DARPA has funded a project to develop a stego type communications system as a "next generation TOR". Its called SAFER Warfighter Communications.
http://www.darpa.mil/Our_Work/I2O/Programs/SAFER_Warfighter_Communications_(SAFER).aspx On Sep 8, 2011, at 7:00 PM, "Michael Holstein" <michael.holst...@csuohio.edu> wrote: > >> Very disturbing. I wonder if its possible to hide encrypted traffic as >> seemingly unencrypted http traffic in much the same way as a gpg key is >> rendered as ascii armored, or stenographically inside images. Although >> such methods may be inefficient, they may be good enough for some purposes. >> > > Of course .. any number of mechanisms exist to do exactly this, although > (generally speaking) it's not to provide a "live" VPN service. A > constant HTTP stream of nothing but .jpegs would be pretty suspicious. > Video-type services might be a better bet (because the traffic would be > more believable) but if you can't encrypt it, all that's required to > render the stego useless is to (slightly) re-encode it transparently > (eg: take your 640x480 MPEG stream and run it through ffmpeg to lower > the bitrate by 10k or some such). > > One would detect this in the same way you do encrypted botnets .. you > stop looking for patterns *in* the traffic and start looking at *traffic > patterns* (ie: "that's odd, why is this machine doing a constant stream > of ICMP all of a sudden? .. what are these long DNS queries for?, why > are the HTTPS traffic ratios fairly symmetrical?" .. etc). > >> It would be good to know what technologies these ISPs will implement to >> do the packet inspection for encrypted tunnels. Half the problem is you >> don't really know what they'll be looking for and so you don't know how >> to circumvent. >> > > That's the key distinction here .. rather than try to "ban with > technology" (ie: "great firewall of china"), they went for "ban with > policy" .. meaning you'll likely never know if you're "getting away with > it" until the ISI shows up and drags you off. > > I suppose a clever service would be for Twitter (et.al.) to allow you to > upload a keypair for stego and a https "twitpic" site that allowed each > image to be checked for a valid signature and stego'd text, which would > then be published. > > Regards, > > Michael Holstein > Cleveland State University > > > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk