[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Traffic Obfuscation



On 4 September 2013 20:09,  <josef.winger@xxxxxxxx> wrote:
> Now node B does not stream the data to node C, but obfuscates
> it. That means if there are n packages it transforms them into
> m packages in some unpredictable way and each new packages gets
> a small amount of additional random-data.
> (The point is that the new stream will not look at all like the
> old one)
>
> Only node B nows the way to de-obfuscate this. But B and C did
> a handshake and using this encryption B shares with C how to
> de-obfuscate the data.


Node A sends 40KB of data to Node B, in some particular distribution.
Node B sends 60KB of data (a 50% increase!) in a new distribution to
Node C.  Node C sends 40 KB of traffic to whereever.

An adversary watching Node B knows that it is passing the data from A
to C.  It's obvious.  Now, it's _less_ obvious when Node B is
receiving two streams of data, 40KB from Node A and 50KB from Node X,
and sending two streams of 60KB to Nodes Y and Z (which stream went
where?) - but that only holds up for really small streams.  For longer
lived streams in a low latency network where the packet sizes and
frequency of the Node A->B and X->B streams diverge, the B->Y and B->Z
streams will likewise diverge, and it's then easy to correlate them
again.

-tom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev