DARPA has funded a project to develop a stego type communications system as a "next generation TOR". Its called SAFER Warfighter Communications. http://www.darpa.mil/Our_Work/I2O/Programs/SAFER_Warfighter_Communications_(... On Sep 8, 2011, at 7:00 PM, "Michael Holstein" <michael.holstein@csuohio.edu> wrote:
Very disturbing. I wonder if its possible to hide encrypted traffic as seemingly unencrypted http traffic in much the same way as a gpg key is rendered as ascii armored, or stenographically inside images. Although such methods may be inefficient, they may be good enough for some purposes.
Of course .. any number of mechanisms exist to do exactly this, although (generally speaking) it's not to provide a "live" VPN service. A constant HTTP stream of nothing but .jpegs would be pretty suspicious. Video-type services might be a better bet (because the traffic would be more believable) but if you can't encrypt it, all that's required to render the stego useless is to (slightly) re-encode it transparently (eg: take your 640x480 MPEG stream and run it through ffmpeg to lower the bitrate by 10k or some such).
One would detect this in the same way you do encrypted botnets .. you stop looking for patterns *in* the traffic and start looking at *traffic patterns* (ie: "that's odd, why is this machine doing a constant stream of ICMP all of a sudden? .. what are these long DNS queries for?, why are the HTTPS traffic ratios fairly symmetrical?" .. etc).
It would be good to know what technologies these ISPs will implement to do the packet inspection for encrypted tunnels. Half the problem is you don't really know what they'll be looking for and so you don't know how to circumvent.
That's the key distinction here .. rather than try to "ban with technology" (ie: "great firewall of china"), they went for "ban with policy" .. meaning you'll likely never know if you're "getting away with it" until the ISI shows up and drags you off.
I suppose a clever service would be for Twitter (et.al.) to allow you to upload a keypair for stego and a https "twitpic" site that allowed each image to be checked for a valid signature and stego'd text, which would then be published.
Regards,
Michael Holstein Cleveland State University
_______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE