Trustworthy Systems

Robust website fingerprinting through the cache occupancy channel


Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossef Oren and Yuval Yarom

Ben-Gurion University of the Negev

Princeton University


University of Adelaide

The University of Adelaide


Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an \emph{on-path adversary}, who can observe all traffic traveling between the user's computer and the Tor network. In this work we investigate these attacks under a different attack model, in which the adversary is capable of running a small amount of unprivileged code on the target user's computer. Under this model, the attacker can mount cache side-channel attacks, which exploit the effects of contention on the CPU's cache, to identify the website being browsed. In an important special case of this attack model, a JavaScript attack is launched when the target user visits a website controlled by the attacker. The effectiveness of this attack scenario has never been systematically analyzed, especially in the open-world model which assumes that the user is visiting a mix of both sensitive and non-sensitive sites. In this work we show that cache website fingerprinting attacks in JavaScript are highly feasible, even when they are run from highly restrictive environments, such as the Tor Browser. Specifically, we use machine learning techniques to classify traces of cache activity. Unlike prior works, which try to identify cache conflicts, our work measures the overall occupancy of the last-level cache. We show that our approach achieves high classification accuracy in both the open-world and the closed-world models. We further show that our attack is more resistant than network-based fingerprinting to the effects of response caching, and that our techniques are resilient both to network-based defenses and to side-channel countermeasures introduced to modern browsers as a response to the Spectre attack. To protect against cache-based website fingerprinting, new defense mechanisms must be introduced to privacy-sensitive browsers and websites.

BibTeX Entry

    month            = aug,
    date             = {2019-8-14},
    publisher        = {USENIX},
    paperurl         = {},
    booktitle        = {USENIX Security Symposium},
    year             = {2019},
    address          = {Santa Clara},
    author           = {Shusterman, Anatoly and Kang, Lachlan and Haskal, Yarden and Meltser, Yosef and Mittal, Prateek and
                        Oren, Yossef and Yarom, Yuval},
    title            = {Robust Website Fingerprinting Through the Cache Occupancy Channel},
    pages            = {639-656}