The Parrot Is Dead: Observing Unobservable Network Communications

A. Houmansadr, C. Brubaker, V. Shmatikov
2013 2013 IEEE Symposium on Security and Privacy  
In response to the growing popularity of Tor and other censorship circumvention systems, censors in nondemocratic countries have increased their technical capabilities and can now recognize and block network traffic generated by these systems on a nationwide scale. New censorship-resistant communication systems such as SkypeMorph, StegoTorus, and CensorSpoofer aim to evade censors' observations by imitating common protocols like Skype and HTTP. We demonstrate that these systems completely fail
more » ... o achieve unobservability. Even a very weak, local censor can easily distinguish their traffic from the imitated protocols. We show dozens of passive and active methods that recognize even a single imitated session, without any need to correlate multiple network flows or perform sophisticated traffic analysis. We enumerate the requirements that a censorship-resistant system must satisfy to successfully mimic another protocol and conclude that "unobservability by imitation" is a fundamentally flawed approach. We then present our recommendations for the design of unobservable communication systems.
doi:10.1109/sp.2013.14 dblp:conf/sp/HoumansadrBS13 fatcat:ux57wstrhnfuhmtknw3pg4uf2y