Single-qubit optical quantum fingerprinting

We analyze and demonstrate the feasibility and superiority of linear optical single-qubit fingerprinting over its classical counterpart. For one-qubit fingerprinting of two-bit messages, we prepare `tetrahedral' qubit states experimentally and show that they meet the requirements for quantum fingerprinting to exceed the classical capability. We prove that shared entanglement permits 100% reliable quantum fingerprinting, which will outperform classical fingerprinting even with arbitrary amounts of shared randomness.Comment: 4 pages, one figur

How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services

Recent studies have shown that Tor onion (hidden) service websites are particularly vulnerable to website fingerprinting attacks due to their limited number and sensitive nature. In this work we present a multi-level feature analysis of onion site fingerprintability, considering three state-of-the-art website fingerprinting methods and 482 Tor onion services, making this the largest analysis of this kind completed on onion services to date. Prior studies typically report average performance results for a given website fingerprinting method or countermeasure. We investigate which sites are more or less vulnerable to fingerprinting and which features make them so. We find that there is a high variability in the rate at which sites are classified (and misclassified) by these attacks, implying that average performance figures may not be informative of the risks that website fingerprinting attacks pose to particular sites. We analyze the features exploited by the different website fingerprinting methods and discuss what makes onion service sites more or less easily identifiable, both in terms of their traffic traces as well as their webpage design. We study misclassifications to understand how onion service sites can be redesigned to be less vulnerable to website fingerprinting attacks. Our results also inform the design of website fingerprinting countermeasures and their evaluation considering disparate impact across sites.Comment: Accepted by ACM CCS 201

Case study: disclosure of indirect device fingerprinting in privacy policies

Recent developments in online tracking make it harder for individuals to detect and block trackers. This is especially true for de- vice fingerprinting techniques that websites use to identify and track individual devices. Direct trackers { those that directly ask the device for identifying information { can often be blocked with browser configu- rations or other simple techniques. However, some sites have shifted to indirect tracking methods, which attempt to uniquely identify a device by asking the browser to perform a seemingly-unrelated task. One type of indirect tracking known as Canvas fingerprinting causes the browser to render a graphic recording rendering statistics as a unique identifier. Even experts find it challenging to discern some indirect fingerprinting methods. In this work, we aim to observe how indirect device fingerprint- ing methods are disclosed in privacy policies, and consider whether the disclosures are sufficient to enable website visitors to block the track- ing methods. We compare these disclosures to the disclosure of direct fingerprinting methods on the same websites. Our case study analyzes one indirect ngerprinting technique, Canvas fingerprinting. We use an existing automated detector of this fingerprint- ing technique to conservatively detect its use on Alexa Top 500 websites that cater to United States consumers, and we examine the privacy poli- cies of the resulting 28 websites. Disclosures of indirect fingerprinting vary in specificity. None described the specific methods with enough granularity to know the website used Canvas fingerprinting. Conversely, many sites did provide enough detail about usage of direct fingerprint- ing methods to allow a website visitor to reliably detect and block those techniques. We conclude that indirect fingerprinting methods are often technically difficult to detect, and are not identified with specificity in legal privacy notices. This makes indirect fingerprinting more difficult to block, and therefore risks disturbing the tentative armistice between individuals and websites currently in place for direct fingerprinting. This paper illustrates differences in fingerprinting approaches, and explains why technologists, technology lawyers, and policymakers need to appreciate the challenges of indirect fingerprinting.Accepted manuscrip

One-qubit fingerprinting schemes

Fingerprinting is a technique in communication complexity in which two parties (Alice and Bob) with large data sets send short messages to a third party (a referee), who attempts to compute some function of the larger data sets. For the equality function, the referee attempts to determine whether Alice's data and Bob's data are the same. In this paper, we consider the extreme scenario of performing fingerprinting where Alice and Bob both send either one bit (classically) or one qubit (in the quantum regime) messages to the referee for the equality problem. Restrictive bounds are demonstrated for the error probability of one-bit fingerprinting schemes, and show that it is easy to construct one-qubit fingerprinting schemes which can outperform any one-bit fingerprinting scheme. The author hopes that this analysis will provide results useful for performing physical experiments, which may help to advance implementations for more general quantum communication protocols.Comment: 9 pages; Fixed some typos; changed order of bibliographical reference

k-fingerprinting: a Robust Scalable Website Fingerprinting Technique

Website fingerprinting enables an attacker to infer which web page a client is browsing through encrypted or anonymized network connections. We present a new website fingerprinting technique based on random decision forests and evaluate performance over standard web pages as well as Tor hidden services, on a larger scale than previous works. Our technique, k-fingerprinting, performs better than current state-of-the-art attacks even against website fingerprinting defenses, and we show that it is possible to launch a website fingerprinting attack in the face of a large amount of noisy data. We can correctly determine which of 30 monitored hidden services a client is visiting with 85% true positive rate (TPR), a false positive rate (FPR) as low as 0.02%, from a world size of 100,000 unmonitored web pages. We further show that error rates vary widely between web resources, and thus some patterns of use will be predictably more vulnerable to attack than others.Comment: 17 page

The uncertainties associated with sediment fingerprinting suspended and recently deposited fluvial sediment in the Nene river basin

The use of tracers within a sediment fingerprinting framework has become a commonly used technique for investigating the sources of fine sediment. However, uncertainties associated with tracer behaviour have been cited as major potential limitations to sediment fingerprinting methodologies. This paper aims to determine the differences between fingerprinting results derived using different groups of tracer properties and to determine the role of organic matter content, particle size, and within-source variability in tracer concentrations on the observed differences. A mean difference of 24.1% between the predicted contributions of sediment originating from channel banks was found when using different tracer groups. Mean differences between tracer group predictions were lower, at between 8% and 11%, when fingerprinting contributions from urban street dusts. Organic matter content and / or particle size showed little indication that they caused differences between tracer group predictions. The within-source variability in tracer concentrations and small contrasts between the tracer concentrations of different source groups were identified as probable causes of inherent uncertainty in the fingerprinting predictions. We determined that the ratio of the percentage difference between median tracer concentrations in the source groups and the average within-source tracer concentration coefficient of variation could indicate the likely uncertainty in model predictions prior to tracer use