Abstract
End-to-end flow correlation attacks are among the oldest known attacks on low-latency anonymity networks, and are treated as a core primitive for traffic analysis of Tor. However, despite recent work showing that individual flows can be correlated with high accuracy, the impact of even these state-of-the-art attacks is questionable due to a central drawback: their pairwise nature, requiring comparison between N2 pairs of flows to deanonymize N users. This results in a combinatorial explosion in computational requirements and an asymptotically declining base rate, leading to either high numbers of false positives or vanishingly small rates of successful correlation. In this paper, we introduce a novel flow correlation attack, DeepCoFFEA, that combines two ideas to overcome these drawbacks. First, DeepCoFFEA uses deep learning to train a pair of feature embedding networks that respectively map Tor and exit flows into a single low-dimensional space where correlated flows are similar; pairs of embedded flows can be compared at lower cost than pairs of full traces. Second, DeepCoFFEA uses amplification, dividing flows into short windows and using voting across these windows to significantly reduce false positives; the same embedding networks can be used with an increasing number of windows to independently lower the false positive rate. We conduct a comprehensive experimental analysis showing that DeepCoFFEA significantly outperforms state-of-the-art flow correlation attacks on Tor, e.g. 93% true positive rate versus at most 13% when tuned for high precision, with two orders of magnitude speedup over prior work. We also consider the effects of several potential countermeasures on DeepCoFFEA, finding that existing lightweight defenses are not sufficient to secure anonymity networks from this threat.
Original language | English (US) |
---|---|
Title of host publication | Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 1915-1932 |
Number of pages | 18 |
ISBN (Electronic) | 9781665413169 |
DOIs | |
State | Published - 2022 |
Event | 43rd IEEE Symposium on Security and Privacy, SP 2022 - San Francisco, United States Duration: May 23 2022 → May 26 2022 |
Publication series
Name | 2022 IEEE Symposium on Security and Privacy (SP) |
---|
Conference
Conference | 43rd IEEE Symposium on Security and Privacy, SP 2022 |
---|---|
Country/Territory | United States |
City | San Francisco |
Period | 5/23/22 → 5/26/22 |
Bibliographical note
Funding Information:We thank our anonymous reviewers for helpful suggestions and comments regarding the presentation and evaluation of DeepCoFFEA. We also thank Milad Nasr for sharing the code of Compressive Traffic Analysis and the DeepCorr set, and discussion about the data collection. We extend our appreciation to Erik Lindeman for the help with building the data collection method. This work was funded by the National Science Foundation under Grants nos. 1816851, 1433736, and 1815757, and the Ewha Womans University Research Grant of 2022.
Publisher Copyright:
© 2022 IEEE.