Cryptographic protocols have been widely used to protect the user's privacy and avoid exposing private information. QUIC (Quick UDP Internet Connections), as an alternative to traditional HTTP, demonstrates its unique transmission characteristics: based on UDP for encrypted resource transmission, accelerating web page rendering. However, existing encrypted transmission schemes based on TCP are vulnerable to website fingerprinting (WFP) attacks, allowing adversaries to infer the users' visited websites by eavesdropping on the transmission channel. Whether QUIC protocol can effectively resisting to such attacks is worth investigating. In this work, we demonstrated the extreme vulnerability of QUIC under WFP attacks by comparing attack results under well-designed conditions. We also study the transferability of features, which enable the adversary to use proven effective features on a special protocol attacking a new protocol. This study shows that QUIC is more vulnerable to WFP attacks than HTTPS in the early traffic scenario but is similar in the normal scenario. The maximum attack accuracy on QUIC is 56.8 % and 73 % higher than on HTTPS utilizing Simple features and Transfer features. The insecurity characteristic of QUIC explains the dramatic gap. We also find that features are transferable between protocols, and the feature importance is partially inherited on normal traffic due to the relatively fixed browser rendering sequence and the similar request-response model of protocols. However, the transferability is inefficient when on early traffic, as QUIC and HTTPS show significantly different vulnerability when considering early traffic. We also show that attack accuracy on QUIC could reach 95.4 % with only 40 packets and just using simple features, whereas only 60.7 % when on HTTPS.


翻译:QUIC(Quick UDP Internet Connects)作为传统HTTP的替代方案,展示了它独特的传输特性:基于UDP加密资源传输的加密资源传输,加快网页制作。然而,基于TCP(WFP)的现有加密传输计划很容易受到网站指纹攻击(WFP)的伤害,允许对手通过偷听传输频道窃听用户访问的网站,推断用户访问的网站,值得调查QUIC协议能否有效抵抗这种攻击的脆弱性。在这项工作中,我们通过在设计完善的条件下比较攻击的准确性,展示了在WFPC袭击的加密协议中使用经证明的有效功能的可传输性。然而,QUIC在早期交通情况中比HTPS更容易受到攻击,但是在正常情况下,QUIC的最大攻击准确度是56.8%和73 %。在使用简单的简单特征和传输功能时,我们发现HTPS的快速攻击能力非常脆弱。

0
下载
关闭预览

相关内容

专知会员服务
17+阅读 · 2020年9月6日
专知会员服务
60+阅读 · 2020年3月19日
100+篇《自监督学习(Self-Supervised Learning)》论文最新合集
专知会员服务
164+阅读 · 2020年3月18日
【新书】Java企业微服务,Enterprise Java Microservices,272页pdf
Keras François Chollet 《Deep Learning with Python 》, 386页pdf
专知会员服务
151+阅读 · 2019年10月12日
强化学习最新教程,17页pdf
专知会员服务
174+阅读 · 2019年10月11日
已删除
将门创投
14+阅读 · 2019年5月29日
Arxiv
0+阅读 · 2021年3月19日
Arxiv
35+阅读 · 2019年11月7日
Interpretable Adversarial Training for Text
Arxiv
5+阅读 · 2019年5月30日
Self-Driving Cars: A Survey
Arxiv
41+阅读 · 2019年1月14日
VIP会员
相关VIP内容
相关资讯
已删除
将门创投
14+阅读 · 2019年5月29日
Top
微信扫码咨询专知VIP会员