[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor banned in Pakistan.

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Tor banned in Pakistan.
From: Dave Jevans <djevans@xxxxxxxxxxx>
Date: Fri, 9 Sep 2011 12:45:36 -0700
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 09 Sep 2011 15:52:48 -0400
In-reply-to: <4E6963A2.8010506@xxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4E69325D.6090100@xxxxxxxxx> <4E693AF7.3060204@xxxxxxxxxxxxxxxxxx> <4E6963A2.8010506@xxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
Thread-index: AcxvKUFUNztgKOihShGSE73eT9rgwA==
Thread-topic: [tor-talk] Tor banned in Pakistan.


DARPA has funded a project to develop a stego type communications system as a "next generation TOR". Its called SAFER Warfighter Communications. 


http://www.darpa.mil/Our_Work/I2O/Programs/SAFER_Warfighter_Communications_(SAFER).aspx

On Sep 8, 2011, at 7:00 PM, "Michael Holstein" <michael.holstein@xxxxxxxxxxx> wrote:

> 
>> Very disturbing.   I wonder if its possible to hide encrypted traffic as
>> seemingly unencrypted http traffic in much the same way as a gpg key is
>> rendered as ascii armored, or stenographically inside images.  Although
>> such methods may be inefficient, they may be good enough for some purposes.
>> 
> 
> Of course .. any number of mechanisms exist to do exactly this, although
> (generally speaking) it's not to provide a "live" VPN service. A
> constant HTTP stream of nothing but .jpegs would be pretty suspicious.
> Video-type services might be a better bet (because the traffic would be
> more believable) but if you can't encrypt it, all that's required to
> render the stego useless is to (slightly) re-encode it transparently
> (eg: take your 640x480 MPEG stream and run it through ffmpeg to lower
> the bitrate by 10k or some such).
> 
> One would detect this in the same way you do encrypted botnets .. you
> stop looking for patterns *in* the traffic and start looking at *traffic
> patterns* (ie: "that's odd, why is this machine doing a constant stream
> of ICMP all of a sudden? .. what are these long DNS queries for?, why
> are the HTTPS traffic ratios fairly symmetrical?" .. etc).
> 
>> It would be good to know what technologies these ISPs will implement to
>> do the packet inspection for encrypted tunnels.  Half the problem is you
>> don't really know what they'll be looking for and so you don't know how
>> to circumvent.
>> 
> 
> That's the key distinction here .. rather than try to "ban with
> technology" (ie: "great firewall of china"), they went for "ban with
> policy" .. meaning you'll likely never know if you're "getting away with
> it" until the ISI shows up and drags you off.
> 
> I suppose a clever service would be for Twitter (et.al.) to allow you to
> upload a keypair for stego and a https "twitpic" site that allowed each
> image to be checked for a valid signature and stego'd text, which would
> then be published.
> 
> Regards,
> 
> Michael Holstein
> Cleveland State University
> 
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor banned in Pakistan.
  - From: Matthew
- Re: [tor-talk] Tor banned in Pakistan.
  - From: Anthony G. Basile
- Re: [tor-talk] Tor banned in Pakistan.
  - From: Michael Holstein

Prev by Author: [tor-talk] Tor files
Next by Author: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Previous by thread: Re: [tor-talk] Tor banned in Pakistan.
Next by thread: Re: [tor-talk] Tor banned in Pakistan.
Index(es):
- Author
- Thread