[tor-dev] GoSC - Website Fingerprinting project

George Kadianakis desnacked at riseup.net
Wed Mar 12 22:14:06 UTC 2014


Roger Dingledine <arma at mit.edu> writes:

> On Mon, Mar 10, 2014 at 06:00:13PM +0100, Marc Juarez wrote:
>> I'm a PhD student at COSIC (COmputer Security and Industrial
>> Cryptography) in KU Leuven, Belgium. My research topic is related to
>> network traffic analysis and I'm now focused in the more specific
>> problem of website fingerprinting
>> (http://homes.esat.kuleuven.be/~mjuarezm/).
>
> Welcome!
>
>>  However, I couldn't find any open project that tackles this
>> problem in
>> https://www.torproject.org/getinvolved/volunteer.html.en#Projects
>
> We moved the 'research' ideas from the volunteer page to
> https://research.torproject.org/ideas.html a while ago.
>
> (Also, most of the research ideas don't have to do primarily with coding,
> so they're not as suited for GSoC.)
>
>> That
>> is why I'd like to propose a GoSC project for the implementation of
>> tools (packages, classes, etc.) that contribute in the development of a
>> countermeasure against this attack.
> [snip]
>> I would like to have some feedback from the Tor developers about this
>> project (advices, comments..). I plan to specify it in more detail in
>> the application and to start coding some module that could be shown. But
>> I would like to know if the underlying idea is something that could be
>> of interest for the community.
>
> It's definitely something that we need at some point. But I think your
> first challenge will be finding a mentor with both the time and interest
> to help you make it work.
>
> It seems like some of the approaches would best be done inside Tor (as
> modifications to the Tor program), and some of them would best be done
> in a separate pluggable transport? Or should they all be done in a PT?
> Can the bandwidth shaping in Scramblesuit (obfsproxy) be used as a
> building block here?
>

Might be a mere technicality, but it's currently the case that only
bridges and bridge clients can use PTs.

If we ever wanted to deploy these anti-traffic-analysis PTs to the
whole network, we would have to add PT support to all clients (HSes
might also benefit from this) and to all relays.


More information about the tor-dev mailing list