> Very disturbing. I wonder if its possible to hide encrypted traffic as > seemingly unencrypted http traffic in much the same way as a gpg key is > rendered as ascii armored, or stenographically inside images. Although > such methods may be inefficient, they may be good enough for some purposes. >
Of course .. any number of mechanisms exist to do exactly this, although (generally speaking) it's not to provide a "live" VPN service. A constant HTTP stream of nothing but .jpegs would be pretty suspicious. Video-type services might be a better bet (because the traffic would be more believable) but if you can't encrypt it, all that's required to render the stego useless is to (slightly) re-encode it transparently (eg: take your 640x480 MPEG stream and run it through ffmpeg to lower the bitrate by 10k or some such). One would detect this in the same way you do encrypted botnets .. you stop looking for patterns *in* the traffic and start looking at *traffic patterns* (ie: "that's odd, why is this machine doing a constant stream of ICMP all of a sudden? .. what are these long DNS queries for?, why are the HTTPS traffic ratios fairly symmetrical?" .. etc). > It would be good to know what technologies these ISPs will implement to > do the packet inspection for encrypted tunnels. Half the problem is you > don't really know what they'll be looking for and so you don't know how > to circumvent. > That's the key distinction here .. rather than try to "ban with technology" (ie: "great firewall of china"), they went for "ban with policy" .. meaning you'll likely never know if you're "getting away with it" until the ISI shows up and drags you off. I suppose a clever service would be for Twitter (et.al.) to allow you to upload a keypair for stego and a https "twitpic" site that allowed each image to be checked for a valid signature and stego'd text, which would then be published. Regards, Michael Holstein Cleveland State University _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
