[Cryptography] "[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections."

Ray Dillinger bear at sonic.net
Fri Dec 13 20:10:07 EST 2019

On Tue, 2019-12-10 at 19:35 -0500, Paul Wouters wrote:
> There are still some cases where it matters though. Imagine you are
> watching a movie. Do you really want the traffic from client to
> server
> to use up as much bandwidth as server to client to hide the fact that
> you are mostly downloading? That would put a tremendous additional
> load
> on the servers that have to receive all this "padding traffic" only
> to
> drop it. Or do you want an idle ssh session to keep generating
> traffic
> as if you are there?

"Constant Traffic" networks can be made resistant to analysis, but in
doing so you will also make them resistant to high bandwidth or low
latency.  Appropriate for correspondence, but not appropriate for
downloading movies.  That's acceptable for me (what's important for me
to encrypt is *SMALL* - usually text files under a half-megabyte) but 
not acceptable for general use.

If you want to make something hard to analyze, give people a proxy
client that hides its data traffic in bittorrent packets.  Bittorrent
is perfect for cover traffic:  always going at a dull roar.  Bittorrent
packets that fail their checksum - which can only be tested after
decryption on the receiving end, so an eavesdropper can't tell - is
dropped on the floor according to the Bittorrent protocol.  It could be
dropped into a proxy server instead, for further decryption with an
additional key, into IP packets. It would require making only the
slightest modifications of bittorrent code.

Then you have something that looks reasonably like ordinary bittorrent
traffic - going on at a dull roar, and nobody except the sender and
receiver know what's in it - and you can be doing legit downloads on
bittorrent at the same time, or hosting the latest software-update
diffs for your favorite linux distro, or whatever - give back to the
community, right?

It would probably still be somewhat slow and somewhat high-latency, but
most likely far better privacy than the current crop of things that
don't embed themselves in some kind of existing cover traffic.


More information about the cryptography mailing list