skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: DeepCoFFEA: Improved Flow Correlation Attacks on Tor via Metric Learning and Amplification
End-to-end flow correlation attacks are among the oldest known attacks on low-latency anonymity networks, and are treated as a core primitive for traffic analysis of Tor. However, despite recent work showing that individual flows can be correlated with high accuracy, the impact of even these state-of-the-art attacks is questionable due to a central drawback: their pairwise nature, requiring comparison between N2 pairs of flows to deanonymize N users. This results in a combinatorial explosion in computational requirements and an asymptotically declining base rate, leading to either high numbers of false positives or vanishingly small rates of successful correlation. In this paper, we introduce a novel flow correlation attack, DeepCoFFEA, that combines two ideas to overcome these drawbacks. First, DeepCoFFEA uses deep learning to train a pair of feature embedding networks that respectively map Tor and exit flows into a single low-dimensional space where correlated flows are similar; pairs of embedded flows can be compared at lower cost than pairs of full traces. Second, DeepCoFFEA uses amplification, dividing flows into short windows and using voting across these windows to significantly reduce false positives; the same embedding networks can be used with an increasing number of windows to independently lower the false positive rate. We conduct a comprehensive experimental analysis showing that DeepCoFFEA significantly outperforms state-of-the-art flow correlation attacks on Tor, e.g. 93% true positive rate versus at most 13% when tuned for high precision, with two orders of magnitude speedup over prior work. We also consider the effects of several potential countermeasures on DeepCoFFEA, finding that existing lightweight defenses are not sufficient to secure anonymity networks from this threat.  more » « less
Award ID(s):
1815757 1816851
PAR ID:
10348312
Author(s) / Creator(s):
; ; ; ; ; ;
Date Published:
Journal Name:
IEEE Symposium on Security and Privacy (SP)
Volume:
2022
Page Range / eLocation ID:
1915 to 1932
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, Journal of Geophysical Research: Solid Earth)
    Abstract Dynamic earthquake triggering is commonly identified through the temporal correlation between increased seismicity rates and global earthquakes that are possible triggering events. However, correlation does not imply causation. False positives may occur when unrelated seismicity rate changes coincidently occur at around the time of candidate triggers. We investigate the expected false positive rate in Southern California with globalM ≥ 6 earthquakes as candidate triggers. We compute the false positive rate by applying the statistical tests used by DeSalvio and Fan (2023),https://doi.org/10.1029/2023jb026487to synthetic earthquake catalogs with no real dynamic triggering. We find a false positive rate of ∼3.5%–8.5% when realistic earthquake clustering is present, consistent with the 95% confidence typically used in seismology. However, when this false positive rate is applied to the tens of thousands of spatial‐temporal windows in Southern California tested in DeSalvio and Fan (2023),https://doi.org/10.1029/2023jb026487, thousands of false positives are expected. The expected false positive occurrence is large enough to explain the observed apparent triggering following 70% of large global earthquakes (DeSalvio & Fan, 2023,https://doi.org/10.1029/2023jb026487), without requiring any true dynamic triggering. Aside from the known triggering from the nearby El Mayor‐Cucapah, Mexico, earthquake, the spatial and temporal characteristics of the reported triggering are indistinguishable from random false positives. This implies that best practice for dynamic triggering studies that depend on temporal correlation is to estimate the false positive rate and investigate whether the observed apparent triggering is distinguishable from the correlations that may occur by chance. 
    more » « less
  2. ; ; ; ; ; ; (, Proceedings on Privacy Enhancing Technologies)
    Internet blackouts are challenging environments for anonymity and censorship resistance. Existing popular anonymity networks (e.g., Freenet, I2P, Tor) rely on Internet connectivity to function, making them impracticable during such blackouts. In such a setting, mobile ad-hoc networks can provide connectivity, but prior communication protocols for ad-hoc networks are not designed for anonymity and attack resilience. We address this need by designing, implementing, and evaluating Moby, a blackout-resistant anonymity network for mobile devices. Moby provides end-to-end encryption, forward secrecy and sender-receiver anonymity. It features a bi-modal design of operation, using Internet connectivity when available and ad-hoc networks during blackouts. During periods of Internet connectivity, Moby functions as a regular messaging application and bootstraps information that is later used in the absence of Internet connectivity to achieve secure anonymous communications. Moby incorporates a model of trust based on users’ contact lists, and a trust establishment protocol that mitigates flooding attacks. We perform an empirically informed simulation-based study based on cellphone traces of 268,596 users over the span of a week for a large cellular provider to determine Moby’s feasibility and present our findings. Last, we implement and evaluate the Moby client as an Android app. 
    more » « less
  3. ; ; (, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security)
    Website Fingerprinting (WF) is a traffic analysis attack that enables an eavesdropper to infer the victim's web activity even when encrypted and even when using the Tor anonymity system. Using deep learning classifiers, the attack can reach up to 98% accuracy. Existing WF defenses are either too expensive in terms of bandwidth and latency overheads (e.g. 2-3 times as large or slow) or ineffective against the latest attacks. In this work, we explore a novel defense based on the idea of adversarial examples that have been shown to undermine machine learning classifiers in other domains. Our Adversarial Traces defense adds padding to a Tor traffic trace in a manner that reliably fools the classifier into classifying it as coming from a different site. The technique drops the accuracy of the state-of-the-art attack from 98% to 60%, while incurring a reasonable 47% bandwidth overhead, showing its promise as a possible defense for Tor. 
    more » « less
  4. ; ; (, Proceedings of the 2018 IEEE Western New York Image and Signal Processing Workshop)
    The Tor anonymity system is vulnerable to website fingerprinting attacks that can reveal users Internet browsing behavior. The state-of-the-art website fingerprinting attacks use convolutional neural networks to automatically extract features from packet traces. One such attack undermines an efficient fingerprinting defense previously considered a candidate for implementation in Tor. In this work, we study the use of neural network attribution techniques to visualize activity in the attack's model. These visualizations, essentially heatmaps of the network, can be used to identify regions of particular sensitivity and provide insight into the features that the model has learned. We then examine how these heatmaps may be used to create a new website fingerprinting defense that applies random padding to the website trace with an emphasis towards highly fingerprintable regions. This defense reduces the attacker's accuracy from 98% to below 70% with a packet overhead of approximately 80%. 
    more » « less
  5. ; ; (, CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security)
    Over 8 million users rely on the Tor network each day to protect their anonymity online. Unfortunately, Tor has been shown to be vulnerable to the website fingerprinting attack, which allows an attacker to deduce the website a user is visiting based on patterns in their traffic. The state-of-the-art attacks leverage deep learning to achieve high classification accuracy using raw packet information. Work thus far, however, has examined only one type of media delivered over the Tor network: web pages, and mostly just home pages of sites. In this work, we instead investigate the fingerprintability of video content served over Tor. We collected a large new dataset of network traces for 50 YouTube videos of similar length. Our preliminary experiments utilizing a convolutional neural network model proposed in prior works has yielded promising classification results, achieving up to 55% accuracy. This shows the potential to unmask the individual videos that users are viewing over Tor, creating further privacy challenges to consider when defending against website fingerprinting attacks. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email