[tor-dev] Traffic Obfuscation

Tom Ritter tom at ritter.vg
Thu Sep 5 03:25:13 UTC 2013


On 4 September 2013 20:09,  <josef.winger at email.de> wrote:
> Now node B does not stream the data to node C, but obfuscates
> it. That means if there are n packages it transforms them into
> m packages in some unpredictable way and each new packages gets
> a small amount of additional random-data.
> (The point is that the new stream will not look at all like the
> old one)
>
> Only node B nows the way to de-obfuscate this. But B and C did
> a handshake and using this encryption B shares with C how to
> de-obfuscate the data.


Node A sends 40KB of data to Node B, in some particular distribution.
Node B sends 60KB of data (a 50% increase!) in a new distribution to
Node C.  Node C sends 40 KB of traffic to whereever.

An adversary watching Node B knows that it is passing the data from A
to C.  It's obvious.  Now, it's _less_ obvious when Node B is
receiving two streams of data, 40KB from Node A and 50KB from Node X,
and sending two streams of 60KB to Nodes Y and Z (which stream went
where?) - but that only holds up for really small streams.  For longer
lived streams in a low latency network where the packet sizes and
frequency of the Node A->B and X->B streams diverge, the B->Y and B->Z
streams will likewise diverge, and it's then easy to correlate them
again.

-tom


More information about the tor-dev mailing list