Maybenot: A Framework for Traffic Analysis Defenses
Tobias Pulls, Ethan Witwer
TL;DR
This paper implements and thoroughly evaluate the state-of-the-art website fingerprinting defenses FRONT and RegulaTor as Maybenot machines and identifies challenges associated with state machine-based frameworks as well as possible enhancements that will further improveMaybenot's support for effective defenses moving forward.
Abstract
End-to-end encryption is a powerful tool for protecting the privacy of Internet users. Together with the increasing use of technologies such as Tor, VPNs, and encrypted messaging, it is becoming increasingly difficult for network adversaries to monitor and censor Internet traffic. One remaining avenue for adversaries is traffic analysis: the analysis of patterns in encrypted traffic to infer information about the users and their activities. Recent improvements using deep learning have made traffic analysis attacks more effective than ever before. We present Maybenot, a framework for traffic analysis defenses. Maybenot is designed to be easy to use and integrate into existing end-to-end encrypted protocols. It is implemented in the Rust programming language as a crate (library), together with a simulator to further the development of defenses. Defenses in Maybenot are expressed as probabilistic state machines that schedule actions to inject padding or block outgoing traffic. Maybenot is an evolution from the Tor Circuit Padding Framework by Perry and Kadianakis, designed to support a wide range of protocols and use cases.