[tor-commits] r25492: {website} Adding possable GSoC obfsproxy projects Project ideas provid (website/trunk/getinvolved/en)

Damian Johnson atagar1 at gmail.com
Thu Mar 1 16:54:05 UTC 2012 

Author: atagar
Date: 2012-03-01 16:54:05 +0000 (Thu, 01 Mar 2012)
New Revision: 25492

Modified:
   website/trunk/getinvolved/en/volunteer.wml
Log:
Adding possable GSoC obfsproxy projects

Project ideas provided by George (I made a few minor tweaks so it would be more
fitting with the current listing).



Modified: website/trunk/getinvolved/en/volunteer.wml
===================================================================
--- website/trunk/getinvolved/en/volunteer.wml	2012-03-01 15:00:48 UTC (rev 25491)
+++ website/trunk/getinvolved/en/volunteer.wml	2012-03-01 16:54:05 UTC (rev 25492)
@@ -469,6 +469,13 @@
     block Tor.
     </p>
     
+    <p>
+    <b>Project Ideas:</b><br />
+    <i><a href="#obfsproxy-new-transports">New and innovative pluggable transports</a></i><br />
+    <i><a href="#obfsproxy-scanning-measures">Defensive bridge active scanning measures</a></i><br />
+    <i><a href="#obfsproxy-fuzzer">Fuzzer for the Tor protocol</a></i>
+    </p>
+    
     <a id="project-thandy"></a>
     <h3>Thandy (<a
     href="https://gitweb.torproject.org/thandy.git">code</a>)</h3>
@@ -763,6 +770,54 @@
     on this so far.</p>
     </li>
     
+    <a id="obfsproxy-new-transports"></a>
+    <li>
+    <b>New and innovative pluggable transports</b>
+    <br>
+    Priority: <i>High</i>
+    <br>
+    Effort Level: <i>High</i>
+    <br>
+    Skill Level: <i>High</i>
+    <br>
+    Likely Mentors: <i>asn</i>
+    <p>Not-very-smart transports like ROT13 and base64 are nice but not super
+    interesting. Other ideas like bittorrent transports might be relevant,
+    but you will have to provide security proofs on why they are harder to
+    detect and block than other less-sophisticated transports.</p>
+    
+    <p>The whole point of this project, though, is to come up with new
+    transports that we haven't already thought of. Be creative.</p>
+    
+    <p>Bonus points if your idea is interesting and still implementable
+    through the summer period.</p>
+    
+    <p>More bonus points if it's implemented on top of obfsproxy, or if your
+    implementation has a pluggable transport interface on top of it (as
+    specified <a href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180-pluggable-transport.txt">here</a>).</p>
+    </li>
+    
+    <a id="obfsproxy-scanning-measures"></a>
+    <li>
+    <b>Defensive bridge active scanning measures</b>
+    <br>
+    Priority: <i>High</i>
+    <br>
+    Effort Level: <i>High</i>
+    <br>
+    Skill Level: <i>High</i>
+    <br>
+    Likely Mentors: <i>asn</i>
+    <p>Involves providing good answers to <a
+    href="https://lists.torproject.org/pipermail/tor-dev/2011-November/003073.html">this
+    thread</a> as well as concrete implementation plans for it.</p>
+    
+    <p>This also involves implementing proposals <a
+    href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/189-authorize-cell.txt">189</a>
+    and <a
+    href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/190-shared-secret-bridge-authorization.txt">190</a>.</p>
+    </li>
+    
     <a id="orbot-userInterface"></a>
     <li>
     <b>Build a better user interface for Orbot</b>
@@ -1341,6 +1396,37 @@
     </p>
     </li>
     
+    <a id="obfsproxy-fuzzer"></a>
+    <li>
+    <b>Fuzzer for the Tor protocol</b>
+    <br>
+    Priority: <i>Low to Medium</i>
+    <br>
+    Effort Level: <i>Medium to High</i>
+    <br>
+    Skill Level: <i>High</i>
+    <br>
+    Likely Mentors: <i>asn</i>
+    <p>Involves researching good and smart ways to fuzz stateful network
+    protocols, and also implementing the fuzzer.</p>
+    
+    <p>We are mostly looking for a fuzzer that fuzzes the Tor protocol
+    itself, and not the Tor directory protocol.</p>
+    
+    <p>Bonus points if it's extremely modular. Relevant research:</p>
+    
+    <ul>
+      <li>PROTOS - Security Testing of Protocol Implementations</li>
+      <li>INTERSTATE: A Stateful Protocol Fuzzer for SIP</li>
+      <li>Detecting Communication Protocol Security Flaws by Formal Fuzz
+      Testing and Machine Learning</li>
+      <li>SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZE</li>
+      <li>Michal Zalewski's "bugger"</li>
+      <li>Also look at the concepts of "model checking" and
+      "symbolic execution" to get inspired.</li>
+    </ul>
+    </li>
+    
     <!--
     <a id="armGui"></a>
     <li>

More information about the tor-commits mailing list