Adaptive Webpage Fingerprinting from TLS Traces

TL;DR

This paper presents a scalable and accurate webpage fingerprinting method using TLS traffic analysis, highlighting its capabilities against modern adversaries and evaluating potential defenses in real-world scenarios.

Contribution

Introduces a TLS-specific webpage fingerprinting model that scales to many webpages, classifies unseen pages, and maintains low operational costs, advancing security analysis.

Findings

Scalable to thousands of webpages

Accurately classifies unseen pages

Low operational costs in dynamic environments

Abstract

In webpage fingerprinting, an on-path adversary infers the specific webpage loaded by a victim user by analysing the patterns in the encrypted TLS traffic exchanged between the user's browser and the website's servers. This work studies modern webpage fingerprinting adversaries against the TLS protocol; aiming to shed light on their capabilities and inform potential defences. Despite the importance of this research area (the majority of global Internet users rely on standard web browsing with TLS) and the potential real-life impact, most past works have focused on attacks specific to anonymity networks (e.g., Tor). We introduce a TLS-specific model that: 1) scales to an unprecedented number of target webpages, 2) can accurately classify thousands of classes it never encountered during training, and 3) has low operational costs even in scenarios of frequent page updates. Based on these findings, we then discuss TLS-specific countermeasures and evaluate the effectiveness of the existing padding capabilities provided by TLS 1.3.