[tor-dev] Brainstorming about steganographic transports

Kevin P Dyer kpdyer at gmail.com
Sun Jul 29 16:20:32 UTC 2012


On Wed, Jul 25, 2012 at 9:18 PM, David Fifield <david at bamsoftware.com> wrote:
> This is a summary of some discussion among developers of pluggable
> transports about steganographic channels and deriving them from protocol
> grammars. Two things prompted the discussion:
>
> [snip]
>
> David (yours truly) wants to write or help write a simple pluggable
> transport derived from regular-expression signatures, even with the
> limitations shown above. Client and relay would need matching signature
> models. For the same of simplicity, it will only seek to match the given
> signature, and not be indistinguishable in the strong sense mentioned
> above. It won't do symmetric encryption of the underlying TLS (or if it
> does, will use a fixed key). It won't use the constructions from the
> Provably Secure Steganography paper, rather it will just encode its
> stream directly in DFA edge transitions. I think it will be interesting
> to see 1) how far a simple system can get us, and 2) what additional
> changes we would have to make to be provably secure against censors
> using more sophisticated computational models than regex.

Protocol grammars present an interesting foundation for designing
pluggable transports. As Roger knows, my co-authors and I came up with
this idea about a year ago and have since been working on realizing it
too. We call our approach "Format Transforming Encryption."

Our approach at a high level is similar to what you describe: we use
regular expressions to efficiently encode traffic on the wire. We've
been working out a lot of the challenges that need to be overcome to
make our approach feasible. As you could imagine, it's non-trivial to
produce languages that are efficient, satisfy basic security
constraints, and are able to pass through proxies. However, I'm happy
to report we have a proof-of-concept that's nearly ready to release to
the Tor community. We are in the process of preparing a research paper
for submission. Once it's ready we'll also post a technical report and
I'll point you guys to it.

At that point ---should be just a couple of weeks--- I'll be happy to
explain more details about our work, share code, etc. There will, of
course, be lots of interesting questions remaining about practical
deployment and we'd be happy to get feedback to improve our framework
and get it in shape to be deployed with Tor.

-Kevin


More information about the tor-dev mailing list