they're so *cute* when they're naive
Apr. 6th, 2012 11:42 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
twoelevenTor traffic disguised as Skype video calls to fool repressive governments, which is what it says on the label.
i imagine it will be pretty useful at annoying the less-sophisticated censors for a while, but since the explicit target of the underlying paper (PDF) is the great firewall of china, i think it will fail at its design goal. the fundamental problems with the tool are the naive assumptions made about state censors in general, and china in specific.
let's take those bolded points in order:
The censoring authority is also unwilling to completely block popular services, such as VoIP protocols. ...
probably true, but so what? the cute hack the authors have come up with is traffic shaping so that tor connections look like skype video calls. the resultant traffic doesn't look anything like audio-only skype traffic. so, without half-way trying, the chinese could just drop all skype video calls at their international border routers and call it done. since skype audio still works, many people will be happy enough. people who complain will get 15-20 years of re-education in joycamp.
oh, ok, assume that's too strict for the chicoms for some reason. i'll admit i know next to nothing about skype, and from what i can tell from the paper, few people do; it's a proprietary protocol. but IIUC, it's possible to distinguish who's calling whom: a calls b is distinct from b calls a. so, the chinese can block all outbound skype video calls -- which screws up the tor tunnelling -- but accept incoming ones. that'll irritate chinese subjects, but since there's an obvious work-around, why stick your neck out to protest? (see above about joycamp.)
(there are obvious escalations from there: a signaling protocol to have the tor network call a user, but that just shifts the battle, it doesn't win it. and in any case, if the chinese don't want skype video to cross their border routers, it doesn't happen.
also: anybody understand what happens to the tor tunnel if the great firewall deliberately drops a random piles of the skype UDP packets? i don't think the paper says. if it's a strict TCP tunnel, the protocol needs to do a lot of retransmission, so bandwidth and latency go to hell, and i'd think the resultant traffic flow (and content?¹) would no longer look much like (lossy) skype video.)
we assume encrypted communications are not blocked unless the censor has evidence that the user is trying to evade the censorship.
:) now why would we assume that? the operation of the great firewall seems to indicate otherwise: they jam anything they don't like. there's no evidence that the great firewall presently blocks all HTTPS -- probably because it's very useful to chinese industry -- but i can't see why the chinese wouldn't block a random encrypted protocol simply because it's not something they can read. if i was part of chinese minitrue, and i got hold of the paper, i'd take a good hard look at what the skype tunnelling does for people we don't like vs what blocking all/some skype video does for us.
we assume that the censor does not have access to information about particular bridges, including their IP addresses and Skype IDs; otherwise it can readily block the bridge based on this information. ... SkypeMorph users, however, can obtain this information from out-of-band channels, including email, word-of-mouth, or social networking websites.
this one is just charming in its innocence. if random chinese people can find out these things, why can't chinese internal spies? to paraphrase a new yorker cartoon, on the internet, nobody can tell if you're chinese spy posing as a democracy activist. in fact, i'd assume they have agents whose sole job is to spoof the forces of good, in order to find out who makes contact with them and how. i'm also tickled by the charming implied assumption that email and social nyetworking sites are out of band for the people who control the net in china.
bridges outside the jurisdiction of the censor where it has no control over the network nodes.
this isn't as naive as the others, but why assume that any part of tor is outside the control of the forces of censorship (FoCs)? frankly, if i was any major spy agency, i'd probably own at least a handful of tor relays -- all properly located in "safe" places (sweden, holland, amazon's cloud) -- just to see what passes through them. (we know it's traffic somebody doesn't want somebody else to see, so why not?) no, i won't be able to interpret most of the traffic passing through my relays, but if i'm doing serious traffic analysis, and the client or server is in my country, i'll learn about that, and other nodes that are part of the tor network as well (the next hop in both directions).
