Bayes, not Naive: Security Bounds on Website Fingerprinting Defenses

Add to your list(s) Download to your calendar using vCal

• Giovanni Cherubin, Information Security Group (ISG), Royal Holloway, University of London
• Tuesday 28 November 2017, 14:00-15:00
• LT2, Computer Laboratory, William Gates Building.

If you have a question about this talk, please contact Alexander Vetterl.

Website Fingerprinting attacks allow an adversary to predict which web pages a victim visits, even when she browses through Tor/VPN, by using Machine Learning classification techniques on the encrypted traffic she produces. To date, the standard method for evaluating Website Fingerprinting defences is testing them against state-of-the-art attacks; this generated a 10 years-long arms race.

This talk presents a practical method for deriving security bounds for Website Fingerprinting defences, which is based on an original application of Machine Learning theory. The method gives, with respect to the set of features used by an adversary, a lower bound estimate of the smallest error the adversary can achieve, for any classifier he may use. This result i) allows practitioners to evaluate and compare defences in terms of their security, and ii) it favours the shift of WF research to a classifier-agnostic identification of optimal features.

This talk is part of the Computer Laboratory Security Seminar series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Security Seminar
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• LT2, Computer Laboratory, William Gates Building
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• bld31

Note that ex-directory lists are not shown.