philanc at gmail.com
Tue Mar 9 17:15:45 GMT 2021
On Tue, Mar 9, 2021 at 7:53 AM Stephane Bortzmeyer <stephane at sources.org> wrote:
> This attack is well known and, for HTTP, documented in many
> articles. A general view of the problem and of countermeasures is
> "Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis
> Countermeasures Fail"
I wasn't implying length attacks are new :-) (just gave an example
for people less familiar with the subject).
Thanks for the interesting "Peek-a-Boo" paper link (It also includes
several interesting references). I think it addresses a different
problem (traffic analysis of an encrypted stream - ie. what
information can we extract from an encrypted tunnel traffic).
Length attacks on Gemini traffic are _much_ simpler and more efficient
since (1) the traffic is composed of independent TLS transactions with
one request and one response, and (2) responses are documents which a
publicly available on the Gemini server (except for CGI and client
> 4. The client could obfuscate the traffic with many gratuitous
> requests. See the excellent book "Obfuscation"
This approach depends on what are the attacker's objectives. If they
want to establish that you have accessed a specific sensitive
document, the fact that you also accessed many decoys doesn't matter
much - except if you accessed _all_ files and claim that you are in
fact just indexing the site.
Thanks for the Obfuscation book reference. Will try to have a look.
More information about the Gemini