i'm toolazy busy to read up on tor's internals, but i'll hazard the guess that the more tor nodes the FoCs control, the greater the chance they'll be be able to compromise a given tor session (link the client to the server as though tor didn't exist), even if the rest of network infrastructure is out of their control. if i'm right about that, why not control a whole bunch of bent tor nodes? it seems like it would be relatively cheap for any major government, and if said government is one of the FoC's, it's not a bad way to locate thoughtcriminals for re-education. (and if word gets around that people using tor mysteriously end up in joycamp, they'll stop.)
i think the authors should stop assuming the other side is "nice", and assume the problem they face is identical to that of military cryptographers and communications specialists: the other side will attempt to systematically violate every assumption you make about them in order to read/jam your transmissions and locate/identify senders and recipients. they will exploit any weakness in your supposedly secure channel to the extent they can, and their ability to do so should be assumed to be at least equal to yours, unless you possess information to the contrary.
on that basis, i keep changing my mind as to whether i should lock this entry. OT1H, the odds of the FoC's finding it are vanishingly small, barring certain obvious assumptions i shouldn't make anyway. but OTOH, i would like the authors -- and potential authors of similar tools -- to see this entry and perhaps think about its implications.
1: about the content of retransmitted packets. we know -- or can find out, if we get a copy of the authors' software to play with -- that if we cause the tor tunnel to drop a bunch of packets, we'll see the same plaintext retransmitted with a different part of the same cypher and key. how often do we have to do this to recover the session key? this is clearly a job for supercryptanalyst man, but this is a little different than shannon's famous paper about the strength of a cryptosystem and the minimum amount of cyphertext one needs to recover the key. anybody got a guess?
i imagine it will be pretty useful at annoying the less-sophisticated censors for a while, but since the explicit target of the underlying paper (PDF) is the great firewall of china, i think it will fail at its design goal. the fundamental problems with the tool are the naive assumptions made about state censors in general, and china in specific.
However, we assume that the censoring authority is not willing to block the Internet entirely, nor a large fraction of the Internet traffic. The censoring authority is also unwilling to completely block popular services, such as VoIP protocols. Thus, the filtering is based on a “black list” of restricted domains and IP addresses, accompanied by a list of behavioural heuristics that may suggest a user’s attempt to circumvent censorship; for example, a TCP SYN packet following a UDP packet to the same host may indicate a special type of proxy using port knocking [26]. Bissias et al. showed how such heuristics can be employed to detect certain traffic patterns in an encrypted channel [12]. This assumption is realistic since usually the cost of over-blocking is not negligible, so if the censor used a small “white list” of allowed content and hosts, then every new website or host on the Internet would need to sign up with the censor in order to be accessible by nodes within its control. This is a quite cumbersome task and seems unreasonable.(page 6 of the paper; my emphasis)
Also, we assume encrypted communications are not blocked unless the censor has evidence that the user is trying to evade the censorship. Moreover, we assume that the censor does not have access to information about particular bridges, including their IP addresses and Skype IDs; otherwise it can readily block the bridge based on this information. (We will discuss in Section 8 how a bridge using SkypeMorph can easily change its IP address if it is detected by the censor.) SkypeMorph users, however, can obtain this information from out-of-band channels, including email, word-of-mouth, or social networking websites. In our model, we are trying to facilitate connections to the bridges outside the jurisdiction of the censor where it has no control over the network nodes. However, the censor can set up its own SkypeMorph bridges and distribute their information.
let's take those bolded points in order:
The censoring authority is also unwilling to completely block popular services, such as VoIP protocols. ...
probably true, but so what? the cute hack the authors have come up with is traffic shaping so that tor connections look like skype video calls. the resultant traffic doesn't look anything like audio-only skype traffic. so, without half-way trying, the chinese could just drop all skype video calls at their international border routers and call it done. since skype audio still works, many people will be happy enough. people who complain will get 15-20 years of re-education in joycamp.
oh, ok, assume that's too strict for the chicoms for some reason. i'll admit i know next to nothing about skype, and from what i can tell from the paper, few people do; it's a proprietary protocol. but IIUC, it's possible to distinguish who's calling whom: a calls b is distinct from b calls a. so, the chinese can block all outbound skype video calls -- which screws up the tor tunnelling -- but accept incoming ones. that'll irritate chinese subjects, but since there's an obvious work-around, why stick your neck out to protest? (see above about joycamp.)
