PCP: Preemptive Circuit Padding against Tor circuit fingerprinting

Online anonymity and privacy has been based on confusing the adversary by creating indistinguishable network elements. Tor is the largest and most-used deployed anonymity system, designed against realistic modern adversaries. Recently, researchers have managed to fingerprint Tor's circuits - and hence the type of underlying traffic - simply by capturing and analyzing traffic traces. In this work, we study the circuit fingerprinting problem, isolating it from website fingerprinting, and revisit previous findings in this model, showing that accurate attacks are possible even when the application-layer traffic is identical. We then proceed to incrementally create defenses against circuit fingerprinting, using a generic adaptive padding framework for Tor based on WTF-PAD. We present a simple but high-latency defense, as well as a more advanced low-latency one which can effectively hide onion service circuits with no additional delays. We thoroughly evaluate both defenses, both analytically and experimentally, discovering new subtle fingerprints, but also showing the effectiveness of our defenses.