
























Tor is one of the most popular systems for anonymous communication and censorship circumvention on the web, currently used by millions of users every day. This puts Tor as a target for attacks by organizations and governmental bodies whose goal is to hinder users' ability to connect to it. These attacks include deep packet inspection (DPI) to classify Tor traffic as well as legitimate Tor client impersonation (active probing) to expose Tor bridges. As a response to Tor-blocking attempts, the Tor community has developed Pluggable Transports (PTs), tools that transform the appearance of Tor's traffic flow. In this paper we introduce a new approach aiming to enhance the PT's resistance against active probing attacks, as well as white-listing censorship by partitioning the handshake of the PT from its encrypted communication. Thus, allowing mixing different PTs, e.g., ScrambleSuit for the handshake and FTE for the traffic itself. We claim that this separation reduces the possibility of marking Tor related communications. To illustrate our claim, we introduce DNS-Morph: a new method of transforming the handshake data of a PT by imitating a sequence of DNS queries and responses. Using DNS-Morph, the Tor client acts as a DNS client which sends DNS queries to the Tor bridge, and receives DNS responses from it. We implemented and successfully tested DNS-Morph using one of the PTs (ScrambleSuit), and verified its capabilities.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。