Eavesdroppers can exploit exposed packet headers towards attacks that profile clients and their data flows. In this paper, we propose FOG, a framework for effective full and partial header blinding using MIMO, to thwart eavesdroppers. FOG effectively tracks header bits as they traverse physical (PHY) layer sub-systems that perform functions like scrambling and interleaving. It combines multiple blinding signals for more effective and less predictable obfuscation, as compared to using a fixed blinding signal. We implement FOG on the WARP platform and demonstrate via extensive experiments that it yields better obfuscation than prior schemes that deploy full packet blinding. It causes a bit error rate (BER) of > 40 % at an eavesdropper if two blinding streams are sent during header transmissions. Furthermore, even with full header blinding, FOG incurs a very small throughput hit of $\approx ~5$ % with one blinding stream (and 9 % with two streams). Full packet blinding incurs much higher throughput hits (25 % with one stream and 50 % with two streams).

中文翻译：

---

使用MIMO的数据包头混淆

窃听者可以利用暴露的数据包报头进行攻击，以分析客户端及其数据流。在本文中，我们提出了FOG，这是一种使用MIMO进行有效的部分和部分标题盲区的框架，以阻止窃听者。当报头位经过执行加扰和交织等功能的物理（PHY）层子系统时，FOG有效地对其进行跟踪。与使用固定的盲信号相比，它结合了多个盲信号，以实现更有效和更难以预测的混淆。我们在WARP平台上实现FOG，并通过大量实验证明，与部署完整数据包盲法的现有方案相比，FOG产生了更好的混淆效果。如果在标头传输期间发送了两个盲流，则在窃听者处导致> 40％的误码率（BER）。此外，即使标头完全蒙蔽， $ \约〜5 $ ％包含一个盲流（9％包含两个流）。完全数据包盲处理会导致更高的吞吐量命中率（一个流为25％，两个流为50％）。