[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] GoSC - Website Fingerprinting project



Roger Dingledine <arma@xxxxxxx> writes:

> On Mon, Mar 10, 2014 at 06:00:13PM +0100, Marc Juarez wrote:
>> I'm a PhD student at COSIC (COmputer Security and Industrial
>> Cryptography) in KU Leuven, Belgium. My research topic is related to
>> network traffic analysis and I'm now focused in the more specific
>> problem of website fingerprinting
>> (http://homes.esat.kuleuven.be/~mjuarezm/).
>
> Welcome!
>
>>  However, I couldn't find any open project that tackles this
>> problem in
>> https://www.torproject.org/getinvolved/volunteer.html.en#Projects
>
> We moved the 'research' ideas from the volunteer page to
> https://research.torproject.org/ideas.html a while ago.
>
> (Also, most of the research ideas don't have to do primarily with coding,
> so they're not as suited for GSoC.)
>
>> That
>> is why I'd like to propose a GoSC project for the implementation of
>> tools (packages, classes, etc.) that contribute in the development of a
>> countermeasure against this attack.
> [snip]
>> I would like to have some feedback from the Tor developers about this
>> project (advices, comments..). I plan to specify it in more detail in
>> the application and to start coding some module that could be shown. But
>> I would like to know if the underlying idea is something that could be
>> of interest for the community.
>
> It's definitely something that we need at some point. But I think your
> first challenge will be finding a mentor with both the time and interest
> to help you make it work.
>
> It seems like some of the approaches would best be done inside Tor (as
> modifications to the Tor program), and some of them would best be done
> in a separate pluggable transport? Or should they all be done in a PT?
> Can the bandwidth shaping in Scramblesuit (obfsproxy) be used as a
> building block here?
>

Might be a mere technicality, but it's currently the case that only
bridges and bridge clients can use PTs.

If we ever wanted to deploy these anti-traffic-analysis PTs to the
whole network, we would have to add PT support to all clients (HSes
might also benefit from this) and to all relays.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev