[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] WTF-PAD and the future

To: Mike Perry <mikeperry@xxxxxxxxxxxxxx>, tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] WTF-PAD and the future
From: George Kadianakis <desnacked@xxxxxxxxxx>
Date: Sun, 29 Jul 2018 15:42:43 +0200
Cc: mohsen.imani@xxxxxxxxxxxx, Marc Juarez <marc.juarez@xxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 29 Jul 2018 09:43:07 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1532871772; bh=65XJeRzGukkislN3OxQF+ZmASGE+uhBKv35Y0bOjNuU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=idNxLhpqm36d8EUzfjHEWE0LZLW8Re/qQmEM7i5TVqizdFlWPbvsjOP3YlstdkbQ3 KsMM67M7+vlH4a+qpSM0dSLOkc4XyjV8uMOWXrMmWYu8I+9XaGxx+guaS81G0oOTRv lkL9Duy2DLoVvzkXnogkEt17ArrxodQY7jfBCT50=
In-reply-to: <20180727190315.GC1018@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <874lgk8zsx.fsf@riseup.net> <20180727190315.GC1018@torproject.org>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Mike Perry <mikeperry@xxxxxxxxxxxxxx> writes:

> George Kadianakis:
>> Hello Mike,
>> 
>> I had a talk with Marc and Mohsen today about WTF-PAD. I now understand
>> much more about WTF-PAD and how it works with regards to histograms.  I
>> think I might even understand enough to start some sort of conversation
>> about it:
>> 
>> Here are some takeaways:
>> 
>> 1) Marc and Mohsen think that WTF-PAD might not be the way forward
>>    because of its various drawbacks and its complexity. Apparently there
>>    are various attacks on WTF-PAD that Roger has discovered (SENDME
>>    cells side-channels?) and also the deep learning crowd has done some
>>    pretty good damage to the WTF-PAD padding (90%-60% accuracy?). They
>>    also told me that achieving needed precision on the timings might be
>>    a PITA.
>
> Are there citations for any of this? Last I heard Matt Wright was
> working on a deep learning study but the results were mixed.
>

I think this is the best we have in terms of public results:
  https://arxiv.org/abs/1801.02265

>> 2) From what I understand you are also hoping to use WTF-PAD to protect
>>    against circuit fingerprinting and not just website
>>    fingerprinting. They told me that while this might be plausible,
>>    there is no current research on how well it can achieve that.  Are we
>>    hoping to do that? And what research remains here? How can I help?
>>    Which parts of the Tor circuit protocol are we hoping to hide?
>
> I am designing WTF-PAD to be a framework for deploying padding against
> arbitrary traffic analysis attacks. It is meant to allow us to define
> histograms on the fly (in the Tor consensus) as these are studied. The
> fact that they have not yet been studied is not super relevant to
> deploying the framework for it now.
>

ACK.

What other traffic analysis attacks are we looking at addressing here?

I'm thinking of stuff like "circuit fingerprinting of onion services",
but I wonder if histograms and random sampling is too crude to actually
be able to help against sophisticated attacks. I don't have a suggestion
for something better currently.

On that topic, is it decided whether the adaptive padding of WTF-PAD
will also happen during circuit construction, or only after that?

>> 3) Marc and Mohsen suggested using application-layer defences because
>>    the application-layer has much better view of the actual structures
>>    that are sent on the wire, instead of the black box view that the
>>    network layer has.
>> 
>>    In particular they were mainly concerned about onion services
>>    fingerprinting because they are part of a restricted closed world,
>>    whereas they were less concerned about the entire internet because of
>>    its vast size.
>> 
>>    They suggested that we could investigate using the service-side
>>    "alpaca" library for onion services (e.g. as part of securedrop?)
>>    which should resolve the most pressing concern of HS identification.
>
> I mean yeah application-layer defenses are useful for website traffic
> fingerprinting, but that is a very narrow slice of the traffic analysis
> problems that I want this framework to solve.
>
> WTF-PAD also doesn't rule out hidden service operators using alpaca,
> either. 
>

Agreed.

>> 4) They also told me of research by Tobias Pulls which eliminates the
>>    needs for histograms in WTF-PAD and instead it samples from the
>>    probability distribution directly. They think that this can simplify
>>    things somewhat. Any thoughts on this?
>
> Yes this is actually exactly what I want to do with the next iteration
> of WTF-PAD! The question is what form/model to use for these probability
> distributions. Right now we're encoding inter-burst and inter-packet
> timings with some weird geometric distribution determining how long
> these bursts should go on for, when it might be more natural to encode
> and sample from length-based distributions/histograms.
>
> (Histograms vs distribution is not the problem -- its what they encode
> and how they encode it that matters).
>
> I don't see this paper on Tobias's website. Is it up anywhere yet?
>  

Hmm. Looking at the README of wtfpad (see the APE section), I think this
blog post is the best resource we have on this:
     https://www.cs.kau.se/pulls/hot/thebasketcase-ape/

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] WTF-PAD and the future
  - From: teor
- Re: [tor-dev] WTF-PAD and the future
  - From: Tobias Pulls

References:
- [tor-dev] WTF-PAD and the future
  - From: George Kadianakis
- Re: [tor-dev] WTF-PAD and the future
  - From: Mike Perry

Prev by Author: Re: [tor-dev] Tor port restriction option was removed
Next by Author: Re: [tor-dev] Alternative directory format for v3 client auth
Previous by thread: Re: [tor-dev] WTF-PAD and the future
Next by thread: Re: [tor-dev] WTF-PAD and the future
Index(es):
- Author
- Thread