Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android

Raphael Spreitzer, Simone Griesmayr, Thomas Korak, Stefan Mangard

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

The browsing behavior of a user allows to infer personal details, such as health status, political interests, sexual orientation, etc. In order to protect this sensitive information and to cope with possible privacy threats, defense mechanisms like SSH tunnels and anonymity networks (e.g., Tor) have been established. A known shortcoming of these defenses is that website fingerprinting attacks allow to infer a user's browsing behavior based on traffic analysis techniques. However, website fingerprinting typically assumes access to the client's network or to a router near the client, which restricts the applicability of these attacks.

In this work, we show that this rather strong assumption is not required for website fingerprinting attacks. Our client-side attack overcomes several limitations and assumptions of network-based fingerprinting attacks, e.g., network conditions and traffic noise, disabled browser caches, expensive training phases, etc. Thereby, we eliminate assumptions used for academic purposes and present a practical attack that can be implemented easily and deployed on a large scale. Eventually, we show that an unprivileged application can infer the browsing behavior by exploiting the unprotected access to the Android data-usage statistics. More specifically, we are able to infer 97% of 2500 page visits out of a set of 500 monitored pages correctly. Even if the traffic is routed through Tor by using the Orbot proxy in combination with the Orweb browser, we can infer 95% of 500 page visits out of a set of 100 monitored pages correctly. Thus, the READ_HISTORY_BOOKMARKS permission, which is supposed to protect the browsing behavior, does not provide protection.
Original languageEnglish
Title of host publication9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016), Darmstadt, Germany
PublisherAssociation of Computing Machinery
DOIs
Publication statusPublished - 18 Jul 2016
EventACM Conference on Security and Privacy in Wireless and Mobile Networks - Darmstadt, Darmstadt, Germany
Duration: 18 Jul 201620 Jul 2016

Conference

ConferenceACM Conference on Security and Privacy in Wireless and Mobile Networks
CountryGermany
CityDarmstadt
Period18/07/1620/07/16

Fingerprint

Websites
Statistics
Routers
Tunnels
Health

Fields of Expertise

  • Information, Communication & Computing

Treatment code (Nähere Zuordnung)

  • Application
  • Theoretical

Cite this

Spreitzer, R., Griesmayr, S., Korak, T., & Mangard, S. (2016). Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android. In 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016), Darmstadt, Germany Association of Computing Machinery. https://doi.org/10.1145/2939918.2939922

Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android. / Spreitzer, Raphael; Griesmayr, Simone; Korak, Thomas; Mangard, Stefan.

9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016), Darmstadt, Germany. Association of Computing Machinery, 2016.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Spreitzer, R, Griesmayr, S, Korak, T & Mangard, S 2016, Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android. in 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016), Darmstadt, Germany. Association of Computing Machinery, ACM Conference on Security and Privacy in Wireless and Mobile Networks, Darmstadt, Germany, 18/07/16. https://doi.org/10.1145/2939918.2939922
Spreitzer R, Griesmayr S, Korak T, Mangard S. Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android. In 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016), Darmstadt, Germany. Association of Computing Machinery. 2016 https://doi.org/10.1145/2939918.2939922
Spreitzer, Raphael ; Griesmayr, Simone ; Korak, Thomas ; Mangard, Stefan. / Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android. 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016), Darmstadt, Germany. Association of Computing Machinery, 2016.
@inproceedings{67b08955ea0f46b482b41d82880f0579,
title = "Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android",
abstract = "The browsing behavior of a user allows to infer personal details, such as health status, political interests, sexual orientation, etc. In order to protect this sensitive information and to cope with possible privacy threats, defense mechanisms like SSH tunnels and anonymity networks (e.g., Tor) have been established. A known shortcoming of these defenses is that website fingerprinting attacks allow to infer a user's browsing behavior based on traffic analysis techniques. However, website fingerprinting typically assumes access to the client's network or to a router near the client, which restricts the applicability of these attacks.In this work, we show that this rather strong assumption is not required for website fingerprinting attacks. Our client-side attack overcomes several limitations and assumptions of network-based fingerprinting attacks, e.g., network conditions and traffic noise, disabled browser caches, expensive training phases, etc. Thereby, we eliminate assumptions used for academic purposes and present a practical attack that can be implemented easily and deployed on a large scale. Eventually, we show that an unprivileged application can infer the browsing behavior by exploiting the unprotected access to the Android data-usage statistics. More specifically, we are able to infer 97{\%} of 2500 page visits out of a set of 500 monitored pages correctly. Even if the traffic is routed through Tor by using the Orbot proxy in combination with the Orweb browser, we can infer 95{\%} of 500 page visits out of a set of 100 monitored pages correctly. Thus, the READ_HISTORY_BOOKMARKS permission, which is supposed to protect the browsing behavior, does not provide protection.",
author = "Raphael Spreitzer and Simone Griesmayr and Thomas Korak and Stefan Mangard",
year = "2016",
month = "7",
day = "18",
doi = "10.1145/2939918.2939922",
language = "English",
booktitle = "9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016), Darmstadt, Germany",
publisher = "Association of Computing Machinery",
address = "United States",

