[anti-censorship-team] Questions for the SymTCP paper

Roger Dingledine arma at torproject.org
Sun Apr 12 09:00:52 UTC 2020


[redirecting from the original tor-project@ post to here]

On Thu, Apr 09, 2020 at 11:34:29AM -0700, Philipp Winter wrote:
> == Reading group ==
> 
>     * We will discuss "SymTCP: Eluding Stateful Deep Packet Inspectionwith Automated Discrepancy Discovery" on April 16
>         * https://censorbib.nymity.ch/#Wang2020a
>         * Questions to ask and goals to have:
>             * What aspects of the paper are questionable?
>             * Are there immediate actions we can take based on this work?
>             * Are there long-term actions we can take based on this work?
>             * Is there future work that we want to call out, in hopes that others will pick it up?

Thanks Philipp. For those who like more structure for your readings,
here are three Tor-oriented "homework" questions for you to think about
while you're reading this paper:

(1) Do any of the tricks that they come up with work, or help us find
tricks that work, from entirely user space, like Tor or Tor Browser? If
we can get past the initial "no, they're all packet-based tricks, so
we'd need root at the least" to finding some that can be done with
socket functions or the like, that would be really neat.

(2) Are there promising techniques that only require root-level changes
on the client side? In particular, could Tails ship with some kernel or
iptables changes that make DPI engines not trigger on bridge handshakes?

(Doing it to protect Tor handshakes for relays or popular bridges seems
like a much harder problem, because if the censor blackholes the IP
address when they see a verboten handshake, then *everybody* needs to
talk to it in a safe way, or somebody else will get it blocked and now
you can't use it either.)

(3) How about only server-side? I'm imagining asking Linux bridge
operators to run a few iptables rules to make their bridges more robust.
(Like the old "drop the first 3 syn packets in a flow, because the GFW
network stack is optimized to only send 3, but real OSes try more than
3 times" trick.)

And for extra credit: can anything be done on Android or iOS? Or maybe
better: what would it take to apply these ideas to Android Tor Browser /
Orbot users, or to iOS Onion Browser users?

Thanks!
--Roger




More information about the anti-censorship-team mailing list