IEEE Access (Jan 2024)
DeepCoAST: Unveiling Split Trace Correlation to Counter Traffic Splitting Defenses
Abstract
Despite its widespread adoption, Tor remains vulnerable to traffic analysis attacks, which enables both ends of the communication to be inferred by network-level adversaries. Notable examples of such attacks include website fingerprinting and end-to-end flow correlation attacks. Various defense techniques have been proposed to enhance the security of Tor against these threats, with traffic splitting defenses standing out as particularly effective. These defenses allow packets to be sent through multiple circuits without incurring additional bandwidth overhead, thereby limiting the amount of traffic observable by adversaries. In this paper, the potential of correlating split traces is thoroughly investigated using the proposed deep learning-based correlator called DeepCoAST. It is shown that properly merged split traces, upon correlated detection, could enable website fingerprinting attacks to effectively identify websites with high accuracy. Superior performance is demonstrated by DeepCoAST, achieving an Area Under the Receiver Operating Characteristic Curve (AUC) of 0.98 against 95 pairs of split traces generated by three traffic splitting defenses: TrafficSliver, HyWF, and CoMPS. This result highlights the need for further enhancement of traffic splitting Website Fingerprinting (WF) defense mechanisms against DeepCoAST-style attacks.
Keywords