New Tool Keeps Censors in the Dark

A new approach to overcoming state-level Internet censorship relies, ironically enough, on a technique that security experts have frequently associated with government surveillance.

Current anti-censorship technologies, including the services Tor and Dynaweb, direct connections to restricted websites through a network of encrypted proxy servers, with the aim of hiding who's visiting such sites from censors. But the censors are constantly searching for and blocking these proxies. A new scheme, called Telex, makes it harder for censors to block communications. It does this by taking traffic that's destined for restricted sites and disguising it as traffic meant for popular, uncensored sites. To do this, it employs the same method of analyzing packets of data that censors often use.

"To route around state-level Internet censorship, people have relied on proxy servers outside of the country doing the censorship," says J. Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan. "The difficulty there is, you have to communicate to those people where the proxies are, and it's very hard to do that without also letting the government censors figure out where the proxies are."

The Telex system has two major components: "stations" at dozens of Internet service providers (ISPs)?the stations connect traffic from inside nations that censor to the rest of the Internet?and the Telex client software program that runs on the computers of people who want to avoid censorship.

To disguise the destination of the traffic the user wants to send, Telex employs a form of cryptography called "steganography," which is the practice of hiding secret messages within readable messages.

The Telex client software starts by making an outgoing connection to a nonblocked website, encrypting the traffic in the same way that an e-commerce or online banking site does (the address in the browser bar begins with https:// instead of http://). The identity of the censored site is then encoded in a special string, or "tag," that's embedded in the encrypted request. A Telex station at an ISP can examine incoming traffic and detect the presence of these tags, providing it has the right encryption key. The tag would be indistinguishable from random gibberish without the key.

When the Telex station detects an incoming request that includes a tag, it redirects that connection to the site specified in the encrypted message. This behavior resembles a controversial technology called "deep packet inspection" (DPI), which governments and ISPs have used for censorship and for blocking or throttling certain types of Internet traffic, such as peer-to-peer file-sharing.

"DPI has been used notoriously as a means of censorship, but Telex uses DPI in a completely different way," Halderman says. "We're basically turning the concept on its head to create something that's a really powerful anti-censorship tool."

Halderman says the design is such that it doesn't matter if the location of ISPs employing Telex stations are known to the censors. "The key thing is that we want to put the stations at enough points in the Internet so that blocking all the routes that go through those would be tantamount to making the Internet unavailable," he says. "The vision is that if we deploy Telex widely enough, it can make connecting to the Internet for a government that might want to do censorship an all-or-nothing proposition. Either you live with the fact that people can get to sites you want to censor, or you effectively pull the plug entirely."

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Source: http://feeds.technologyreview.com/click.phdo?i=71b75f5092e98e24d014456d5b7dbce3

most popular thanksgiving side dish the game bet lights out nyc school closings scelestious stephanie seymour and son david nelson the chipmunks seattle public schools worldstarhiphop