On 7/26/12, David Fifield david@bamsoftware.com wrote:
We can use appid-like signatures to make steganographic channels, if we assume that the signatures are a realistic reflection of actual use of the protocols. But: this relies critically on the accuracy of the model. (Specifically, does it match the censor's model? If he uses simple regular expressions for blocking, then we win; if not, then we probably lose.)
Not quite. If the language your syntactic model was based on is accepted by the particular regular expressions that the censor is currently using, you win (until They change to new regexps). Otherwise, you lose.
For example, https://code.google.com/p/appid/source/browse/trunk/apps/irc accepts “UseR :BOGUS line containing only a username with too many spaces\n\n\n\n\n\r”, but no real IRC client will generate “UseR” (or the other protocol violation on that line). If They are using appid with that particular protocol-recognition file, you win; if They validate IRC using better regexps, you lose.
Robert Ransom