Cradicle Explorer
abzu
/ docs / Ghost_Mode_Security_Audit.md
Ghost_Mode_Security_Audit.md
  1  # Ghost Mode Security Audit & Hardening
  2  
  3  **Date**: January 2026  
  4  **Status**: ✅ Complete
  5  
  6  ---
  7  
  8  ## Executive Summary
  9  
 10  External review identified two critical vulnerabilities in Ghost Mode's cover traffic implementation. Both have been remediated. Cover traffic is now cryptographically indistinguishable from real traffic on the wire.
 11  
 12  ---
 13  
 14  ## Vulnerabilities Fixed
 15  
 16  ### 1. Serialization Overhead Leak
 17  
 18  **Issue**: Cover frames were sized *before* serialization. Postcard encoding adds overhead (variant tag + varint length prefix), causing cover packets to be 2-3 bytes larger than observed real traffic.
 19  
 20  **Attack**: DPI could filter packets by size, detecting cover traffic via consistent header offsets.
 21  
 22  **Fix** ([wire.rs](file:///Users/adrian/studio/abzu/abzu-transport/src/wire.rs#L144-L163)):
 23  
 24  ```rust
 25  pub fn cover(target_wire_size: usize) -> Self {
 26      // Postcard overhead: 1 byte variant + varint length
 27      let length_prefix_size = if target_wire_size < 128 { 1 } else { 2 };
 28      let overhead = 1 + length_prefix_size;
 29      
 30      let noise_len = target_wire_size.saturating_sub(overhead);
 31      // ... generate noise of noise_len bytes
 32  }
 33  ```
 34  
 35  **Result**: Encoded wire size now equals target exactly.
 36  
 37  ---
 38  
 39  ### 2. Echo Attack via Unique Sizes
 40  
 41  **Issue**: `PatternObserver` recorded exact packet sizes. An adversary could inject a unique-sized packet (e.g., 13337 bytes) and watch for cover traffic echoing that size.
 42  
 43  **Attack**: Send probe → wait → correlate cover traffic with matching size → deanonymize sender.
 44  
 45  **Fix** ([cover.rs](file:///Users/adrian/studio/abzu/abzu-transport/src/cover.rs#L121-L140)):
 46  
 47  ```rust
 48  pub fn record_size(&mut self, size: usize) {
 49      // Fuzz to nearest 16-byte bucket
 50      let fuzzed_size = (size + 8) / 16 * 16;
 51      self.size_samples.push(fuzzed_size);
 52  }
 53  ```
 54  
 55  **Result**: Unique sizes collapse into common buckets. Probe sizes become indistinguishable from legitimate traffic.
 56  
 57  ---
 58  
 59  ## Test Verification
 60  
 61  ```
 62  test wire::tests::test_cover_roundtrip ... ok     # Wire size == target
 63  test cover::tests::test_histogram_sampling ... ok # Sizes fuzzed to buckets
 64  test result: ok. 17 passed; 0 failed
 65  ```
 66  
 67  ---
 68  
 69  ## Design Principle: Post-Decrypt Discrimination
 70  
 71  Cover traffic remains **indistinguishable on the wire**. Only after decryption can a node identify and discard `AbzuFrame::Cover`. This follows Kerckhoffs' Principle—security depends on keys, not obscurity of the protocol.
 72  
 73  ```
 74  Wire (encrypted)     → All frames same format
 75  Decrypt              → Identify Cover variant
 76  Switchboard          → Silently discard, log at TRACE
 77  ```
 78  
 79  ---
 80  
 81  ## Files Modified
 82  
 83  | File | Change |
 84  | ---- | ------ |
 85  | `abzu-transport/src/wire.rs` | Overhead compensation in `cover()` |
 86  | `abzu-transport/src/cover.rs` | 16-byte bucket fuzzing in `record_size()` |
 87  
 88  ---
 89  
 90  ## Remaining Considerations
 91  
 92  - **Bucket size tuning**: 16 bytes is a reasonable default. Consider adaptive sizing based on observed traffic entropy.
