[OTR-dev] Project to Conceal communication profiles from the service provider
Michael Rogers
michael at briarproject.org
Sat Dec 28 07:06:29 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Hugo,
This is a difficult problem because the traffic pattern you're trying
to conceal is far from uniform. I imagine a typical IM user might have
a profile something like this:
* A million strangers who she never talks to
* A hundred acquaintances who she talks to about once a month
* Ten friends who she talks to about once a day
To create as many fake acquaintances and friends as real ones, you'd
have to double the amount of traffic. But you'd also have to choose
the fake contacts in a plausible way. First of all, the relationship
has to be symmetric, because fake messages have to be sent in both
directions. How can two strangers agree to be fake contacts without
revealing to the adversary that they're doing so?
Second, the relationship has to resemble the users' other
relationships. Every IM user has times at which they're usually active
and times at which they're usually idle. Fake contacts must
communicate at plausible times. The lengths of fake conversations and
the back-and-forth timing of fake messages must be statistically
indistinguishable from those of real traffic.
Third, the relationship has to fit in with the users' other
relationships. Social networks are highly clustered - connections
between users with no mutual contacts are unusual. How can users find
fake contacts who plausibly could be their real contacts, but aren't?
Cheers,
Michael
On 27/12/13 19:25, Hugo Herter wrote:
> Hi all,
>
> I am a master student in Artificial Intelligence, doing a thesis on
> privacy technologies, more precisely on traffic analysis
> resistance in the context of instant messaging.
>
> We am interested in developing a plug-in for IM clients to conceal
> the users communication profiles (how often users communicate and
> with whom) from the service provider.
>
> To achieve this, our strategy would be to have the IM client
> generate dummy messages and mix them with the real traffic, thus
> introducing noise in the communication profile observed by the
> service provider. Messages would be encrypted, as a first step to
> prevent the service from filtering out the dummy traffic. In a
> second step, real messages might also be made less distinguishable
> from dummy messages by slightly delaying them, in an attempt to
> conceal their timing patterns.
>
> Moreover, dummy messages could be sent to friends only or to both
> friends and random users. The former would conceal the actual
> "weights" in the communication profile while revealing the list of
> contacts; the latter would potentially allow to conceal the whole
> profile itself, both its weights and the list of friends.
>
> I am aware that this approach is not perfect and generates an
> excess in bandwidth, but the extra privacy and the compatibility
> with existing IM platforms might justify it.
>
> I was wondering:
>
> Would anybody be interested in using such system ? Do you know of a
> tool doing something similar already ? Do you have any comments or
> ideas?
>
> Any comments/feedback would be greatly appreciated.
>
> Best regards,
>
> Hugo Herter
>
>
> _______________________________________________ OTR-dev mailing
> list OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJSvr7FAAoJEBEET9GfxSfMd20H/16Te2wZaKSGU8MUTGspJoEs
wX7O5a0SDARqJzWqQq9Axai8/Pr9z9Yf3/wriXOyskFa35xkjg2ddehk/u5UglI9
0SBhfTemhzeYtUWPIAY0HQj8ddHTnvQ4Rf2VoQI/oty6MOCPFDPLcA+arvb595Ce
he3QasmyWdC6kwD9nMJfkjflgssiJheNuX2xmbMgTBe8kxy52GfWV+9khHmd57eE
W8C0rv8joLp4oT2YByh7o8sFPwEXVzxotJUhRiTeMi3Iq/xz86DfLmua7tOMFpu1
57xuttALY2CYL3OjxE2LN2oBfKohajQcqwjZJCK8c59w0GH8iZMxxcel/dBOjGI=
=0D9d
-----END PGP SIGNATURE-----
More information about the OTR-dev
mailing list