This page is Obsolete since not needed. See Advanced_Deanonymization_Attacks for explanation.

Latency-Obfuscator[edit]

Summary[edit]

This package is supposed to implement the mitigation discussed in https://phabricator.whonix.org/T530 ^[archive] using tc netem. Package WIP at https://github.com/HulaHoop0/latency-obfuscator ^[archive]

Packet latency (as observed by an adversary outside Tor) drops significantly when the CPU is stressed as can be observed in ICMP and TCP traffic. This is caused by c-state transitions. Non-solutions: Running a stress process with a high nice-level or disabling c-state because both solutions would heavily impact battery life and CPU temperature.

The chosen solution is to add a random delay per packet to mask the this effect for best results.

Implementation Details[edit]

• Use of /etc/NetworkManager/dispatcher.d hooks to run the tc command whenever any NIC goes up: https://askubuntu.com/questions/1111652/network-manager-script-when-interface-up ^[archive]

• Interface names must be filtered to exclude lo virbr* devices or virtual environments and local daemons will incur a needless penalty.

• No need to react to "down" events because tc remains running in cases where the NIC goes down then up again. It declares "Error: Exclusivity flag on, cannot modify." in that situation when the command is re-run again.

• The limit parameter must be raised ^[archive] from the default of 1000 or else packets get dropped as traffic demand increases. 12500 covers connection speeds of up to 1Gbps.

• sudo tc qdisc indicates all the default queues setup for interfaces on Linux

• Info on various qdisc filter properties: https://wiki.archlinux.org/index.php/advanced_traffic_control ^[archive]

Relevant Commands and Testing[edit]

• Setup a VPN connection in Whonix ™ WS then run ping <foo>.com

• Simulate CPU load with stress ctrl + c to stop:

sudo apt install stress
stress -c 4

You will notice latency markedly dropping and staying there.

• Run this command for mitigation. It will mask the latency patterns induced by the stress command:

sudo tc qdisc add dev eth0 root netem limit 12500 slot 75ms 200ms packets 1

• To test with TCP ping ^[archive]:

sudo apt install hping3
sudo hping3 -S -p 80 www.sunet.se

• For checking ^[archive] queue properties/details ^[archive]:

sudo tc qdisc

sudo tc -s qdisc ls dev eth0

• To detach tc from the interface

sudo tc qdisc delete dev eth0 root