[liberationtech] Anticensorship in the Internet's Infrastructure

Tue Jul 19 10:57:58 PDT 2011

On Mon, Jul 18, 2011 at 10:34:01PM +0100, Frank Corrigan wrote:
> Telex seems an interesting system, though I am puzzled whether the
> insertion of a 'secret'  "cryptographic tag into the headers" could be
> detected, as the FAQ says it "looks" random, rather than is..
> 
> "To create a Telex connection, the client replaces this number with what
> we call a tag ??? essentially, an encrypted value that looks random until
> it's decrypted."
> https://telex.cc/qa.html

Their tag is basically a standard "public key crypto" approach -- the
tag is cryptographically indistinguishable from randomness unless you
know the private key.

You are right to wonder "how random" it is. But a major worry should
actually be that it would be *too* random, rather than not random enough:
the history of stego systems is littered with designs that find some piece
of a protocol (like the low order bit of the timestamp in tcp headers,
or the low order bit of an image) that looks random to the developer
but isn't actually cryptographically random. Then it's straightforward
to distinguish the original message from a message that has an embedded
tag, because one of them has much higher entropy.

The reason it's ok here is because the protocol they're embedding the
tag in expects strong randomness.

So I don't expect the tag to be the weak point. Weak points to consider
include:
- Can their system scale to look for tags in tens of thousands of flows
per second, like you might see on a real backbone? (is that even the
right number?)
- Will they be able to convince any real network providers to put a
telex station in their network?
- Will a network censor get suspicious if it sees a whole lot of users
connecting to an otherwise unpopular https site, and then having traffic
patterns unlike what you'd expect from a user visiting that site?
- How practical will it be for a normal user who doesn't understand
Internet routing to figure out what address he should ask his telex
client to connect to?

> Though as it is a proof-of-concept, could it go the same way as the
> 'vanish' concept, which I did manage to work with, but them development
> ceased. Vanish <http://vanish.cs.washington.edu/>

Time will tell. The good news is that there are two other research
groups coming out with quite similar papers in the next several months
(with variations on what protocol they hide in and how their tag works),
so hopefully a lot of researchers will be exposed to the idea and think
about ways to improve it.

I think one way to encourage continued development is to try to integrate
the idea with other circumvention tools. Maybe it's because I look at
the world through Tor-colored glasses, but it seems unlikely that telex
will thrive as a stand-alone client -- there's too much other work like
community development, interface design and translation, portability,
packaging, etc that research groups tend to skip over.

But since Tor flows also use SSL, in theory Tor (or a Tor transport
module) can embed a tag just like the telex client would, and then we're
off to the races. I'm (slowly) working with these three research groups
to figure out how to make this theory more concrete.

--Roger