Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks

A passive local eavesdropper can leverage Website Fingerprinting (WF) todeanonymize the web browsing activity of Tor users. The value of timinginformation to WF has often been discounted in recent works due to thevolatility of low-level timing information. In this paper, we more carefullyexamine the extent to which packet timing can be used to facilitate WF attacks.We first propose a new set of timing-related features based on burst-levelcharacteristics to further identify more ways that timing patterns could beused by classifiers to identify sites. Then we evaluate the effectiveness ofboth raw timing and directional timing which is a combination of raw timing anddirection in a deep-learning-based WF attack. Our closed-world evaluation showsthat directional timing performs best in most of the settings we explored,achieving: (i) 98.4% in undefended Tor traffic; (ii) 93.5% on WTF-PAD traffic,several points higher than when only directional information is used; and (iii)64.7% against onion sites, 12% higher than using only direction. Furtherevaluations in the open-world setting show small increases in both precision(+2%) and recall (+6%) with directional-timing on WTF-PAD traffic. To furtherinvestigate the value of timing information, we perform an information leakageanalysis on our proposed handcrafted features. Our results show that whiletiming features leak less information than directional features, theinformation contained in each feature is mutually exclusive to one another andcan thus improve the robustness of a classifier.