-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lunar:
Have you read Mike Perry's long blog post on the topic? https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-att...
It outlines future research work in evaluating the efficiency of fingerprinting attacks, and also mention a couple of promising defenses.
Yes, I am aware of it and I'm currently working on a study to evaluate the efficiency of these attacks. As Mike Perry said in the post, most of the attacks give an unrealistic advantage to the adversary and probably countermeasures work much better than what has been shown so far. However, some of the results of these articles suggest that there exist coarse-grained traffic features that are invariant to randomized pipelines (RP, SPDY) and thus can still identify web pages (Dyer et. al.). Also, edit-distance based classifiers broke some old versions of the RP implemented in Tor Browser. It's an open problem to see if these features actually uniquely identify web pages in larger worlds than the ones considered in the literature. In any case, link-padding strategies are specially designed to conceal these features with the minimal amount of cover traffic and are becoming affordable in terms of bandwidth. The project I propose would be directed to address this bug ticket: https://trac.torproject.org/projects/tor/ticket/7028 For example, I would like to implement the common building blocks for link-padding countermeasures (such as a "traffic generator controller" in the onion proxy and the entry guard). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTHz3kAAoJEGfJ5xfgazlxOwoH/ilP01mjxyyeuPbko/xkKGfw 5gMJGFa0m4StabJ1bhbqJWF2jsu6W2SBCVCqea0emvOvab0WzhuvQvzQb2obZpzr NReUhhiGRhj4xN+2yAL3Vh8zoyZigKtSQPoykwa/AFG7TvIGppHZb0S5ii7Hk/Yf UtwO3Kt3YCGJT3FoKEJQgN2wz82Skbo4Xiw0bknemPFmIkxlxyplkkD0D34OdEYx YPPxRBMuEnpa1H5H3bPMXK55kBP91qS5fg23hsN6Gksy45yhLeiOJZBi0n3nlHD2 xtp4sWdQhTUDFP85kSmbzW/eufuc4WAI6k5KeZtc5YrmIl9eOnAu+tG8Ghu4Vpc= =Rf6n -----END PGP SIGNATURE-----