Leveraging strategic connection migration-powered traffic splitting for privacy

TL;DR

This paper introduces CoMPS, a novel framework that leverages connection migration features in encrypted protocols to split traffic mid-session, significantly enhancing user privacy against traffic analysis attacks with minimal overhead.

Contribution

We propose and implement CoMPS, a new traffic splitting framework that exploits connection migration to improve privacy, demonstrating its effectiveness against adaptive traffic analysis attacks.

Findings

CoMPS reduces VarCNN's precision to 29.9% and recall to 36.7% in open-world settings.

Traffic splitting incurs only 5-20% throughput reduction.

CoMPS is deployable on existing servers supporting connection migration.

Abstract

Network-level adversaries have developed increasingly sophisticated techniques to surveil and control users' network traffic. In this paper, we exploit our observation that many encrypted protocol connections are no longer tied to device IP address (e.g., the connection migration feature in QUIC, or IP roaming in WireGuard and Mosh), due to the need for performance in a mobile-first world. We design and implement a novel framework, Connection Migration Powered Splitting (CoMPS), that utilizes these performance features for enhancing user privacy. With CoMPS, we can split traffic mid-session across network paths and heterogeneous network protocols. Such traffic splitting mitigates the ability of a network-level adversary to perform traffic analysis attacks by limiting the amount of traffic they can observe. We use CoMPS to construct a website fingerprinting defense that is resilient against traffic analysis attacks by a powerful adaptive adversary in the open-world setting. We evaluate our system using both simulated splitting data and real-world traffic that is actively split using CoMPS. In our real-world experiments, CoMPS reduces the precision and recall of VarCNN to 29.9% and 36.7% respectively in the open-world setting with 100 monitored classes. CoMPS is not only immediately deployable with any unaltered server that supports connection migration, but also incurs little overhead, decreasing throughput by only 5-20%.