-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi all,
I'm a PhD student at COSIC (COmputer Security and Industrial Cryptography) in KU Leuven, Belgium. My research topic is related to network traffic analysis and I'm now focused in the more specific problem of website fingerprinting (http://homes.esat.kuleuven.be/~mjuarezm/).
I think website fingerprinting is one of the most threatening attacks to Tor because it can be deployed with moderate resources and the information that can be extracted as a result is highly sensitive (e.g., browsing history). It basically defeats one of the main privacy guarantees offered by Tor which is unlinkability between sender and recipient or, in this particular case, between the user and the web server. However, I couldn't find any open project that tackles this problem in https://www.torproject.org/getinvolved/volunteer.html.en#Projects. That is why I'd like to propose a GoSC project for the implementation of tools (packages, classes, etc.) that contribute in the development of a countermeasure against this attack.
Regarding countermeasures, since Tor is oriented to low-latency applications like web browsing, delaying strategies are unacceptable and, therefore, they must necessarily be based on link-padding. Link-padding normally incurs in high bandwidth overheads, however the increasing broadband bandwidth capacity available makes it a relevant feasible defence.
Some capabilities for link-padding have been already specified for Tor by Steven Murdoch (https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.tx..., Section 7.2). This functionality is very useful for such a countermeasure but more sophisticated protocols are required for countermeasures that try to adjust the bandwidth overhead.
There are several proposed countermeasures based on link-padding that strive for such a trade-off that might be interesting to implement:
- Congestion-Sensitive BuFLO (http://arxiv.org/abs/1401.6022)
- Adaptive Padding (http://freehaven.net/anonbib/cache/ShWa-Timing06.pdf)
Both countermeasures have some building blocks in common (e.g., a control logic to adapt padding under some specific conditions and reduce the overhead). The core of the project would be to implement them in the most general way as possible so they can be useful for other link-padding applications. For example, to implement the basis for a statistical model in the onion proxy and the entry guard that generates the appropriate cover traffic in both directions, where ?appropriate? would be abstracted as it would be defined by each specific countermeasure.
I would like to have some feedback from the Tor developers about this project (advices, comments..). I plan to specify it in more detail in the application and to start coding some module that could be shown. But I would like to know if the underlying idea is something that could be of interest for the community.
Also, as a PhD student I'm also committed with my research group during the summer so I would like to know if I could work as a part-time student.
Best, - -- marc