[tor-dev] Brainstorming about steganographic transports

Robert Ransom rransom.8774 at gmail.com
Thu Jul 26 06:56:36 UTC 2012


On 7/26/12, David Fifield <david at bamsoftware.com> wrote:

> We can use appid-like signatures to make steganographic channels, if we
> assume that the signatures are a realistic reflection of actual use of
> the protocols. But: this relies critically on the accuracy of the model.
> (Specifically, does it match the censor's model? If he uses simple
> regular expressions for blocking, then we win; if not, then we probably
> lose.)

Not quite.  If the language your syntactic model was based on is
accepted by the particular regular expressions that the censor is
currently using, you win (until They change to new regexps).
Otherwise, you lose.

For example, <https://code.google.com/p/appid/source/browse/trunk/apps/irc>
accepts “UseR :BOGUS line containing only a username with too many
spaces\n\n\n\n\n\r”, but no real IRC client will generate “UseR” (or
the other protocol violation on that line).  If They are using appid
with that particular protocol-recognition file, you win; if They
validate IRC using better regexps, you lose.


Robert Ransom


More information about the tor-dev mailing list