Date of Award

6-2024

Degree Name

MS in Computer Science

Department/Program

Computer Science

College

College of Engineering

Advisor

Dongfeng Fang

Advisor Department

Computer Science

Advisor College

College of Engineering

Abstract

With rapid developments in communication technologies and awareness of security and privacy risks online, Security and Privacy Enhancing Networks (SPENs) have become increasingly popular. Especially during the COVID-19 pandemic, workplaces encouraged employees to take additional security measures, such as VPNs. In this work, we conduct a comprehensive study on website fingerprinting attacks. A comprehensive system model and threat model based on two types of SPENs (Virtual Private Networks and Tor Networks) are presented. Moreover, we demonstrate a website fingerprinting attack by ethically collecting website fetch data and analyzing the collected data using five different machine learning classification models including k nearest neighbors, decision tree, ada boost, and random forest. We find that SPENs are still vulnerable to website fingerprinting attacks which enable attackers to violate users’ behavioral privacy. However, it is not easy to get accurate results, especially over a large number of websites. Furthermore, we discuss a series of recommendations for SPENs to increase behavioral privacy for their customers. Finally, we cover a variety of directions that future work could take.

Download

Share

COinS