Investigate information leakage and using chaff and timing fuzz

mobile-shell / mosh

Mobile Shell

https://mosh.org

GNU General Public License v3.0

12.68k stars 739 forks source link

Investigate information leakage and using chaff and timing fuzz #26

Closed keithw closed 1 year ago

keithw commented 12 years ago

Should we add timing fuzz and bogus packets to foil passive statistical eavesdropping? (We do add chaff to the datagrams we're already sending, but is this enough?)

nelhage commented 12 years ago

Relevant: http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf

keithw commented 12 years ago

Although it would be easy to add timing fuzz on the order of 10 ms, Nelson's link suggests that we would have to add something on the other of >100 ms of jitter to foil a statistical eavedropper that wanted to figure out if we were hitting "same-hand" or "opposite-hand" keypairs while typing.

I don't think the benefits are worth that level of UI latency.

kmcallister commented 12 years ago

Alternatively, we could send a stream of randomly-timed dummy packets whenever the user is typing. This would preserve interactivity but increase network traffic substantially.

There's probably some meaty statistics behind the question of how a certain amount of dummy traffic affects the required sample size for recovering timing.

We could do this on good connections only (automatically or by the user's choice). Then we can worry about active attackers who degrade a link in order to gather statistical timing information...

dcarosone commented 7 years ago

Some of this could be addressed as part of / after #816 and having the transmitter run asynchronously with typing. Disclaimer: I don't know how decoupled they are now, but I get the impression that the frame-rate-limited updates are mostly in the server-client direction.

I'm thinking of mechanisms similar to TCP's delayed acks to aggregate sending keystroke packets if another keystroke comes in moments later, and quantising to fixed intervals (as a variant of jitter). With the chaff already in the protocol, it shouldn't be possible to tell whether a given packet is sending 1 or more keystrokes at a time.

achernya commented 1 year ago

As part of a mosh issues triage, we've concluded that the mosh project has no current plans to work on this issue. To accurately reflect that work on this issue is not planned, we're marking this issue as "closed". We still welcome contributions from community members who want to work on this issue. Please feel free to file pull requests re-opening this issue in the future.