[tor-dev] Pluggable transports research

Discussion:

Jodi Spacek

2018-01-25 00:42:52 UTC

I'm a master's student at the University of British Columbia (Vancouver,
Canada) where I'm primarily researching anonymous systems and censorship. I
would be delighted to contribute to pluggable transports.

Of particular interest is image and audio data stenography - is anything is
in the works for this or is it outdated? My aim is to add this
functionality while fully testing and evaluating it as part of my thesis
project. I refer to the list of idea suggestions here:
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/ideas

Any guidance is greatly appreciated. Thanks so much!

Jodi

p.s.: Please advise if this is not the correct mailing list. and perhaps
belongs in tor-assistants. If so, I will inquire there once my access is
(hopefully!) granted.

--
www.jodispacek.com

Will Scott

2018-01-25 00:57:05 UTC

Permalink

Hi Jodi,

There's some discussion of pluggable transport issues on
https://groups.google.com/forum/#!forum/traffic-obf
that may be of interest.

In terms of stenography, you end up with a couple choices.
If you try to mimic existing protocols, you'll want to have
read up on
"The Parrot is Dead" by Houmansadr et al

In the last couple years, there were a couple prototype
transports embedding data within video games, namely
rook - https://dl.acm.org/citation.cfm?id=2808141
and
castle - https://arxiv.org/abs/1503.05904

I'm not aware of anything active on the image steganography
front, but I think the question remains how the activity
remains difficult to differentiate from legitimate activity.

--Will

Post by Jodi Spacek
I'm a master's student at the University of British Columbia (Vancouver,
Canada) where I'm primarily researching anonymous systems and censorship. I
would be delighted to contribute to pluggable transports.
Of particular interest is image and audio data stenography - is anything is
in the works for this or is it outdated? My aim is to add this
functionality while fully testing and evaluating it as part of my thesis
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/ideas
Any guidance is greatly appreciated. Thanks so much!
Jodi
p.s.: Please advise if this is not the correct mailing list. and perhaps
belongs in tor-assistants. If so, I will inquire there once my access is
(hopefully!) granted.
--
www.jodispacek.com
_______________________________________________
tor-dev mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Brandon Wiley

2018-01-25 01:08:07 UTC

Permalink

Hello Jodi. I would like to point out some additional resources for you if
you are interested in Pluggable Transports. First of all check out
https://www.pluggabletransports.info/.

Also, some work has been done in the past on audio data as a transport.
There is of course the venerable SkypeMorph (
http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf) and also
SkypeLine (
http://hgi.rub.de/media/attachments/files/2016/02/technical_report.pdf).

I have some general advice for implementing transports as well. Consider
your threat model before you design a transport using novel techniques. See
for instance the paper "Seeing Through Network-Protocol Obfuscation" (
https://kpdyer.com/publications/ccs2015-measurement.pdf). Also, if you want
to design a transport specifically for use with Tor, consider Tor's
specific needs. Tor has specific bandwidth requirements that need to be met
by the transport. Also, if you are going to attempt to mimic a protocol for
an existing audio or video application, consider what networks block Tor
and what audio and video applications are available on those networks.
Skype, for instance, is blocked on some of the same networks as Tor, and so
for those networks mimicking Skype traffic would not be an effective means
to circumvent blocking.

Post by Will Scott
Hi Jodi,
There's some discussion of pluggable transport issues on
https://groups.google.com/forum/#!forum/traffic-obf
that may be of interest.
In terms of stenography, you end up with a couple choices.
If you try to mimic existing protocols, you'll want to have
read up on
"The Parrot is Dead" by Houmansadr et al
In the last couple years, there were a couple prototype
transports embedding data within video games, namely
rook - https://dl.acm.org/citation.cfm?id=2808141
and
castle - https://arxiv.org/abs/1503.05904
I'm not aware of anything active on the image steganography
front, but I think the question remains how the activity
remains difficult to differentiate from legitimate activity.
--Will

Post by Jodi Spacek
I'm a master's student at the University of British Columbia (Vancouver,
Canada) where I'm primarily researching anonymous systems and

censorship. I

Post by Jodi Spacek
would be delighted to contribute to pluggable transports.
Of particular interest is image and audio data stenography - is anything

Post by Jodi Spacek
in the works for this or is it outdated? My aim is to add this
functionality while fully testing and evaluating it as part of my thesis
https://trac.torproject.org/projects/tor/wiki/doc/

PluggableTransports/ideas

Post by Jodi Spacek
Any guidance is greatly appreciated. Thanks so much!
Jodi
p.s.: Please advise if this is not the correct mailing list. and perhaps
belongs in tor-assistants. If so, I will inquire there once my access is
(hopefully!) granted.
--
www.jodispacek.com
_______________________________________________
tor-dev mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

David Fifield

2018-01-25 01:32:41 UTC

Permalink

Circumvention research can probably learn a lot from steganography
research. Most of the "mainstream" research on circumvention (read: the
work I'm familiar with :D) is in CensorBib:
https://censorbib.nymity.ch/
However I've been meaning to see what else we can learn by bringing
related research into its scope. There's a thread of research by
Sebastian Zander et al. on covert channels that hardly intersects with
circumvention research; it would be a good contribution if you could
determine to what extent the two worlds can be joined. For example
"Reliable Transmission Over Covert Channels in First Person Shooter
Multiplayer Games" predates Rook and Castle. They developed an
evaluation framework that to my knowledge hasn't been applied to
circumvention protocols.
http://caia.swin.edu.au/cv/szander/cc/index.html
http://caia.swin.edu.au/cv/szander/cc/cchef/
"Provably Secure Steganography" by Hopper et al. could be relevant to
certain kinds of circumvention protocols.
https://www-users.cs.umn.edu/~hoppernj/tc-stego.pdf

The traffic-obf list is a group of circumvention researchers. They are
scheduling biweekly meetings on IRC. You could discuss some ideas there.
https://groups.google.com/d/msg/traffic-obf/VtsKZA2Akmk/-v3Ajct-AwAJ

Jodi Spacek

2018-01-25 06:43:03 UTC

Permalink

Post by Jodi Spacek

Post by Jodi Spacek
I'm a master's student at the University of British Columbia (Vancouver,
Canada) where I'm primarily researching anonymous systems and

censorship. I

Post by Jodi Spacek
would be delighted to contribute to pluggable transports.
Of particular interest is image and audio data stenography - is anything

is in

Post by Jodi Spacek
the works for this or is it outdated? My aim is to add this

functionality while

Post by Jodi Spacek
fully testing and evaluating it as part of my thesis project. I refer to

the

Post by Jodi Spacek
https://trac.torproject.org/projects/tor/wiki/doc/PluggableT

ransports/ideas
Circumvention research can probably learn a lot from steganography
research. Most of the "mainstream" research on circumvention (read: the
https://censorbib.nymity.ch/
However I've been meaning to see what else we can learn by bringing
related research into its scope. There's a thread of research by
Sebastian Zander et al. on covert channels that hardly intersects with
circumvention research; it would be a good contribution if you could
determine to what extent the two worlds can be joined. For example
"Reliable Transmission Over Covert Channels in First Person Shooter
Multiplayer Games" predates Rook and Castle. They developed an
evaluation framework that to my knowledge hasn't been applied to
circumvention protocols.
http://caia.swin.edu.au/cv/szander/cc/index.html
http://caia.swin.edu.au/cv/szander/cc/cchef/
"Provably Secure Steganography" by Hopper et al. could be relevant to
certain kinds of circumvention protocols.
https://www-users.cs.umn.edu/~hoppernj/tc-stego.pdf
The traffic-obf list is a group of circumvention researchers. They are
scheduling biweekly meetings on IRC. You could discuss some ideas there.
https://groups.google.com/d/msg/traffic-obf/VtsKZA2Akmk/-v3Ajct-AwAJ

This is a promising direction! Iâll look into covert channels with
steganography in mind and its overlap with circumvention.

Actually, I just finished reading your thesis - itâs an excellent resource
for navigating related works and comprehending the interplay of
circumvention and censorship. Thanks very much for the additional links (:

Yawning Angel

2018-01-25 02:11:07 UTC

Permalink

On Wed, 24 Jan 2018 16:42:52 -0800

As far as I am aware (nb: haven't been keeping up with research in
this area), no one has come up with a good solution to the
issues mentioned in:

Geddes, J., Schuchard, M., Hopper, N., "Cover Your ACKs: Pitfalls of
Covert Channel Censorship Circumvention".

https://www-users.cs.umn.edu/~hoppernj/ccs13-cya.pdf

Regards,

--
Yawning Angel