Evaluation of a Proposed Traffic-Splitting Defence for Tor : Using Directional Time and Simulation Against TrafficSliver

Abstract: Tor is a Privacy-Enhancing Technology based on onion routing which lets its users browse the web anonymously. Even though the traffic is encrypted in multiple layers, traffic analysis can still be used to gather information from meta-data such as time, size, and direction of the traffic. A Website Fingerprinting (WF) attack is characterized by monitoring traffic locally to the user in order to predict the destination website based on the observed patterns. TrafficSliver is a proposed defence against WF attacks which splits the traffic on multiple paths in the Tor network. This way, a local attacker is assumed to only be able to observe a subset of all the user's total traffic. The initial evaluation of TrafficSliver against Deep Fingerprinting (DF), the state-of-the-art WF attack, showed promising results for the defence, reducing the accuracy of DF from over 98% down to less than 7% without adding artificial delays or dummy traffic. In this thesis, we further evaluate TrafficSliver against DF beyond what was done in the original work by De la Cadena et al. by using a richer data representation and finding out whether it is possible to utilize simulated training data to improve the accuracy of the attack. By introducing directional time as a richer data representation and increasing the size of the training dataset using a simulator, the accuracy of DF was improved against TrafficSliver on three different datasets. Against the original dataset provided by the authors of TrafficSliver, the accuracy was initially 7.1% and then improved to 49.9%. The results were confirmed by using two additional datasets with TrafficSliver, where the accuracy was improved from 5.4% to 44.9% and from 9.8% to 37.7%.