The Discriminative Power of Cross-layer RTTs in Fingerprinting Proxy Traffic
Diwen Xue
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · Network Security 1
In an era of increasing internet censorship, geoblocking, and network interference, users frequently rely on encrypted tunnels and proxy servers to circumvent restrictions. This talk, "The Discriminative Power of Cross-layer RTTs in Fingerprinting Proxy Traffic," presented by Diwen Xue from the University of Michigan, delves into a novel and potent method for detecting such circumvention tools. Rather than targeting the specific obfuscation techniques employed by individual proxy protocols, this research introduces a protocol-agnostic fingerprint that exploits a fundamental property shared by all tunneling solutions: the misalignment of network sessions across different layers.
AI review
Xue brings a genuinely novel, protocol-agnostic fingerprinting primitive to a space that has been stuck in whack-a-mole mode for years. The cross-layer RTT discrepancy insight is architecturally fundamental — it doesn't care what obfuscation layer you bolt on top — and the 0.6% FPR on live ISP backbone traffic is the kind of real-world validation that separates academic papers from deployable threat models. The counterintuitive OPAQUE 4 result alone is worth the admission.