[tor-talk] Flashproxys' impact on Tors' fingerprint
Matt Joyce
toradmin at mttjocy.co.uk
Sun Oct 14 13:50:21 UTC 2012
On 13/10/12 10:18, David Fifield wrote:
> On Fri, Oct 12, 2012 at 06:21:13PM +0200, Sebastian G. <bastik.tor> wrote:
>> beside the case that the connection itself looks different due to the
>> use of (web)sockets (like explained in the paper) is there any impact on
>> how one could fingerprint on Tors' traffic?
> No, using a flash proxy doesn't in principle make protocol detection any
> harder. We just encode the TLS byte stream and package it within a
> WebSocket stream. A filter could unpack the WebSocket stuff, reassemble
> the inside stream, and reuse whatever traffic inspection it is already
> using to block Tor.
>
> A few things work in our favor in terms of making it more cumbersome to
> fingerprint traffic within a WebSocket stream:
> * One side of each stream has each WebSocket frame XORed with a
> pseudorandom key. (This isn't something we do specially, this
> is just a part of the WebSocket protocol:
> https://tools.ietf.org/html/rfc6455#section-5.3)
> * On some browsers that do not support binary WebSocket frames
> (https://tools.ietf.org/html/rfc6455#section-5.6), the payload
> is base64-encoded and sent in text frames, so a censor has to
> decode the base64 too (or, perhaps, just block WebSocket
> connections that appear to contain only base64).
>
>> (If it doesn't make fingerprinting more difficult...) how complicated
>> would it to have another layer in flashproxy that helps in this regard?
> As I see it, there are two axes to censorship circumvention, which are
> IP/port blocking, and protocol inspection. obfsproxy, for example, aims
> to defeat protocol inspection, but still uses a relatively small,
> relatively static set of obfsproxy bridges. Flash proxies have the
> opposite problem: flash proxy addresses are hard to block because they
> change all the time, but they don't do anything to disguise the traffic
> within.
>
> A combined solution to both problems would be very nice. For example, we
> could use obfsproxy-style obfuscation inside of the WebSocket stream. We
> can't, ultimately, disguise the fact that the outermost layer is
> WebSocket, but we can disguise the payloads. To do such a thing is not
> conceptually difficult, it just requires a proposal, and someone willing
> to do it, and deployment of code to the necessary places.
>
> Unfortunately, though TLS-wrapped WebSocket is standard, we can't easily
> use it because the clients that the flash proxy connects to do not have
> CA-issued certs.
I have to admit I've followed the thread but it's the first time I heard
of the flashproxy project but from what I picked up with a quick google
session I wouldn't have thought that problem insurmountable though
depending on exactly how you would want the TLS-wrapper to work would be
different challenges.
If you are simply looking to for obfuscation then it seems to me
utilizing a wrapper from client to proxy and a separate one from the
proxy to the origin server of course that would not protect the contents
from the proxy itself but when you speak of obfuscation it sounds to me
like we are talking about avoiding blocks and/or passive eavesdropping
in the path or at the origin server as of course the proxy already knows
it's a flash proxy packet whatever it's wrapped in. In this case
though it would not be necessary for the clients to have a CA issued
cert as they would only be using it for the cypher from them to the
proxy and you therefore define the certificate acceptability if it is
just for encryption even a snake oil cert would be good enough, if it is
intended to authenticate the client to the proxy then the proxy could
itself be the CA using openssl, or have a central one so the client
could use one cert for all the proxies in the system rather than each
generating a new one.
From the proxy to the origin server I could see may be more difficult
if that is the origin servers are in general actually performing
certificate verification but I suspect that is probably pretty uncommon,
TLS supporting mail servers for example will usually take just any old
cert for the purposes of transport encryption, that is for cyphers that
require certificates on both ends there are strong enough cyphers that
only require a single certificate though.
On the web side HTTPS servers rarely use client certificates even for
encryption let alone for validation and authentication on even an
optional basis. I'm not sure why that would suddenly change with web
sockets unless the specification for websockets specifically mandates
it? If it comes down to the latter case then perhaps those wishing to
offer servers might need to deal with the step of obtaining a CA cert
for the proxy, cacert.org does them for free, the ones you can get
instantly online are limited to showing only the server hostname even
wildcards as it is the only piece of info that can be verified 100%
automatically. Some of the commercial vendors offer such as single
hostname server certs for free also, yeah in their case it's a hook to
try and sell you a wildcard cert or w/e should you need one later but
there are options available. This could even be made optional for
operators willing to go a bit further, clients could then specify in
their configuration whether to accept servers without depending on their
security needs.
Just a thought out loud apologies for the long post.
>> (I want to avoid another thread an it's close enough.) What else could
>> be implemented in WebSockets to have a wide range of "legitimate" use?
>> (In order to make it painful for an adversary to block WebSockets)
> I don't really know the range of things WebSocket is used for. One cool
> application I've seen is this: https://github.com/kanaka/noVNC which is
> a VNC client that uses WebSocket and HTML canvas.
>
> David Fifield
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
More information about the tor-talk
mailing list