[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor banned in Pakistan.

> Very disturbing.   I wonder if its possible to hide encrypted traffic as
> seemingly unencrypted http traffic in much the same way as a gpg key is
> rendered as ascii armored, or stenographically inside images.  Although
> such methods may be inefficient, they may be good enough for some purposes.

Of course .. any number of mechanisms exist to do exactly this, although
(generally speaking) it's not to provide a "live" VPN service. A
constant HTTP stream of nothing but .jpegs would be pretty suspicious.
Video-type services might be a better bet (because the traffic would be
more believable) but if you can't encrypt it, all that's required to
render the stego useless is to (slightly) re-encode it transparently
(eg: take your 640x480 MPEG stream and run it through ffmpeg to lower
the bitrate by 10k or some such).

One would detect this in the same way you do encrypted botnets .. you
stop looking for patterns *in* the traffic and start looking at *traffic
patterns* (ie: "that's odd, why is this machine doing a constant stream
of ICMP all of a sudden? .. what are these long DNS queries for?, why
are the HTTPS traffic ratios fairly symmetrical?" .. etc).

> It would be good to know what technologies these ISPs will implement to
> do the packet inspection for encrypted tunnels.  Half the problem is you
> don't really know what they'll be looking for and so you don't know how
> to circumvent.

That's the key distinction here .. rather than try to "ban with
technology" (ie: "great firewall of china"), they went for "ban with
policy" .. meaning you'll likely never know if you're "getting away with
it" until the ISI shows up and drags you off.

I suppose a clever service would be for Twitter (et.al.) to allow you to
upload a keypair for stego and a https "twitpic" site that allowed each
image to be checked for a valid signature and stego'd text, which would
then be published.


Michael Holstein
Cleveland State University

tor-talk mailing list