On Tue, Oct 22, 2019 at 10:20:35AM +1100, Zenaan Harkness wrote:
On Mon, Oct 21, 2019 at 06:06:15PM +0000, jim bell wrote:
On Monday, October 21, 2019, 04:00:16 AM PDT, grarpamp <grarpamp@gmail.com> wrote:
To do that, it would be desireable to make that chaff look as much as possible like real traffic.
Ahh, I see the thought. Yes, that thought makes sense on first blush, but the problem is, if our encryption is so poor that chaff packets are distinguishable from wheat, our chaff system is broken.
And yes, as above, chaff is to fill the gaps, not to create flows or streams that are not otherwise needed - the goal is simply to disguise traffic, not to create completely arbitrary fill traffic (and if the encryption is not broken, all traffic should look completely arbitrary - this is a fundamental 'broken' with Tor's non chaff filled TCP flows).
A packet sent through all, or a large number of nodes will have a genuine path.
Yes, "chaff paths" is the concept here, now I understand. I believe that would be counter productive to network utilisation, and as coderman points out, for too little gain.
I can see how chaff paths could possibly make sense in the Tor network.
Also, but more fundamentally, what we are aiming for with chaff fill, at least in a packet switched network, is something better than "chaff paths":
- we want streams to not be distinguishable - this is a known (and fundamental) problem with Tor
- chaff packets seeks a functional improvement on this fundamental problem with Tor
- the reason Tor is so bad, is that entry and exit nodes are dominated by GPAs, and the "default set up of Tor Browser" for an end user is therefore fundamentally broken - this is why I stress the importance of running your own home node (if you're using Tor at all), and more so, running that as an exit node if you want any reasonable plausible deniability
Covfefe net hopes to overcome this fundamental Tor (as it stands) problem.
On second blush, although I might trust an immediate friend (first hop), I might effectively set up a circuit through friend B, to C, where I control the chaff, inserting chaff when I'm not using this "mini circuit" - in this way B does not know that the circuit from A to C is partly chaff, or purely data, or purely chaff. Node C might have something to say about that if I don't utilize this mini route for too long (that would be a waste of B's generous bandwidth provision). We could consider or name this mini route ABC, a chaff route in the sense that A controls the route, inserting chaff as needed.
Assuming the spy bugs one node, he will see traffic come in, and leave for another. Just like an ordinary instance of traffic.
"chaff fill" is a misnomer perhaps leading people's' thoughts astray, we should say something like:
Chaff packets:
1) Are, to an onlooker or snooper, indistinguishable from wheat packets, both in their size, and in their timing of delivery, and in all consequential timing for packets returning, or outgoing, from the node that receives a chaff packet.
2) Are only ever used as padding to fill gaps, so that stream begin, and stream end are not distinguishable (to the snoop), and also so that stream data, and surrounding chaff packets, are also not distinguishable from one another.
(A stream is a packet flow such as a request, and the corresponding response for the content of a web page.)
An alternative would be a system where each node spontaneously generates chaff. Spying on a node would see such spontaneous 'traffic' generations. Maybe it would be clearer that that was chaff?
Yes, this is the Covfefe model - chaff packets, to fill the gaps, so the snoop cannot tell whether any data or streams are being sent, or not, at all.
But I'm just throwing out ideas. I assume that the 'chaff' issue has been professionally detailed in some academic papers.
Possibly - if someone has a link, I'd be happy to read it, but the principle seems to jump out and smack us in the face, but I can imagine that there could be some useful academic analysis of chaff and network theory - if such exists...