[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tor-dev
Subject:    [tor-dev] Status report - HTTP pluggable transport
From:       Chang Lan <changlan9 () gmail ! com>
Date:       2013-07-27 20:28:51
Message-ID: 47803F086099427DAC32F17BB378BA78 () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi Steven, 

I deeply apologize for not replying to your emails in the last few weeks. On July 2, \
I had a bad car accident, and since then I was staying in hospital after a surgery \
till July 27. I should have let you know earlier to get things less messed up. Sorry \
again about this. Now I finally get back and will be online for the rest of period. 

Anyway, I managed to keep up the schedule. Echoing George's request, I wrote a design \
specification [https://github.com/changlan/http-transport/blob/master/design.md] \
based on Steven's document. 

In brief, I apply the BOSH technique to transfer bidirectional-streams over HTTP, \
which is the skeleton of the design. 

To disguise Tor's content patterns, we should make the traffic indistinguishable from \
random bits. Since there is an assumption that user and bridge share a \
cryptographically secure secret, I simply encrypt the data under AES-128 counter \
mode.

To achieve scanning resistance, the user should send a secure message MAC(IP | Port | \
Timestamp, K) to the bridge. If the message gets verified on the bridge's side, the \
user gets accepted. Otherwise, the bridge will refuse to respond the user (or behave \
like a normal HTTP server). (I am not a crypto guy, so the scheme above may have \
flaws. Any review?)

And finally the traffic should be able to pass through proxies. I guess proxies will \
not cache POST response; am I correct?

That's it. There are some optional components that I am not sure whether to implement \
or not, such as packet-size obfuscation, Format-Transforming Encryption, etc. I think \
packet-size obfuscation is necessary, but I would rather put it in a TODO list for \
now.

One thing that is still arguable is that whether the traffic pattern of BOSH is safe \
enough. In other words, how to evaluate whether the traffic pattern revealed in this \
HTTP transport is common in other applications (XMPP for example).

I have implemented the transport within the pyobfsproxy framework as well as unit \
tests.[https://github.com/changlan/obfsproxy] Currently scanning resistance and \
content encryption are not enabled \
[https://github.com/changlan/obfsproxy/commit/5b5e8b543919c5b3cda756b3a9e7f411f02765c7], \
but the BOSH technique is applied. Tests and code reviews are welcome!

Thanks.

Best wishes,
Chang


On Tuesday, July 23, 2013 at 5:27 PM, Steven Murdoch wrote:

> Hi Chang,
> 
> On July 29, I will be submitting the Google Summer of Code progress report. Unless \
> I hear from you before this date, I'm afraid I cannot recommend the project \
> continue and Google rules would not allow you to restart at a later stage. I'd \
> rather this not happen, so please do get back in touch. 
> Best wishes,
> Steven
> 
> 
> 


[Attachment #5 (text/html)]

                <div>
                    Hi Steven,
                </div><div><br></div><div>I deeply apologize for not replying to your \
emails in the last few weeks. On July 2, I had a bad car accident, and since then I \
was staying in hospital after a surgery till July 27. I should have let you know \
earlier to get things less messed up. Sorry again about this. Now I finally get back \
and will be online for the rest of period.</div>  <div><div><br></div><div>Anyway, I \
managed to keep up the schedule. Echoing George's request, I wrote a design \
specification [<a href="https://github.com/changlan/http-transport/blob/master/design.md">https://github.com/changlan/http-transport/blob/master/design.md</a>] \
based on Steven's document.&nbsp;</div><div><br></div><div>In brief, I apply the BOSH \
technique to transfer bidirectional-streams over HTTP, which is the skeleton of the \
design.&nbsp;</div><div><br></div><div>To disguise Tor's content patterns, we should \
make the traffic indistinguishable from random bits. Since there is an assumption \
that user and bridge share a cryptographically secure secret, I simply&nbsp;encrypt \
the data under AES-128 counter mode.</div><div><br></div><div>To achieve scanning \
resistance, the user should send a secure message MAC(IP | Port | Timestamp, K) to \
the bridge. If the message gets verified on the bridge's side, the user gets \
accepted. Otherwise, the bridge will refuse to respond the user (or behave like a \
normal HTTP server). (I am not a crypto guy, so the scheme above may have flaws. Any \
review?)</div><div><br></div><div>And finally the traffic should be able to pass \
through proxies. I guess proxies will not cache POST response; am I \
correct?</div><div><br></div><div>That's it. There are some optional components that \
I am not sure whether to implement or not, such as packet-size \
obfuscation,&nbsp;Format-Transforming Encryption, etc. I think&nbsp;packet-size \
obfuscation is necessary, but I would rather put it in a TODO list for \
now.</div><div><br></div><div>One thing that is still arguable is that whether the \
traffic pattern of BOSH is safe enough. In other words, how to evaluate whether the \
traffic pattern revealed in this HTTP transport is common in other applications (XMPP \
for example).</div><div><br></div><div>I have implemented the transport within the \
pyobfsproxy framework as well as unit tests.[<a \
href="https://github.com/changlan/obfsproxy">https://github.com/changlan/obfsproxy</a>] \
Currently scanning resistance and content encryption are not enabled [<a \
href="https://github.com/changlan/obfsproxy/commit/5b5e8b543919c5b3cda756b3a9e7f411f02 \
765c7">https://github.com/changlan/obfsproxy/commit/5b5e8b543919c5b3cda756b3a9e7f411f02765c7</a>], \
but the BOSH technique is applied. Tests and code reviews are \
welcome!</div><div><br></div><div>Thanks.</div><div><br></div><div>Best \
wishes,</div><div>Chang</div><div><br></div></div>  
                <p style="color: #A0A0A8;">On Tuesday, July 23, 2013 at 5:27 PM, \
                Steven Murdoch wrote:</p>
                <blockquote type="cite" \
style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">  \
<span><div><div><div>Hi Chang,</div><div><br></div><div>On July 29, I will be \
submitting the Google Summer of Code progress report. Unless I hear from you before \
this date, I'm afraid I cannot recommend the project continue and Google rules would \
not allow you to restart at a later stage. I'd rather this not happen, so please do \
get back in touch.</div><div><br></div><div>Best wishes,</div><div>Steven</div><div> \
</div></div></div></span>  
                 
                 
                 
                </blockquote>
                 
                <div>
                    <br>
                </div>
            



_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic