Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Censorship Communications Encryption Privacy Security The Internet Your Rights Online

Tor Tests Undetectably Encrypted Connections In Iran 157

Posted by timothy
from the great-song-from-flock-of-seagulls dept.
Sparrowvsrevolution writes "Ahead of the anniversary of Iran's revolution, the country's government has locked down its already-censored Internet, blocking access to many services and in some cases cutting off all encrypted traffic on the Web of the kind used by secure email, social networking and banking sites. In response, the information-freedom-focused Tor Project is testing a new tool it's calling 'obfsproxy,' or obfuscated proxy, which aims to make SSL or TLS traffic appear to be unencrypted traffic like HTTP or instant messaging data. While the tool currently only disguises SSL as the SOCKS protocol, in future versions it will aim to disguise encrypted traffic as any protocol the user chooses. Tor executive director Andrew Lewman says the idea is to 'make your Ferrari look like a Toyota by putting an actual Toyota shell over the Ferrari.'" Reader bonch adds: "A thread on Hacker News provides first-hand accounts as well as workarounds."
This discussion has been archived. No new comments can be posted.

Tor Tests Undetectably Encrypted Connections In Iran

Comments Filter:
  • by elrous0 (869638) * on Friday February 10, 2012 @01:56PM (#38997733)

    The MPAA has already called in the FBI, CIA, NSA, and a cadre of hired Senators to put a stop to this illegal piracy-facilitating tool--which, if it's not stopped, will cost millions of American jobs and perhaps collapse the entire economy. Our children's futures are at stake here, people!!!

    • by rathaven (1253420) on Friday February 10, 2012 @02:01PM (#38997791)
      Not to mention their access to porn...
    • by jcreus (2547928)
      Hmm. Let's take down computers, operating systems, browsers... They also use them!
    • by timeOday (582209)
      This must involve a huge blowup of the data. I can't imagine how large a movie would be encrypted to look like an innocuous chat session.
    • by phrostie (121428) on Friday February 10, 2012 @02:22PM (#38998005)

      Wasn't it the Government that first created it?

      from their about page:

      "Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others. "

      • by TubeSteak (669689) on Friday February 10, 2012 @02:33PM (#38998117) Journal

        Don't forget that the US State Department is the de-facto sponsor of TOR.
        TOR gets most of its funding from groups that get most of their funding from the State Dept.

        • by Luckyo (1726890)

          Right hand, left hand...

          Be afraid of the brain (i.e. money that buys the machine controls) actually realizing what's going on.

          • Be afraid of the brain (i.e. money that buys the machine controls) actually realizing what's going on.

            That might not be such a bad thing, actually. Think about whose interests the state department is supporting by producing these tools: The US military and defense contractors, the CIA and NSA, oil companies... Remember all that talk about how much bigger the tech industry is than the entertainment industry? Look at the size of the defense and intelligence industry sometime.

      • by Jah-Wren Ryel (80510) on Friday February 10, 2012 @02:38PM (#38998181)

        Wasn't it the Government that first created it?

        The US government also funded the Taliban (to fight the Russians) and the Israeli goverment funded Hamas (to fight the PLO).

        • Re: (Score:2, Informative)

          by Moryath (553296)

          You've got your history partially wrong.

          The US government DID fund the Taliban (rather than see the USSR take over Afghanistan). However, the whole "Israel funded Hamas" bullshit is just that, bullshit. Hamas is an offshoot of the Muslim Brotherhood movement, which was Egypt-centered and got (still gets) most of its funding and material through Iranian connections (similar to other MB offshoots such as the Lebanese Hizb'Allah and the current Syrian government).

          The reason for this was that Iran has a tendenc

          • by f3rret (1776822)

            Well to be fair Operation Cyclone [wikipedia.org] did not specifically fund the Taliban, they sponsored many of the mujahadeen, including some who went off to become the anti-Taliban Northern Alliance.

          • Do a little research next time before parroting bullshit

            Sounds like you are emotionally invested in the topic.

