Maybenot 🤔

Maybenot is a framework for traffic analysis defenses that hide patterns in encrypted communication. Its goal is to increase the uncertainty of network attackers, hence its logo 🤔 - the thinking face emoji (U+1F914).

Consider encrypted communication protocols such as TLS, QUIC, WireGuard, or Tor. While the connections are encrypted, patterns in the encrypted communication may still leak information about the communicated plaintext. Maybenot is a framework for creating defenses that hide such patterns.

To simulate defenses based on Maybenot, see the Maybenot simulator.

Design

An instance of Maybenot repeatedly takes as input one or more events describing the encrypted traffic going over an encrypted channel, and produces as output zero or more scheduled actions, such as to inject padding traffic or block outgoing traffic. One or more state machines determine what actions to take based on events. State machines have a lightweight runtime and are subject to limits on the amount of padding a blocking they can schedule.

Integration with an encrypted communication protocol is done by reporting events and executing scheduled actions. Maybenot does not specify the specific async runtime or how to keep time for sake of ease of integration.

Example usage

use maybenot::{
framework::{Action, Framework, TriggerEvent},
machine::Machine,
};
use std::{str::FromStr, time::Instant};

// deserialize state machine from string
let s = "789cedca2101000000c230e85f1a8387009f9e351d051503ca0003";
let m = vec![Machine::from_str(s).unwrap()];

// create framework instance
let mut f = Framework::new(&m, 0.0, 0.0, 1420, Instant::now()).unwrap();

loop {
    // collect one or more events
    let events = [TriggerEvent::NonPaddingSent { bytes_sent: 1420 }];

    // trigger events, schedule actions, at most one per machine
    for action in f.trigger_events(&events, Instant::now()) {
        match action {
            Action::Cancel { machine: MachineId } => {
                // if any scheduled action for this machine, cancel it
            }
            Action::InjectPadding {
                timeout: Duration,
                size: u16,
                bypass: bool,
                replace: bool,
                machine: MachineId,
            } => {
                // schedule padding of a specific size after timeout
            }
            Action::BlockOutgoing {
                timeout: Duration,
                duration: Duration,
                bypass: bool,
                replace: bool,
                machine: MachineId,
            } => {
                // schedule blocking of outgoing traffic for duration after timeout
            }
        }
    }
}

More details

See the paper and documentation for further details on the framework.

Development of defenses using Maybenot is under active development. For some early results, see https://github.com/ewitwer/maybenot-defenses.

While v1 of the framework and simulator are stable, v2 is slowly shaping up as we expand the capabilities of the framework. The goal is to keep the framework as simple as possible, while still being expressive enough to implement a wide range of defenses.

Contributing

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as MIT or Apache-2.0, without any additional terms or conditions.

Origin

Maybenot is based on the Circuit Padding Framework of Tor by Perry and Kadianakis from 2019, which is a generalization of the WTF-PAD Website Fingerprinting Defense design by Juarez et al. from 2016, which in turn is based on the concept of Adaptive Padding by Shmatikov and Wang from 2006.

Sponsorship

Made possible with support from Mullvad VPN, the Swedish Internet Foundation, and the Knowledge Foundation of Sweden.