ScrambleSuitA Polymorphic Network Protocol to Circumvent Censorship
Free and open communication on the Internet is endangered and censorship is on the rise. In particular, deep packet inspection (DPI) technology is frequently used to filter what censors consider undesired information. DPI enables fine-grained and cost-effective censorship of entire countries. Accordingly, several countries are documented to use DPI to conduct surveillance, or to block Tor.
This project at Karlstad University investigated countermeasures to this disconcerting development. We designed and developed ScrambleSuit: a transport protocol particularly hard for DPI boxes to recognise and block. The diagram to the right illustrates The Big Picture. ScrambleSuit is designed as a set of Python modules for obfsproxy which is an obfuscation framework developed by the Tor Project. Both, the client and the server run obfsproxy together with ScrambleSuit. This makes it possible for the exchanged traffic to be encrypted, authenticated and disguised. Technically speaking, our protocol provides two core features:
- ScrambleSuit protects against active probing attacks. This attack—pioneered by the Great Firewall of China—is an effective and cheap way for DPI boxes to identify protocols while at the same time minimising collateral damage.
- Our protocol further implements morphing techniques which make it possible for every ScrambleSuit server to exhibit a unique flow signature. In particular, we alter inter-arrival times and the transported protocol's packet length distribution.
Note that despite the diagram to the right, ScrambleSuit is independent of its transported application. While we did design ScrambleSuit specifically for the use with Tor, it can transport any application which supports SOCKS. This includes Tor, VPN, SSH and many other protocols.
Before the final and peer-reviewed paper listed below, we published a technical report in May 2013. Several important design aspects have changed since then, so we strongly recommend reading the WPES version instead. Furthermore, you can also find the paper “Towards a Censorship Analyser for Tor” listed below which was also created during the lifetime of this project.
ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship
Philipp Winter, Tobias Pulls and Juergen Fuss
In the Proceedings of WPES, ACM, 2013
Towards a Censorship Analyser for Tor
In the Proceedings of FOCI, USENIX Association, 2013
Since February 2014, ScrambleSuit is part of the Tor project's obfsproxy. You can get a copy of obfsproxy by running
git clone https://git.torproject.org/pluggable-transports/obfsproxy.git
While obfsproxy will only contain stable releases of ScrambleSuit, we maintain a development repository in parallel. The code is open source and available under the BSD 3-Clause license. You can get a copy of the development repository by running:
git clone https://git.torproject.org/user/phw/scramblesuit.git
After installation, you can use a dedicated ScrambleSuit bridge we set up for testing. Our bridge has already pushed some data! Finally, the Python tools used for our measurements can be downloaded here.