Posted on 24/07/2017
Giovanni Cherubin, a PhD student with the Royal Holloway CDT in Cyber Security, has won an "Andreas Pfitzmann Best Student Paper Award" at the Privacy Enhancing Technologies Symposium (PETS) 2017 for his single author paper "Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses".
PETS is the premier venue for research on privacy-enhancing technologies, and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs).
Website Fingerprinting (WF) attacks are an important type of traffic analysis, and can be performed against Tor/VPN users to uncover the web pages they visit. In this field, an arms race between new attacks and defences has been going on for more than a decade. This is partly because of engineering obstacles in designing defences on the top of existing systems and partly because of the lack of a framework to provably quantify the security of defences.
In his paper, Giovanni introduces the first method to measure the security of any WF defence and obtains security proofs for the method using an original application of Machine Learning theory. His method gives complete freedom to defence designers by permitting a black-box evaluation. The results of this paper also drastically narrow the space for improvement of WF attacks by restricting future progress to the consideration of the "features" of network traffic that an adversary selects. Finally, the proposed technique is suitable for evaluating security against a much wider range of attacks, including side channels and other traffic analysis attacks.
Giovanni's paper is freely available at: https://petsymposium.org/2017/papers/issue4/paper50-2017-4-source.pdf.
His presentation can be viewed on YouTube at: https://www.youtube.com/watch?v=rQ5MfHAZ3zk.