(there are obvious escalations from there: a signaling protocol to have the tor network call a user, but that just shifts the battle, it doesn't win it. and in any case, if the chinese don't want skype video to cross their border routers, it doesn't happen.
also: anybody understand what happens to the tor tunnel if the great firewall deliberately drops a random piles of the skype UDP packets? i don't think the paper says. if it's a strict TCP tunnel, the protocol needs to do a lot of retransmission, so bandwidth and latency go to hell, and i'd think the resultant traffic flow (and content?¹) would no longer look much like (lossy) skype video.)
we assume encrypted communications are not blocked unless the censor has evidence that the user is trying to evade the censorship.
:) now why would we assume that? the operation of the great firewall seems to indicate otherwise: they jam anything they don't like. there's no evidence that the great firewall presently blocks all HTTPS -- probably because it's very useful to chinese industry -- but i can't see why the chinese wouldn't block a random encrypted protocol simply because it's not something they can read. if i was part of chinese minitrue, and i got hold of the paper, i'd take a good hard look at what the skype tunnelling does for people we don't like vs what blocking all/some skype video does for us.
we assume that the censor does not have access to information about particular bridges, including their IP addresses and Skype IDs; otherwise it can readily block the bridge based on this information. ... SkypeMorph users, however, can obtain this information from out-of-band channels, including email, word-of-mouth, or social networking websites.
this one is just charming in its innocence. if random chinese people can find out these things, why can't chinese internal spies? to paraphrase a new yorker cartoon, on the internet, nobody can tell if you're chinese spy posing as a democracy activist. in fact, i'd assume they have agents whose sole job is to spoof the forces of good, in order to find out who makes contact with them and how. i'm also tickled by the charming implied assumption that email and social nyetworking sites are out of band for the people who control the net in china.
bridges outside the jurisdiction of the censor where it has no control over the network nodes.
this isn't as naive as the others, but why assume that any part of tor is outside the control of the forces of censorship (FoCs)? frankly, if i was any major spy agency, i'd probably own at least a handful of tor relays -- all properly located in "safe" places (sweden, holland, amazon's cloud) -- just to see what passes through them. (we know it's traffic somebody doesn't want somebody else to see, so why not?) no, i won't be able to interpret most of the traffic passing through my relays, but if i'm doing serious traffic analysis, and the client or server is in my country, i'll learn about that, and other nodes that are part of the tor network as well (the next hop in both directions).
i'm too
i think the authors should stop assuming the other side is "nice", and assume the problem they face is identical to that of military cryptographers and communications specialists: the other side will attempt to systematically violate every assumption you make about them in order to read/jam your transmissions and locate/identify senders and recipients. they will exploit any weakness in your supposedly secure channel to the extent they can, and their ability to do so should be assumed to be at least equal to yours, unless you possess information to the contrary.
on that basis, i keep changing my mind as to whether i should lock this entry. OT1H, the odds of the FoC's finding it are vanishingly small, barring certain obvious assumptions i shouldn't make anyway. but OTOH, i would like the authors -- and potential authors of similar tools -- to see this entry and perhaps think about its implications.
1: about the content of retransmitted packets. we know -- or can find out, if we get a copy of the authors' software to play with -- that if we cause the tor tunnel to drop a bunch of packets, we'll see the same plaintext retransmitted with a different part of the same cypher and key. how often do we have to do this to recover the session key? this is clearly a job for supercryptanalyst man, but this is a little different than shannon's famous paper about the strength of a cryptosystem and the minimum amount of cyphertext one needs to recover the key. anybody got a guess?