Tor circuit fingerprinting defenses using adaptive padding

TL;DR

This paper investigates the problem of fingerprinting Tor circuits, demonstrating the feasibility of accurate attacks even with identical application-layer traffic, and proposes adaptive padding defenses to mitigate this threat.

Contribution

It isolates the circuit fingerprinting problem from website fingerprinting, and introduces adaptive padding defenses for Tor, including a delay-based method and a zero-delay approach for onion services.

Findings

Accurate circuit fingerprinting is possible despite identical application-layer traffic.

Adaptive padding can significantly reduce fingerprinting accuracy.

Zero-delay defenses effectively hide onion service circuits.

Abstract

Online anonymity and privacy has been based on confusing the adversary by creating indistinguishable network elements. Tor is the largest and most widely deployed anonymity system, designed against realistic modern adversaries. Recently, researchers have managed to fingerprint Tor's circuits -- and hence the type of underlying traffic -- simply by capturing and analyzing traffic traces. In this work, we study the circuit fingerprinting problem, isolating it from website fingerprinting, and revisit previous findings in this model, showing that accurate attacks are possible even when the application-layer traffic is identical. We then proceed to incrementally create defenses against circuit fingerprinting, using a generic adaptive padding framework for Tor based on WTF-PAD. We present a simple defense which delays a fraction of the traffic, as well as a more advanced one which can effectively hide onion service circuits with zero delays. We thoroughly evaluate both defenses, both analytically and experimentally, discovering new subtle fingerprints, but also showing the effectiveness of our defenses.