Introducing Defense against AI-guided Traffic Analysis (DAITA)

Deep packet analysis has been a thing for a long time even before the AI hype train, and though this article below is implying your ISP is the threat, the truth is the government is the real threat. From long ago when it was reported by a retired employee that the US government setup equipment in an AT&T facility so they could split off and analyze all the traffic passing through the facility, we also learned there were huge US government facilities capable of storing incredible amounts of data which could be searched through later. And you can bet they’re using the most sophisticated technology to analyze encrypted traffic of which they’re trying to outlaw or force to have backdoors. And other obfuscation methods have been in practice for a long time, as when I ran my Tor bridge server, I enabled this technology (bridges were mostly for people, press and operatives in totalitarian regimes where regular Tor servers were known and blocked).

As Mullvad VPN has come out with an updated Linux application, it does a better job of showing their solution in action. And since not all their servers support DAITA, mulithop is required, placing your traffic through two of there servers. You just have to be careful using this solution on a metered connection as it introduces a lot of additional data. Also, because I have to compile this on my laptop as they only have a repository for Debian based systems, their application is written in Rust which eliminates buffer overflow programming errors and is much more secure, though the GUI appears to be nodejs and electron.

https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita


May 7, 2024

Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.

Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.

When you connect to the internet through a VPN (or the Tor Network) your IP address is masked, and your traffic is encrypted and hidden from your internet service provider. If you also use a privacy-focused web browser, you make it harder for adversaries to monitor your activity through other tracking technologies such as third-party cookies, pixels or browser fingerprints. 

But still, the mass surveillance of today is more sophisticated than ever, and a growing threat against privacy is the analysis of patterns in encrypted communication through advanced traffic analysis.

This is how AI can be used to analyze your traffic – even if it’s encrypted.

When you visit a website, there is an exchange of packets: your device will send network packets to the site you’re visiting and the site will send packets back to you. This is a part of the very backbone of the internet. The fact that packets are being sent, the size of the packets, and how often they are sent will still be visible for your ISP, even if you are using a VPN (or the Tor network). 

Since every website generates a pattern of network packets being sent back and forth based on the composition of its elements (like images and text blocks), it’s possible to use AI to connect traffic patterns to specific websites. This means your ISP or any observer (authority or data broker) having access to your ISP can monitor all the data packets going in and out of your device and make this kind of analysis to attempt to track the sites you visit, but also who you communicate with using correlation attacks (you sending messages with certain patterns at certain times, to another device receiving messages with a certain pattern at same times). 

How we combat traffic analysis: this is how DAITA works.

DAITA has been developed together with Computer Science at Karlstad University and uses three types of cover traffic to resist traffic analysis.

1. Constant Packet Sizes

The size of network packets can be particularly revealing, especially small packets, so DAITA makes all packets sent over the VPN the same constant size. 

2. Random Background Traffic

By unpredictably interspersing dummy packets into the traffic, DAITA masks the routine signals to and from your device. This makes it harder for observers to distinguish between meaningful activity and background noise.

3. Data Pattern Distortion

When visiting websites (or doing any other activity that causes significant traffic), DAITA modifies the traffic pattern by unpredictably sending cover traffic in both directions between client and VPN server. This distorts the recognizable pattern of a website visit, resisting accurate identification of the site.

The future of data brokers selling traffic data is already here

With the sophisticated AI of today, traffic analysis can potentially be used for mass surveillance. The extent to which traffic analysis is used today is difficult to ascertain. But the ambition is there. In 2021, Vice reported that the FBI purchased netflow data from a data broker claiming to cover over 90 percent of the world’s internet traffic

How traffic analysis can be used in the future is hard to overview. That’s why we need to work on a resistance today. This initial version of DAITA is our first response to the evolving challenges of online privacy. DAITA is released as open source and as we gather feedback we will continue to refine and develop, ensuring it remains at the forefront of privacy technology.

“We don’t need to speculate on the extent to which traffic analysis is being used today. We just observe the development of AI and the development of authoritarian societies. There is also no need to speculate on which role traffic analysis will play in future mass surveillance. What we must do is to recognize the threats and opportunities – and work on resistance”, says Jan Jonsson, CEO at Mullvad VPN.

The building blocks of DAITA are open source

DAITA is built using the open-source Maybenot defense framework, which Mullvad helps to fund development of. The work has been academically peer reviewed and published as open access.

“Putting traffic analysis defenses to practice is long overdue. Because the area is changing due to the rapid development of AI, investing time and energy into a framework makes perfect sense”, says Tobias Pulls, researcher at Karlstad University.

To begin with, DAITA 2024.3-beta1 is available in our VPN app on Windows 10 and 11.

To start using DAITA: Download the beta version of Mullvad VPN for Windows. Go to Settings – VPN settings – WireGuard settings – turn on DAITA.