Ephemeral Network-Layer Fingerprinting Defenses
Authors: Tobias Pulls (Karlstad University), Topi Korhonen (Independent), Ethan Witwer (Linköping University), Niklas Carlsson (Linköping University)
Volume: 2026
Issue: 1
Pages: 426–449
DOI: https://doi.org/10.56553/popets-2026-0022
Abstract: Fingerprinting attacks on encrypted network traffic may reveal sensitive information about users of anonymous communication systems, such as visited websites or watched videos, linking users' activities to their identities. Defenses come at the cost of bandwidth and delay overheads, impacting the user experience and making wide-scale deployment challenging. There is a rich history of attacks and defenses, with continual improvements in deep learning as a catalyst, making deployment of defenses an ever more pressing matter. This paper introduces a new defense strategy against fingerprinting attacks---ephemeral defenses---where efficient defense search enables the generation of unique per-connection defenses. We demonstrate that ephemeral defenses are multipurpose network-layer defenses against circuit, website, and video fingerprinting attacks, achieving competitive performance compared to related work. Furthermore, we create tunable ephemeral defenses that are not overly specialized to a particular fingerprinting attack, dataset, or network conditions. Ephemeral defenses are practical, demonstrated through integration with WireGuard and deployment at Mullvad VPN for a year, serving thousands of daily users.
Keywords: anonymous communication, fingerprinting, network simulation
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
