Roger Dingledine arma@mit.edu writes:
On Mon, Mar 10, 2014 at 06:00:13PM +0100, Marc Juarez wrote:
I'm a PhD student at COSIC (COmputer Security and Industrial Cryptography) in KU Leuven, Belgium. My research topic is related to network traffic analysis and I'm now focused in the more specific problem of website fingerprinting (http://homes.esat.kuleuven.be/~mjuarezm/).
Welcome!
However, I couldn't find any open project that tackles this problem in https://www.torproject.org/getinvolved/volunteer.html.en#Projects
We moved the 'research' ideas from the volunteer page to https://research.torproject.org/ideas.html a while ago.
(Also, most of the research ideas don't have to do primarily with coding, so they're not as suited for GSoC.)
That is why I'd like to propose a GoSC project for the implementation of tools (packages, classes, etc.) that contribute in the development of a countermeasure against this attack.
[snip]
I would like to have some feedback from the Tor developers about this project (advices, comments..). I plan to specify it in more detail in the application and to start coding some module that could be shown. But I would like to know if the underlying idea is something that could be of interest for the community.
It's definitely something that we need at some point. But I think your first challenge will be finding a mentor with both the time and interest to help you make it work.
It seems like some of the approaches would best be done inside Tor (as modifications to the Tor program), and some of them would best be done in a separate pluggable transport? Or should they all be done in a PT? Can the bandwidth shaping in Scramblesuit (obfsproxy) be used as a building block here?
Might be a mere technicality, but it's currently the case that only bridges and bridge clients can use PTs.
If we ever wanted to deploy these anti-traffic-analysis PTs to the whole network, we would have to add PT support to all clients (HSes might also benefit from this) and to all relays.