[tor-dev] Status report - HTTP pluggable transport

Chang Lan changlan9 at gmail.com
Sat Jul 27 20:28:51 UTC 2013

Hi Steven, 

I deeply apologize for not replying to your emails in the last few weeks. On July 2, I had a bad car accident, and since then I was staying in hospital after a surgery till July 27. I should have let you know earlier to get things less messed up. Sorry again about this. Now I finally get back and will be online for the rest of period. 

Anyway, I managed to keep up the schedule. Echoing George's request, I wrote a design specification [https://github.com/changlan/http-transport/blob/master/design.md] based on Steven's document. 

In brief, I apply the BOSH technique to transfer bidirectional-streams over HTTP, which is the skeleton of the design. 

To disguise Tor's content patterns, we should make the traffic indistinguishable from random bits. Since there is an assumption that user and bridge share a cryptographically secure secret, I simply encrypt the data under AES-128 counter mode.

To achieve scanning resistance, the user should send a secure message MAC(IP | Port | Timestamp, K) to the bridge. If the message gets verified on the bridge's side, the user gets accepted. Otherwise, the bridge will refuse to respond the user (or behave like a normal HTTP server). (I am not a crypto guy, so the scheme above may have flaws. Any review?)

And finally the traffic should be able to pass through proxies. I guess proxies will not cache POST response; am I correct?

That's it. There are some optional components that I am not sure whether to implement or not, such as packet-size obfuscation, Format-Transforming Encryption, etc. I think packet-size obfuscation is necessary, but I would rather put it in a TODO list for now.

One thing that is still arguable is that whether the traffic pattern of BOSH is safe enough. In other words, how to evaluate whether the traffic pattern revealed in this HTTP transport is common in other applications (XMPP for example).

I have implemented the transport within the pyobfsproxy framework as well as unit tests.[https://github.com/changlan/obfsproxy] Currently scanning resistance and content encryption are not enabled [https://github.com/changlan/obfsproxy/commit/5b5e8b543919c5b3cda756b3a9e7f411f02765c7], but the BOSH technique is applied. Tests and code reviews are welcome!


Best wishes,

On Tuesday, July 23, 2013 at 5:27 PM, Steven Murdoch wrote:

> Hi Chang,
> On July 29, I will be submitting the Google Summer of Code progress report. Unless I hear from you before this date, I'm afraid I cannot recommend the project continue and Google rules would not allow you to restart at a later stage. I'd rather this not happen, so please do get back in touch.
> Best wishes,
> Steven

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130728/ada7a24e/attachment-0001.html>

More information about the tor-dev mailing list