On Tue, Oct 22, 2019 at 10:20:35AM +1100, Zenaan Harkness wrote: > On Mon, Oct 21, 2019 at 06:06:15PM +0000, jim bell wrote: > > On Monday, October 21, 2019, 04:00:16 AM PDT, grarpamp > > <[email protected]> wrote:
> > To do that, it would be desireable to make that > > chaff look as much as possible like real traffic. > > Ahh, I see the thought. Yes, that thought makes sense on first blush, > but the problem is, if our encryption is so poor that chaff packets > are distinguishable from wheat, our chaff system is broken. > > And yes, as above, chaff is to fill the gaps, not to create flows or > streams that are not otherwise needed - the goal is simply to > disguise traffic, not to create completely arbitrary fill traffic > (and if the encryption is not broken, all traffic should look > completely arbitrary - this is a fundamental 'broken' with Tor's non > chaff filled TCP flows). > > > > A packet sent > > through all, or a large number of nodes will have a genuine path. > > Yes, "chaff paths" is the concept here, now I understand. I believe > that would be counter productive to network utilisation, and as > coderman points out, for too little gain. > > I can see how chaff paths could possibly make sense in the Tor > network. > > Also, but more fundamentally, what we are aiming for with chaff fill, > at least in a packet switched network, is something better than "chaff > paths": > > - we want streams to not be distinguishable > - this is a known (and fundamental) problem with Tor > > - chaff packets seeks a functional improvement on this fundamental > problem with Tor > > - the reason Tor is so bad, is that entry and exit nodes are > dominated by GPAs, and the "default set up of Tor Browser" for an > end user is therefore fundamentally broken > - this is why I stress the importance of running your own home > node (if you're using Tor at all), and more so, running that as > an exit node if you want any reasonable plausible deniability > > Covfefe net hopes to overcome this fundamental Tor (as it stands) > problem. On second blush, although I might trust an immediate friend (first hop), I might effectively set up a circuit through friend B, to C, where I control the chaff, inserting chaff when I'm not using this "mini circuit" - in this way B does not know that the circuit from A to C is partly chaff, or purely data, or purely chaff. Node C might have something to say about that if I don't utilize this mini route for too long (that would be a waste of B's generous bandwidth provision). We could consider or name this mini route ABC, a chaff route in the sense that A controls the route, inserting chaff as needed. > > Assuming the spy bugs one node, he will see traffic come in, and > > leave for another. Just like an ordinary instance of traffic. > > "chaff fill" is a misnomer perhaps leading people's' thoughts astray, > we should say something like: > > Chaff packets: > > 1) Are, to an onlooker or snooper, indistinguishable from wheat > packets, both in their size, and in their timing of delivery, and > in all consequential timing for packets returning, or outgoing, > from the node that receives a chaff packet. > > 2) Are only ever used as padding to fill gaps, so that stream begin, > and stream end are not distinguishable (to the snoop), and also > so that stream data, and surrounding chaff packets, are also not > distinguishable from one another. > > (A stream is a packet flow such as a request, and the corresponding > response for the content of a web page.) > > > > An alternative would be a system where each node spontaneously > > generates chaff. Spying on a node would see such spontaneous > > 'traffic' generations. Maybe it would be clearer that that was > > chaff? > > Yes, this is the Covfefe model - chaff packets, to fill the gaps, so > the snoop cannot tell whether any data or streams are being sent, or > not, at all. > > > > But I'm just throwing out ideas. I assume that the 'chaff' issue > > has been professionally detailed in some academic papers. > > Possibly - if someone has a link, I'd be happy to read it, but the > principle seems to jump out and smack us in the face, but I can > imagine that there could be some useful academic analysis of chaff > and network theory - if such exists... >
