2011-wiley-dust
findings extracted from this paper
-
Encrypted protocols such as SSL/TLS remain fully fingerprint-able through their unencrypted handshakes: DPI can apply static string matching, packet-length comparison, and timing profiling to the cleartext cipher-negotiation and key-exchange phase to identify and block the protocol even though the payload is encrypted.
-
Dust defeats DPI fingerprinting by constructing all packets from entirely encrypted or single-use random bytes (defeating static string matching), appending a random number of random padding bytes to every packet (defeating length matching), and permitting a complete client–server conversation to be encoded in a single UDP or TCP packet (defeating timing analysis for sufficiently small payloads).
-
Dust eliminates the in-band key-exchange fingerprint surface via an out-of-band half-handshake: the server's public key, IP, port, and a single-use secret are bundled into a PBKDF-encrypted invite packet transmitted out-of-band; only the decryption password (not the server IP) appears in plaintext, defeating the email/IM IP-address blocking attacks documented against prior systems.
-
BitTorrent's Message Stream Encryption (MSE), despite omitting static strings from the handshake, can be identified with 96% accuracy using packet-size analysis and direction-of-packet-flow; MSE also uses a cleartext Diffie-Hellman key exchange, leaving an additional fingerprint surface.
-
The obfuscated-openssh handshake encrypts SSH with a key derived from an iterated-hash PBKDF whose slowness was intended to prevent real-time censor analysis; Wiley argues this defense fails because modern censors use statistical packet sampling with offline processing, and the slow key generation itself introduces a timing side-channel detectable from the inter-packet delay between the first and second packets.