[tor-talk] obfsproxy like approach against website traffic fingerprinting?
Roger Dingledine
arma at mit.edu
Thu Dec 13 20:47:36 UTC 2012
On Thu, Dec 13, 2012 at 08:38:37PM +0000, adrelanos wrote:
> what if everyone, also people in uncensored countries, would use
> obfsproxy like traffic obfuscation for all circuits?
>
> Could that make website traffic fingerprinting [1] more difficult?
Obfsproxy transforms each byte, but it doesn't change timing or size. So
I expect it does nothing against website fingerprinting.
To protect against somebody recognizing that the obfsproxied flows
are really Tor traffic underneath (i.e. by noticing a lot of 586-byte
packets), you'll want a chopper as well as obfsproxy. See the Stegotorus
paper: http://freehaven.net/anonbib/#ccs2012-stegotorus
But ultimately, the good website fingerprinting attacks look at overall
flow volume, so you'll want something that pads your sent/received flows
so they collide with a lot of other potential websites, without adding
too much overhead.
For the latest website fingerprinting paper, see Rob Johnson's "Touching
from a Distance" paper at CCS 2012.
--Roger
More information about the tor-talk
mailing list