            Note that I didn't say Israel was solely responsible, everything else you wrote is true but does not contradict what I said, no matter who vociferiously you expressed it.

            For anyone else reading along interrested in an actual citation, here'e one of many [wsj.com] that acknowledges both Israel's and the Muslim Brotherhood's involvement in the beginnings of Hamas.

          • The vast majority of the weapons and funds supplied to the Afghanistan for fighting the USSR was from Pakistan, Saudi Arabia, and England. The US did not create the Taliban. The Taliban and associated like minded groups are Pakistani creations.

    • by SRM2 (1157311)
      The MPAA in in the business of going after Somalians now?
    • by chichilalescu (1647065) on Friday February 10, 2012 @02:27PM (#38998057) Homepage Journal

      dear slashdot,
      can we please have a +1 "sad but true" option?

    • by Merk42 (1906718)
      Don't forget "Stifle Innovation", the "think of the children" for technology.
  • by hobarrera (2008506) on Friday February 10, 2012 @01:59PM (#38997765) Homepage

    While this is a great effort, and I really congratulate the Tor proyect for all that they've done and continue to do, this still is nowhere close to the solution on the real issue here: governments that over and over again limit people's freedom of speech and privacy.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      What do you propose we Western geeks do about the government of Iran?

    • by capnchicken (664317) on Friday February 10, 2012 @02:09PM (#38997871)

      Unfortunately you always have to build things in spite of people, and can never count on altruism because there will always be bad actors, and those bad actors always have the chance of gaining power. It's the human condition, the only thing you can do is route around it. I agree we should address it from many fronts, but technological circumvention, while maybe only alleviating symptoms, seems to be very effective.

    • by Anonymous Coward

      Do not worry people. Is impossible to stop antiencription.
      just imagine the following idea.
      You write a tottaly understable text with some easy code. For example. The first letter of each word are a phrase.
      Well. you can create extensive false documents (there where papers accepted by academics written by computers, so is not entirely impossible) with this kind of coding (There are a lot of more complex algorithms involving taken only the letters from a formula, etc).
      If only some people has the code to break

    • by Culture20 (968837)

      Tor proyect

      That sounds like commie talk, comrade.

    • While this is a great effort, and I really congratulate the Tor proyect for all that they've done and continue to do, this still is nowhere close to the solution on the real issue here: governments that over and over again limit people's freedom of speech and privacy.

      That is sort of missing the big picture. Yes, you have to fight governments that oppress and censor... but this is one of the ways you do it. It's a lot easier to convince someone that censorship is wrong if it is, in any event, totally ineffective -- because you take away any possible upside. It no longer becomes a weighing of the benefits of censorship against its costs, because the benefits are destroyed by developing this type of technology. Censorship becomes something that has only costs, and there ce

  • How do you hide something unreadable within something readable? ... damn, you're going to make me RTFA, aren't you? :P

    • You mean something like steganography [wikipedia.org]?
      • But its use would be so rare in Iran that the police could just arrest and execute anybody in posession of tools which could be used for steganography.

    • by pushing-robot (1037830) on Friday February 10, 2012 @02:11PM (#38997885)

      It's steganography. They've created a strong AI capable of passing as human and conversing intelligently with other copies of itself. Each AI instance develops relationships with others, sharing email and IMs about its loves and hates, passions and dreams, even photos of virtual family and pets. All of which can contain a hidden payload of your private data.

      But enough technical mumbo-jumbo. What matters is you'll now be able to surf porn sites without anyone knowing.

      • by anubi (640541)
        The first thing I thought while I was loading this topic was steganography. So I asked my browser to find this word and discovered you beat me to it.

        A really good question now is how do you allow any internet traffic at all? Nearly anything can be encoded with steganographic information.

        There was one guy on the net a few years ago named "Fravia" that went on in detail how to make steganographic communications programs on the fly. Wonderful work.

        After reading his essays, which he so graciously
        • The purpose of internet censorship isn't to make it impossible to gain access to prohibited information - that would be impossible. The purpose is to make that information so much trouble to get to that only a negligable number of people will be so determined.
    • by Hatta (162192)

      Easy. Send a payload that has some randomness to it. For example, a JPEG will have mostly random least significant bits. So now you take your encrypted data, which looks like random data, and replace the random LSBs in the JPG with your encrypted data. This is still vulnerable to statistical analysis, because little in nature is truly as random as random data is. But it raises the bar.

      • This is still vulnerable to statistical analysis, because little in nature is truly as random as random data is.

        Uh, I thought it was the other way around, as the "randomness" of the data is determined by the use of non-random algorithms, whereas nature is not dependent on such defined programming.

        As an example, compare Rhapsody's "shuffle" setting that only repeats 20 songs from a 500 song playlist over and over, as opposed to closing your eyes and chucking darts at the same list.

        • by Hatta (162192)

          "shuffle" is not a cryptographically secure algorithm. If your encryption is seeded with sufficiently random data, then the encrypted data will be indistinguishable from random.

          Nature is truly random, but there are different types and degrees of randomness. If the noise in the LSB tends to be Brownian and you replace it with white noise, that's going to be detectable.

          • by KhabaLox (1906148)

            If the noise in the LSB tends to be Brownian and you replace it with white noise, that's going to be detectable

            Replacing brown noise with white noise? Sounds pretty racist to me.

        • by trum4n (982031)

          ...as opposed to closing your eyes and chucking darts at the same list.

          However, it does extend the operating life of your LCD.

        • by Culture20 (968837)
          Chucking darts at a wall is incredibly non-random. It's good for a one-time toss, but repeated uses will cluster badly.
          • closing your eyes and chucking darts at the same list.

            Chucking darts at a wall is incredibly non-random. It's good for a one-time toss, but repeated uses will cluster badly.

            Looks like you might benefit from this. [abcteach.com]

            • by Culture20 (968837)
              I'm sorry, but even with eyes closed, you'll tend to throw the same way every time (unless you purposefully throw differently with each toss, then it's still non-random, but psychology has to be taken into account).
    • by Anonymous Coward

      It's actually pretty easy. I bet you couldn't hIwD5E4YmYgu7EABA/4zkMc2B2jVFcLC2s8SbV4MWdJCb0buQe0eEJX9XuMgNEbG even tell this was a ryyIKnRf2Zg8TvdClV20DsClRXR9GICX2pdhEFWqSJDQuLQX2sC7fVPshoOYkutV secretly encrypted KFyslVdYKQlLq4cwOHCTbIDLPdTFFpSuhIOvgk8yhcQTo2M7VY6xmaNLtYm0/9JE message, hiding in plain AS2LW55DgwHs6waLou78owXYW7vQBkhQLky69gV4htAhwIEqkdzS5w3iE36a9eyZI sight on plain old HTTP in /63GXN745FjoP8hwSZCfffhY0L8= ordinary HTTP traffic with no SSL/TLS at all. =DKJ0 It looks just like normal traffi

    • by X0563511 (793323)

      encapsulation.

      Here's one way to do it:

      Send the SSL data in a standard HTTP stream. Even better, base64 encode the data, so it looks like actual text.

      To block this means either blocking HTTP as a whole, or building/buying some expensive stuff that can understand HTTP and do some kind of content analysis on it.

      • by lgw (121541)

        Well, perhaps the Iranian government can't just buy that sort of deep packet analysis tool off the shelf, but most people can. Detecting steganography is very easy once you know the algorithm used. If they just crammed base64 text into text streams, most ISPs could already flag that, using equipment already in place, with a few minutes work on the regex.

      • by swb (14022)

        Has anyone done this?

        It'd sure be nice to have some kind of an implementation of it built into OpenSSH and a client like Putty, and robust enough to work through a firewall proxy.

        I'm sure it belongs as some standalone proxy, but having it integrated would make it easier and less painful to use from a client perspective, although I would imagine it would have to be a pretty simplistic implementation (wrap SSL in HTTP, base64 encoded only) and not delve to far into actual steganography.

