Empty TLS application records being injected in Tor streams

[Steven J. Murdoch]

Recently I've been looking into how Tor sends packets out on the wire.
My goal is to understand the detail of how the data is packaged up, in
order to improve Tor's traffic analysis and censorship resistance, as
well as performance.

To do so, I've written some code to decode TLS sessions, and patched
my Tor client to save the keys needed to do. I've done two test-runs
so far -- both are from a Tor client with a cached directory, so it's
mainly data downloads. I cleared the guards between the two runs, and
as it happens test run 4 uses the old TLS handshake and run 5 uses the
new one.

The strange thing I noticed about both test runs is that almost every
second application record is empty (only contains a 5 byte TLS header,
20 byte TLS-level MAC, and 12 bytes of padding). It's not every
application record, as for example there are application records with
two cells, and even 6.