With rapid developments in communication technologies and awareness of security and privacy risks online, Security and Privacy Enhancing Networks (SPENs) have become increasingly popular. Especially during the COVID-19 pandemic, workplaces encouraged employees to take additional security measures, such as VPNs. In this work, we conduct a comprehensive study on website fingerprinting attacks. A comprehensive system model and threat model based on two types of SPENs (Virtual Private Networks and Tor Networks) are presented. Moreover, we demonstrate a website fingerprinting attack by ethically collecting website fetch data and analyzing the collected data using five different machine learning classification models including k nearest neighbors, decision tree, ada boost, and random forest. We find that SPENs are still vulnerable to website fingerprinting attacks which enable attackers to violate users’ behavioral privacy. However, it is not easy to get accurate results, especially over a large number of websites. Furthermore, we discuss a series of recommendations for SPENs to increase behavioral privacy for their customers. Finally, we cover a variety of directions that future work could take.
Identifer | oai:union.ndltd.org:CALPOLY/oai:digitalcommons.calpoly.edu:theses-4530 |
Date | 01 June 2024 |
Creators | Conway, Everett Lee |
Publisher | DigitalCommons@CalPoly |
Source Sets | California Polytechnic State University |
Detected Language | English |
Type | text |
Format | application/pdf |
Source | Master's Theses |
Page generated in 0.002 seconds