Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Tests Undetectably Encrypted Connections In Iran

Posted by timothy on from the great-song-from-flock-of-seagulls dept.

Sparrowvsrevolution writes "Ahead of the anniversary of Iran's revolution, the country's government has locked down its already-censored Internet, blocking access to many services and in some cases cutting off all encrypted traffic on the Web of the kind used by secure email, social networking and banking sites. In response, the information-freedom-focused Tor Project is testing a new tool it's calling 'obfsproxy,' or obfuscated proxy, which aims to make SSL or TLS traffic appear to be unencrypted traffic like HTTP or instant messaging data. While the tool currently only disguises SSL as the SOCKS protocol, in future versions it will aim to disguise encrypted traffic as any protocol the user chooses. Tor executive director Andrew Lewman says the idea is to 'make your Ferrari look like a Toyota by putting an actual Toyota shell over the Ferrari.'" Reader bonch adds: "A thread on Hacker News provides first-hand accounts as well as workarounds."

106 of 157 comments (clear)

  1. Sounds like a tool for P I R A T E S !! by elrous0 · · Score: 5, Funny

    The MPAA has already called in the FBI, CIA, NSA, and a cadre of hired Senators to put a stop to this illegal piracy-facilitating tool--which, if it's not stopped, will cost millions of American jobs and perhaps collapse the entire economy. Our children's futures are at stake here, people!!!

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Sounds like a tool for P I R A T E S !! by rathaven · · Score: 5, Funny

      Not to mention their access to porn...

    2. Re:Sounds like a tool for P I R A T E S !! by jcreus · · Score: 2

      Hmm. Let's take down computers, operating systems, browsers... They also use them!

    3. Re:Sounds like a tool for P I R A T E S !! by timeOday · · Score: 1

      This must involve a huge blowup of the data. I can't imagine how large a movie would be encrypted to look like an innocuous chat session.

    4. Re:Sounds like a tool for P I R A T E S !! by phrostie · · Score: 4, Insightful

      Wasn't it the Government that first created it?

      from their about page:

      "Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others. "

    5. Re:Sounds like a tool for P I R A T E S !! by MightyYar · · Score: 5, Funny

      Hi there! 48
      All is well in the Islamic Republic! 65
      Our glorious leader has won another election! 6c
      Praise Allah! 70

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    6. Re:Sounds like a tool for P I R A T E S !! by SRM2 · · Score: 1

      The MPAA in in the business of going after Somalians now?

    7. Re:Sounds like a tool for P I R A T E S !! by chichilalescu · · Score: 4, Insightful

      dear slashdot,
      can we please have a +1 "sad but true" option?

      --
      new sig
    8. Re:Sounds like a tool for P I R A T E S !! by TubeSteak · · Score: 4, Interesting

      Don't forget that the US State Department is the de-facto sponsor of TOR.
      TOR gets most of its funding from groups that get most of their funding from the State Dept.

      --
      [Fuck Beta]
      o0t!
    9. Re:Sounds like a tool for P I R A T E S !! by Merk42 · · Score: 1

      Don't forget "Stifle Innovation", the "think of the children" for technology.

    10. Re:Sounds like a tool for P I R A T E S !! by Jah-Wren+Ryel · · Score: 3, Insightful

      Wasn't it the Government that first created it?

      The US government also funded the Taliban (to fight the Russians) and the Israeli goverment funded Hamas (to fight the PLO).

      --
      When information is power, privacy is freedom.
    11. Re:Sounds like a tool for P I R A T E S !! by Luckyo · · Score: 1

      Right hand, left hand...

      Be afraid of the brain (i.e. money that buys the machine controls) actually realizing what's going on.

    12. Re:Sounds like a tool for P I R A T E S !! by willaien · · Score: 2

      You'll have to do with +1 insightful.

    13. Re:Sounds like a tool for P I R A T E S !! by Moryath · · Score: 1, Informative

      You've got your history partially wrong.

      The US government DID fund the Taliban (rather than see the USSR take over Afghanistan). However, the whole "Israel funded Hamas" bullshit is just that, bullshit. Hamas is an offshoot of the Muslim Brotherhood movement, which was Egypt-centered and got (still gets) most of its funding and material through Iranian connections (similar to other MB offshoots such as the Lebanese Hizb'Allah and the current Syrian government).

      The reason for this was that Iran has a tendency to fund Twelver Shi'a uprisings and groups in mostly-Sunni countries.

      Do a little research next time before parroting bullshit.

    14. Re:Sounds like a tool for P I R A T E S !! by Anthony+Mouse · · Score: 1

      Be afraid of the brain (i.e. money that buys the machine controls) actually realizing what's going on.

      That might not be such a bad thing, actually. Think about whose interests the state department is supporting by producing these tools: The US military and defense contractors, the CIA and NSA, oil companies... Remember all that talk about how much bigger the tech industry is than the entertainment industry? Look at the size of the defense and intelligence industry sometime.

    15. Re:Sounds like a tool for P I R A T E S !! by f3rret · · Score: 1

      Well to be fair Operation Cyclone did not specifically fund the Taliban, they sponsored many of the mujahadeen, including some who went off to become the anti-Taliban Northern Alliance.

