Why do we want WTF Pad? Helps against circuit fingerprinting attacks, passive de-anonymization of Tor hidden services. This is a threat by ISPs who can observe relays which are running. Also helps obscure hidden service/client circuits.

WTF pad operates at the client and at the middle node. The state machines on each operate separately.

Why wouldn't you have padding traffic generated at both the guard and the middle? There would be a cost in more bandwidth. We don't want padding at the exit as they are already under significant load. Furthermore, having padding at both the guard and the exit could open a correlation channel on the circuit.

Currently, there isn't a plan to make traffic to look like other types of non-web traffic, such as video streaming.

Web traffic patterns versus non-web traffic patterns.

Client tells the middle node what state machine to run. This leaks to the middle node that it is the middle node in the circuit.

  • Generated state header in the padding.
  • Events are signaled back to the state machine.
  • State machine parsing- attack vectors such as amplification attacks from client to the middle.

Research requirements:

  • Dataset of canonical Tor traffic (training set)
  • Best classifier for benchmark to see if the defense is good.
  • Sweet spot of 50-60% traffic on the relay for WTF-Pad.
  • One thing that is required is to show that adding WTF pad fixes the deterministic attack that was published in identifying the hidden service via the circuit identifier. In the future, it would be good to show how it holds against the statistical classifier attack.

Open questions:

  • How to tune the histograms based on different use cases?
  • How to define the histogram?
  • Ho to monitor network performance when padding has been added?
    • Relays report padding and non-padding cells that have been added/sent by the relay- this will be useful for monitoring the amount of padding sent on the network.
  • Netflow padding testing- when and how should this be tested?
  • What are the bandwidth/CPU impact that this will have on resource-constrained environments, such as mobile?
  • How does congestion impact what triggers padding? Designed to fill in delays as opposed to adding delays, latency in the network could impact this. This could be done at the global level- define total amount of padding that is applied to all circuits.
  • Does this open an attack vector to exhaust?
Last modified 21 months ago Last modified on Jan 30, 2019, 11:38:21 AM