[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #9493 [EFF-HTTPS Everywhere]: Implement an option to pad HTTPS requests against traffic analysis

To: undisclosed-recipients:;
Subject: [tor-bugs] #9493 [EFF-HTTPS Everywhere]: Implement an option to pad HTTPS requests against traffic analysis
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 15 Aug 2013 13:19:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 15 Aug 2013 09:19:59 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9493: Implement an option to pad HTTPS requests against traffic analysis
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  pde
     Type:  enhancement           |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 One of the tools that dragnet surveillance actors have against both HTTPS
 and Tor is message length analysis.  In general message lengths can be
 used to determine which paths on a give HTTPS domain a browser might be
 requesting (summed, but probably extractably so, with the lengths of
 messages the client might be POSTing to the server), and to perform end-
 to-end traffic analysis of Tor circuits.

 HTTPS Everywhere is in a position to pad requests to servers to some round
 number of bytes (N byte blocks, powers of two, floors of powers of some
 number lower than two).  We could do this by sticking in a new X-Padding:
 HTTP header.  We could also write an RFC specifying that servers should
 pad their responses in a similar way if they see the X-Padding header.
 Perhaps we could persuade some servers to respect this.

 Would this be valuable?  What padding scheme would we want?  Powers of two
 seems too costly for long messages, maybe we could have a hybrid that used
 512 byte blocks for short messages and powers of 1.3 (15% overhead) or
 something for long messages.  Perhaps we could even collaborate with some
 academics to figure out a good padding scheme based on message length
 spectra for gmail, wikipedia, or other major sites.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9493>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #9493 [EFF-HTTPS Everywhere]: Implement an option to pad HTTPS requests against traffic analysis
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #9493 [EFF-HTTPS Everywhere]: Implement an option to pad HTTPS requests against traffic analysis
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9335 [EFF-HTTPS Everywhere]: embedded search help / HTTPS
Next by Author: Re: [tor-bugs] #9493 [EFF-HTTPS Everywhere]: Implement an option to pad HTTPS requests against traffic analysis
Previous by thread: Re: [tor-bugs] #9492 [TorBrowserButton]: Torbutton logo not updated properly on OSX with TBB 3.0a3
Next by thread: Re: [tor-bugs] #9493 [EFF-HTTPS Everywhere]: Implement an option to pad HTTPS requests against traffic analysis
Index(es):
- Author
- Thread