Background

The thesis focuses on advancing traffic obfuscation techniques in wide-area networks (WANs) to mitigate traffic analysis attacks. These attacks exploit metadata such as packet sizes and timings to infer sensitive information, posing significant privacy and security risks.

Project scope

The project builds upon Ditto [1], an existing traffic obfuscation system. Ditto was developped for high-bandwidth links (up to 100 Gbps). To support such high bandwidth, Ditto runs on programmable network switches which impose many constraints regarding the operations that are possible to implement.

The goal of this project is to adapt Ditto for networks which do not require such high bandwidth. In these networks, a software implementation which runs on general-purpose servers can provide enough performance while also providing much more flexibility.

This includes for example working the following tasks:

• Setting up a testbed network for traffic obfuscation (consisting of multiple VMs at the CYD Campus offices and connections between them)
• Analyzing the current architecture of Ditto and developing and developign a new architecture that leverages flexibility from a software-based implementation
• Implementing the new approach in a high-performance language (e.g., Rust)
• Evaluating the new system in the testbed network

Required skills

• Detailed knowledge in networking protocols (in particular Ethernet, IP, TCP, UDP)
• Good coding skills, ideally in Rust or C++
• Experience in configuring networks

Availability

This project is available for a start in February 2025 or later.

[1] ditto: WAN Traffic Obfuscation at Line Rate. Roland Meier, Vincent Lenders, Laurent Vanbever. NDSS Symposium 2022.