Website Fingerprinting - Last Level Cache Contention Traces

Website Fingerprinting - Last Level Cache Contention Traces

Citation Author(s):
Anatoly
Shusterman
Ben Gurion University of the Negev
Lachlan
Kang
University of Adelaide
Yarden
Haskal
Ben Gurion University of the Negev
Yosef
Meltzer
Ben Gurion University of the Negev
Prateek
Mittal
Princeton University
Yossi
Oren
Ben Gurion University of the Negev
Yuval
Yarom
University of Adelaide and Data61
Submitted by:
Anatoly Shusterman
Last updated:
Sun, 05/26/2019 - 03:00
DOI:
10.21227/a33s-cf63
Data Format:
Links:
License:
Creative Commons Attribution
Dataset Views:
93
Share / Embed Cite

Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user's computer and the secure network. In this work we investigate these attacks under a different attack model, in which the adversary is capable of sending a small amount of malicious JavaScript code to the target user's computer. The malicious code mounts a cache side- channel attack, which exploits the effects of contention on the CPU's cache, to identify other websites being browsed. The effectiveness of this attack scenario has never been systematically analyzed, especially in the open-world model which assumes that the user is visiting a mix of both sensitive and non-sensitive sites. We show that cache website fingerprinting attacks in JavaScript are highly feasible. Specifically, we use machine learning techniques to classify traces of cache activity. Unlike prior works, which try to identify cache conflicts, our work measures the overall occupancy of the last- level cache. We show that our approach achieves high classification accuracy in both the open-world and the closed- world models. We further show that our attack is more resistant than network-based fingerprinting to the effects of response caching, and that our techniques are resilient both to network-based defenses and to side-channel countermeasures introduced to modern browsers as a response to the Spectre attack. To protect against cache-based website fingerprinting, new defense mechanisms must be introduced to privacy-sensitive browsers and websites. We investigate one such mechanism, and show that generating artificial cache activity reduces the effectiveness of the attack and completely eliminates it when used in the Tor Browser.

Instructions: 

Untar the data.Every directory means different settings of the data collection:

Javascript collected data:

linux_chrome: the data was collected on linux OS using chrome browser.

linux_ff59:the data was collected on linux OS using  firefox browser.

linux_tor:the data was collected on linux OS using  Tor browser.

win_chrome:  the data was collected on windows10 OS using chrome browser.

win_ff59:the data was collected on windows10 oS using firefox browser.

mac_safari: the data was collected on Mac machine using safari browser.

linux_tor_counter    :the data was collected on linux OS using  Tor browser while running countermeasures.

CW: closed worls detting , every website appear several times.

OW: open worls setting, every website appear only one (or very few) times.

 

Dataset Files

You must login with an IEEE Account to access these files. IEEE Accounts are FREE.

Sign Up now or login.

Embed this dataset on another website

Copy and paste the HTML code below to embed your dataset:

Share via email or social media

Click the buttons below:

facebooktwittermailshare
[1] , "Website Fingerprinting - Last Level Cache Contention Traces", IEEE Dataport, 2019. [Online]. Available: http://dx.doi.org/10.21227/a33s-cf63. Accessed: Jun. 19, 2019.
@data{a33s-cf63-19,
doi = {10.21227/a33s-cf63},
url = {http://dx.doi.org/10.21227/a33s-cf63},
author = { },
publisher = {IEEE Dataport},
title = {Website Fingerprinting - Last Level Cache Contention Traces},
year = {2019} }
TY - DATA
T1 - Website Fingerprinting - Last Level Cache Contention Traces
AU -
PY - 2019
PB - IEEE Dataport
UR - 10.21227/a33s-cf63
ER -
. (2019). Website Fingerprinting - Last Level Cache Contention Traces. IEEE Dataport. http://dx.doi.org/10.21227/a33s-cf63
, 2019. Website Fingerprinting - Last Level Cache Contention Traces. Available at: http://dx.doi.org/10.21227/a33s-cf63.
. (2019). "Website Fingerprinting - Last Level Cache Contention Traces." Web.
1. . Website Fingerprinting - Last Level Cache Contention Traces [Internet]. IEEE Dataport; 2019. Available from : http://dx.doi.org/10.21227/a33s-cf63
. "Website Fingerprinting - Last Level Cache Contention Traces." doi: 10.21227/a33s-cf63