RegulaTor: A Straightforward Website Fingerprinting Defense

TL;DR

RegulaTor is a practical website fingerprinting defense that significantly reduces attack accuracy with minimal bandwidth and latency overhead, enhancing privacy for encrypted internet traffic like Tor.

Contribution

It introduces a novel, realistic defense leveraging common web traffic patterns, achieving lower attack success rates with less overhead than existing methods.

Findings

Reduces Tik-Tok attack accuracy from 66% to 25.4% in closed-world setting.

Decreases bandwidth overhead by 39.3% compared to similar defenses.

Limits open-world attack F-score to .135, outperforming comparable defenses.

Abstract

Website Fingerprinting (WF) attacks are used by local passive attackers to determine the destination of encrypted internet traffic by comparing the sequences of packets sent to and received by the user to a previously recorded data set. As a result, WF attacks are of particular concern to privacy-enhancing technologies such as Tor. In response, a variety of WF defenses have been developed, though they tend to incur high bandwidth and latency overhead or require additional infrastructure, thus making them difficult to implement in practice. Some lighter-weight defenses have been presented as well; still, they attain only moderate effectiveness against recently published WF attacks. In this paper, we aim to present a realistic and novel defense, RegulaTor, which takes advantage of common patterns in web browsing traffic to reduce both defense overhead and the accuracy of current WF attacks. In the closed-world setting, RegulaTor reduces the accuracy of the state-of-the-art attack, Tik-Tok, against comparable defenses from 66% to 25.4%. To achieve this performance, it requires limited added latency and a bandwidth overhead 39.3% less than the leading moderate-overhead defense. In the open-world setting, RegulaTor limits a precision-tuned Tik-Tok attack to an F-score of .135, compared to .625 for the best comparable defense.