-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Hugo,
This is a difficult problem because the traffic pattern you're trying to conceal is far from uniform. I imagine a typical IM user might have a profile something like this: * A million strangers who she never talks to * A hundred acquaintances who she talks to about once a month * Ten friends who she talks to about once a day To create as many fake acquaintances and friends as real ones, you'd have to double the amount of traffic. But you'd also have to choose the fake contacts in a plausible way. First of all, the relationship has to be symmetric, because fake messages have to be sent in both directions. How can two strangers agree to be fake contacts without revealing to the adversary that they're doing so? Second, the relationship has to resemble the users' other relationships. Every IM user has times at which they're usually active and times at which they're usually idle. Fake contacts must communicate at plausible times. The lengths of fake conversations and the back-and-forth timing of fake messages must be statistically indistinguishable from those of real traffic. Third, the relationship has to fit in with the users' other relationships. Social networks are highly clustered - connections between users with no mutual contacts are unusual. How can users find fake contacts who plausibly could be their real contacts, but aren't? Cheers, Michael On 27/12/13 19:25, Hugo Herter wrote: > Hi all, > > I am a master student in Artificial Intelligence, doing a thesis on > privacy technologies, more precisely on traffic analysis > resistance in the context of instant messaging. > > We am interested in developing a plug-in for IM clients to conceal > the users communication profiles (how often users communicate and > with whom) from the service provider. > > To achieve this, our strategy would be to have the IM client > generate dummy messages and mix them with the real traffic, thus > introducing noise in the communication profile observed by the > service provider. Messages would be encrypted, as a first step to > prevent the service from filtering out the dummy traffic. In a > second step, real messages might also be made less distinguishable > from dummy messages by slightly delaying them, in an attempt to > conceal their timing patterns. > > Moreover, dummy messages could be sent to friends only or to both > friends and random users. The former would conceal the actual > "weights" in the communication profile while revealing the list of > contacts; the latter would potentially allow to conceal the whole > profile itself, both its weights and the list of friends. > > I am aware that this approach is not perfect and generates an > excess in bandwidth, but the extra privacy and the compatibility > with existing IM platforms might justify it. > > I was wondering: > > Would anybody be interested in using such system ? Do you know of a > tool doing something similar already ? Do you have any comments or > ideas? > > Any comments/feedback would be greatly appreciated. > > Best regards, > > Hugo Herter > > > _______________________________________________ OTR-dev mailing > list [email protected] > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSvr7FAAoJEBEET9GfxSfMd20H/16Te2wZaKSGU8MUTGspJoEs wX7O5a0SDARqJzWqQq9Axai8/Pr9z9Yf3/wriXOyskFa35xkjg2ddehk/u5UglI9 0SBhfTemhzeYtUWPIAY0HQj8ddHTnvQ4Rf2VoQI/oty6MOCPFDPLcA+arvb595Ce he3QasmyWdC6kwD9nMJfkjflgssiJheNuX2xmbMgTBe8kxy52GfWV+9khHmd57eE W8C0rv8joLp4oT2YByh7o8sFPwEXVzxotJUhRiTeMi3Iq/xz86DfLmua7tOMFpu1 57xuttALY2CYL3OjxE2LN2oBfKohajQcqwjZJCK8c59w0GH8iZMxxcel/dBOjGI= =0D9d -----END PGP SIGNATURE----- _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
