Ivan Nardi

Detecting fully encrypted traffic via entropy measurements: when being too random is itself a fingerprint
#DeepPacketInspection #usesec23

"How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic"
https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf

May 9, 2023 at 9:11amWeb
Show threadChristian HuitemaMay 9, 2023
@i_nardi There is an obvious fix to that. Create a post encryption stage that derandomize the output. Something like Huffman encoding, but in reverse. Make it look like English plain text, or Chinese plain text. Of course, it becomes longer...