Towards an Evaluation of a Recommended Tor Browser Configuration in Light of Website Fingerprinting Attacks

Alshammari, Fayzah

January 2017

Website Fingerprinting (WF) attacks have become an area of concern for advocates of web Privacy Enhancing Technology (PET)s as they may allow a passive, local, eaves- dropper to eventually identify the accessed web page, endangering the protection offered by those PETs. Recent studies have demonstrated the effectiveness of those attacks through a number of experiments. However, some researchers in academia and Tor community demonstrated that the assumptions of WF attacks studies greatly simplify the problem and don’t reflect the evaluation of this vulnerability in practical scenarios. That leads to suspicion in the Tor community and among Tor Browser users about the efficacy of those attacks in real-world scenarios. In this thesis, we survey the literature of WF showing the research assumptions that have been made in the WF attacks against Tor. We then assess their practicality in real-world settings by evaluating their compliance to Tor Browser threat model, design requirements and to the Tor Project recommendations. Interestingly, we found one of the research assumptions related to the active content configuration in Tor Browser to be a reasonable assumption in all settings. Disabling or enabling the active content are both reasonable given the fact that the enabled configuration is the default of the Tor Browser, and the disabled one is the configuration recommended by Tor Project for users who require the highest possible security and anonymity. However, given the current published WF attacks, disabling the active con- tent is advantageous for the attacker as it makes the classification task easier by reducing the level of a web page randomness. To evaluate Tor Browser security in our proposed more realistic threat model, we collect a sample of censored dynamic web pages with Tor Browser in the default setting, which enables active content such as Javascript, and in the recommended setting by the Tor Project which disables the active content. We use Panchenko Support Vector Machine (SVM) classifier to study the identifiability of this sample of web pages. For pages that are very dynamic, we achieve a recognition rate of 42% when JavaScript is disabled, compared to 35% when turned on. Our results show that the recommended ”more secure” setting for Tor Browser is actually more vulnerable to WF attacks than the default and non-recommended setting.

Finger priniting

Security