Privacy improving suggestions for ObscureKeystrokeTiming

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi, Whonix OS privacy dev here. I had a discussion concerning the new ObscureKeystrokeTiming feature with a prominent researcher and author of the mouse and keyboard biometrics obfuscation tool called Kloak. While it's exciting to see keystroke obfuscation measures [1] start to become more prevalent mainstream, the current implementation of using a 50Hz fixed packet timing has the potential to create fingerprinting risks for hosts. Reason being, not all computer clocks have the exact same precision. Some may oscillate slightly faster or slower because of the physical discrepancies of clock crystals. A network adversary monitoring connections on the clearnet could potentially link future ones of the same host even if routed through an anonymity network like Tor.

Advanced attacks where attackers run loads on onion services that influence CPU activity and clock skew in predictable ways [2] may be possibly used to deanonymize them.

We would suggest drawing the padding packet intervals from some other distribution instead of firing these off on a fixed timer. Basically, do what kloak does but at the network layer.


[0] https://github.com/vmonaco/kloak
[1] http://undeadly.org/cgi?action=article;sid=20230829051257
[2] https://murdoch.is/talks/ccs06hotornot.pdf
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux