Opened 7 months ago

Last modified 4 months ago

#30986 assigned project

Understand the "long tail" of unclassifiable network traffic

Reported by: phw Owned by: phw
Priority: Medium Milestone:
Component: Circumvention Version:
Severity: Normal Keywords: anti-censorship-roadmap-october
Cc: cohosh, dcf, gaba, arma, phw Actual Points:
Parent ID: #30716 Points: 5
Reviewer: Sponsor: Sponsor28-must

Description (last modified by phw)

The obfs family of obfuscation protocols strives to "look like nothing" and falls into the long tail of network traffic that is meant to be unclassifiable. That is, if an ISP is monitoring its uplink, it shouldn't be able to figure out that one of its users is talking obfs4 to a Tor bridge. Instead, the obfs4 connection should show up as "unknown" in the log files.

We know next to nothing about this long tail that the obfs family hides in. What fraction of flows does it constitute? What fraction of bytes? What kind of protocols and implementations are difficult to classify? How does the long tail differ across uplinks?

Over at #30716 we're brainstorming features for obfs4's successor but before moving forward with obfs5, we should get a better understanding of this long tail because it allows us to make informed design decisions. Packet traces from the WIDE backbone is one of the data sets that may be helpful here.

Let's use this ticket to track progress and collect insights.

Child Tickets

Change History (5)

comment:1 Changed 7 months ago by phw

Description: modified (diff)
Parent ID: #29285#30716

comment:2 Changed 7 months ago by gaba

Keywords: anti-censorship-roadmap added

comment:3 Changed 6 months ago by msherr

The WIDE packets that are available publicly online don't have any payloads.

I've asked the WIDE maintainers for data w/ payloads, but the snaplen for these is 96, which may or may not be sufficient.

comment:4 Changed 6 months ago by gaba

Keywords: anti-censorship-roadmap-august added; anti-censorship-roadmap removed

comment:5 Changed 4 months ago by gaba

Keywords: anti-censorship-roadmap-october added; anti-censorship-roadmap-august removed
Note: See TracTickets for help on using tickets.