< Back to previous page
IUPTIS: A Practical, Cache-resistant Fingerprinting Technique for Dynamic Webpages
Book Contribution - Book Chapter Conference Contribution
Webpage fingerprinting allows an adversary to infer the webpages visited by an end user over an encrypted channel by means of network traffic analysis. If such techniques are applied to websites that contain user profiles (e.g. booking platforms), they can be used for personal identification and pose a clear privacy threat. In this paper, a novel HTTPS webpage fingerprinting method - IUPTIS - is presented, which accomplishes precisely this, through identification and analysis of unique image sequences. It improves upon previous work by being able to fingerprint webpages containing dynamic rather than just static content, making it applicable to e.g. social network pages as well. At the same time, it is not hindered by the presence of caching and does not require knowledge of the specific browser being used. Several accuracy-increasing parameters are integrated that can be tuned according to the specifics of the adversary model and targeted online platform. To quantify the real-world applicability of the IUPTIS method, experiments have been conducted on two popular online platforms. Favorable results were achieved, with a F1 scores between of 82% and 98%, depending on the parameters used. This makes the method practically viable as a means for personal identification.
Book: Proceedings of the 14th International Conference on Web Information Systems and Technologies
Pages: 102 - 112
Keywords:Webpage Fingerprinting, Social Networks, Privacy, Traffic Analysis