
Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4Dkpff6Fn2z5c5 for <pearg@irtf.org>; Mon, 22 Feb 2021 09:13:14 -0800 (PST)
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1lEElm-0005sR-Nf for pearg@irtf.org; Mon, 22 Feb 2021 09:13:14 -0800
Received: (qmail 20342 invoked from network); 22 Feb 2021 17:13:14 -0000
Received: from unknown (HELO [192.168.1.106]) (Authenticated-user:_huitema@huitema.net@[172.58.46.189]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <pearg@irtf.org>; 22 Feb 2021 17:13:13 -0000
To: Siby Sandra Deepthy <sandra.siby@epfl.ch>
Cc: "pearg@irtf.org" <pearg@irtf.org>
References: <4d4dbbd4-c929-0e3f-de93-7790b1d7d7ea@huitema.net> <885f2d73557a4fbeb2803703d9187809@epfl.ch>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <1eb61b9d-dbca-bc9f-e96d-af609671942b@huitema.net>
Date: Mon, 22 Feb 2021 09:13:13 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <885f2d73557a4fbeb2803703d9187809@epfl.ch>
Content-Type: multipart/alternative; boundary="------------735087A4480DE389BDFB359E"
Content-Language: en-US
X-Originating-IP: 66.113.197.182
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5yiJCcjRq2hqrD2/ptWXAoffYzfQXcfqmra3dmoHS4yglvY FYClegsgG5lMwE1gtPdWuRWrkPihq53YqAd1ENNqBHtNXu1E6L4+KyOXc4QYanQOD0r6/AaHZiEt dTMtMlia0Lmg/jgHfCNZd+W+PXf6Pjb130VX+iieImINR22zmiue9TLOhN8AYRsvkjfngQDjpf2k SyK8Bj8ZxpWAOKEIzDkBvlIN1pUDU5DU5DggD98cjIN3reG9z0FKKQ5m2Qpw7sOVVcM1Xk+Tdz6g /UMvfWqyN3veeFIMJz/vumcqAwMU9kjfE7EFo+kP5riIEUmxU01QhuxnshSbl6nxbLZ35/xY0uvo WBEOfzq3RG28wI7w4vcwqZanLHsZM8r4s5ZjlHoGly8aneNxj+pRyx6DAzHPcWsnfqGSaNoXhWPo OpFVgpT1b21uZVckGp0ccOZtuBWXiK6eoWgQZnNLL6SbpUc7peFeo3eDQNYbhOKhzzgqmaDn5SlD Y9mmtv6e91aWBLor1oCWetcUjeG94V2X+T+fZOoQ9zEcN1Sfon8ia6TeVLW3pB0Q/PTyowo5AftS uSWTn69ccnUJD+xlqJdNCFXoGKtafvOtcW/mP16byrL/nwvREHuP3/Ps3A4Pt7hRyBl07OVp2D/S 9ogT8aIX6abOyKlLsxs8P4CT3FEuG9LID1fe1KsjJZxg+3b4WbuC1AI9a3irbifzymzQYX+PxMaV eOogn3mxQ/3f3ry7rFBQALpeB5KWwZ4UJ2lzfUmKuZkMyFBGaEBYeh6pTEjUjHgVzcv+h+t/kWQh SeT+VX6m+UeFXprlCOm3BAEbJtAT1BYHStA0OogdNtRxnRSLF+XCKxIG9XMEgRDdaWpvCv+zESlk TxdSCNcDfRohcehWBb39uS1TjWG2Inx+Ts2QNOYPIz4ynMa7pZQ4hi/HGtuWeHzx9sLaQmDwvYQn 76e9NXttZBkk6PeFqH6So31P
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/znS2oi1eZ282LbLyO0yftJGwdUQ>
Subject: Re: [Pearg] Website fingerprinting with QUIC
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 17:14:00 -0000

I will certainly be happy to review papers or otherwise collaborate.


-- Christian Huitema


On 2/22/2021 7:14 AM, Siby Sandra Deepthy wrote:
>
> Hi Christian,
>
>
> Some of my colleagues and I are currently working on this problem. If 
> there are others working/interested in this area, we'd be happy to chat!
>
>
> Regards,
>
> Sandra
>
> ------------------------------------------------------------------------
> *From:* Pearg <pearg-bounces@irtf.org> on behalf of Christian Huitema 
> <huitema@huitema.net>
> *Sent:* Thursday, February 4, 2021 9:51:59 PM
> *To:* pearg@irtf.org
> *Subject:* [Pearg] Website fingerprinting with QUIC
>
> I just saw this paper: Website Fingerprinting on Early QUIC Traffic, 
> https://arxiv.org/abs/2101.11871 
> <https://urldefense.com/v3/__https:/arxiv.org/abs/2101.11871__;!!Emaut56SYw!kXz4ZIkt-vgb-C_c-7Zccfeyn0EVJivN7iQUAvXg6BorOv_W2qbbDVXLDsB0DoW-tw$>.
>
> The authors describe how they trains models to recognize web sites 
> from observations of traffic pattern, using features like packet 
> observed in both directions of traffic and classification of packets 
> as short/medium/full length. They claim that such fingerprinting is 
> easier when the transport is using QUIC than when it is using HTTPS. 
> There are some limitations in this paper. They test against an early 
> version of Google QUIC, not the latest IETF version. They use only the 
> Chrome client, thus have to consider just one rendering sequence. They 
> force the clients to clear their caches and thus download the full 
> sites, which makes identification easier. And they use somewhat 
> charged language, like "the insecurity characteristic of QUIC", when 
> they merely demonstrated vulnerability to traffic fingerprinting. But 
> then, yes, the results are interesting.
>
> When I see papers like that, I am always of two minds. On one hand, I 
> know that some features of the QUIC transport like PING or PAD frames 
> make it easy to pad packet sizes and to inject traffic that does not 
> interfere with the application, and that proper use of such padding 
> and injection might disturb the finger printing models used by 
> censors. On the other hand, I am aware of the tit-for-tat competition 
> that will ensue, with better obfuscation driving development of more 
> efficient finger printing models. Still, I wonder whether someone is 
> working on that today: train fingerprinting models using techniques 
> similar to those in the paper, and then compare how different models 
> of padding and packet injection disturb this fingerprinting.
>
> -- Christian Huitema
>
>
>