}

TY - GEN

T1 - Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android

AU - Spreitzer, Raphael

AU - Griesmayr, Simone

AU - Korak, Thomas

AU - Mangard, Stefan

PY - 2016/7/18

Y1 - 2016/7/18

N2 - The browsing behavior of a user allows to infer personal details, such as health status, political interests, sexual orientation, etc. In order to protect this sensitive information and to cope with possible privacy threats, defense mechanisms like SSH tunnels and anonymity networks (e.g., Tor) have been established. A known shortcoming of these defenses is that website fingerprinting attacks allow to infer a user's browsing behavior based on traffic analysis techniques. However, website fingerprinting typically assumes access to the client's network or to a router near the client, which restricts the applicability of these attacks.In this work, we show that this rather strong assumption is not required for website fingerprinting attacks. Our client-side attack overcomes several limitations and assumptions of network-based fingerprinting attacks, e.g., network conditions and traffic noise, disabled browser caches, expensive training phases, etc. Thereby, we eliminate assumptions used for academic purposes and present a practical attack that can be implemented easily and deployed on a large scale. Eventually, we show that an unprivileged application can infer the browsing behavior by exploiting the unprotected access to the Android data-usage statistics. More specifically, we are able to infer 97% of 2500 page visits out of a set of 500 monitored pages correctly. Even if the traffic is routed through Tor by using the Orbot proxy in combination with the Orweb browser, we can infer 95% of 500 page visits out of a set of 100 monitored pages correctly. Thus, the READ_HISTORY_BOOKMARKS permission, which is supposed to protect the browsing behavior, does not provide protection.

AB - The browsing behavior of a user allows to infer personal details, such as health status, political interests, sexual orientation, etc. In order to protect this sensitive information and to cope with possible privacy threats, defense mechanisms like SSH tunnels and anonymity networks (e.g., Tor) have been established. A known shortcoming of these defenses is that website fingerprinting attacks allow to infer a user's browsing behavior based on traffic analysis techniques. However, website fingerprinting typically assumes access to the client's network or to a router near the client, which restricts the applicability of these attacks.In this work, we show that this rather strong assumption is not required for website fingerprinting attacks. Our client-side attack overcomes several limitations and assumptions of network-based fingerprinting attacks, e.g., network conditions and traffic noise, disabled browser caches, expensive training phases, etc. Thereby, we eliminate assumptions used for academic purposes and present a practical attack that can be implemented easily and deployed on a large scale. Eventually, we show that an unprivileged application can infer the browsing behavior by exploiting the unprotected access to the Android data-usage statistics. More specifically, we are able to infer 97% of 2500 page visits out of a set of 500 monitored pages correctly. Even if the traffic is routed through Tor by using the Orbot proxy in combination with the Orweb browser, we can infer 95% of 500 page visits out of a set of 100 monitored pages correctly. Thus, the READ_HISTORY_BOOKMARKS permission, which is supposed to protect the browsing behavior, does not provide protection.

U2 - 10.1145/2939918.2939922

DO - 10.1145/2939918.2939922

M3 - Conference contribution

BT - 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016), Darmstadt, Germany

PB - Association of Computing Machinery

ER -