-
Maybenot: A Framework for Traffic Analysis Defenses
Authors:
Tobias Pulls
Abstract:
End-to-end encryption is a powerful tool for protecting the privacy of Internet users. Together with the increasing use of technologies such as Tor, VPNs, and encrypted messaging, it is becoming increasingly difficult for network adversaries to monitor and censor Internet traffic. One remaining avenue for adversaries is traffic analysis: the analysis of patterns in encrypted traffic to infer infor…
▽ More
End-to-end encryption is a powerful tool for protecting the privacy of Internet users. Together with the increasing use of technologies such as Tor, VPNs, and encrypted messaging, it is becoming increasingly difficult for network adversaries to monitor and censor Internet traffic. One remaining avenue for adversaries is traffic analysis: the analysis of patterns in encrypted traffic to infer information about the users and their activities. Recent improvements using deep learning have made traffic analysis attacks more effective than ever before.
We present Maybenot, a framework for traffic analysis defenses. Maybenot is designed to be easy to use and integrate into existing end-to-end encrypted protocols. It is implemented in the Rust programming language as a crate (library), together with a simulator to further the development of defenses. Defenses in Maybenot are expressed as probabilistic state machines that schedule actions to inject padding or block outgoing traffic. Maybenot is an evolution from the Tor Circuit Padding Framework by Perry and Kadianakis, designed to support a wide range of protocols and use cases.
△ Less
Submitted 19 April, 2023;
originally announced April 2023.
-
Towards Effective and Efficient Padding Machines for Tor
Authors:
Tobias Pulls
Abstract:
Tor recently integrated a circuit padding framework for creating padding machines: defenses that work by defining state machines that inject dummy traffic to protect against traffic analysis attacks like Website Fingerprinting (WF) attacks. In this paper, we explore the design of effective and efficient padding machines to defend against WF attacks. Through the use of carefully crafted datasets, a…
▽ More
Tor recently integrated a circuit padding framework for creating padding machines: defenses that work by defining state machines that inject dummy traffic to protect against traffic analysis attacks like Website Fingerprinting (WF) attacks. In this paper, we explore the design of effective and efficient padding machines to defend against WF attacks. Through the use of carefully crafted datasets, a circuit padding simulator, genetic programming, and manual tuning of padding machines we explore different aspects of what makes padding machines effective and efficient defenses. Our final machine, named Interspace, is probabilistically-defined with a tweakable trade-off between efficiency and effectiveness against the state-of-the-art deep-learning WF attack Deep Fingerprinting by Sirinam et al. We show that Interspace can be both more effective and efficient than WTF-PAD by Juarez et al. the padding machine that inspired the design of Tor's circuit padding framework. We end this paper by showing how Interspace can be made less effective, identifying the promising tactic of probabilistically defined padding machines, and highlighting the need to further explore this tactic in more complex defenses.
△ Less
Submitted 26 November, 2020;
originally announced November 2020.
-
Aggregation-Based Certificate Transparency Gossip
Authors:
Rasmus Dahlberg,
Tobias Pulls,
Jonathan Vestin,
Toke Høiland-Jørgensen,
Andreas Kassler
Abstract:
Certificate Transparency (CT) requires that every CA-issued TLS certificate must be publicly logged. While a CT log need not be trusted in theory, it relies on the assumption that every client observes and cryptographically verifies the same log. As such, some form of gossip mechanism is needed in practice. Despite CT being adopted by several major browser vendors, no gossip mechanism is widely de…
▽ More
Certificate Transparency (CT) requires that every CA-issued TLS certificate must be publicly logged. While a CT log need not be trusted in theory, it relies on the assumption that every client observes and cryptographically verifies the same log. As such, some form of gossip mechanism is needed in practice. Despite CT being adopted by several major browser vendors, no gossip mechanism is widely deployed. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors (such as routers and switches) to periodically verify log consistency off-path. In other words, gossip is provided as-a-service by the network. Based on 20 days of RIPE Atlas measurements that represent clients from 3500 autonomous systems and 40% of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against split-viewing CT logs. We also show that aggregation-based gossip can be implemented for a variety of packet processors using P4 and XDP, running at 10 Gbps line-speed.
