[anti-censorship-team] covertDTLS: reducing distinguishability of DTLS for usage in Snowflake
Theodor Midtlien
theodor at midtlien.com
Wed Aug 14 19:55:29 UTC 2024
Hi!
I have talked with some of you in the IRC meetings this year, but I have
not updated
the mailing list on my work. A little over a month ago I completed my
Master's thesis
on "Reducing distinguishability of DTLS for usage in Snowflake", at
the Norwegian
University of Science (NTNU) in the Department of Information Security and
Communication Technology, supervised by David Palma.
The thesis can be found on my website: https://theodorsm.net/thesis
Here is a trimmed abstract:
" [...] We have seen that censors have been able to do so [blocking
Snowflake]
by fingerprinting the DTLS implementation that is produced by the
Pion library used by Snowflake. The aim of this thesis is to reduce the
distinguisability of said DTLS library. We developed a tool named, dfind [1]
for analyzing and finding passive field-based fingerprints of DTLS. This
tool was validated using a data set with known fingerprints, and found that
the extensions field was especially vulnerable for identification. To combat
such fingerprints, we implemented covertDTLS [2], a Go library inspired
by uTLS. Our module extends the Pion DTLS library with handshake
hooking to offer mimicry and randomization features. To ensure that
mimicking remains up-to-date, we developed a novel continuous delivery
workflow for generating fresh DTLS-WebRTC handshakes from popular
browsers. Using covertDTLS with Snowflake resulted in us not being able
to find any fingerprints."
[1]: https://github.com/theodorsm/dfind
[2]: https://github.com/theodorsm/covert-dtls
I have only tested covertDTLS in a messy fork of Snowflake, which had
promising
results. I am currently working on upgrading the Pion DTLS and WebRTC
version
used by Snowflake to the most recent version to integrate covertDTLS
properly.
In addition, I plan to condense my thesis into a paper, thus making the
work more
accessible. I would greatly appreciate any feedback on the thesis so that I
can
address those in the paper. I am also open to collaborating on the paper,
feel free to reach out if you have some ideas to be explored.
Cheers,
Theodor Signebøen Midtlien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/anti-censorship-team/attachments/20240814/e7c9c8bb/attachment.htm>
More information about the anti-censorship-team
mailing list