Self-Defense: Optimal QIF Solutions and Application to Website Fingerprinting

TL;DR

This paper introduces optimal methods for minimizing information leakage in fixed systems using Quantitative Information Flow, with practical application to website fingerprinting defenses, demonstrating effectiveness against real-world attacks.

Contribution

It develops linear programming-based optimal solutions for leakage minimization in fixed channels and applies them to website fingerprinting defense scenarios.

Findings

Proposed solutions reduce information leakage effectively.

Experimental results show decreased attacker accuracy.

Approach outperforms natural baseline methods.

Abstract

Quantitative Information Flow (QIF) provides a robust information-theoretical framework for designing secure systems with minimal information leakage. While previous research has addressed the design of such systems under hard constraints (e.g. application limitations) and soft constraints (e.g. utility), scenarios often arise where the core system's behavior is considered fixed. In such cases, the challenge is to design a new component for the existing system that minimizes leakage without altering the original system. In this work we address this problem by proposing optimal solutions for constructing a new row, in a known and unmodifiable information-theoretic channel, aiming at minimizing the leakage. We first model two types of adversaries: an exact-guessing adversary, aiming to guess the secret in one try, and a s-distinguishing one, which tries to distinguish the secret s from all the other secrets.Then, we discuss design strategies for both fixed and unknown priors by offering, for each adversary, an optimal solution under linear constraints, using Linear Programming.We apply our approach to the problem of website fingerprinting defense, considering a scenario where a site administrator can modify their own site but not others. We experimentally evaluate our proposed solutions against other natural approaches. First, we sample real-world news websites and then, for both adversaries, we demonstrate that the proposed solutions are effective in achieving the least leakage. Finally, we simulate an actual attack by training an ML classifier for the s-distinguishing adversary and show that our approach decreases the accuracy of the attacker.