 93  - **Timing analysis**: Poisson timing is implemented but could be enhanced with traffic-adaptive jitter.
 94  - **Metrics isolation**: Cover traffic is excluded from node metrics to prevent debugging data leakage.
 95  
 96  ---
 97  
 98  ## P1 Fingerprint Mitigations (January 2026)
 99  
100  Following the initial P0 hardening, additional P1 fingerprint mitigations were implemented:
101  
102  ### 3. Sticky TLS Profiles
103  
104  **Issue**: Random TLS profile selection per-connection creates a "schizophrenic user" fingerprint.
105  
106  **Fix** ([tls_profiles.rs](file:///Users/adrian/studio/abzu/abzu-transport/src/transports/tls_profiles.rs)):
107  
108  ```rust
109  pub fn select_sticky_profile(node_identity: &[u8; 32]) -> TlsProfile {
110      let hash = sha256(node_identity);
111      BROWSER_PROFILES[hash[0] as usize % BROWSER_PROFILES.len()].clone()
112  }
113  ```
114  
115  **Result**: Node uses consistent TLS fingerprint across all connections.
116  
117  ---
118  
119  ### 4. Cold-Start Histogram Seeding
120  
121  **Issue**: New nodes emit statistically flat traffic (uniform distribution) until trained.
122  
123  **Fix** ([histogram_presets.rs](file:///Users/adrian/studio/abzu/abzu-chameleon/src/histogram_presets.rs)):
124  
125  ```rust
126  // 5 presets derived from real traffic analysis
127  pub static HISTOGRAM_PRESETS: [HistogramPreset; 5] = [...];
128  
129  // from_identity() selects preset deterministically from node identity
130  pub fn from_identity(identity: &[u8; 32]) -> Self {
131      let preset = &HISTOGRAM_PRESETS[identity[0] as usize % 5];
132      Self::from_preset(preset)
133  }
134  ```
135  
136  **Result**: New nodes immediately have realistic traffic patterns.
137  
138  ---
139  
140  ### 5. Edge GRU-Matched Distribution
141  
142  **Issue**: Mobile/Edge devices without ML still need GRU-equivalent traffic patterns.
143  
144  **Fix** ([edge_generator.rs](file:///Users/adrian/studio/abzu/abzu-chameleon/src/edge_generator.rs)):
145  
146  ```rust
147  pub struct EdgeGenerator {
148      delay_histogram: [u16; 20],  // Pre-computed from trained GRU
149      size_histogram: [u16; 20],   // Static, embedded at compile time
150  }
151  ```
152  
153  **Result**: Edge nodes indistinguishable from Desktop GRU nodes.
154  
155  ---
156  
157  ### 6. 3σ Poisoning Resistance
158  
159  **Issue**: Adversary could inject abnormal sizes to watermark traffic patterns.
160  
161  **Fix** ([cover.rs](file:///Users/adrian/studio/abzu/abzu-transport/src/cover.rs)):
162  
163  ```rust
164  pub fn record_size(&mut self, size: usize) {
165      // After 50-sample training phase, reject 3σ outliers
166      if self.stats_count >= 50 && stddev > 0.0 {
167          let z_score = (fuzzed - mean).abs() / stddev;
168          if z_score > 3.0 { return; } // Reject poisoning attempt
169      }
170      // ... Welford's algorithm for running statistics
171  }
172  ```
173  
174  **Result**: Adversarial watermarks rejected with statistical confidence.
175  
176  ---
177  
178  ## Files Modified (P1)
179  
180  | File | Change |
181  | ---- | ------ |
182  | `abzu-transport/src/transports/tls_profiles.rs` | Sticky profile selection |
183  | `abzu-chameleon/src/histogram_presets.rs` | 5 traffic presets |
184  | `abzu-chameleon/src/histogram_gen.rs` | `from_preset()`, `from_identity()` |
185  | `abzu-chameleon/src/edge_generator.rs` | Static GRU-derived histograms |
186  | `abzu-transport/src/cover.rs` | 3σ outlier rejection |