{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T23:23:14Z","timestamp":1776208994046,"version":"3.50.1"},"reference-count":32,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"2","license":[{"start":{"date-parts":[[2017,4,1]],"date-time":"2017-04-01T00:00:00Z","timestamp":1491004800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,4,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>\n                  <jats:italic>Website Fingerprinting<\/jats:italic> (WF) allows a passive network adversary to learn the websites that a client visits by analyzing traffic patterns that are unique to each website. It has been recently shown that these attacks are particularly effective against .onion sites, anonymous web servers hosted within the Tor network. Given the sensitive nature of the content of these services, the implications of WF on the Tor network are alarming. Prior work has only considered defenses at the client-side arguing that web servers lack of incentives to adopt countermeasures. Furthermore, most of these defenses have been designed to operate on the stream of network packets, making practical deployment difficult. In this paper, we propose two application-level defenses including the first server-side defense against WF, as .onion services have incentives to support it. The other defense is a lightweight client-side defense implemented as a browser add-on, improving ease of deployment over previous approaches. In our evaluations, the server-side defense is able to reduce WF accuracy on Tor .onion sites from 69.6% to 10% and the client-side defense reduces accuracy from 64% to 31.5%.<\/jats:p>","DOI":"10.1515\/popets-2017-0023","type":"journal-article","created":{"date-parts":[[2017,4,6]],"date-time":"2017-04-06T10:04:34Z","timestamp":1491473074000},"page":"186-203","source":"Crossref","is-referenced-by-count":59,"title":["Website Fingerprinting Defenses at the Application Layer"],"prefix":"10.56553","volume":"2017","author":[{"given":"Giovanni","family":"Cherubin","sequence":"first","affiliation":[{"name":"Royal Holloway University of London, Egham, United Kingdom of Great Britain and Northern Ireland"}]},{"given":"Jamie","family":"Hayes","sequence":"additional","affiliation":[{"name":"University College London, London, United Kingdom of Great Britain and Northern Ireland"}]},{"given":"Marc","family":"Juarez","sequence":"additional","affiliation":[{"name":"KU Leuven, ESAT\/COSIC and imec, Leuven, Belgium"}]}],"member":"35752","published-online":{"date-parts":[[2017,4,4]]},"reference":[{"key":"2021040704493274747_j_popets-2017-0023_ref_001_w2aab2b8c20b1b7b1ab1ab1Aa","unstructured":"[1] HTTP\/2 specs. \u201chttps:\/\/http2.github.io\/\u201d, 2015. (accessed: August, 2016)."},{"key":"2021040704493274747_j_popets-2017-0023_ref_002_w2aab2b8c20b1b7b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] X. Cai, R. Nithyanand, and R. Johnson. CS-BuFLO: A Congestion Sensitive Website Fingerprinting Defense. In Workshop on Privacy in the Electronic Society (WPES), pages 121\u2013130. ACM, 2014.","DOI":"10.1145\/2665943.2665949"},{"key":"2021040704493274747_j_popets-2017-0023_ref_003_w2aab2b8c20b1b7b1ab1ab3Aa","doi-asserted-by":"crossref","unstructured":"[3] X. Cai, R. Nithyanand, and R. Johnson. Glove: A Bespoke Website Fingerprinting Defense. In Workshop on Privacy in the Electronic Society (WPES), pages 131\u2013134. ACM, 2014.","DOI":"10.1145\/2665943.2665950"},{"key":"2021040704493274747_j_popets-2017-0023_ref_004_w2aab2b8c20b1b7b1ab1ab4Aa","doi-asserted-by":"crossref","unstructured":"[4] X. Cai, R. Nithyanand, T. Wang, R. Johnson, and I. Goldberg. A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. In ACM Conference on Computer and Communications Security (CCS), pages 227\u2013238. ACM, 2014.","DOI":"10.1145\/2660267.2660362"},{"key":"2021040704493274747_j_popets-2017-0023_ref_005_w2aab2b8c20b1b7b1ab1ab5Aa","doi-asserted-by":"crossref","unstructured":"[5] X. Cai, X. C. Zhang, B. Joshi, and R. Johnson. Touching from a Distance: Website Fingerprinting Attacks and Defenses. In ACM Conference on Computer and Communications Security (CCS), pages 605\u2013616. ACM, 2012.","DOI":"10.1145\/2382196.2382260"},{"key":"2021040704493274747_j_popets-2017-0023_ref_006_w2aab2b8c20b1b7b1ab1ab6Aa","doi-asserted-by":"crossref","unstructured":"[6] S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In IEEE Symposium on Security and Privacy (S&P), pages 191\u2013206. IEEE, 2010.","DOI":"10.1109\/SP.2010.20"},{"key":"2021040704493274747_j_popets-2017-0023_ref_007_w2aab2b8c20b1b7b1ab1ab7Aa","unstructured":"[7] H. Cheng and R. Avnur. Traffic Analysis of SSL Encrypted Web Browsing. Project paper, University of Berkeley, 1998. Available at http:\/\/www.cs.berkeley.edu\/~daw\/teaching\/cs261-f98\/projects\/final-reports\/ronathan-heyning.ps."