Henrique de Moraes Holschuh wrote... > There are some relevant issues, here. > > 1. It does protect against passive snooping *from non-skilled > attackers*.
Well, yes, no. The tools become better so thinking a few years into
the future sophisticated programs for that purpose might be available to
everyone. Imagine there was a time before wireshark/ethereal, and how
much work pcap analysis was back then.
> 2. It is unknown how much it can protect against passive snooping from
> skilled attackers capable of passive TCP metadata slooping and basic
> traffic analysis *FOR* something like the Debian archive and APT doing
> an update run against the Debian archive
The logical answer is pretty obvious: Not at all. It's a question of
efforts required and my gut feelings tell me it's not very much.
> Do not dismiss (2). TLS is not really designed to be able to fully
> protect object retrieval from a *fully known* *static* object store
> against traffic metadata analysis. And an apt update run would be even
> worse to protect, as the attacker can [after a small time window from
> the mirror pulse] fully profile the more probable object combinations
> that would be retrieved depending on what version of Debian the user
> has.
Things are worse: There's a small set of clients, and their request
behaviour is quite deterministic. Another snooping aid is usage of
pdiff.
In total, I was not surprised if just given the frame metadata
(direction, high-res timestamp, payload size) it was possible to restore
the actual data transmitted with high accurancy. Even a dget/apt-get
source should have a pretty unique pattern; and I feel tempted to create
a proof of concept for all this (I can resist, though). The apt programs
could obfuscate their request behaviour, the TLS layer could add random
padding of data and time, but I doubt this would help much.
Another "wasn't surprised", applicances might already have that. If not,
the vendors could implement this easily.
> Now, hopefully I got all of that wrong and someone will set me straight.
> It would make me sleep better at night...
Sorry Dorothy.
Christoph
signature.asc
Description: Digital signature
