Strategic Connection Migration to Thwart Website Fingerprinting Attacks

Abstract

Website fingerprinting (WF) attacks attempt to identify a visited webpage from a network communication trace by comparing it to previously collected samples of known webpages. MIMIQ (Masking IPs with Migration In QUIC) is a privacy-enhancing system that leverages the transport protocol QUIC’s connection migration capability to allow clients to change IP addresses frequently within individual connections and split a connection into multiple smaller flows. A smaller flow reduces the amount of information an adversary can learn and defends against WF attacks. In this thesis, we present an adversary that attempts to regroup the smaller flows belonging to the same connection based on their packet timing in order to recreate the original trace and extract more features from it. It uses a k-fingerprinting classifier (k-FP) composed of a random forest and nearest neighbor algorithm to label its recreated trace. To defend against this website fingerprinting attack, we present three strategic connection migration strategies that decrease the success of the adversary’s grouping strategy. We simulated the migration and grouping strategies using CAIDA traces and calculated the probability of correctly grouping p consecutive packets from each connection, where p is 200, 500, or 1000 packets. We show that clients can migrate at high frequency every 20 packets or at every pause in the packet exchange between the two endpoints to defeat the grouping attack at least 88% of the time. Clients can also migrate at low frequency and prolong the pauses in the connections by 2.5-7.5 milliseconds in order to defeat the grouping attack at least 87% of the time.