△ Less
Submitted 18 April, 2019; v1 submitted 22 June, 2018;
originally announced June 2018.
-
Verifiable Light-Weight Monitoring for Certificate Transparency Logs
Authors:
Rasmus Dahlberg,
Tobias Pulls
Abstract:
Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that interest the entity running the monitor. While anyone can run a monitor, it requires continuous operation and copies of the logs to be inspected. This has lead to the…
▽ More
Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that interest the entity running the monitor. While anyone can run a monitor, it requires continuous operation and copies of the logs to be inspected. This has lead to the emergence of monitoring-as-a-service: a trusted party runs the monitor and provides registered subjects with selective certificate notifications, e.g., "notify me of all foo.com certificates". We present a CT/bis extension for verifiable light-weight monitoring that enables subjects to verify the correctness of such notifications, reducing the trust that is placed in these monitors. Our extension supports verifiable monitoring of wild-card domains and piggybacks on CT's existing gossip-audit security model.
△ Less
Submitted 28 October, 2018; v1 submitted 10 November, 2017;
originally announced November 2017.
-
The Effect of DNS on Tor's Anonymity
Authors:
Benjamin Greschbach,
Tobias Pulls,
Laura M. Roberts,
Philipp Winter,
Nick Feamster
Abstract:
Previous attacks that link the sender and receiver of traffic in the Tor network ("correlation attacks") have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by DNS requests and responses. This additional traffic presents more opportunities for correlation attacks. This paper quantifies how DNS traffic…
▽ More
Previous attacks that link the sender and receiver of traffic in the Tor network ("correlation attacks") have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by DNS requests and responses. This additional traffic presents more opportunities for correlation attacks. This paper quantifies how DNS traffic can make Tor users more vulnerable to correlation attacks. We investigate how incorporating DNS traffic can make existing correlation attacks more powerful and how DNS lookups can leak information to third parties about anonymous communication. We (i) develop a method to identify the DNS resolvers of Tor exit relays; (ii) develop a new set of correlation attacks (DefecTor attacks) that incorporate DNS traffic to improve precision; (iii) analyze the Internet-scale effects of these new attacks on Tor users; and (iv) develop improved methods to evaluate correlation attacks. First, we find that there exist adversaries who can mount DefecTor attacks: for example, Google's DNS resolver observes almost 40% of all DNS requests exiting the Tor network. We also find that DNS requests often traverse ASes that the corresponding TCP connections do not transit, enabling additional ASes to gain information about Tor users' traffic. We then show that an adversary who can mount a DefecTor attack can often determine the website that a Tor user is visiting with perfect precision, particularly for less popular websites where the set of DNS names associated with that website may be unique to the site. We also use the Tor Path Simulator (TorPS) in combination with traceroute data from vantage points co-located with Tor exit relays to estimate the power of AS-level adversaries who might mount DefecTor attacks in practice.
△ Less
Submitted 11 October, 2016; v1 submitted 26 September, 2016;
originally announced September 2016.
-
ScrambleSuit: A Polymorph Network Protocol to Circumvent Censorship
Authors:
Philipp Winter,
Tobias Pulls,
Juergen Fuss
Abstract:
Deep packet inspection technology became a cornerstone of Internet censorship by facilitating cheap and effective filtering of what censors consider undesired information. Moreover, filtering is not limited to simple pattern matching but makes use of sophisticated techniques such as active probing and protocol classification to block access to popular circumvention tools such as Tor.
In this pap…
▽ More
Deep packet inspection technology became a cornerstone of Internet censorship by facilitating cheap and effective filtering of what censors consider undesired information. Moreover, filtering is not limited to simple pattern matching but makes use of sophisticated techniques such as active probing and protocol classification to block access to popular circumvention tools such as Tor.
In this paper, we propose ScrambleSuit; a thin protocol layer above TCP whose purpose is to obfuscate the transported application data. By using morphing techniques and a secret exchanged out-of-band, we show that ScrambleSuit can defend against active probing and other fingerprinting techniques such as protocol classification and regular expressions.
We finally demonstrate that our prototype exhibits little overhead and enables effective and lightweight obfuscation for application layer protocols.
△ Less
Submitted 14 May, 2013;
originally announced May 2013.