[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] GoSC - Website Fingerprinting project



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lunar:
> Have you read Mike Perry's long blog post on the topic?
> https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
> 
> It outlines future research work in evaluating the efficiency of
> fingerprinting attacks, and also mention a couple of promising defenses.

Yes, I am aware of it and I'm currently working on a study to evaluate
the efficiency of these attacks.

As Mike Perry said in the post, most of the attacks give an unrealistic
advantage to the adversary and probably countermeasures work much better
than what has been shown so far.

However, some of the results of these articles suggest that there exist
coarse-grained traffic features that are invariant to randomized
pipelines (RP, SPDY) and thus can still identify web pages (Dyer et.
al.). Also, edit-distance based classifiers broke some old versions of
the RP implemented in Tor Browser.

It's an open problem to see if these features actually uniquely identify
web pages in larger worlds than the ones considered in the literature.
In any case, link-padding strategies are specially designed to conceal
these features with the minimal amount of cover traffic and are becoming
affordable in terms of bandwidth.

The project I propose would be directed to address this bug ticket:

https://trac.torproject.org/projects/tor/ticket/7028

For example, I would like to implement the common building blocks for
link-padding countermeasures (such as a "traffic generator controller"
in the onion proxy and the entry guard).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTHz3kAAoJEGfJ5xfgazlxOwoH/ilP01mjxyyeuPbko/xkKGfw
5gMJGFa0m4StabJ1bhbqJWF2jsu6W2SBCVCqea0emvOvab0WzhuvQvzQb2obZpzr
NReUhhiGRhj4xN+2yAL3Vh8zoyZigKtSQPoykwa/AFG7TvIGppHZb0S5ii7Hk/Yf
UtwO3Kt3YCGJT3FoKEJQgN2wz82Skbo4Xiw0bknemPFmIkxlxyplkkD0D34OdEYx
YPPxRBMuEnpa1H5H3bPMXK55kBP91qS5fg23hsN6Gksy45yhLeiOJZBi0n3nlHD2
xtp4sWdQhTUDFP85kSmbzW/eufuc4WAI6k5KeZtc5YrmIl9eOnAu+tG8Ghu4Vpc=
=Rf6n
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev