A Critique of Website Traffic Fingerprinting Attacks

Mike Perry has written a detailed article posted at the Tor site that looks at "website traffic fingerprinting" attacks—that is, attacks in which "the adversary attempts to recognize the encrypted traffic patterns of specific web pages without using any other information." In particular, he examines recent publications claiming to be able to recognize specific pages in encrypted Tor traffic, and finds the claimed results less than convincing. The issues vary from study to study, but small sample sizes and false-positives are among several recurring factors. Perry concludes: "It is likely that in practice, relatively simple defenses will still substantially increase the false positive rate of this attack when it is performed against large numbers of web pages (and non-web background traffic), against large volumes of Tor-like traffic, against large numbers of users, or any combination thereof." He does, however, suggest steps to improve subsequent studies, in addition to suggesting countermeasures for Tor users.