An Efficient Web Traffic Defence Against Timing-Analysis Attacks

TL;DR

This paper presents a new low-overhead web traffic tunnel that adapts to network load, significantly reducing dummy packets and latency while maintaining strong privacy against timing-analysis attacks.

Contribution

It introduces a capacity-achieving, load-adaptive tunnel design that minimizes dummy packet overhead and latency, with practical implementation and extensive performance evaluation.

Findings

Dummy packet overhead is less than 20% on lightly loaded links.

Overhead reduces to zero as traffic load increases.

Latency incurred is less than 100ms.

Abstract

We introduce a new class of lower overhead tunnel that is resistant to traffic analysis. The tunnel opportunistically reduces the number of dummy packets transmitted during busy times when many flows are simultaneously active while maintaining well-defined privacy properties. We find that the dummy packet overhead is typically less than 20% on lightly loaded links and falls to zero as the traffic load increases i.e. the tunnel is capacity-achieving. The additional latency incurred is less than 100ms. We build an experimental prototype of the tunnel and carry out an extensive performance evaluation that demonstrates its effectiveness under a range of network conditions and real web page fetches.