Privacy improving suggestions for ObscureKeystrokeTiming
procmem at riseup.net
procmem at riseup.net
Thu Sep 7 04:57:00 AEST 2023
Hi, Whonix OS privacy dev here. I had a discussion concerning the new
ObscureKeystrokeTiming feature with a prominent researcher and author of
the mouse and keyboard biometrics obfuscation tool called Kloak. While
it's exciting to see keystroke obfuscation measures [1] start to become
more prevalent mainstream, the current implementation of using a 50Hz
fixed packet timing has the potential to create fingerprinting risks for
hosts. Reason being, not all computer clocks have the exact same
precision. Some may oscillate slightly faster or slower because of the
physical discrepancies of clock crystals. A network adversary monitoring
connections on the clearnet could potentially link future ones of the
same host even if routed through an anonymity network like Tor.
Advanced attacks where attackers run loads on onion services that
influence CPU activity and clock skew in predictable ways [2] may be
possibly used to deanonymize them.
We would suggest drawing the padding packet intervals from some other
distribution instead of firing these off on a fixed timer. Basically, do
what kloak does but at the network layer.
[0] https://github.com/vmonaco/kloak
[1] http://undeadly.org/cgi?action=article;sid=20230829051257
[2] https://murdoch.is/talks/ccs06hotornot.pdf
More information about the openssh-unix-dev
mailing list