Usually when you want to avoid censorship on Internet, you used tools such as TOR and other anonymizing proxies. Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman propose another solution: TELEX. The idea is elegant:
- The client software hides, using steganography, the query to a censored site in a query for a high-traffic innocent site. As the request is hidden, the censorship should not detect it.
- Stations outside of the frontier of the censoring state, within collaborating routers, will extract the hidden query and route it to the censored site. For that purpose, they will use Deep Packet Inspection (DPI).
- The censored site and the client enter into a secure channel, thus avoiding the censor to analyze the exchanged data.
- The collaborating router “impersonates” the innocent site in traffic to avoid detection.
The paper presents a nice threat analysis explaining all the trade-offs to remain stealthy, the strategy that optimally locates the collaborating stations, and how to ideally select the “innocent” site. It is an excellent work that was presented at Usenix 2011.
The main issue is of course to find collaborating routers. This would require either collaborating NSPs or state-funded infrastructure. This is most probably the trickiest part to solve. An utopia?
Alex Halderman, the last author, is well known by the medias. He is the one (at that time he used John A) who in 2002 demonstrated the weakness of Sony anti-rip solution (shift key), or more recently how to retrieve keys after a cold boot.