GoHop's naïve traffic shaping targeting a uniform packet-size distribution (0–MTU) successfully morphed both HTTP and SSH flows: K-S test D values were 0.019 (HTTP) and 0.022 (SSH), both below the 0.025 rejection threshold, with p-values of 0.20 and 0.11 respectively. After shaping, packet-size CDFs and statistical metrics (mean ~782–783 bytes, variance ~163,600) for both protocols became nearly identical, eliminating the size signals that distinguish them.
From 2014-wang-gohop — GoHop: Personal VPN to Defend from Censorship
· §V.A, Table I
· 2014
· International Conference on Advanced Communication Technology
Implications
A CDF-oracle that draws next packet size from a uniform or chosen target distribution is sufficient to defeat packet-size-based classifiers; validate with K-S tests rather than visual inspection alone.
Choose a single target distribution that collapses distinguishing features across all carried protocols, so the obfuscated shape is invariant to what application traffic runs inside the tunnel.