[tor-talk] passive analysis of encrypted traffic and traffic obfuscation

vecna vecna at s0ftpj.org
Tue May 17 09:12:31 UTC 2011


Hi tor guys,

encrypted traffic analysis is an analysis apply to an encrypted session
in order not to disclose the protected data, but to detect the protocol
protected.

the IRAN attack in TOR was, more or less, an attack like them. (more or
less because was based on the HTTPS pattern, not in an analysis based on
packets size and packets timing, anyway this is one possible next step
in this challenge).

anyway, yesterday has been released a tool (SniffJoke:
http://www.delirandom.net/sniffjoke) transparently scramble the traffic
outgoing from a Linux box and making nasty to be analyzed by a sniffer
or other passive wiretapping tool.

If someone interested in TOR deply, would:

1) try a blocked TOR version in IRAN, to verify if the session is
protected from the anti-TOR tech

2) study a scrambling pattern, I will develop a specific sniffjoke
plugin to protect eventually escalation in passive analysis from the
attacker

3) tests sniffjoke as additional protection in an exit node, protecting
from passive analysis the anonymized traffic

4) any other ideas :)

I want to offer my supports

cheers,
vecna

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110517/21a4b7ae/attachment.pgp>


More information about the tor-talk mailing list