[tbb-bugs] #28621 [Applications/Tor Browser]: Investigate "website fingerprinting through cache occupancy channel"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 26 18:56:37 UTC 2018
#28621: Investigate "website fingerprinting through cache occupancy channel"
------------------------------------------+----------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
See this paper:
https://arxiv.org/abs/1811.07153
> Robust Website Fingerprinting Through the Cache Occupancy Channel
> Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek
Mittal, Yossi Oren, Yuval Yarom
> (Submitted on 17 Nov 2018)
>
> Website fingerprinting attacks, which use statistical analysis on
network traffic to compromise user privacy, have been shown to be
effective even if the traffic is sent over anonymity-preserving networks
such as Tor. The classical attack model used to evaluate website
fingerprinting attacks assumes an on-path adversary, who can observe all
traffic traveling between the user's computer and the Tor network. In this
work we investigate these attacks under a different attack model, inwhich
the adversary is capable of running a small amount of unprivileged code on
the target user's computer. Under this model, the attacker can mount cache
side-channel attacks, which exploit the effects of contention on the CPU's
cache, to identify the website being browsed. In an important special case
of this attack model, a JavaScript attack is launched when the target user
visits a website controlled by the attacker. The effectiveness of this
attack scenario has never been systematically analyzed,especially in the
open-world model which assumes that the user is visiting a mix of both
sensitive and non-sensitive sites. In this work we show that cache website
fingerprinting attacks in JavaScript are highly feasible, even when they
are run from highly restrictive environments, such as the Tor Browser
.Specifically, we use machine learning techniques to classify traces of
cache activity. Unlike prior works, which try to identify cache conflicts,
our work measures the overall occupancy of the last-level cache. We show
that our approach achieves high classification accuracy in both the open-
world and the closed-world models. We further show that our techniques are
resilient both to network-based defenses and to side-channel
countermeasures introduced to modern browsers as a response to the Spectre
attack.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28621>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list