      --
      Admit nothing. Deny Everything. Make Counter-accusations.
    16. Re:Sounds like a tool for P I R A T E S !! by Luckyo · · Score: 3, Funny

      Then look at their imaginary size (our yearly piracy losses are bigger then world's GDP says report given to congress!), then look at modern economy being about imaginary values rather then real values (stock market, derivatives, futures...).

      Then get a big bottle of your favourite alcohol and drown the sorrow.

    17. Re:Sounds like a tool for P I R A T E S !! by Em+Adespoton · · Score: 1

      That would be a good match of resources.

      How long will it take the Somalis to discover that dealing in bootleg CDs is more profitable than attacking ships on the open sea? They can approach the ships and offer them cheap entertainment instead of risking their lives in the hopes that they capture someone wealthy....

    18. Re:Sounds like a tool for P I R A T E S !! by Jah-Wren+Ryel · · Score: 1

      Do a little research next time before parroting bullshit

      Sounds like you are emotionally invested in the topic.

      Note that I didn't say Israel was solely responsible, everything else you wrote is true but does not contradict what I said, no matter who vociferiously you expressed it.

      For anyone else reading along interrested in an actual citation, here'e one of many that acknowledges both Israel's and the Muslim Brotherhood's involvement in the beginnings of Hamas.

      --
      When information is power, privacy is freedom.
    19. Re:Sounds like a tool for P I R A T E S !! by Jah-Wren+Ryel · · Score: 1

      Yes I read the entire thing before writing my response.

      Anyone without a hyper-emotional connection to the topic will notice the following points the article:

      "Israel's experience echoes that of the U.S., which, during the Cold War, looked to Islamists as a useful ally against communism. Anti-Soviet forces backed by America after Moscow's 1979 invasion of Afghanistan later mutated into al Qaeda." ...
      "The Israeli government officially recognized a precursor to Hamas called Mujama Al-Islamiya, registering the group as a charity. It allowed Mujama members to set up an Islamic university and build mosques, clubs and schools. Crucially, Israel often stood aside when the Islamists and their secular left-wing Palestinian rivals battled,

      Now I fully expect you to respond that such passages don't explicitly detail direct financial transfers, but the question is pretty simple - what is the point of a making them a charity if not to permit otherwise embargoed transfers of money to them? It isn't like the people of palestine were particularly concerned with charitable deductitons on their taxes.

      --
      When information is power, privacy is freedom.
    20. Re:Sounds like a tool for P I R A T E S !! by jackbird · · Score: 1

      The PLO had a charity arm too - in the absence of a government able to provide basic services such as schools and hospitals (especially before the creation of the Palestinian Authority), charity organizations (funded not with Israeli money but foreign money funneled through foreign nationals) provide such things. In additon to directly benefitting the constituency, It's how hearts and minds are won with respect to this or that Palestinian organization among the people.

      Hamas rose to power because Arafat publicly backed Iraq's invasion of Kuwait, which pissed off the Saudis enough to cut the pursestrings of the PLO charities and start funding Hamas in earnest. Arafat joined the 1993 peace talks in large part because Fatah was rapidly weakening financially.

      So no, Israel did not allow Hamas to register as a charity in order to funnel Israeli money to the Muslim Brotherhood; they registered them as a charity in the hope of weakening support for Arafat among the Palestinians and shrinking the PLO's funding.

    21. Re:Sounds like a tool for P I R A T E S !! by cavreader · · Score: 1

      The vast majority of the weapons and funds supplied to the Afghanistan for fighting the USSR was from Pakistan, Saudi Arabia, and England. The US did not create the Taliban. The Taliban and associated like minded groups are Pakistani creations.

    22. Re:Sounds like a tool for P I R A T E S !! by guus_deleeuw · · Score: 1

      I'd rather like a +1 for freedom

    23. Re:Sounds like a tool for P I R A T E S !! by Jah-Wren+Ryel · · Score: 1

      You are so clearly wrapped up in this that you can't even read what you cut-n-paste. None of what you quoted disputes my original point that Israel contributed - I never said they were solely responsible.

      First quote -- this article was written in 2009 so "recent ascent" doesn't apply to what happened 30 years ago but rather their recent dominance resulting in the election win. And the second quote is a tacit admission that they did support Hamas as it starts off with "even if israel had tried to stop the islamists" suggesting that they supported rather than opposed.

      I'm done. You can have the last word because I'm pretty sure that no mater what you write all it will do is demonstrate your personal lack of objectivity rather than an interest in uncovering the truth.

      --
      When information is power, privacy is freedom.
    24. Re:Sounds like a tool for P I R A T E S !! by Moryath · · Score: 1

      as it starts off with "even if israel had tried to stop the islamists" suggesting that they supported rather than opposed.

      And I pointed out to you, Israel was basically being NEUTRAL towards internal Palestinian politics.

      The fact that Israel didn't rain down bombs on the heads of each and every islamist group that may or may not be called a "predecessor to Hamas" does not show they were "supporting" them. There are a lot of different "charity groups" involved in the Palestinian society, including - as someone else pointed out - the charity wing of Fatah, too. And Israel recognizes most of them as charitable groups.

      I'm done. You can have the last word because I'm pretty sure that no mater what you write all it will do is demonstrate your personal lack of objectivity rather than an interest in uncovering the truth.

      Yawn. And I've seen so far that YOU have a startling personal lack of objectivity.

  2. The root of the problem by hobarrera · · Score: 3, Insightful

    While this is a great effort, and I really congratulate the Tor proyect for all that they've done and continue to do, this still is nowhere close to the solution on the real issue here: governments that over and over again limit people's freedom of speech and privacy.

    1. Re:The root of the problem by Anonymous Coward · · Score: 2, Interesting

      What do you propose we Western geeks do about the government of Iran?

    2. Re:The root of the problem by capnchicken · · Score: 4, Insightful

      Unfortunately you always have to build things in spite of people, and can never count on altruism because there will always be bad actors, and those bad actors always have the chance of gaining power. It's the human condition, the only thing you can do is route around it. I agree we should address it from many fronts, but technological circumvention, while maybe only alleviating symptoms, seems to be very effective.

      --
      A libertarian shat on my carpet once. Claimed the free market would sort it out. -Ford Prefect(8777)
    3. Re:The root of the problem by Anonymous Coward · · Score: 1

      Do not worry people. Is impossible to stop antiencription.
      just imagine the following idea.
      You write a tottaly understable text with some easy code. For example. The first letter of each word are a phrase.
      Well. you can create extensive false documents (there where papers accepted by academics written by computers, so is not entirely impossible) with this kind of coding (There are a lot of more complex algorithms involving taken only the letters from a formula, etc).
      If only some people has the code to break it. Only those people can break it.
      there are some examples of encrited books that not even today could be descifred. So... imagination will win the battle here.

    4. Re:The root of the problem by John3 · · Score: 4, Funny

      Write code that messes with their technology, perhaps something that might wreak havoc on centrifuges or other industrial machinery?

      --
      "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
    5. Re:The root of the problem by Culture20 · · Score: 2

      Tor proyect

      That sounds like commie talk, comrade.

    6. Re:The root of the problem by Anthony+Mouse · · Score: 2

      While this is a great effort, and I really congratulate the Tor proyect for all that they've done and continue to do, this still is nowhere close to the solution on the real issue here: governments that over and over again limit people's freedom of speech and privacy.

      That is sort of missing the big picture. Yes, you have to fight governments that oppress and censor... but this is one of the ways you do it. It's a lot easier to convince someone that censorship is wrong if it is, in any event, totally ineffective -- because you take away any possible upside. It no longer becomes a weighing of the benefits of censorship against its costs, because the benefits are destroyed by developing this type of technology. Censorship becomes something that has only costs, and there ceases to be any incentive for a self-interested government to impose it.

    7. Re:The root of the problem by KhabaLox · · Score: 1

      Rip down their posters.

      --
      Ceci n'est pas un sig.
    8. Re:The root of the problem by liamevo · · Score: 1

      Nice xkcd reference.

    9. Re:The root of the problem by SuricouRaven · · Score: 1

      One mans free speech can also be another's copyright infringement, incitement to racial hatred, obscenity, heresy, threat to national unity or intolerably blasphemy. There are very few people who support completly unconditional free speech - people just differ in how much they value free speech in relation to other, contradictory ideals.

    10. Re:The root of the problem by wormout · · Score: 1

      As opposed to the governments who, in this age, don't at least aspire to do exactly that? This test of new technology isn't just relevant to Iran, you know. Even if you think you live in a relatively free 'western' country, future developments in these kinds of tools are a damn sight more important to you than you appear to realise.

  3. Disguise encrypted as unencrypted? by Arancaytar · · Score: 4, Funny

    How do you hide something unreadable within something readable? ... damn, you're going to make me RTFA, aren't you? :P

    1. Re:Disguise encrypted as unencrypted? by Pseudonym+Authority · · Score: 2

      You mean something like steganography?

    2. Re:Disguise encrypted as unencrypted? by pushing-robot · · Score: 5, Insightful

      It's steganography. They've created a strong AI capable of passing as human and conversing intelligently with other copies of itself. Each AI instance develops relationships with others, sharing email and IMs about its loves and hates, passions and dreams, even photos of virtual family and pets. All of which can contain a hidden payload of your private data.

      But enough technical mumbo-jumbo. What matters is you'll now be able to surf porn sites without anyone knowing.

      --
      How can I believe you when you tell me what I don't want to hear?
    3. Re:Disguise encrypted as unencrypted? by Anonymous Coward · · Score: 1

      It's actually pretty easy. I bet you couldn't hIwD5E4YmYgu7EABA/4zkMc2B2jVFcLC2s8SbV4MWdJCb0buQe0eEJX9XuMgNEbG even tell this was a ryyIKnRf2Zg8TvdClV20DsClRXR9GICX2pdhEFWqSJDQuLQX2sC7fVPshoOYkutV secretly encrypted KFyslVdYKQlLq4cwOHCTbIDLPdTFFpSuhIOvgk8yhcQTo2M7VY6xmaNLtYm0/9JE message, hiding in plain AS2LW55DgwHs6waLou78owXYW7vQBkhQLky69gV4htAhwIEqkdzS5w3iE36a9eyZI sight on plain old HTTP in /63GXN745FjoP8hwSZCfffhY0L8= ordinary HTTP traffic with no SSL/TLS at all. =DKJ0 It looks just like normal traffic, doesn't it?

    4. Re:Disguise encrypted as unencrypted? by X0563511 · · Score: 2

      encapsulation.

      Here's one way to do it:

      Send the SSL data in a standard HTTP stream. Even better, base64 encode the data, so it looks like actual text.

      To block this means either blocking HTTP as a whole, or building/buying some expensive stuff that can understand HTTP and do some kind of content analysis on it.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    5. Re:Disguise encrypted as unencrypted? by CanHasDIY · · Score: 1

      This is still vulnerable to statistical analysis, because little in nature is truly as random as random data is.

      Uh, I thought it was the other way around, as the "randomness" of the data is determined by the use of non-random algorithms, whereas nature is not dependent on such defined programming.

      As an example, compare Rhapsody's "shuffle" setting that only repeats 20 songs from a 500 song playlist over and over, as opposed to closing your eyes and chucking darts at the same list.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    6. Re:Disguise encrypted as unencrypted? by betterunixthanunix · · Score: 2

      Think of it in terms of error correcting codes. You and I agree on a secret linear code, and we then add our codewords to a noisy channel (at the lowest power possible to allow decoding to occur). If the noise power is high enough, then our codewords should be undetectable in the channel; but we can still recover the codewords because we know what error correcting code is being used (it is widely believed that detecting the codewords without knowledge of the code is hard; this is just a restatement of the Learning With Errors problem). Our secret key is a description of the code (which is just a matrix) and we can even turn this into a public key system.

      Now, the trick is to determine if the system is still secure when the noise is sampled in some specific way that we cannot control. Is the background noise in a voice chat suitable? What about packet delays (which might be manipulated by your ISP to break the system)? The method described above works fine as a cryptosystem, but there is more work to be done if you want a stegosystem.

      --
      Palm trees and 8
    7. Re:Disguise encrypted as unencrypted? by trum4n · · Score: 2

      ...as opposed to closing your eyes and chucking darts at the same list.

      However, it does extend the operating life of your LCD.

    8. Re:Disguise encrypted as unencrypted? by lgw · · Score: 1

      Well, perhaps the Iranian government can't just buy that sort of deep packet analysis tool off the shelf, but most people can. Detecting steganography is very easy once you know the algorithm used. If they just crammed base64 text into text streams, most ISPs could already flag that, using equipment already in place, with a few minutes work on the regex.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    9. Re:Disguise encrypted as unencrypted? by Culture20 · · Score: 1

      Chucking darts at a wall is incredibly non-random. It's good for a one-time toss, but repeated uses will cluster badly.

    10. Re:Disguise encrypted as unencrypted? by swb · · Score: 1

      Has anyone done this?

      It'd sure be nice to have some kind of an implementation of it built into OpenSSH and a client like Putty, and robust enough to work through a firewall proxy.

      I'm sure it belongs as some standalone proxy, but having it integrated would make it easier and less painful to use from a client perspective, although I would imagine it would have to be a pretty simplistic implementation (wrap SSL in HTTP, base64 encoded only) and not delve to far into actual steganography.

      In other words, useful for evading very aggressive firewalling and HTTP proxying.

      Wouldn't content analysis just be a case of monitoring a stream and looking for the presence of English or local language text over a period of time? Of course, I'm probably grossly overestimating the number of HTTP streams that are used for binary data for applications and never include the kind of human/machine readable English or local language text.

      Or doing a file(1) type analysis of the decoded content to see if it matched?

      You could probably use a couple of heuristics in combination and then use some kind of "probability" value to tune whether or not you thought it was fishy.

    11. Re:Disguise encrypted as unencrypted? by CanHasDIY · · Score: 1

      closing your eyes and chucking darts at the same list.

      Chucking darts at a wall is incredibly non-random. It's good for a one-time toss, but repeated uses will cluster badly.

      Looks like you might benefit from this.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    12. Re:Disguise encrypted as unencrypted? by KhabaLox · · Score: 2

      If the noise in the LSB tends to be Brownian and you replace it with white noise, that's going to be detectable

      Replacing brown noise with white noise? Sounds pretty racist to me.

      --
      Ceci n'est pas un sig.
    13. Re:Disguise encrypted as unencrypted? by Culture20 · · Score: 1

      I'm sorry, but even with eyes closed, you'll tend to throw the same way every time (unless you purposefully throw differently with each toss, then it's still non-random, but psychology has to be taken into account).

    14. Re:Disguise encrypted as unencrypted? by X0563511 · · Score: 1

      As far as the file style analysis - this wouldn't be possible except at the very beginning of the connection, as the data in the middle looks like garbage.

      The beginning though - where certificates are exchanged and handshakes made - this could be picked up on, and if the connection was squashed at this point, it wouldn't be possible to continue.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    15. Re:Disguise encrypted as unencrypted? by Thud457 · · Score: 1

      Pink Noise a transvestite band.

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    16. Re:Disguise encrypted as unencrypted? by dgatwood · · Score: 1

      This is why you spin around repeatedly first.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    17. Re:Disguise encrypted as unencrypted? by Em+Adespoton · · Score: 1

      ...until your AI accidentally says something it shouldn't.

    18. Re:Disguise encrypted as unencrypted? by Sulphur · · Score: 1

      I really don't get the car analogy.

      I mean, if you put both cars through a grinder (encryption) or press (archiving), won't that make the toyota and ferrari the same?

      No, one is a Tor-ota.

    19. Re:Disguise encrypted as unencrypted? by anubi · · Score: 2

      The first thing I thought while I was loading this topic was steganography. So I asked my browser to find this word and discovered you beat me to it.

      A really good question now is how do you allow any internet traffic at all? Nearly anything can be encoded with steganographic information.

      There was one guy on the net a few years ago named "Fravia" that went on in detail how to make steganographic communications programs on the fly. Wonderful work.

      After reading his essays, which he so graciously shared with the world, I knew every hardcore computer oriented freedom fighter would archive his works. This technology would assure that as long as there was communication at all, no repressive regime would be able to censor it, or even know what was going on right under their nose.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

    20. Re:Disguise encrypted as unencrypted? by anubi · · Score: 1

      Detecting steganography is very easy once you know the algorithm used.

      So, coin your own algorithm.

      Aren't guessing games fun? There's millions of ways to do this... Guess which one I am using!

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

    21. Re:Disguise encrypted as unencrypted? by MichaelSmith · · Score: 1

      But its use would be so rare in Iran that the police could just arrest and execute anybody in posession of tools which could be used for steganography.

      --
      http://michaelsmith.id.au
    22. Re:Disguise encrypted as unencrypted? by SuricouRaven · · Score: 1

      The purpose of internet censorship isn't to make it impossible to gain access to prohibited information - that would be impossible. The purpose is to make that information so much trouble to get to that only a negligable number of people will be so determined.

    23. Re:Disguise encrypted as unencrypted? by anubi · · Score: 1

      < embarrassed > I stand corrected. And greets to +ORC

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

    24. Re:Disguise encrypted as unencrypted? by lgw · · Score: 1

      It's fundamental to encryption to assume your atttacker knows your algorithm - keys can be managed, but the algorith is out there, and anyone smart enough will figure it out.

      --
      Socialism: a lie told by totalitarians and believed by fools.
  4. Seems about right by bigredradio · · Score: 4, Insightful

    The more you tighten your grip, $dictator, the more $locations will slip through your fingers. - $rebel_princess.

    --
    Flexible bare-metal recovery for Linux/UNIX
    1. Re:Seems about right by cold+fjord · · Score: 1

      The more you tighten your grip, $dictator, the more $locations will slip through your fingers. - $rebel_princess.

      It just might take 50, 100, or 400 years. The German Reich - 12 years. Fascist Italy - 21 years. USSR - 74 years. North Korea - 60 years and counting.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  5. If they're undetectable... by eternaldoctorwho · · Score: 2

    ...then how do they get tested deterministically? They MUST be undetectable, because the summary headlines are never ever wrong, nor do they exaggerate.

  6. Automated steganography by niteq · · Score: 2

    It'd be slow, for sure, but encapsulating messages inside of images using steganography libraries should be very feasible as a means of tunneling.

    --
    -niteq
    1. Re:Automated steganography by X0563511 · · Score: 1

      I can see it now.

      Analyst A: Wow, this cat photo has gotten VERY popular.
      Analyst B: Hey... why do these otherwise identical photos have different checksums?

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    2. Re:Automated steganography by gorzek · · Score: 1

      I assume you were referring to YouTube. The problem with YouTube is that any video you upload is going to be transcoded for their storage, so anything you've hidden in the bits of the video is going to be lost or at least seriously corrupted.

      --
      Check out my world simulator thingy.
    3. Re:Automated steganography by healyp · · Score: 1

      This is true of AIM buddy icons as well. Back in the day I tried my damnedest to insert secret messages into my buddy icon but it kept getting reprocessed every time.

    4. Re:Automated steganography by MichaelSmith · · Score: 1

      tunneling.

      Doesn't help you if you just want to access your bank account or email. A tunnel implies somebody ready to operate the other end. If that person existed outside Iran, the Iranian government would quickly block access to them.

      --
      http://michaelsmith.id.au
  7. not the smartest headline by v1 · · Score: 2, Informative

    Tor Tests Undetectably Encrypted Connections In Iran

    "Undetectably encrypted". No. There really is no such thing. "Obfuscated", "disguised", ok I'll take those, but not "undetectably". Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.

    I'm sure cisco and motorola etc will send their people over there this weekend to make upgrades to the censorware they sold them last year. They provide such good customer service to our adversaries when there's a buck to be made. (isn't there a law against this? they push so hard politically in one direction all the while the american businesses drive a dagger in the back of their goals)

    --
    I work for the Department of Redundancy Department.
    1. Re:not the smartest headline by X0563511 · · Score: 2

      A proper encryption without a header of some kind, and without the key, looks like random noise. You can suspect it's encrypted, but you cannot know for certain (ignoring context. even then, the context only suggests, not proves)

      So, pedantically, I suppose it IS possible. But not over in practical land.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    2. Re:not the smartest headline by pinfall · · Score: 1

      At this point we're all fucked anyway. Government's greatest desire is to have keyloggers built into every bios so encryption is made obsolete.

    3. Re:not the smartest headline by betterunixthanunix · · Score: 2

      Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.

      Well, in terms of steganography, we can speak of "strong" or "provably secure" steganography which can guarantee that no process can decide if a hidden message exists in the cover traffic with non-negligible advantage. If you have a low enough SNR, detecting the existence of the signal at all become impossible; the only trick is to ensure that someone with the secret key can still extract that signal.

      --
      Palm trees and 8
    4. Re:not the smartest headline by MightyYar · · Score: 1

      Don't be so hasty... Spammers can get past spam filters even when they are tuned to look for every variation of the word P3N1S. :)

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    5. Re:not the smartest headline by betterunixthanunix · · Score: 4, Informative

      Over in practical land, you need a noisy channel where the amount of noise is high enough to overpower efforts to detect your hidden signal, but where someone with special knowledge (knowledge of the secret key) can perform run an error correcting code to recover the hidden signal. This is not at all implausible; we already know how to make cryptosystems based on random linear codes; the real work would be ensuring that security is maintained even when you use the channel's naturally occurring noise to hide the signal (which may not be guaranteed).

      --
      Palm trees and 8
    6. Re:not the smartest headline by oGMo · · Score: 1

      "Undetectably encrypted". No. There really is no such thing. "Obfuscated", "disguised", ok I'll take those, but not "undetectably". Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.

      Trivially, if you have a regular message that's filled with noise, it's easy to filter. Less trivially, if you have a message that encodes encrypted messages as normal-looking sentences, you might be able to filter it, though the generation of such could get pretty sophisticated. Far less trivially, you could spread the encoded encryption across multiple channels (a few bits in an email, a few bits in an IM, a few bits in an HTTP request). The better the encryption, the less distinguishable from purely random data it is. Then you have to detect close-to-random data encoded randomly across streams of other-random-data.

      It may be doable, but it's an arms race. The steganographers just have to change their schemes every now and then, which doesn't take much. The people doing the detection are eventually going to have to spend all resources on doing so. Who's to tell the few bits of the digital photo someone took combined with a few words in an IM and a URL someone visited resulted in passing a message or receiving one?

      Of course, once you have the opposition doing nothing but trying to find hidden messages in every bit of information around them, you've won.

      --

      Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

    7. Re:not the smartest headline by v1 · · Score: 1

      If you have a low enough SNR, detecting the existence of the signal at all become impossible

      This usually requires the percentage of secret data to be very small compared to the amount of "plausibly harmless" data it's steno'd into.

      So whether or not that is usable depends on the amount of data you want to hide, and what you intend to hide it in. If you want to send a paragraph of text you can probably squeeze that nicely into a tiff from your camera with minimal risk. But if you want to send someone a DVD length video, you'll have a hard time finding an elephant to hide that in.

      In theory you're right, but practical application can be a problem.

      And even in the above paragraph in a tiff example, if someone is LOOKING for data to be hidden in the image, it vastly improves their odds of finding it. Most stenography is traditionally very hard to recognize but fairly easy to forcefully extract. Once someone knows there's a high probability of data in that tiff, they will just whip out an entropy checker like the article we saw here recently for detecting photoshopping, and that is highly likely to confirm stenography is at work. And with most of these countries, they don't need to read what you put in the tiff, simply getting caught trying to hide something will get you locked up. (and $5 wrenched if they can't get the data out themselves)

      --
      I work for the Department of Redundancy Department.
    8. Re:not the smartest headline by betterunixthanunix · · Score: 1

      if someone is LOOKING for data to be hidden in the image

      There are ways to defend against this; I would start by looking at the Learning With Errors problem, which I suspect could be used for strong steganography systems (it is already being used for cutting edge cryptography).

      In theory you're right, but practical application can be a problem.

      That is the pattern with the Tor project. In the 90s, a lot of work went into anonymity systems that were resilient to concerted efforts to defeat the anonymity guarantees (mixmaster). Tor took some of these ideas, but had to sacrifice the strong security guarantees to ensure practicality, since high latency is not going to be acceptable for most applications. Strong steganography will probably not be practical, but some ideas from stego theory will wind up being used by Tor.

      --
      Palm trees and 8
    9. Re:not the smartest headline by lgw · · Score: 1

      Encryped data will never have the same "profile" as true randomness. Once the attacker knows the algorithm being used, nothing today will stop him from detecting that data is present. But that's not what the TOR team is after - they're trying to make it impractically expensive to perform this sort of detection on all internet traffic with the hardware the attacker already has. That's a much more practical objective. They aren't trying to hide the fact that there's an encrypted payload, they're just removing easy ways to distinguish traccif that might have the payload from normal traffic - such as simply blocking a port, or a protocol.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    10. Re:not the smartest headline by betterunixthanunix · · Score: 1

      Once the attacker knows the algorithm being used, nothing today will stop him from detecting that data is present

      Except for time, since we generally want ciphers whose ciphertext is computationally indistinguishable from a uniform random sequence i.e. where no efficient algorithm can distinguish between ciphertext and randomly sampled strings with non-negligible probability, even when the algorithm is publicly known (as long as the secret key is not publicly known). Whether such a thing is actually possible is still an open question, but there are good reasons to think that it is possible.

      --
      Palm trees and 8
    11. Re:not the smartest headline by X0563511 · · Score: 1

      Using a one-time-pad type of stream cipher would work, so long as you made sure to send the next pad before you ran out on the existing one. The danger of that though, is if they can grab a pad, they could theoretically decrypt any subsequent data (so long as they didn't "miss" recording the part with the next pad).

      Provided the pads are generated in an actually random or near-random manner, then the ciphertext would be indistinguishable from said random/near-random data.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    12. Re:not the smartest headline by betterunixthanunix · · Score: 1

      Why even bring up one time pads? A stream cipher or various stream-cipher-like modes of block ciphers would be sufficient in practice, and in theory we can show that (under certain widely accepted hardness assumptions) you can make a stream cipher with many-message security against computationally bounded adversaries. There is a well-known construction of a secure stream cipher from a one-way function and a hardcore predicate for that function.

      --
      Palm trees and 8
    13. Re:not the smartest headline by X0563511 · · Score: 1

      ... because people reading this thread may not be subject matter experts, and know all of that?

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    14. Re:not the smartest headline by lgw · · Score: 1

      Oh, I agree about the ideal, but we don't have anything like that today. Just like you can make a cipher unbreakable if you can compress the plaintext down to where there's no redundancy, but good luck designing a languange where all sequences are not only well formed, but meaningful.

      Cryptography is in a good place right now, where no one really attacks the math - the algorithm is the strongest part. The math for hashes is weaker, but we seem to get a few useful years out of each one. The math for steganography just isn't there yet (which is why neither the TOR team nor the Freenet guys are trying to disguise the encrypted payload, just make it harder to detect their traffic through traffic analysis alone).

      --
      Socialism: a lie told by totalitarians and believed by fools.
  8. hah! by Sebastopol · · Score: 1

    in the technological arms race, this is pretty damn cool idea.

    /munches popcorn and waits to see countermeasures/

    --
    https://www.accountkiller.com/removal-requested
  9. The Purloined Packet by CanHasDIY · · Score: 1

    Edgar Allen would be so proud.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  10. Lousy OPSEC by ve3oat · · Score: 1

    Wow! Why are they even talking about this?? Do they want the enemy to discover their method before this new weapon has even been fired in anger? Folks at Tor need to take and pass the OPSEC 100 course again.

    1. Re:Lousy OPSEC by softwareGuy1024 · · Score: 1

      Secrecy and open source don't mix. Also, RTFA, they are looking for people to host the proxy servers.

  11. Iran's government is afraid, and thereby stupid by cryfreedomlove · · Score: 4, Interesting

    This arms race of censorship and counter measures will have one definitive outcome: the best and the brightest of Iranian youth will find a way to emigrate because they don't want to live in an isolated theocracy. The resulting brain drain will set them back a century. This is what happens to governments driven by fear. Those in power in Iran fear their own people the most.

    1. Re:Iran's government is afraid, and thereby stupid by Animats · · Score: 3, Informative

      the best and the brightest of Iranian youth will find a way to emigrate because they don't want to live in an isolated theocracy.

      They already did, decades ago. When the US-supported Shah of Iran was overthrown, many Iranians came to the US.

    2. Re:Iran's government is afraid, and thereby stupid by glop · · Score: 3, Informative

      Actually when the Shah was overthrown, most of the brightest people in Iran celebrated. That's because he was a really bad dictator and the only reason most people in the West are not aware of it is because he was very pro-American and very friendly with most western countries.
      The problem with revolutions is that it's hard to stabilize things afterwards. And there is no guarantee that the nice and respectful people will take over to draft a Constitution that grants freedom for the people. That's when many of the brightest in Iran got really disappointed and the religious extremists took the power.

      You can read the account of one of those brightest people who left Iran years later: http://en.wikipedia.org/wiki/Marjane_Satrapi
      Marjane's account seemed pretty fair and balanced to me (based on the differences with the cliches I had heard, what I know about the publishers, the variety of the anecdotes and their "true to life" aspect).

    3. Re:Iran's government is afraid, and thereby stupid by sohmc · · Score: 1

      Isn't this a good thing though? "The People should not fear its government. The government to should fear its the People."

      I guess the only thing missing is the revolution to actually throw the government out of the country.

      --
      We don't live in Shouldland.
    4. Re:Iran's government is afraid, and thereby stupid by AbRASiON · · Score: 1

      Look at Iran now, what religion do they follow?
      The place is already set back a century.