        In other words, useful

        • by X0563511 (793323)

          As far as the file style analysis - this wouldn't be possible except at the very beginning of the connection, as the data in the middle looks like garbage.

          The beginning though - where certificates are exchanged and handshakes made - this could be picked up on, and if the connection was squashed at this point, it wouldn't be possible to continue.

    • by Ungrounded Lightning (62228) on Friday February 10, 2012 @02:40PM (#38998213) Journal

      How do you hide something unreadable within something readable? ... damn, you're going to make me RTFA, aren't you? :P

      As I read the blurb (I have no inside knowledge) they're not making the PAYLOAD look unencrypted. They're circumventing the type-of-flow identification mechanisms built into router filtering by encapsulating the encrypted data within an outer layer (and addressed to the port of) another protocol. (They may even have put a layer on top of the existing service so that, unless it identifies the flow as an encapsulated TOR flow, it actually PERFORMS the service.)

      The result would be that, if they intercept the flow and try to parse it as what it purports to be, it may not make sense. But if their router look at the parts of the packets that are characteristic of what the flow purports to be, it will identify it as normal traffic and let it through. And if the router tries doing something like a keyword search through the bodies of the packets it won't get hits because the bodies are encrypted.

      You can use this approach with any protocol that can handle the traffic patters of a TOR connection (possibly with added padding packets to make the characteristics look more like the purported flow).

      Downsides might be:

      1) If you do a masked TOR only server on the port they might try to connect to the purported flow and detect that this server is not what it seems.

      2) If you do a diverting pancake you need a way to flag for the pancake that this is the masked TOR flow. If that's well known they might write a filter for it. (Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman have developed a steganographic method for applying such a tag. It is embedded in their own "TELEX" network-based firewall bypasser but might be adapted to this purpose. paper [telex.cc] a href="https://telex.cc/"code")

    • Think of it in terms of error correcting codes. You and I agree on a secret linear code, and we then add our codewords to a noisy channel (at the lowest power possible to allow decoding to occur). If the noise power is high enough, then our codewords should be undetectable in the channel; but we can still recover the codewords because we know what error correcting code is being used (it is widely believed that detecting the codewords without knowledge of the code is hard; this is just a restatement of the
  • Seems about right (Score:5, Insightful)

    by bigredradio (631970) on Friday February 10, 2012 @02:03PM (#38997821) Homepage Journal
    The more you tighten your grip, $dictator, the more $locations will slip through your fingers. - $rebel_princess.
    • The more you tighten your grip, $dictator, the more $locations will slip through your fingers. - $rebel_princess.

      It just might take 50, 100, or 400 years. The German Reich - 12 years. Fascist Italy - 21 years. USSR - 74 years. North Korea - 60 years and counting.

  • ...then how do they get tested deterministically? They MUST be undetectable, because the summary headlines are never ever wrong, nor do they exaggerate.
  • It'd be slow, for sure, but encapsulating messages inside of images using steganography libraries should be very feasible as a means of tunneling.

    • by X0563511 (793323)

      I can see it now.

      Analyst A: Wow, this cat photo has gotten VERY popular.
      Analyst B: Hey... why do these otherwise identical photos have different checksums?

    • tunneling.

      Doesn't help you if you just want to access your bank account or email. A tunnel implies somebody ready to operate the other end. If that person existed outside Iran, the Iranian government would quickly block access to them.

  • by v1 (525388) on Friday February 10, 2012 @02:19PM (#38997971) Homepage Journal

    Tor Tests Undetectably Encrypted Connections In Iran

    "Undetectably encrypted". No. There really is no such thing. "Obfuscated", "disguised", ok I'll take those, but not "undetectably". Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.

    I'm sure cisco and motorola etc will send their people over there this weekend to make upgrades to the censorware they sold them last year. They provide such good customer service to our adversaries when there's a buck to be made. (isn't there a law against this? they push so hard politically in one direction all the while the american businesses drive a dagger in the back of their goals)

    • by X0563511 (793323)

      A proper encryption without a header of some kind, and without the key, looks like random noise. You can suspect it's encrypted, but you cannot know for certain (ignoring context. even then, the context only suggests, not proves)

      So, pedantically, I suppose it IS possible. But not over in practical land.

