Software Engineering Institute

Most web users use HTTPS and believe that encryption is enough to hide the content of their web traffic. Moreover, VPNs and other anonymity tools such as Tor can provide anonymity by hiding source and destination IP addresses. We will show that network traffic analysis can still be performed by looking at the metadata of the network traffic, which consists only of the size of each network packet. This is called a website fingerprinting attack. It has been shown that if a web user visits one website using encryption and VPN/Tor, the correct website visited can be predicted with a 90% accuracy. One possible defense to this attack is to add noise, such as visiting a second website. We collected the largest dataset to date of such overlapping website visits. We showed that website fingerprinting attacks are still possible using a sectioning algorithm that partitions the network traffic into different chunks. The rest of this presentation will discuss other ways to prevent website fingerprinting attacks, such as adding random noise and measuring its overhead.