Packet Size Pluggable Transport and Traffic Morphing
暂无分享,去创建一个
It is well known [1] that Tor traffic can be distinguished from other network protocols by its distinctive packet size. Due to the sized Tor cells, most TCP packets of Tor traffic are 586 bytes in size (See Figure 1). On the other hand, HTTPS, the protocol that Tor tries to simulate,1 has a much more spread out packet size probability distribution (See Figure 2) This means that an adversary can detect Tor traffic by using packets of size 586 as distinguishers [2] [1].
[1] Charles V. Wright,et al. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.
[2] Hannes Federrath,et al. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.
[3] Thomas Engel,et al. Website fingerprinting in onion routing based anonymization networks , 2011, WPES.
[4] Brian Neil Levine,et al. Inferring the source of encrypted HTTP connections , 2006, CCS '06.