[tor-talk] Tor users trackable with common proxy?

Ondrej Mikle ondrej.mikle at gmail.com
Tue Feb 21 23:39:45 UTC 2012


On 02/21/2012 06:48 PM, Andreas Krey wrote:
> On Tue, 21 Feb 2012 14:26:06 +0000, Daniel .koolfy Faucon wrote:
> ...
>> Checking the software's signatures should ensure that you are not bootstrapping from harcoded malicious fake nodes or looking at the wrong
>> nodes list, and obfsproxy makes sure there is no recognizable handshake pattern. Even if they suspect it to be tor traffic there is no way
>> they can MITM an obfsproxy communication.
> 
> As far as I can tell obfsproxy itself can trivially be MITM'd,
> which is about as helpful as seeing the client-relay tor traffic
> in plain: Not very much.

Obfsproxy's objective is not to provide integrity, secrecy or anonymity. It just
tunnels some bytes in "another protocol". Its objective is to evade some
predefined rules in DPI that target SSL/SSH traffic or other well-known
encrypted traffic patterns.

Aside from obfsproxy being alpha software, it can be characterized as "simple
steganographic layer".

As such, it's a hard problem to make something "undetectable". Some of the best
papers I've seen on the subject (mostly written by Niels Provos IIRC) basically
said that if you have access to the steganographic algorithm, various
statistical markers can be derived.

Of course, you could employ crypto along with steganography, but then you got
the issue with distributing keys (obfsproxy client and server must somehow agree
on what obfuscation layer to use).

Ondrej


More information about the tor-talk mailing list