nov
7
2017

CITP Luncheon Speaker Series:
Günes Acar – How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services

CITP Luncheon Series

Date: Tuesday, November 7, 2017
Time: 12:30 p.m.
Location: 306 Sherrerd Hall
Streaming Live: https://www.youtube.com/user/citpprinceton
Hashtag: #citptalk

No RSVP required for current Princeton faculty, staff, and students. Open to members of the public by invitation only. Please contact Jean Butcher at if you are interested in attending a particular lunch.

Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website fingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site fingerprintability, considering three state-of-the-art website fingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date.

Prior studies typically report average performance results for a given website fingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to fingerprinting and which features make them so. We find that there is a high variability in the frequency at which sites are classified (and misclassified) by these attacks, implying that average performance may not be informative of the risks of particular sites.

We use a number of methods to analyze the features exploited by the different website fingerprinting methods and discuss what makes onion service sites more or less easily identifiable, both in terms of their traffic traces as well as their webpage design. We study misclassifications to understand how onion services sites can be redesigned to be less vulnerable to website fingerprinting attacks. Our results also inform the design of website fingerprinting countermeasures and their evaluation considering likely disparate impact across sites.

Bio:

Günes Acar is a postdoctoral research associate at CITP. Günes studied advanced online tracking technologies such as browser fingerprinting in his PhD. His research also involves using machine learning for website fingerprinting attacks against the Tor anonymity network.

Günes obtained his PhD from the COSIC research group of KU Leuven in Belgium. Günes maintains and contributes to several open source software projects, thanks to his industry experience as a programmer.