POSTER: How Dangerous is My Click? Boosting Website Fingerprinting By Considering Sequences of Webpages


Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20% and to dramatically increase the threat to users’ privacy. We argue that WFP defenses have to consider this new dimension of the attack surface.

Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS ‘21), November 15-19, 2021, Seoul, Korea
Johannes Lohmöller
Johannes Lohmöller
Researcher of Computer Science

My research interests include privacy-preserving methods for confidential computing.