      • by betterunixthanunix (980855) on Friday February 10, 2012 @02:36PM (#38998157)
        Over in practical land, you need a noisy channel where the amount of noise is high enough to overpower efforts to detect your hidden signal, but where someone with special knowledge (knowledge of the secret key) can perform run an error correcting code to recover the hidden signal. This is not at all implausible; we already know how to make cryptosystems based on random linear codes; the real work would be ensuring that security is maintained even when you use the channel's naturally occurring noise to hide the signal (which may not be guaranteed).
      • by lgw (121541)

        Encryped data will never have the same "profile" as true randomness. Once the attacker knows the algorithm being used, nothing today will stop him from detecting that data is present. But that's not what the TOR team is after - they're trying to make it impractically expensive to perform this sort of detection on all internet traffic with the hardware the attacker already has. That's a much more practical objective. They aren't trying to hide the fact that there's an encrypted payload, they're just remo

        • Once the attacker knows the algorithm being used, nothing today will stop him from detecting that data is present

          Except for time, since we generally want ciphers whose ciphertext is computationally indistinguishable from a uniform random sequence i.e. where no efficient algorithm can distinguish between ciphertext and randomly sampled strings with non-negligible probability, even when the algorithm is publicly known (as long as the secret key is not publicly known). Whether such a thing is actually possible is still an open question, but there are good reasons to think that it is possible.

          • by X0563511 (793323)

            Using a one-time-pad type of stream cipher would work, so long as you made sure to send the next pad before you ran out on the existing one. The danger of that though, is if they can grab a pad, they could theoretically decrypt any subsequent data (so long as they didn't "miss" recording the part with the next pad).

            Provided the pads are generated in an actually random or near-random manner, then the ciphertext would be indistinguishable from said random/near-random data.

            • Why even bring up one time pads? A stream cipher or various stream-cipher-like modes of block ciphers would be sufficient in practice, and in theory we can show that (under certain widely accepted hardness assumptions) you can make a stream cipher with many-message security against computationally bounded adversaries. There is a well-known construction of a secure stream cipher from a one-way function and a hardcore predicate for that function.
              • by X0563511 (793323)

                ... because people reading this thread may not be subject matter experts, and know all of that?

          • by lgw (121541)

            Oh, I agree about the ideal, but we don't have anything like that today. Just like you can make a cipher unbreakable if you can compress the plaintext down to where there's no redundancy, but good luck designing a languange where all sequences are not only well formed, but meaningful.

            Cryptography is in a good place right now, where no one really attacks the math - the algorithm is the strongest part. The math for hashes is weaker, but we seem to get a few useful years out of each one. The math for stegan

    • by pinfall (2430412)
      At this point we're all fucked anyway. Government's greatest desire is to have keyloggers built into every bios so encryption is made obsolete.
    • Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.

      Well, in terms of steganography, we can speak of "strong" or "provably secure" steganography which can guarantee that no process can decide if a hidden message exists in the cover traffic with non-negligible advantage. If you have a low enough SNR, detecting the existence of the signal at all become impossible; the only trick is to ensure that someone with the secret key can still extract that signal.

      • by v1 (525388)

        If you have a low enough SNR, detecting the existence of the signal at all become impossible

        This usually requires the percentage of secret data to be very small compared to the amount of "plausibly harmless" data it's steno'd into.

        So whether or not that is usable depends on the amount of data you want to hide, and what you intend to hide it in. If you want to send a paragraph of text you can probably squeeze that nicely into a tiff from your camera with minimal risk. But if you want to send someone a DVD

        • if someone is LOOKING for data to be hidden in the image

          There are ways to defend against this; I would start by looking at the Learning With Errors problem, which I suspect could be used for strong steganography systems (it is already being used for cutting edge cryptography).

          In theory you're right, but practical application can be a problem.

