#30716: Improve the obfs4 obfuscation protocol -------------------------------------------------+------------------------- Reporter: phw | Owner: phw Type: task | Status: | assigned Priority: High | Milestone: Component: Circumvention/Obfs4 | Version: Severity: Normal | Resolution: Keywords: sponsor28, anti-censorship-roadmap- | Actual Points: august | Parent ID: | Points: 20 Reviewer: | Sponsor: | Sponsor28-must -------------------------------------------------+-------------------------
Comment (by phw): We briefly discussed the interaction between Tor's WF defences and obfs4's flow obfuscation in #tor-dev. Here's a summary: * We want a clear separation of responsibilities: Tor's circuit padding defends against WF attacks while obfs4 defends against traffic classification. * We want defence in depth. If an adversary breaks obfs4, she should not be able to fingerprint the encapsulated Tor stream, to learn what website the user is visiting. * That said, the defence in depth should come with as little overhead as possible. Every padding byte (be it from obfs4 or the application) is a byte that is no longer goodput. If performance suffers too much, users will turn to other circumvention tools. Here are some additional research questions: * Both obfs4 and Tor add padding to defend against traffic classifiers and WF attacks, respectively. Can we combine these two systems in a smart way that minimises overhead while retaining our security properties? (Keep in mind that obfs4 is only present between client and bridge while Tor's WF defences may be present between client and middle relay.) * Can obfs4's padding negatively affect Tor's padding and vice versa? * How does the application data that goes into obfs4 affect our resistance to traffic classifiers? In other words: Is obfs4-transporting-tor more resistant to classifiers than obfs4-transporting-vpn? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30716#comment:13> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs