[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Traffic Obfuscation

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Traffic Obfuscation
From: Tom Ritter <tom@xxxxxxxxx>
Date: Wed, 4 Sep 2013 23:25:13 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 04 Sep 2013 23:25:46 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=KA+7+cFdYCrssyg6x9NqK1M02zPI0RiJyd2aQ5cgY6Q=; b=MM0at3pb7XhrhBbB3VlLZVXcw8L5hAfe1GtU/BL2oj7TSjnhaQ+dPlgiHnIrvQmDyM Tue6AcbxuaLwPoz+N3tZQN5EU/aL4xQJe+Ir5Tgok+G/6mWisHmKUo4wj+hbT5XKPMbi PdB6iPGncwCXtQDIJu9Tq+Th0G71Wkxoq+6tA=
In-reply-to: <trinity-1cf7f97f-d7d1-407c-b4d1-76018991407f-1378339750477@3capp-webde-bs30>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <trinity-1cf7f97f-d7d1-407c-b4d1-76018991407f-1378339750477@3capp-webde-bs30>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 4 September 2013 20:09,  <josef.winger@xxxxxxxx> wrote:
> Now node B does not stream the data to node C, but obfuscates
> it. That means if there are n packages it transforms them into
> m packages in some unpredictable way and each new packages gets
> a small amount of additional random-data.
> (The point is that the new stream will not look at all like the
> old one)
>
> Only node B nows the way to de-obfuscate this. But B and C did
> a handshake and using this encryption B shares with C how to
> de-obfuscate the data.

Node A sends 40KB of data to Node B, in some particular distribution.
Node B sends 60KB of data (a 50% increase!) in a new distribution to
Node C.  Node C sends 40 KB of traffic to whereever.

An adversary watching Node B knows that it is passing the data from A
to C.  It's obvious.  Now, it's _less_ obvious when Node B is
receiving two streams of data, 40KB from Node A and 50KB from Node X,
and sending two streams of 60KB to Nodes Y and Z (which stream went
where?) - but that only holds up for really small streams.  For longer
lived streams in a low latency network where the packet sizes and
frequency of the Node A->B and X->B streams diverge, the B->Y and B->Z
streams will likewise diverge, and it's then easy to correlate them
again.

-tom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Traffic Obfuscation
  - From: josef . winger

Prev by Author: [tor-dev] Sponsor F: update; next meeting [in *two weeks*]
Next by Author: Re: [tor-dev] HTTPS Server Impersonation
Previous by thread: [tor-dev] Traffic Obfuscation
Next by thread: Re: [tor-dev] Traffic Obfuscation
Index(es):
- Author
- Thread