[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor banned in Pakistan.




DARPA has funded a project to develop a stego type communications system as a "next generation TOR". Its called SAFER Warfighter Communications. 


http://www.darpa.mil/Our_Work/I2O/Programs/SAFER_Warfighter_Communications_(SAFER).aspx

On Sep 8, 2011, at 7:00 PM, "Michael Holstein" <michael.holstein@xxxxxxxxxxx> wrote:

> 
>> Very disturbing.   I wonder if its possible to hide encrypted traffic as
>> seemingly unencrypted http traffic in much the same way as a gpg key is
>> rendered as ascii armored, or stenographically inside images.  Although
>> such methods may be inefficient, they may be good enough for some purposes.
>> 
> 
> Of course .. any number of mechanisms exist to do exactly this, although
> (generally speaking) it's not to provide a "live" VPN service. A
> constant HTTP stream of nothing but .jpegs would be pretty suspicious.
> Video-type services might be a better bet (because the traffic would be
> more believable) but if you can't encrypt it, all that's required to
> render the stego useless is to (slightly) re-encode it transparently
> (eg: take your 640x480 MPEG stream and run it through ffmpeg to lower
> the bitrate by 10k or some such).
> 
> One would detect this in the same way you do encrypted botnets .. you
> stop looking for patterns *in* the traffic and start looking at *traffic
> patterns* (ie: "that's odd, why is this machine doing a constant stream
> of ICMP all of a sudden? .. what are these long DNS queries for?, why
> are the HTTPS traffic ratios fairly symmetrical?" .. etc).
> 
>> It would be good to know what technologies these ISPs will implement to
>> do the packet inspection for encrypted tunnels.  Half the problem is you
>> don't really know what they'll be looking for and so you don't know how
>> to circumvent.
>> 
> 
> That's the key distinction here .. rather than try to "ban with
> technology" (ie: "great firewall of china"), they went for "ban with
> policy" .. meaning you'll likely never know if you're "getting away with
> it" until the ISI shows up and drags you off.
> 
> I suppose a clever service would be for Twitter (et.al.) to allow you to
> upload a keypair for stego and a https "twitpic" site that allowed each
> image to be checked for a valid signature and stego'd text, which would
> then be published.
> 
> Regards,
> 
> Michael Holstein
> Cleveland State University
> 
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk