A protocol that uses steganography to circumvent network level censorship

Presented at DEF CON 8 (2000), July 29, 2000, 2 p.m. (50 minutes)

Many trivial techniques are already available for circumventing firewalls and proxy servers that monitor or censor network traffic -- for example, if your firewall blocks CNN, someone could set up an unblocked site outside the firewall where you can type "http://www.cnn.com/" into a form and retrieve the page contents. The problem with these "protocols" is that they make it easy to get caught, if the censors know what to look for -- for example, a GET or POST form field containing "http://" is trivially easy to detect. Even an encrypted protocol would still be easy for censors to detect, without breaking the encryption -- just the fact that you're *using* a tool for circumventing the censors would often be enough to get you in trouble. What we have designed is a protocol that uses steganography to circumvent network-level censorship, so that the protocol is undetectable to censors. We explain why some naive solutions to the problem -- such as hiding information in a long, dynamically-generated URL which is sent to an outside "friendly" site, or hiding information in cookies -- are not steganographically secure. Our protocol hides information in "innocent-looking" text queries that pass through the censoring proxy undetected. The page contents are encrypted and embedded in more "innocent-looking" content that is sent back to the browser. This sounds simple, but the mathematics of using steganography to make a protocol *undetectable* turn out to be infuriatingly complicated. Much of the talk will be devoted to attacks against the system that we didn't consider the first time around, and why more naive solutions may fall to these attacks.

Presenters:

• Bennett Haselton - peacefire.org
  Bennett Haselton has been the coordinator of Peacefire.org since its inception in 1996. Peacefire opposes censorship that targets Internet users under 18, and maintains that profanity and smut on the Internet are not, in fact, "dangerous" to anybody, as most lawmakers and blocking software companies have made them out to be. Peacefire publishes research into different Internet censorship programs and technologies, their shortcomings, possible misrepresentations by the companies selling them, and (most popular) how to get around them.

Links:

• https://defcon.org/html/defcon-8/defcon-8-post.html#BennettHaselton
• https://infocon.org/cons/DEF CON/DEF CON 8/DEF CON 8 video/DEF CON 8 - Bennett Haselton - A Protocol That Uses Steganography To Circumvent Network Level Censorship.mp4
• https://www.youtube.com/watch?v=lQpfYalPKBA

Similar Presentations:

• DEF CON 7 (1999) / The "Anti-Censorship Proxy" and technological circumvention of Internet censorship
• BSidesLV 2016 / Beyond the Tip of the IceBerg -- Fuzzing Binary Protocol for Deeper Code Coverage.
• DEF CON 24 (2016) / Light-Weight Protocol! Serious Equipment! Critical Implications!