[Freedombox-discuss] Keeping the noise level up to avoid traffic analysis?

Bob Mottram bob at robotics.uk.to
Mon Aug 19 18:43:02 UTC 2013 

On 19.08.2013 19:00, Petter Reinholdtsen wrote:
> A friend and college of mine mentioned something that might be a good
> idea to set up with freedombox.  The idea is to make sure it is not
> possible to discover who is talking to who, or which web page the
> owner is visiting by filling the line with noise.  In other word, make
> traffic analysis very hard.
> 
> The idea is to send noise all the time, either by sending messages
> between freedomboxes, or by visiting "random" web pages all the time,
> and trottle down the amount of noise traffic when the user behind the
> box wish to visit web pages or send messages, by the same amount as
> the real traffic, to make sure the amount of traffic coming from a
> given freedombox is the same all the time.
> 
> The "random" web page can for example be drawn from a shared web page
> history, ie the pool of web pages visited by all freedombox users, or
> some other way to ensure the URLs are real.
> 
> The random cross traffic can for example be incorrectly encrypted
> traffic that can be easily rejected by the reciever with the correct
> private key, but which will be hard or impossible for those without
> the private key to differenciate from real packages.  It would be a
> variation of the Chaffing and winnowing technique.
> 
> Anyone got an idea how hard this would be to implement?


It's a reasonable enough idea and worth a try so long as the amount of 
decoy traffic isn't too high.  However, the threat model for this case 
is sophisticated data mining on the traffic graph, and over a time 
series such techniques may be able to filter out predictable user 
patterns from background noise.

One way to try to counter that might be to build decoy personas whose 
fictitious web browsing activity has the same degree of statistical 
predictability/variance as the real user.  It would be tricky to 
implement, but perhaps not impossible.


-- 
Bob Mottram
http://robotics.uk.to
GPG ID: 0xEA982E38
Fingerprint: D538 1159 CD7A 2F80 2F06  ABA0 0452 CC7C EA98 2E38

More information about the Freedombox-discuss mailing list