Cryptography, Security, and Privacy (CrySP)

This speaker series is made possible by an anonymous charitable donation in memory of cypherpunks and privacy advocates Len Sassaman, Hugh Daniel, Hal Finney, and Caspar Bowden.

View the list of past and upcoming speakers

Website Fingerprinting Attacks and Defenses

Rob Johnson, Stony Brook University

[Download (MP4)] [View on Youtube]

January 31, 2014 2:30pm, in DC 1304


Website fingerprinting attacks enable a passive eavsdropper to infer the website that a victim is visiting, even if the victim uses an anonymizing service such as Tor. We describe a new fingerprinting attack that is able to recognize, with over 75% accuracy, which of 100 websites a victim is visiting. The attack works against several deployed and proposed traffic analysis defenses, including Tor, traffic morphing, HTTPOS, and randomized pipelining. We then describe ongoing research to develop efficient defenses against this class of attacks.


Rob Johnson is an Assistant Professor at Stony Brook University and conducts research in Software Security, System Security, Usable Security, Cryptography, and Big Data Algorithms. Rob is director of the Security, Privacy, And Theory (SPLAT) lab at Stony Brook, the Cryptography Lab at the New York Center for Excellence in Wireless and Information Technology (CEWIT), and the Smart Grid Cyber-security Testing Lab of the New York Advanced Energy Research and Technology Center (AERTC). He graduated from UC Berkeley in 2006, where he studied with David Wagner.