[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] GSoC Student Introduction - Blocking-resistant Transport Evaluation Framework

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] GSoC Student Introduction - Blocking-resistant Transport Evaluation Framework
From: Brandon Wiley <brandon@xxxxxxxxx>
Date: Fri, 20 May 2011 11:35:28 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 20 May 2011 12:35:44 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Hello everyone, I wanted to introduce my Google Summer of Code Project, which is a framework for evaluating the effectiveness of blocking-resistant transports such as those provided by the "Pluggable Transports" project.

Using the framework is simple. First you generate some captured traffic, some of which is encoded with blocking-resistant transports, some of which is just normal Tor traffic, and some of which is non-Tor traffic such as HTTP, HTTPS, non-HTTP SSL, Skype, DNS, etc. Then you run detector code against the captured traffic and it tries to classify the streams into those which should be blocked and those which should be allowed to go through. The detector code can use the full range of Deep Packet Inspection techniques such as string matching, packet lengths, and packet timings. You can then look at the results of which streams were classified as blocked and which weren't and you can compare this to which blocking-resistant transports were used. The goal is to find a blocking-resistant transport that gets past more detectors than the rest. This is all automated much like unit testing where you run a single command and it will give you back the results of which transport did best for the scenario. Multiple scenarios will be available to test against different types of attackers.

The purpose of this project is to provide a measurable way to compare transports. It's quite easy to derive new transport encodings and to imagine how they might be very effective against an attacker. However, there is no way to test their real effectiveness without using them in the field, which can sometimes be difficult to set up logistically. There could also be negative effects from using a flawed transport in the field before it's ready. Using this framework, attackers, both real and imaginary, can be modeled and the transports tested against the models. The models can be refined from experience in the field and field testing can be reserved for only the most effective candidates.

There are a lot of details left to work out in terms of what traffic, scenarios, transports, and detectors I will include in the initial release of the framework. The important thing is that it will be extensible so that new and better options can always be included.

I'm just getting started on my project blog, but there will be more up there soon as I start to convert my notes to entries: http://stepthreeprivacy.tumblr.com/

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] passive analysis of encrypted traffic and traffic obfuscation
Next by Author: [tor-talk] Securing a Relay - chroot
Previous by thread: Re: [tor-talk] Content-Security-Policy
Next by thread: [tor-talk] ISP running Tor?
Index(es):
- Author
- Thread