Website fingerprinting attacks allow a local, passive eavesdropper to determine a client's web activity by leveraging features from her packet sequence. These attacks break the privacy expected by users of privacy technologies, including proxies and VPNs. They are invisible to the victim and difficult to defend against. As a discipline, website fingerprinting is an application of machine learning techniques to the diverse field of privacy.
In this talk, I will describe my new algorithms for both website fingerprinting attacks and defenses. I will show that website fingerprinting poses a realistic threat to internet users, and demonstrate that my attacks are successful in breaking the current defenses on Tor. I will then give a construction of the first website fingerprinting defense that is both effective and efficient.
Tao Wang has recently completed his PhD at the University of Waterloo. He studied computer security and privacy, and he is especially interested in usable privacy-enhancing technologies. He has published pioneering research on the topic of traffic analysis on privacy-enhancing technologies, and he is looking to continue his work at IIIS Tsinghua as faculty.