},{"key":"2021040704493274747_j_popets-2017-0023_ref_008_w2aab2b8c20b1b7b1ab1ab8Aa","doi-asserted-by":"crossref","unstructured":"[8] R. Dingledine, N. Mathewson, and P. F. Syverson. \u201cTor: The Second-Generation Onion Router\u201d. In USENIX Security Symposium, pages 303\u2013320. USENIX Association, 2004.","DOI":"10.21236\/ADA465464"},{"key":"2021040704493274747_j_popets-2017-0023_ref_009_w2aab2b8c20b1b7b1ab1ab9Aa","doi-asserted-by":"crossref","unstructured":"[9] K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In IEEE Symposium on Security and Privacy (S&P), pages 332\u2013346. IEEE, 2012.","DOI":"10.1109\/SP.2012.28"},{"key":"2021040704493274747_j_popets-2017-0023_ref_010_w2aab2b8c20b1b7b1ab1ac10Aa","unstructured":"[10] Y. Gluck, N. Harris, and A. Prado. Breach: reviving the crime attack. Unpublished manuscript, 2013."},{"key":"2021040704493274747_j_popets-2017-0023_ref_011_w2aab2b8c20b1b7b1ab1ac11Aa","unstructured":"[11] J. Hayes and G. Danezis. k-fingerprinting: a Robust Scalable Website Fingerprinting Technique. In USENIX Security Symposium. USENIX Association, 2016."},{"key":"2021040704493274747_j_popets-2017-0023_ref_012_w2aab2b8c20b1b7b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] D. Herrmann, R. Wendolsky, and H. Federrath. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Na\u00efve-Bayes Classifier. In ACM Workshop on Cloud Computing Security, pages 31\u201342. ACM, 2009.","DOI":"10.1145\/1655008.1655013"},{"key":"2021040704493274747_j_popets-2017-0023_ref_013_w2aab2b8c20b1b7b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] A. Hintz. Fingerprinting Websites Using Traffic Analysis. In Privacy Enhancing Technologies (PETs), pages 171\u2013178. Springer, 2003.","DOI":"10.1007\/3-540-36467-6_13"},{"key":"2021040704493274747_j_popets-2017-0023_ref_014_w2aab2b8c20b1b7b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] M. Juarez, S. Afroz, G. Acar, C. Diaz, and R. Greenstadt. A critical evaluation of website fingerprinting attacks. In ACM Conference on Computer and Communications Security (CCS), pages 263\u2013274. ACM, 2014.","DOI":"10.1145\/2660267.2660368"},{"key":"2021040704493274747_j_popets-2017-0023_ref_015_w2aab2b8c20b1b7b1ab1ac15Aa","doi-asserted-by":"crossref","unstructured":"[15] M. Juarez, M. Imani, M. Perry, C. Diaz, and M. Wright. Toward an Efficient Website Fingerprinting Defense. In European Symposium on Research in Computer Security (ESORICS), pages 27\u201346. Springer, 2016.","DOI":"10.1007\/978-3-319-45744-4_2"},{"key":"2021040704493274747_j_popets-2017-0023_ref_016_w2aab2b8c20b1b7b1ab1ac16Aa","unstructured":"[16] A. Kwon, M. AlSabah, D. Lazar, M. Dacier, and S. Devadas. Circuit fingerprinting attacks: passive deanonymization of tor hidden services. In USENIX Security Symposium, pages 287\u2013302. USENIX Association, 2015."},{"key":"2021040704493274747_j_popets-2017-0023_ref_017_w2aab2b8c20b1b7b1ab1ac17Aa","doi-asserted-by":"crossref","unstructured":"[17] M. Liberatore and B. N. Levine. \u201cInferring the source of encrypted HTTP connections\u201d. In ACM Conference on Computer and Communications Security (CCS), pages 255\u2013263. ACM, 2006.","DOI":"10.1145\/1180405.1180437"},{"key":"2021040704493274747_j_popets-2017-0023_ref_018_w2aab2b8c20b1b7b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] L. Lu, E. Chang, and M. Chan. Website Fingerprinting and Identification Using Ordered Feature Sequences. In European Symposium on Research in Computer Security (ESORICS), pages 199\u2013214. Springer, 2010.","DOI":"10.1007\/978-3-642-15497-3_13"},{"key":"2021040704493274747_j_popets-2017-0023_ref_019_w2aab2b8c20b1b7b1ab1ac19Aa","unstructured":"[19] X. Luo, P. Zhou, E. W. W. Chan, W. Lee, R. K. C. Chang, and R. Perdisci. HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows. In Network & Distributed System Security Symposium (NDSS). IEEE Computer Society, 2011."