          That is the pattern with the Tor project. In the 90s, a lot of work went into anonymity systems that were resilient to concerted efforts to defeat the anonymity guarantees (mixmaster). Tor took some of these ideas, but had to sacrifice the strong security guarantees to ensure practica

    • by MightyYar (622222)

      Don't be so hasty... Spammers can get past spam filters even when they are tuned to look for every variation of the word P3N1S. :)

    • by oGMo (379)

      "Undetectably encrypted". No. There really is no such thing. "Obfuscated", "disguised", ok I'll take those, but not "undetectably". Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.

      Trivially, if you have a regular message that's filled with noise, it's easy to filter. Less trivially, if you have a message that encodes encrypted messages as normal-looking sentences, you might be able to filter it, though the generation of such could get pretty sophisticated. F

  • in the technological arms race, this is pretty damn cool idea.

    /munches popcorn and waits to see countermeasures/

  • Wow! Why are they even talking about this?? Do they want the enemy to discover their method before this new weapon has even been fired in anger? Folks at Tor need to take and pass the OPSEC 100 course again.
  • by cryfreedomlove (929828) on Friday February 10, 2012 @02:32PM (#38998105)
    This arms race of censorship and counter measures will have one definitive outcome: the best and the brightest of Iranian youth will find a way to emigrate because they don't want to live in an isolated theocracy. The resulting brain drain will set them back a century. This is what happens to governments driven by fear. Those in power in Iran fear their own people the most.
    • by Animats (122034) on Friday February 10, 2012 @02:35PM (#38998151) Homepage

      the best and the brightest of Iranian youth will find a way to emigrate because they don't want to live in an isolated theocracy.

      They already did, decades ago. When the US-supported Shah of Iran was overthrown, many Iranians came to the US.

      • by glop (181086) on Friday February 10, 2012 @02:56PM (#38998417)

        Actually when the Shah was overthrown, most of the brightest people in Iran celebrated. That's because he was a really bad dictator and the only reason most people in the West are not aware of it is because he was very pro-American and very friendly with most western countries.
        The problem with revolutions is that it's hard to stabilize things afterwards. And there is no guarantee that the nice and respectful people will take over to draft a Constitution that grants freedom for the people. That's when many of the brightest in Iran got really disappointed and the religious extremists took the power.

        You can read the account of one of those brightest people who left Iran years later: http://en.wikipedia.org/wiki/Marjane_Satrapi
        Marjane's account seemed pretty fair and balanced to me (based on the differences with the cliches I had heard, what I know about the publishers, the variety of the anecdotes and their "true to life" aspect).

    • by sohmc (595388)

      Isn't this a good thing though? "The People should not fear its government. The government to should fear its the People."

      I guess the only thing missing is the revolution to actually throw the government out of the country.

    • by AbRASiON (589899) *

      Look at Iran now, what religion do they follow?
      The place is already set back a century.

  • So Iran is moving towards a DarkNet called Tor. I wonder if ACTA, SOPA, or PIPA would cause a similar reaction in the countries they're enforced upon.
  • by davidwr (791652) on Friday February 10, 2012 @03:27PM (#38998819) Homepage Journal

    "If we can't parse it, it gets blocked."

    In the old days, Cuban international phone calls were monitored. At least one person started talking a language other than English or Spanish and the operator broke in and told them to speak English or Spanish or get cut off.

    Source: Something I read in a reputable newspaper or magazine back in the 1970s or 1980s.

  • Because Tor wasn't slow enough already...

  • IP steganography makes it all the cooler, while still keeping a sort of logic about it that is very high level.
    I hope you all understand this will change things forever...

  • This topic is important to more than just Iranians. The events of the Arab Spring and developments across Europe, Asia, and America indicate we average folks are going to need a truly free means of communicating soon if not now. It has to be impossible for governments or corporations to blackout communications anywhere, so that their misdeeds cannot go unwitnessed.

    I know that separate projects exist to tackle this problem in different ways. B.A.T.M.A.N.'s ad hoc network protocol is one. Point-to-point i

I have never seen anything fill up a vacuum so fast and still suck. -- Rob Pike, on X.

Working...