  12. Apt quotation by SteveFoerster · · Score: 1

    "If they can get you asking the wrong questions, they don't have to worry about the answers." -- Thomas Pynchon

    --
    Space game using normal deck of cards: http://BattleCards.org
  13. As I read the blurb ... by Ungrounded+Lightning · · Score: 4, Informative

    How do you hide something unreadable within something readable? ... damn, you're going to make me RTFA, aren't you? :P

    As I read the blurb (I have no inside knowledge) they're not making the PAYLOAD look unencrypted. They're circumventing the type-of-flow identification mechanisms built into router filtering by encapsulating the encrypted data within an outer layer (and addressed to the port of) another protocol. (They may even have put a layer on top of the existing service so that, unless it identifies the flow as an encapsulated TOR flow, it actually PERFORMS the service.)

    The result would be that, if they intercept the flow and try to parse it as what it purports to be, it may not make sense. But if their router look at the parts of the packets that are characteristic of what the flow purports to be, it will identify it as normal traffic and let it through. And if the router tries doing something like a keyword search through the bodies of the packets it won't get hits because the bodies are encrypted.

    You can use this approach with any protocol that can handle the traffic patters of a TOR connection (possibly with added padding packets to make the characteristics look more like the purported flow).

    Downsides might be:

    1) If you do a masked TOR only server on the port they might try to connect to the purported flow and detect that this server is not what it seems.

    2) If you do a diverting pancake you need a way to flag for the pancake that this is the masked TOR flow. If that's well known they might write a filter for it. (Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman have developed a steganographic method for applying such a tag. It is embedded in their own "TELEX" network-based firewall bypasser but might be adapted to this purpose. paper a href="https://telex.cc/"code")

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  14. Learn from others by feddas · · Score: 1

    So Iran is moving towards a DarkNet called Tor. I wonder if ACTA, SOPA, or PIPA would cause a similar reaction in the countries they're enforced upon.

  15. If the censor can't see it, it will get blocked. by davidwr · · Score: 3, Interesting

    "If we can't parse it, it gets blocked."

    In the old days, Cuban international phone calls were monitored. At least one person started talking a language other than English or Spanish and the operator broke in and told them to speak English or Spanish or get cut off.

    Source: Something I read in a reputable newspaper or magazine back in the 1970s or 1980s.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  16. Re:ferrari as toyota by couchslug · · Score: 1

    "I've often wondered why nobody ever nicks the body and VIN of an economy car to reduce theft risk and insurance costs of a sports car"

    Because they hot rod the economy car to get a sufficiently similar performance result.

    That's been done for almost one hundred years, and "Gow jobs" (for example) were being built before (possibly all) Slashdot posters were born.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  17. Of course by Coppit · · Score: 1

    Because Tor wasn't slow enough already...

  18. Cool sounds like IP steganography by hesaigo999ca · · Score: 1

    IP steganography makes it all the cooler, while still keeping a sort of logic about it that is very high level.
    I hope you all understand this will change things forever...

  19. Point-to-point and ad-hoc mesh networks by Phoenix666 · · Score: 1

    This topic is important to more than just Iranians. The events of the Arab Spring and developments across Europe, Asia, and America indicate we average folks are going to need a truly free means of communicating soon if not now. It has to be impossible for governments or corporations to blackout communications anywhere, so that their misdeeds cannot go unwitnessed.

    I know that separate projects exist to tackle this problem in different ways. B.A.T.M.A.N.'s ad hoc network protocol is one. Point-to-point information transfer via laser is another. Balloon-born "satellites" is another. I also read recently that the Zetas gang in Mexico had built their own separate cellular network.

    How can we hoi poloi implement these redundant networks at low- to no-cost, with maximum ease of use so that censorship will become impossible?

    --
    Do what you can, with what you have, where you are.
  20. Translation of parent's ascii codes by Anonymous Coward · · Score: 2, Informative

    $ perl -e 'print "\x48\x65\x6c\x70\n"'
    Help
    $

    1. Re:Translation of parent's ascii codes by guus_deleeuw · · Score: 1

      What are you guys doing on this site? If you need a tool to read that your not a nerd.

    2. Re:Translation of parent's ascii codes by mikael · · Score: 1

      Or you could just look at the first letter of each line. Or every tenth letter, or every N'th letter after a space. Or the last letter of each line.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  21. Re:Who cares? by SuricouRaven · · Score: 1

    It'd take more than one nuke to destroy Israel, and they have nukes of their own. Whoever attacked Israel with nukes would receive far more than they sent. The current government of Iran isn't that stupid - but maybe a future one will be. Or they just might be sensible enough to do so covertly: Send the nuke in a shipping container, no way to tell exactly who did it.

  22. Unwanted communication CAN be blocked by davidwr · · Score: 1

    The methods available CANNOT be blocked by any human operated or automated means.

    Sure they can. North Korea does a pretty good job of it.

    You just have to block ALL cross-border communications except by a very few trusted, authorized individuals. You still have the weak point of one of those individuals deliberately or accidentally leaking unwanted information, but in practical terms, you CAN keep unwanted information from reaching your citizens.

    The price you pay - one that North Korea is very willing to pay - is that practically ALL outside information is kept from crossing the border, even a lot of information that would benefit you, the government, if it did cross.

    This technique works on a local level as well:

    Cults isolate their non-elite members. Domestic abusers isolate their victims.

    This "information control" technique is even used in a healthy way:

    Families isolate children from information the kids are not mentally prepared to handle and/or funnel the information through parents and other trusted entities.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.