[tor-dev] GSoC project idea: pluggable transport that hides data in TCP SEQ numbers / UDP SRC ports

Ian Goldberg iang at cs.uwaterloo.ca
Tue Jan 7 16:02:48 UTC 2014

On Tue, Jan 07, 2014 at 06:41:02AM -0800, Jacek Wielemborek wrote:
> Hi,
> I recently had an opportunity to watch David Fifield's lightning talk on 
> pluggable transports that he gave on 30C3. I find the topic fascinating and I'm 
> considering an application to your project for the upcoming Google Summer of 
> Code.
> My idea is a bit complicated - I'd like to create a pluggable transport that 
> hides data in TCP sequence number gaps or UDP source port numbers. I don't yet 
> have all details thought over, but the way I imagine it right now, the user 
> would have to establish a TCP or UDP connection to the relay. The connection 
> could be completely bogus, though it'd be useful if a lot of data was sent 
> over it. After connecting, the client sends to the server a message with a 
> random RSA key steganographically hidden in the TCP sequence numbers. If the 
> server replies the same way with an RSA-encrypted AES key, the rest of the 
> hidden transmission goes encrypted with it. Since the SEQ number gaps are 
> meant to be random anyway, I believe that this could be very hard to detect.

Only the initial SEQ of a TCP connection is random (and usually only ~24
bits at that).  The subsequent SEQs are deterministic.  Can you clarify
your intent?

   - Ian

More information about the tor-dev mailing list