Impact of replacing TCP by QUIC in Tor on website fingerprinting resistance
C.H. Trap (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Stefanie Roos – Mentor (TU Delft - Data-Intensive Systems)
Georgios Smaragdakis – Graduation committee member (TU Delft - Cyber Security)
J.E.A.P. Decouchant – Graduation committee member (TU Delft - Data-Intensive Systems)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Privacy is a human right, yet, people’s behavior on the web is constantly tracked. Tor, an anonymity network, is an effective defence against tracking. However, Tor’s multiplexing of logically independent data streams into a single TCP connection causes issues. Tor with QUIC has been implemented as an alternative with better performance but it has not been studied whether and by how much QUIC increases the vulnerability to timing-based attacks.
The most threatening attacks are website fingerprinting attacks, which can track a Tor user by only controlling the guard node, first of the relays that forward traffic in Tor. In this work, Tor with QUIC is evaluated against website fingerprinting attacks with various levels of defences active. Without defences, Tor is vulnerable to website fingerprinting for both TCP and QUIC but the attacks are more effective on QUIC. On the positive side, defences against website fingerprinting remain effective for QUIC in that they decrease the effectiveness of the attack by a
similar fraction as for TCP.