On 2013-09-04, at 8:09 PM, josef.winger@email.de wrote:
Can a developer please explain to me why something like the following obfuscation of 'torified traffic' is exploitable?
Suppose a scenario where a collective of authorities is able to observe large parts of the www. Then observing traffic correlation can unreveal a connection through the network.
But why can't we just alter the pattern inside the network, such that there is no correlation between 'incomming' and 'outgoing' data anymore?
Regardless of what goes on inside the network, the traffic must be in- order at the points of entrance and exit to the network (a property of TCP). Those are the points of interest to an observer doing traffic correlation.
Compounding that problem is the low latency of the network: the relative timing within any given stream is preserved.
The first problem might be mitigated with packet padding; the second problem might be mitigated with random packet delays. My understanding is that these two approaches are being studied at the moment.
Modifying the behaviour of traffic within the network does not help.
It has also been suggested that cover traffic is a solution, based on a Bayesian argument with (IMHO) incorrect assumptions. I think it will be proven wrong as attacks get better.