Currently tor traffic uses an TLS handshake hostname like the following:
$ sudo tcpdump -An "tcp" | grep "www" listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes .............". ...www.odezz26nvv7jeqz1xghzs.com......................#.!...www.bxbko3qi7vacgwyk4ggulh.com..........6....m.....>...:.........|../* Z....W....X=..6...C../....................................0...0..0.......'....F./0.. *.H........0%1#0!..U....www.b6zazzahl3h3faf4x2.com0...160402000000Z..170317000000Z0'1%0#..U....www.tm3ddrghe22wgqna5u8g.net0..0..
A network observer could run a DNS lookup on the hostnames and see if they are real or not. So my idea would be to register a set of random hostnames which are legitimate and point the IPs somewhere to avoid looking for an NX Domain response and dropping the stream. You could even give each relay a unique subdomain and rotate these every few weeks. This may be expensive to implement but could make blocking Tor traffic with this method harder. Thoughts?
Cordially, Nathaniel Suchy
On 10/13/2018 12:07 AM, Nathaniel Suchy wrote:
Currently tor traffic uses an TLS handshake hostname like the following:
$ sudo tcpdump -An "tcp" | grep "www" listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes .............". ...www.odezz26nvv7jeqz1xghzs.com......... .............#.!...www.bxbko3qi7vacgwyk4ggulh.com......... .6....m.....>...:.........|../* Z....W....X=..6...C../....................................0...0..0.......'....F./0.. *.H........0%1#0!..U....www.b6zazzahl3h3faf4x2.com0...160402000000Z..170317000000Z0'1%0#..U....www.tm3ddrghe22wgqna5u8g.net0..0..
A network observer could run a DNS lookup on the hostnames and see if they are real or not. So my idea would be to register a set of random hostnames which are legitimate and point the IPs somewhere to avoid looking for an NX Domain response and dropping the stream. You could even give each relay a unique subdomain and rotate these every few weeks. This may be expensive to implement but could make blocking Tor traffic with this method harder. Thoughts?
Why wouldn't it be just as easy for censors to identify the small set of registered domains that Tor relays use and block TLS connections that involve them?
I don't see how changing the domain a relay uses from aaaaaa.foo.com to bbbbbb.foo.com helps. The censor would just notice 'foo.com' and block it.
In fact, I think this would make censorship easier.
Matt
On Sat, Oct 13, 2018 at 12:21:49PM -0400, Matt Traudt wrote:
Why wouldn't it be just as easy for censors to identify the small set of registered domains that Tor relays use and block TLS connections that involve them?
And in general, IMO pluggable transports are the right layer to address this, not the Tor TLS layer. The way Tor uses TLS is already way more complicated than it needs to be, partly because of past attempts to build obfuscation into the core protocol rather than handling it as a separate layer. https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/TLSHistory
The certificate server name is a pretty easy distinguishing feature--but it's not the only one. But there are other ways in which the Tor TLS handshake stands out, even if you use real server names with legit certs. It's not easy to hack OpenSSL into perfectly imitating e.g., a Firefox TLS fingerprint. That's why meek uses an instance of Firefox to do its TLS, and why https://github.com/refraction-networking/utls exists.