New Tool Keeps Censors in the Dark

Anti-censorship software would make it harder for censors to track—and block—undesirable communications.

Aug 2, 2011

A new approach to overcoming state-level Internet censorship relies, ironically enough, on a technique that security experts have frequently associated with government surveillance.

Current anti-censorship technologies, including the services Tor and Dynaweb, direct connections to restricted websites through a network of encrypted proxy servers, with the aim of hiding who’s visiting such sites from censors. But the censors are constantly searching for and blocking these proxies. A new scheme, called Telex, makes it harder for censors to block communications. It does this by taking traffic that’s destined for restricted sites and disguising it as traffic meant for popular, uncensored sites. To do this, it employs the same method of analyzing packets of data that censors often use.

“To route around state-level Internet censorship, people have relied on proxy servers outside of the country doing the censorship,” says J. Alex Halderman, assistant professor of electrical engineering and computer science at the University of Michigan. “The difficulty there is, you have to communicate to those people where the proxies are, and it’s very hard to do that without also letting the government censors figure out where the proxies are.”

The Telex system has two major components: “stations” at dozens of Internet service providers (ISPs)—the stations connect traffic from inside nations that censor to the rest of the Internet—and the Telex client software program that runs on the computers of people who want to avoid censorship.

To disguise the destination of the traffic the user wants to send, Telex employs a form of cryptography called “steganography,” which is the practice of hiding secret messages within readable messages.

The Telex client software starts by making an outgoing connection to a nonblocked website, encrypting the traffic in the same way that an e-commerce or online banking site does (the address in the browser bar begins with https:// instead of http://). The identity of the censored site is then encoded in a special string, or “tag,” that’s embedded in the encrypted request. A Telex station at an ISP can examine incoming traffic and detect the presence of these tags, providing it has the right encryption key. The tag would be indistinguishable from random gibberish without the key.

When the Telex station detects an incoming request that includes a tag, it redirects that connection to the site specified in the encrypted message. This behavior resembles a controversial technology called “deep packet inspection” (DPI), which governments and ISPs have used for censorship and for blocking or throttling certain types of Internet traffic, such as peer-to-peer file-sharing.

“DPI has been used notoriously as a means of censorship, but Telex uses DPI in a completely different way,” Halderman says. “We’re basically turning the concept on its head to create something that’s a really powerful anti-censorship tool.”

Halderman says the design is such that it doesn’t matter if the location of ISPs employing Telex stations are known to the censors. “The key thing is that we want to put the stations at enough points in the Internet so that blocking all the routes that go through those would be tantamount to making the Internet unavailable,” he says. “The vision is that if we deploy Telex widely enough, it can make connecting to the Internet for a government that might want to do censorship an all-or-nothing proposition. Either you live with the fact that people can get to sites you want to censor, or you effectively pull the plug entirely.”

In a paper on Telex submitted to the Usenix Security Symposium this month, Halderman and others describe in detail how their system would resist attacks by censors.

“We’ve gotten a lot of comment from people who don’t understand the system, who are pointing out ways they believe the system could be defeated, but in almost every case, it’s something we’ve thought about and addressed in the paper,” he says, adding that the system was designed to adapt to increasingly sophisticated censorship methods.  

“Censored users today have moderate success using normal proxy servers, but what we’re seeing is that major countries involved in censorship are adapting quite quickly to that,” Halderman says. “For example, China has gotten very effective in blocking Tor, and Iran has also made some quite sophisticated countermeasures against Tor.”

Bruce Schneier, a cryptography expert and chief security technology officer at BT, calls Telex “well-thought-out and designed,” but says the system would not work without widespread adoption by ISPs around the world.

“There are two ways to deploy this system: ask nicely, or make it a law [for ISPs to implement it],” Schneier says. “It would be great if the governments of the world backed this idea, because in general this sort of thing is why you don’t see these technologies widely adopted. No one is willing to pay for them, and no one is going to support them otherwise.”

The researchers are working to expand a test Telex network that they’ve been using for months to surf the Web, and even to watch YouTube videos. They note that the test system works with “acceptable stability and little noticeable performance degradation,” and that it performed well in the face of some unexpected stress testing. A researcher accidentally misconfigured one of the Telex stations to act as an open Internet proxy; it wasn’t long before the system was being used by outsiders hoping to hide their identities.