Website Fingerprinting Attacks and Defenses
Rob Johnson, Stony Brook University
January 31, 2014 2:30pm, in DC 1304
Website fingerprinting attacks enable a passive eavsdropper to infer the website that a victim is visiting, even if the victim uses an anonymizing service such as Tor. We describe a new fingerprinting attack that is able to recognize, with over 75% accuracy, which of 100 websites a victim is visiting. The attack works against several deployed and proposed traffic analysis defenses, including Tor, traffic morphing, HTTPOS, and randomized pipelining. We then describe ongoing research to develop efficient defenses against this class of attacks.
Rob Johnson is an Assistant Professor at Stony Brook University and conducts research in Software Security, System Security, Usable Security, Cryptography, and Big Data Algorithms. Rob is director of the Security, Privacy, And Theory (SPLAT) lab at Stony Brook, the Cryptography Lab at the New York Center for Excellence in Wireless and Information Technology (CEWIT), and the Smart Grid Cyber-security Testing Lab of the New York Advanced Energy Research and Technology Center (AERTC). He graduated from UC Berkeley in 2006, where he studied with David Wagner.