Davitt, Killian; Ristea, Dan; Russell, Duncan; Murdoch, Steven J; (2024) CoStricTor: Collaborative HTTP Strict Transport Security in Tor Browser. Proceedings on Privacy Enhancing Technologies , 2024 (1) pp. 343-356. 10.56553/popets-2024-0020. (In press).

Preview

Text popets-2024-0020.pdf - Published Version Download (1MB) | Preview

Abstract

HTTP Strict Transport Security (HSTS) is a widely-deployed security feature in modern web browsing. It is also, however, a potential vector for user tracking and surveillance. Tor Browser, a web browser primarily concerned with online anonymity, disables HSTS as a result of this tracking potential. We present the CoStricTor protocol which crowdsources HSTS data among Tor Browser clients. It gives Tor Browser users increased resistance to man-in-the-middle attacks without exposing them to HSTS tracking. Our protocol adapts other privacy-preserving data aggregation algorithms to share data effectively among users with strong local differential privacy guarantees. The CoStricTor protocol resists denial of service attacks by design through our innovative use of Bloom filters to represent complementary data. Our simulations show our protocol can model up to 150,000 websites, providing 10,000 upgrades to HSTS for users.

Download activity - last month

Export as CSVXMLJSON

Download activity - last 12 months

Export as JSONCSVXML

Downloads by country - last 12 months

Export as CSVXMLJSON

Archive Staff Only

View Item