Correlation Fingerprinting Attack
A correlation fingerprinting attack is a type of attack that is used to identify the association between two pieces of data that are seemingly unrelated. This can be used to link together various pieces of information about an individual or group, such as their online activities, location, and personal characteristics.
In a correlation fingerprinting attack, the attacker creates a “fingerprint” of the targeted individual or group by analyzing their online activities, such as their browsing history, social media activity, or other online activity. This fingerprint is then used to identify the targeted individual or group, even if they are using anonymity tools or trying to remain anonymous online.
Correlation fingerprinting attacks can be performed using a variety of techniques, including data mining, network analysis, and machine learning algorithms. These techniques can be used to analyze large amounts of data and identify patterns and associations that may not be immediately apparent to humans.
To protect against correlation fingerprinting attacks, it is important to use privacy-enhancing tools and techniques, such as those provided by the Tor network, and to be aware of the types of data that you share online. It is also important to use strong, unique passwords and to enable two-factor authentication whenever possible, as these measures can help to protect against identity theft and other types of attacks.
Correlation Timing Attack
In a correlation timing attack, the attacker creates a “fingerprint” of the targeted individual or group by analyzing the timing of their online activities, such as the websites they visit and the time at which they visit them. This fingerprint is then used to identify the targeted individual or group, even if they are using anonymity tools or trying to remain anonymous online.
Correlation Counting Attack
An attacker can use a correlation counting attack to identify a targeted individual or group by creating a “fingerprint” based on their online activities, such as the websites they visit and the number of times they visit them. By analyzing the frequency or count of these activities, the attacker can create a unique fingerprint that can be used to identify the targeted individual or group, even if they are using anonymity tools or trying to remain anonymous online. This fingerprint is created by analyzing large amounts of data and identifying patterns and associations that may not be immediately apparent to humans, using techniques such as data mining, network analysis, and machine learning algorithms.
Mitigation
There are ways to mitigate these such as:
- Do not use Tor/VPNs to access services that are on the same network (ISP) as the destination service. For example, do not connect to Tor from your University Network to access a University Service anonymously. Instead, use a different source point (such as a public Wi-Fi) that cannot be correlated easily by an adversary.
- Do not use Tor/VPN from an obviously heavily monitored network (such as a corporate/governmental network) but instead try to find an unmonitored network such as a public Wi-Fi or a residential Wi-Fi.
- Consider the use of multiple layers (such as what will be recommended in this guide later: VPN over Tor) so that an adversary might be able to see that someone connected to the service through Tor but will not be able to see that it was you because you were connected to a VPN and not the Tor Network.