},{"key":"2021040704493274747_j_popets-2017-0023_ref_020_w2aab2b8c20b1b7b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] A. Panchenko, F. Lanze, A. Zinnen, M. Henze, J. Pennekamp, K. Wehrle, and T. Engel. Website fingerprinting at internet scale. In Network & Distributed System Security Symposium (NDSS). IEEE Computer Society, 2016.","DOI":"10.14722\/ndss.2016.23477"},{"key":"2021040704493274747_j_popets-2017-0023_ref_021_w2aab2b8c20b1b7b1ab1ac21Aa","doi-asserted-by":"crossref","unstructured":"[21] A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website fingerprinting in onion routing based anonymization networks. In ACM Workshop on Privacy in the Electronic Society (WPES), pages 103\u2013114. ACM, 2011.","DOI":"10.1145\/2046556.2046570"},{"key":"2021040704493274747_j_popets-2017-0023_ref_022_w2aab2b8c20b1b7b1ab1ac22Aa","unstructured":"[22] M. Perry. Committed to the official Tor Browser git repository, https:\/\/gitweb.torproject.org\/tor-browser.git\/commit\/?id=354b3b."},{"key":"2021040704493274747_j_popets-2017-0023_ref_023_w2aab2b8c20b1b7b1ab1ac23Aa","unstructured":"[23] M. Perry. Experimental Defense for Website Traffic Fingerprinting. Tor project Blog. \u201chttps:\/\/blog.torproject.org\/blog\/experimental-defense-website-traffic-fingerprinting\u201d, 2011. (accessed: October 10, 2013)."},{"key":"2021040704493274747_j_popets-2017-0023_ref_024_w2aab2b8c20b1b7b1ab1ac24Aa","unstructured":"[24] M. Perry, G. Acar, and M. Juarez. personal communication."},{"key":"2021040704493274747_j_popets-2017-0023_ref_025_w2aab2b8c20b1b7b1ab1ac25Aa","unstructured":"[25] A. Pinto. Web Page Sizes: A (Not So) Brief History of Page Size through 2015. yottaa.com. \u201chttp:\/\/www.yottaa.com\/company\/blog\/application-optimization\/a-brief-history-of-web-page-size\/\u201d, 2015. (accessed: April 18, 2016)."},{"key":"2021040704493274747_j_popets-2017-0023_ref_026_w2aab2b8c20b1b7b1ab1ac26Aa","unstructured":"[26] T. Pulls. A golang implementation of the kNN website fingerprinting attack. \u201chttps:\/\/github.com\/pylls\/go-knn\u201d, 2016. (accessed: May, 2016)."},{"key":"2021040704493274747_j_popets-2017-0023_ref_027_w2aab2b8c20b1b7b1ab1ac27Aa","unstructured":"[27] SecureDrop. securedrop.org. \u201chttps:\/\/securedrop.org\/\u201d, 2016. (accessed: April 20, 2016)."},{"key":"2021040704493274747_j_popets-2017-0023_ref_028_w2aab2b8c20b1b7b1ab1ac28Aa","unstructured":"[28] Q. Sun, D. R. Simon, and Y. M. Wang. Statistical Identification of Encrypted Web Browsing Traffic. In IEEE Symposium on Security and Privacy (S&P), pages 19\u201330. IEEE, 2002."},{"key":"2021040704493274747_j_popets-2017-0023_ref_029_w2aab2b8c20b1b7b1ab1ac29Aa","unstructured":"[29] MobiForge. mobiforge.com. \u201chttps:\/\/mobiforge.com\/research-analysis\/the-web-is-doom\u201d, 2016. (accessed: April 20, 2016)."},{"key":"2021040704493274747_j_popets-2017-0023_ref_030_w2aab2b8c20b1b7b1ab1ac30Aa","unstructured":"[30] T. Wang, X. Cai, R. Nithyanand, R. Johnson, and I. Goldberg. Effective Attacks and Provable Defenses for Website Fingerprinting. In USENIX Security Symposium, pages 143\u2013157. USENIX Association, 2014."},{"key":"2021040704493274747_j_popets-2017-0023_ref_031_w2aab2b8c20b1b7b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] T. Wang and I. Goldberg. Improved Website Fingerprinting on Tor. In ACM Workshop on Privacy in the Electronic Society (WPES), pages 201\u2013212. ACM, 2013.","DOI":"10.1145\/2517840.2517851"},{"key":"2021040704493274747_j_popets-2017-0023_ref_032_w2aab2b8c20b1b7b1ab1ac32Aa","unstructured":"[32] C. V. Wright, S. E. Coull, and F. Monrose. Traffic morphing: An efficient defense against statistical traffic analysis. In Network & Distributed System Security Symposium (NDSS). IEEE Computer Society, 2009."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/content.sciendo.com\/view\/journals\/popets\/2017\/2\/article-p186.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/article\/10.1515\/popets-2017-0023","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:29:45Z","timestamp":1658334585000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2017\/popets-2017-0023.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,4,1]]},"references-count":32,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2017,4,4]]},"published-print":{"date-parts":[[2017,4,1]]}},"alternative-id":["10.1515\/popets-2017-0023"],"URL":"https:\/\/doi.org\/10.1515\/popets-2017-0023","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,4,1]]}}}