[tor-bugs] #7167 [Pluggable transport]: Combine traffic obfuscation with address diversity of flash proxy

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 5 00:16:17 UTC 2013

#7167: Combine traffic obfuscation with address diversity of flash proxy
 Reporter:  karsten                      |          Owner:  asn
     Type:  project                      |         Status:  new
 Priority:  normal                       |      Milestone:     
Component:  Pluggable transport          |        Version:     
 Keywords:  SponsorF20131101 flashproxy  |         Parent:     
   Points:                               |   Actualpoints:     

Comment(by infinity0):

 I am new here so am still trying to form a mental model to reason about
 this system. Here's what I have so far, let me know if it's correct and/or

 For preciseness, I am going to state, explicitly, the IN-interface and
 OUT-interface of each component. (This will also help with any general
 plugin-composition framework later on.) For example, this is what a
 typical normal Tor channel, without transport plugins, looks like:

 :SOCKS(U)|tor-c|A=Tor(U):  ->
 :A=Tor(U)|tor-s|B=Tor(U):  ->
 :B=Tor(U)|tor-s|C=Tor(U):  ->

 where A=X means a channel A using protocol X, and X(U) means something
 that wraps U. A could be e.g. a inet socket, or a file descriptor, or some
 combination of these. To chain stuff correctly, we must ensure the OUT-
 interface of one component matches the IN-interface of the next component.
 (Technically we should write Z=SOCKS(U), D=U for the first,last
 components, but since we're not using Z,D anywhere I'll just leave them

 With a general transport plugin, the diagram from the client to the server

 :SOCKS(U)|tor-c|A=SOCKS(U):  ->
 :A=SOCKS(U)|plugin-c|X(U):  ->
 :X(U)|plugin-s|P=SOCKS(U),D=control(X):  ->

 For obfsproxy:

 :SOCKS(U)|tor-c|A=SOCKS(U):  ->
 :A=SOCKS(U)|obfs-c|B=obfs(U):  ->
 :B=obfs(U)|obfs-s|P=SOCKS(U),Q=control(B):  ->

 For flashproxy:

 :SOCKS(U)|tor-c|A=SOCKS(U):  ->
 :A=SOCKS(U)|flash-c|B=flash(U):  ->
 :B=flash(U)|flash-s|P=SOCKS(U),Q=control(B):  ->

 For obfs-flash-proxy, then, an incomplete "first attempt" using naiving

 :SOCKS(U)|tor-c|A=SOCKS(U):  ->
 :A=SOCKS(U)|obfs-c|B=obfs(U):  ->
 :B=OU|super|C=SOCKS(OU):  ->  # where OU == obfs(U)
 :C=SOCKS(OU)|flash-c|D=flash(OU):  ->
 :D=flash(OU)|flash-s|P=SOCKS(OU),Q=control(D):  ->
 :R=obfs(U)|obfs-s|S=Tor(U),T=control(R):  ->

 So we have two problems here:
 - how to implement ?? - we need a component that reads input from an OUT-
 interface of {SOCKS(X),control(D)}, and writes output to an IN-interface
 of {X}.
 - as written, using this naive layering architecture, we have no way of
 connecting the control(D) channel to something. what we really want to do
 is turn the T=control(R) into a T=control(D), since the former is an
 implementation detail and the latter is the user-originated data that we
 need to actually control.

 I'll need some more time working out the precise details, but a quick read
 gives me the impression that the super_1/super_2 solution proposed above
 solves these two problems by re-architecting the OU that passes through
 the |flash-s| component into something like OU+D.

 Does this make sense, am I correct, and/or did I go overboard with the
 notation? :p

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7167#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list