3

Suppose I am wirelessly transmitting network traffic between a computer and a router. As I understand it, even though the traffic is encrypted, it is possible for a third party attacker to intercept the data packets and observe their basic properties. From this they can infer (or at least make an educated guess about), for example, whether the computer is currently in use or not, and what kinds of applications are being used on the network (e.g. a VoIP call's packets would differ in size and frequency from HTTP packets).

I am interested in the (im)possibility of obfuscating network traffic in such a way as to undermine this kind of eavesdropping. So my questions are:

  1. Is it technically feasible and practical to obfuscate packets sent over a network when you control both ends of the transmission? For example, can one pad the packets to a uniform size and frequency (or randomize their size, etc.) without significantly degrading the performance of the network and without being able to modify the applications themselves?
  2. If yes, are there "off the shelf" solutions for implementing such obfuscation in a simple "one router, several desktops" kind of environment?
Ubiquitous
  • 133
  • 6
  • 1
    http://en.wikipedia.org/wiki/Traffic_analysis#Countermeasures including links which are broken now, but searchable. The first cited paper is from 2003 and there's a wealth of information about the topic on the internet. Starting with Tor. – techraf Aug 06 '16 at 11:43
  • Check out this [blog post](http://blog.zorinaq.com/my-experience-with-the-great-firewall-of-china/), which details methods of obfuscating traffic to bypass the firewall in China. – tlng05 Aug 06 '16 at 13:19
  • The best way would be to go with wired connection and not Wifi. And no smartphones / tablets. What you asking is contradicting a lot - you can't mask wifi by sending more packets because it will become congested, and the voip wont work even if there's QoS. Also trying to make both wifi and something of such extreme security is contradicting. – Aria Aug 06 '16 at 14:01

1 Answers1

3

can one pad the packets to a uniform size and frequency (or randomize their size, etc.) without significantly degrading the performance of the network and without being able to modify the applications themselves?

It is possible to add noise both in bytes and in timing and also to make traffic look like a different kind of traffic. It is also possible to make it transparent to applications at the endpoints if you have control of the endpoints itself, i.e. can create a VPN or similar.

But the less noise you add the more the original traffic patterns stand out, even if packed inside some other protocol. And how much and which kind of noise you can add without degrading the performance of the application in a significant way depends on various factors. For example with voice over IP application you cannot add too much delay too the data because otherwise the necessary real time requirements are lost. If you have enough bandwidth you could add lots of junk traffic though to hide the original traffic. With simple downloads instead there are no real time requirements so you are more free to add noise by varying timing, packet sizes etc.

If yes, are there "off the shelf" solutions for implementing such obfuscation in a simple "one router, several desktops" kind of environment?

The are for example the pluggable transports for Tor. These are intended to make Tor traffic look like different kinds of traffic.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424