Citation Context

...ed on the contents of measurement tasks (e.g., via deep packet inspection) should be difficult, because we can easily disguise tasks’ code using JavaScript obfuscation or detection evasion techniques =-=[13, 25]-=-. Identifying task behavior is equally difficult because it appears merely as requests to load a cross-origin object—something many Web sites do under normal operation. If a single client performs a s...

Citation Context

...g” communication channel. The problem setting differs from ours, however, and the encoding of hidden messages inside an allowed encrypted channel (as valid ciphertexts) is not considered. Dyer et al. =-=[16]-=- introduce a related technique called format transforming encryption (FTE), which disguises encrypted application-layer traffic to look like an innocent, allowed protocol from the perspective of deep ...

Citation Context

...fiedTor mode, but may not completely prevent it [5, 38]. To address this, Tor pluggable transports use traffic morphing [28], replaying old traffic traces [35, 51], and format-transforming encryption =-=[11]-=-. A CloudTransport client, too, can deploy these countermeasures, which can be hosted on users’ machines [31, 32] or network proxies [31, 41], at the cost of additional bandwidth overhead. 5 Performan...

Citation Context

...exts abide by specific formatting requirements. A small industry has emerged around the need for in-place encryption of credit-card numbers, and other personal and financial data. In the case of credit-card numbers, this means taking in a string of 16 decimal digits as plaintext and returning a string of 16 decimal digits as ciphertext. This is an example of format-preserving encryption (FPE). NIST is now considering proposals for standardized FPE schemes, such as the FFX mode-of-operation [7], which is already used in some commercial settings [3]. On a totally different front, a recent paper [11] builds a format-transforming encryption scheme. It takes in plaintext bit strings (formatted or not) and returns ciphertexts formatted to be indistinguishable, from the point of view of several stateof-the-art network monitoring tools, from real HTTP, SMTP, SMB or other network protocol messages. This FTE scheme is now part of the Tor Project’s Browser Bundle, and is being integrated into other anti-censorship systems. It seems clear that FPE and FTE have great potential for other applications, too. Unfortunately, developers will find a daunting collection of design choices and engineering ch...

Citation Context

... raw voice stream with a different lower-bitrate codec (the covert codec). This effectively reduces the length of packets to transmit. The space freed is filled with low-bandwidth covert traffic. FTE =-=[18]-=- extends conventional symmetric encryption with the ability to specify the format of the ciphertext with a regex. This effectively transforms a blocked source application-layer protocol into an unbloc...

Citation Context

...g” communication channel. The problem setting differs from ours, however, and the encoding of hidden messages inside an allowed encrypted channel (as valid ciphertexts) is not considered. Dyer et al. =-=[16]-=- introduce a related technique called format transforming encryption (FTE), which disguises encrypted application-layer traffic to look like an innocent, allowed protocol from the perspective of deep ...

Citation Context

...itation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Permissions@acm.org. CCS’15, October 12–16, 2015, Denver, Colorado, USA. c© 2015 ACM. ISBN 978-1-4503-3832-5/15/10 ...$15.00. DOI: http://dx.doi.org/10.1145/2810103.2813715. randomize all bytes sent on the wire [39, 40, 48, 52], attempting to look like (or mimic) an unblocked protocol such as HTTP [12, 26, 45,46], or tunneling traffic over an implementation of an unblocked protocol [42]. Examples of network obfuscators from each of these three classes are now deployed as Tor pluggable transports [3] and with other anti-censorship tools [44, 48]. Currently, the available evidence indicates that existing DPI systems are easily subverted by these tools [12], and that nation-state censors are not currently blocking their use via DPI [43]. Thus these systems provide significant value against today’s censors. Can censors easily adapt and deploy new DPI algorithms that accurately detect these protocol obfusc...

Citation Context

...ion 5 and a summary of all appended papers is provided in Section 6. Finally, this thesis is concluded in Section 7. 2 Related Work It is convenient to divide related work into censorship analysis and circumvention. A large variety of censorship-resistant schemes were proposed over the past year. We only discuss low-latency circumvention schemes. Several schemes were proposed to disguise network traffic, e.g., as VoIP [4, 5], email [6, 7], or HTTP [8]. Other systems rely on ordinary web users as proxies [9] or can disguise packet payload as dictated by a well-chosen set of regular expressions [10]. While it is not hard to design systems which can evade a censor’s filter at one point in time, it is difficult for systems to be a major obstacle to censors. Accordingly, recent research demonstrated that most traffic 5 obfuscation systems fail in various ways. For example, one class of circumvention systems mimics widespread innocuous protocols such as VoIP. This approach was shown to be problematic as it is very difficult to perfectly mimic a given target protocol [11]. Furthermore, a censor is sometimes able to prevent protocol tunneling by breaking the tunneled protocol while leaving the...

Citation Context

...bscure the traffic signature of the underlying stream by modifying packet lengths and timing. The other strategy against DPI is the steganographic one: look like something the censor allows. fteproxy =-=[17]-=- uses format-transforming encryption to encode data into strings that match a given regular expression, for example a regular-expression approximation of HTTP. StegoTorus [63] transforms traffic to lo...

Citation Context

...table [Winter and Lindskog 2012]. Various pluggable transports have been deployed to solve this problem by transforming Tor flows to mimic other protocols [Moghaddam et al. 2012; Fifield et al. 2012; =-=Dyer et al. 2013-=-]. However, even with pluggable transports, it is still possible to differentiate between real application traffic and a Tor-based imitation [Houmansadr et al. 2013]. There is currently no evidence th...