Thursday, January 26, 2012

Tor and the Great Firewall of China

(credit)
Here's a fascinating post by Tim Wilde over at the Tor Project blog, discussing China's growing sophistication in blocking Tor connections:
In October 2011, ticket #4185 was filed in the Tor bug tracker by a user in China who found that their connections to US-based Tor bridge relays were being regularly cut off after a very short period of time. At the time we performed some basic experimentation and discovered that Chinese IPs (presumably at the behest of the Great Firewall of China, or GFW) would reach out to the US-based bridge and connect to it shortly after the Tor user in China connected, and, if successful, shortly thereafter the connection would be blocked by the GFW.
... we discovered two types of probing. First, "garbage binary" probes, containing nothing more than arbitrary (but sometimes repeated in later probes) binary data, were experienced by the non-China side of any connection that originated from China to TCP port 443 (HTTPS) in which an SSL negotiation was performed. ... The purpose of these probes is unknown ...
The second type of probe, on the other hand, is aimed quite directly at Tor. When a Tor client within China connected to a US-based bridge relay, we consistently found that at the next round 15 minute interval (HH:00, HH:15, HH:30, HH:45), the bridge relay would receive a probe from hosts within China that not only established a TCP connection, but performed an SSL negotiation, an SSL renegotiation, and then spoke the Tor protocol sufficiently to build a one-hop circuit and send a BEGIN_DIR cell. No matter what TCP port the bridge was listening on, once a Tor client from China connected, within 3 minutes of the next 15 minute interval we saw a series of probes including at least one connection speaking the Tor protocol.
Obviously this is disturbing. And unlike previous, passive efforts to block Tor, these active attacks are tough to defend against. After all, Tor was designed to be a public service. If the general public can download a Tor client and connect to a bridge, so can the Chinese government. This means that protocol-level workarounds (obfuscators, for example) will only work until China cares enough to stop them.

The situation isn't hopeless: proposed workarounds include password protecting Tor bridges, which might solve the problem to an extent -- though it seems to me that this is just kicking the problem down the road a bit. As with the bridge security model, it embeds the assumption that Chinese users can find bridges/passwords, but their government can't. More to the point, any password protocol is going to have to work hard to look 'innocent' (i.e., not Tor-like) to someone who doesn't know the password. There are a lot of ways this could go wrong.

On the research side there are ideas like Telex which would eliminate the need for bridges by embedding anti-censorship into the network. Chinese Tor clients would make TLS connections to arbitrary US websites; the connections would be monitored by special Telex routers along the way; any TLS connection with a special steganographic marking would get transparently re-routed to the nearest Tor node. Unfortunately, while the crypto in Telex is great, actually deploying it would be a nightmare -- and would almost certainly require government cooperation. Even if Western governments were game, the Chinese government could respond by banning overseas TLS connections altogether.

One last note: I love a good mystery, so does anyone care to speculate about those "garbage probes"? What are they -- a test? Automated fuzzing? Most likely they're an attempt to provoke a response from some other TLS server that the Chinese government cares about, but if it's not Tor then what is it?

Tim's full investigation can be found here.

Update 1/26: Emily Stark points me to the Flash Proxies project out of Stanford. This would put Tor proxies in individual client machines, thus massively increasing the number of bridges available and eliminating the outgoing client->bridge connection. They even have an implementation, though I warn you: running untrusted traffic through your Flash plugin is not for the faint of heart!

3 comments:

  1. Just wanted to point out this project that was developed last year in a censorship circumvention class at Stanford:
    http://crypto.stanford.edu/flashproxy/
    The idea is that people put Flash badges on their webpages, which serve as ephemeral bridges every time someone visits the page. More details and a research paper at that website, but just wanted to see if you've seen it because it's relevant to this bridge-blocking problem.

    ReplyDelete
  2. I hadn't seen it. That's pretty neat!

    ReplyDelete
  3. Great summary, Matthew!

    Based on Tim's excellent work we recently published a techreport which covers the block in more detail with additional findings and proposed evasion strategies:
    http://www.cs.kau.se/philwint/static/gfc/

    ReplyDelete