SCTP-Based Pluggable Transport Prototype
Hello Anti-Censorship Team, I was advised by Cecylia to share my project with this mailing list for the wider community to see and critique. For the past couple of months, I have been doing research under the advisory of Prof. Eugene Vasserman (CC) at Kansas State University, and this project is the result. I intend to continue working on privacy and anonymity, so if this project has potential I would be happy to keep working on it, as well as exploring other ways to contribute. The concept for this transport was derived from this wiki page: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/PluggableTransports/id... . The transport is functional but not yet tested with the Tor Browser. I prototyped this transport using Ncat for SCTP and Telnet for TCP. It is written in Python 3 and SCTP functionality was implemented using C/POSIX-like socket parameters, removing the necessity of a third-party library. A write-up attached to this email denotes functionality, dependencies, limitations, and instructions for running the transport. I look forward to hearing everyone's thoughts! Regards, Alex Mages
On Thu, Aug 12, 2021 at 12:07:05PM -0500, Alexander Mages wrote:
The transport is functional but not yet tested with the Tor Browser. I prototyped this transport using Ncat for SCTP and Telnet for TCP. It is written in Python 3 and SCTP functionality was implemented using C/POSIX-like socket parameters, removing the necessity of a third-party library.
A write-up attached to this email denotes functionality, dependencies, limitations, and instructions for running the transport.
Thanks for making this contribution. I was able to get it running with a few tweaks to the instructions (sent to you separately). SCTP adds an interesting design dimension, because there's a separate layer of streams within the overall TCP connection. As I understand it, the sctPT client takes an incoming TCP connection and proxies it forward as a single SCTP stream within a single SCTP connection. (This is how ncat --sctp works.) An alternative design would be for the sctPT client to establish a single connection to the sctPT server (it could do this even before receiving any client TCP connections) and then forward each incoming connection as a separate stream within that global connection. See the distinction between the "one-to-one style" and "one-to-many style" in https://linux.die.net/man/7/sctp. As you discovered, pyptlib is unmaintained. It used to be that the pluggable transports shipped with Tor Browser were written in Python, but Python proved difficult to deploy and today it's more common to use Go and goptlib. I am not sure whether it is possible to use SCTP sockets from Go, but if it is, you can probably easily adapt the "dummy" example transports from goptlib to use SCTP. (In the one-to-one style, at least; one-to-many style would require additional refactoring.) You would have to change the net.Dial("tcp") and net.ListenTCP("tcp") lines: https://gitweb.torproject.org/pluggable-transports/goptlib.git/tree/examples... https://gitweb.torproject.org/pluggable-transports/goptlib.git/tree/examples...
The concept for this transport was derived from this wiki page: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/PluggableTransports/id....
I would like to add a link to your work from this page, but unfortunately since the change in wiki hosting from Trac to Gitlab, I am not able to edit the page. Maybe we can make a new page under the anti-censorship namespace.
Thanks for the feedback! You are correct in assuming that sctPT uses SCTP in the most "TCP-like" manner. This nullifies some of SCTP's features, but one-to-one SCTP seemed more familiar at the time and thus was easier to implement. I am relatively sure SCTP functionality exists in Go, but whether it is a third-party library, or a simple socket option is unbeknownst to me. At the moment, I am not further pursuing this project's development, but finding out whether SCTP has any utility in regard to censorship circumvention appears to be an open question. Thanks again, Alex On Tue, Sep 14, 2021 at 2:50 PM David Fifield <david@bamsoftware.com> wrote:
On Thu, Aug 12, 2021 at 12:07:05PM -0500, Alexander Mages wrote:
The transport is functional but not yet tested with the Tor Browser. I prototyped this transport using Ncat for SCTP and Telnet for TCP. It is written in Python 3 and SCTP functionality was implemented using C/POSIX-like socket parameters, removing the necessity of a third-party library.
A write-up attached to this email denotes functionality, dependencies, limitations, and instructions for running the transport.
Thanks for making this contribution. I was able to get it running with a few tweaks to the instructions (sent to you separately).
SCTP adds an interesting design dimension, because there's a separate layer of streams within the overall TCP connection. As I understand it, the sctPT client takes an incoming TCP connection and proxies it forward as a single SCTP stream within a single SCTP connection. (This is how ncat --sctp works.) An alternative design would be for the sctPT client to establish a single connection to the sctPT server (it could do this even before receiving any client TCP connections) and then forward each incoming connection as a separate stream within that global connection. See the distinction between the "one-to-one style" and "one-to-many style" in https://linux.die.net/man/7/sctp.
As you discovered, pyptlib is unmaintained. It used to be that the pluggable transports shipped with Tor Browser were written in Python, but Python proved difficult to deploy and today it's more common to use Go and goptlib. I am not sure whether it is possible to use SCTP sockets from Go, but if it is, you can probably easily adapt the "dummy" example transports from goptlib to use SCTP. (In the one-to-one style, at least; one-to-many style would require additional refactoring.) You would have to change the net.Dial("tcp") and net.ListenTCP("tcp") lines:
https://gitweb.torproject.org/pluggable-transports/goptlib.git/tree/examples...
https://gitweb.torproject.org/pluggable-transports/goptlib.git/tree/examples...
The concept for this transport was derived from this wiki page:
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/PluggableTransports/id... .
I would like to add a link to your work from this page, but unfortunately since the change in wiki hosting from Trac to Gitlab, I am not able to edit the page. Maybe we can make a new page under the anti-censorship namespace.
On Sat, Sep 18, 2021 at 02:55:23PM -0500, Alexander Mages wrote:
At the moment, I am not further pursuing this project's development, but finding out whether SCTP has any utility in regard to censorship circumvention appears to be an open question.
Somewhat related, I had a look at the pion/sctp package. But there, the objective was not to present SCTP on the wire, but to use it as an internal session layer, beneath some other form of obfuscation. https://github.com/net4people/bbs/issues/14
participants (2)
-
Alexander Mages -
David Fifield