Laboratoire d'informatique de l'École polytechnique

Talk by G. Cherubin: «Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses»

Speaker: Giovanni Cherubin
Location: Room Grace Hopper, Alan Turing building
Date: Wed, 17 May 2017, 14:00-15:00

The next Comète seminar will take place next Wednesday 17th of May 2017 at 14h00 in Salle Grace Hooper (LIX - Alan Turing building, École Polytechnique). Giovanni Cherubin, PhD candidate in Information Security with the CDT in Cyber Security at Royal Holloway University of London (RHUL), will talk about "'Bayes, not Naïve': Security Bounds on Website Fingerprinting Defenses" (abstract below).

Abstract: Website Fingerprinting attacks allow an adversary to predict which web pages a victim visits, even when she browses through Tor/VPN, by using Machine Learning classification techniques on the encrypted traffic she produces. To date, the common method for evaluating Website Fingerprinting defences is testing them against state-of-the-art attacks. This generated a 15 years-long arms race.

This talk presents a practical method for deriving security bounds for Website Fingerprinting defences, which is based on results of the Machine Learning theory (specifically, on the optimality of the Bayes classifier). The method gives, with respect to the set of features used by an adversary, a lower bound estimate of what the adversary can achieve, for any classifier he may use. This result: i) allows practitioners to evaluate and compare defences in terms of their security, and ii) it favours a shift of WF research to a classifier-agnostic identification of optimal features. The talk will then consider open questions, and future applications of the method.