Opened 9 years ago

Last modified 23 months ago

#2860 assigned task

Research TCP connection patterns produced by web browsing

Reported by: rransom Owned by: blanu
Priority: Low Milestone:
Component: Circumvention/Pluggable transport Version:
Severity: Normal Keywords: research
Cc: arma, karsten, linus@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We suspect that Tor connections (and other TCP-based encrypted tunnel connections) can easily be distinguished from connections produced by a web browser by an attacker who has only logs of TCP SYN, FIN, and RST packets and the times at which they were sent. We should research this further.

The first step is to collect example recordings of the SYN, FIN, and RST packets produced by:

  • a normal Tor client,
  • a Tor client configured to use one bridge,
  • a Tor client configured to use ten bridges,
  • Firefox loading a simple (one HTML page without CSS or JS) web page over HTTPS,
  • Chromium loading the same simple web page,
  • Firefox viewing a JS-intensive web page (over HTTPS if possible), and
  • Chromium viewing the same JS-intensive web page.

A simple visualization tool for the recordings will also be needed.

Child Tickets

Change History (5)

comment:1 in reply to:  description Changed 9 years ago by karsten

Replying to rransom:

A simple visualization tool for the recordings will also be needed.

I might be able to help you with this. Once you have some sample data and an idea how to visualize them, I can write some R/ggplot2 code.

comment:2 Changed 8 years ago by rransom

Owner: changed from asn to blanu
Status: newassigned

comment:3 Changed 8 years ago by ln5

Cc: linus@… added

comment:4 Changed 6 years ago by asn

Keywords: research added
Priority: majorminor

comment:5 Changed 23 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.