Background: Website fingerprinting is a class of techniques used to identify which websites a user is visiting through an encrypted tunnel, such as a VPN or Tor. A common setting involves an attacker that monitors the link between the user’s device and the tunnel’s entry point, collects the encrypted traffic, and determines which website the encrypted communication contents correspond to via classification models. This works because the traffic, despite encryption, contains certain patterns that characterize the underlying web page. Most defense studies evaluate against an adversary that can train classification models on defended traffic — in other words, these studies implicitly assume that an adversary knows which defense targeted users have and how it works.
Description: The paper presents a technique for quickly generating unique, per-connection defenses for the Maybenot framework, removing the adversary’s usual advantage of being able to train on defended traffic. This is essentially an application of Kerckhoffs’s principle to traffic analysis defenses, where defenses are treated as secret keys. Simulations indicate that ephemeral defenses work well in multiple scenarios (website/video fingerprinting and circuit handshakes in Tor) and can achieve reasonable trade-offs between protection and overhead. Also, ephemeral defenses need not be tightly bound to any specific attack, situation, or network conditions.