Extended Abstract: Traffic Shaping for Network Protocols: A Modular and Developer-Friendly Framework

Authors: Hugo Santos Pereira (Universidade NOVA de Lisboa & NOVA LINCS), Afonso Vilalonga (Universidade NOVA de Lisboa & NOVA LINCS), Kevin Gallagher (Universidade NOVA de Lisboa & NOVA LINCS), Henrique Domingos (Universidade NOVA de Lisboa & NOVA LINCS)

Year: 2025
Issue: 2
Pages: 40–42

Download PDF

Abstract: Censorship-resistant systems and privacy-preserving communication tools are increasingly vulnerable to detection by adversaries using deep packet inspection (DPI) and traffic analysis. While encryption ensures the confidentiality of packet payloads, metadata, such as packet sizes, burst patterns, and timing characteristics, remain exposed and can be exploited to fingerprint and block these tools or deanonymize their endpoints. Both historical evidence of real-world censorship techniques and research-based approaches have demonstrated the vulnerability of these systems to attacks that exploit packet metadata. However, in many of these examples, we observe that typically, the initial seconds of communication between the user and the system’s proxy are sufficient to carry out the attacks. In this work, we present the design of a modular framework for shaping the initial seconds of a user-proxy connection aimed at mitigating the above-described vulnerabilities with minimal performance overhead. Central to our framework are two components: a scheduler, which intercepts and shapes packets exchanged between the user and the system’s proxy, and a shaper policy, which defines how the scheduler shapes the exchanged traffic. We plan to base our shaping policies on two main approaches: (1) predefined or user-configurable schedules and (2) traffic patterns generated by a generative adversarial network (GAN) designed to mimic realistic behavior. By targeting the initial communication phase, where many classifiers extract highly discriminative features, we hypothesize that we can provide robust protection against DPI and traffic analysis attacks that threaten real-world systems designed to evade censorship or provide user privacy.

Copyright in FOCI articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.