The One-Page Setting: A Higher Standard for Evaluating Website Fingerprinting Defenses

Abstract

To defeat Website Fingerprinting (WF) attacks that threaten privacy on anonymity technologies such as Tor, defenses have been proposed and evaluated under the multi-page setting. The multi-page setting was designed as a difficult setting for the attacker and therefore gives too much of an advantage to the defense, allowing weak defenses to show success. We argue that all WF defenses should instead be evaluated under the one-page setting so that the defender needs to meet a higher standard of success. Evaluating known WF defenses under the one-page setting, we found that Decoy, Front and Tamaraw all failed to defend against WF attacks. None of these defenses were shown to be vulnerable in previous work. In Tamaraw's case, the attacker's TPR increases 13 times from 2.9% to 37% with 4.4% FPR; he can also achieve 91% TPR and 21% FPR. We also found that these attacks were able to succeed in a wide array of newly defined WF scenarios that could not be captured by the standard laboratory scenario. In response, we create the first defense that is strong enough for the one-page setting by augmenting Tamaraw with greater randomization overhead so that its anonymity sets are more evenly dispersed.