Which News Articles are You Reading? : Using Fingerprinting to Attack Internal Pages of News Websites

• Main Author: Lindblom, Martin
• Format: Others
• Language: English
• Published: Linköpings universitet, Institutionen för datavetenskap 2021
• Subjects: Fingerprint Attack; Privacy; Transport Layer Security; TLS; Real-World Scenario; News Websites; News Articles; Proxy-Less Labelling Heuristic; Transmission Control Protocol; TCP; Internal Pages; Automatic Data Collection; Computer and Information Sciences; Data- och informationsvetenskap
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-178397

When performing fingerprinting attacks against websites in a controlled environment astudy may achieve very promising results. However, these can be misleading as the closedworld setting may not accurately represent the real-world. This is a problem many priorworks have been critiqued for, the inability to transfer their results from the closed-worldsetting to the real-world. Being able to do so is of great importance to establish what thereal-world consequences would be of fingerprint attacks. If unable to apply one’s findingsoutside of a tightly controlled environment it is difficult to gauge if these attacks types posea real threat or not. Thereby, this thesis has, contrary to previous work, based its settingon a real-world scenario to provide tangible insights into vulnerabilities of news websites.Furthermore, it targeted internal pages of websites, something understudied by previousliterature. All of this while presenting a novel classifier that is lightweight and requireslittle training, and a framework for automatically collecting and labelling encrypted TCPtraffic without the use of a proxy.