Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks

A passive local eavesdropper can leverage Website Fingerprinting (WF) to deanonymize the web browsing activity of Tor users. The value of timing information to WF has often been discounted in recent works due to the volatility of low-level timing information. In this paper, we more carefully examine the extent to which packet timing can be used to facilitate WF attacks. In particular, we propose a new set of timing-related features based on burst-level characteristics, evaluate the effectiveness of raw timing and directional timing which is a combination of raw timing and direction in a deep-learning-based WF attack. Our closed-world evaluation shows that directional timing performs best in most of the setting achieving: (i) 98.40% in undefended Tor traffic; (ii) 93.50% on WTF-PAD traffic, several points higher than when only directional information is used; and (iii) 64.70% against onion sites, 12% higher than using only direction. To further investigate the value of timing information, we perform an information leakage analysis on the handcrafted features. Our results show that while timing features leak less information than directional features, the information contained in each feature is mutually exclusive to one another and thus may improve the robustness of a classifier.