The rapid development of the Internet has brought conveniences and caused severe privacy leakages,so privacy protection has become an important research issue of network security.Attackers located at the network core can obtain what webpages users have browsed,such that they deliver targeted ads,profile users,and even conduct social engineering attacks according to the browsing history.Even if users use web traffic encryption technologies such as SSL and Tor,they cannot avoid privacy leakage because Webpage Fingerprint(WF)attacks can identify the visited webpages by analyzing the traffic characteristics during the webpage loading.Therefore,it is essential to study webpage fingerprint defenses to protect user privacy.There exist many methods of Webpage Fingerprint defense,but most are theoretical designs with simulation evaluations without launching an experiment in testbeds.Moreover,the methods based on traffic padding only defend against a particular type of encrypted traffic.The methods based on traffic morphing require the server-side and the client-side to store additional information for auxiliary defense.The methods based on traffic regularization often result in high bandwidth and time overhead.To solve these problems,this thesis develops a new webpage fingerprinting defense method,WFHTTP2,based on the most popular HTTP/2 protocol,and takes full advantage of the features of HTTP/2 to design and implement four basic operations of WF defense:padding,split,insert and delay.WF-HTTP2 has been successfully implemented and deployed on real testbeds and tested against 12 typical web fingerprinting attacks.Experimental results show that WF-HTTP2 can significantly weaken web page fingerprinting attacks with lower bandwidth and time overhead(reducing the accuracy of web page recognition by 95%at most)and balance privacy security and transmission performance by adjusting algorithm parameters. |