Network-Based Website Fingerprinting
draft-wood-pearg-website-fingerprinting-00
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Last updated | 2020-05-07 (latest revision 2019-11-04) | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-wood-pearg-website-fingerprinting-00.txt
Abstract
The IETF is well on its way to protecting connection metadata with protocols such as DNS-over-TLS and DNS-over-HTTPS, and work-in- progress towards encrypting the TLS SNI. However, more work is needed to protect traffic metadata, especially in the context of web traffic. In this document, we survey Website Fingerprinting attacks, which are a class of attacks that use machine learning techniques to attack web privacy, and highlight metadata leaks used by said attacks. We also survey proposed mitigations for such leakage and discuss their applicability to IETF protocols such as TLS, QUIC, and HTTP. We endeavor to show that Website Fingerprinting attacks are a serious problem that affect all Internet users, and we pose open problems and directions for future research in this area.
Authors
Ian Goldberg
(iang@uwaterloo.ca)
Tao Wang
(taow@cse.ust.hk)
Christopher Wood
(cawood@apple.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)