.se logo PriSec logo kau logo


A Polymorphic Network Protocol to Circumvent Censorship


Free and open communication on the Internet is endangered and censorship is on the rise. In particular, deep packet inspection (DPI) technology is frequently used to filter what censors consider undesired information. DPI enables fine-grained and cost-effective censorship of entire countries. Accordingly, several countries are documented to use DPI to conduct surveillance, or to block Tor.

system design

This project at Karlstad University investigated countermeasures to this disconcerting development. We designed and developed ScrambleSuit: a transport protocol particularly hard for DPI boxes to recognise and block. The diagram to the right illustrates The Big Picture. ScrambleSuit is designed as a set of Python modules for obfsproxy which is an obfuscation framework developed by the Tor Project. Both, the client and the server run obfsproxy together with ScrambleSuit. This makes it possible for the exchanged traffic to be encrypted, authenticated and disguised. Technically speaking, our protocol provides two core features:

  1. ScrambleSuit protects against active probing attacks. This attack—pioneered by the Great Firewall of China—is an effective and cheap way for DPI boxes to identify protocols while at the same time minimising collateral damage.
  2. Our protocol further implements morphing techniques which make it possible for every ScrambleSuit server to exhibit a unique flow signature. In particular, we alter inter-arrival times and the transported protocol's packet length distribution.

Note that despite the diagram to the right, ScrambleSuit is independent of its transported application. While we did design ScrambleSuit specifically for the use with Tor, it can transport any application which supports SOCKS. This includes Tor, VPN, SSH and many other protocols.

This project was supported by a research grant from Internetfonden which is part of the Swedish Internet Infrastructure Foundation.


Before the final and peer-reviewed paper listed below, we published a technical report in May 2013. Several important design aspects have changed since then, so we strongly recommend reading the WPES version instead. Furthermore, you can also find the paper “Towards a Censorship Analyser for Tor” listed below which was also created during the lifetime of this project.


Since February 2014, ScrambleSuit is part of the Tor project's obfsproxy. You can get a copy of obfsproxy by running

git clone https://git.torproject.org/pluggable-transports/obfsproxy.git

While obfsproxy will only contain stable releases of ScrambleSuit, we maintain a development repository in parallel. The code is open source and available under the BSD 3-Clause license. You can get a copy of the development repository by running:

git clone https://git.torproject.org/user/phw/scramblesuit.git

After installation, you can use a dedicated ScrambleSuit bridge we set up for testing. Our bridge has already pushed some data! Finally, the Python tools used for our measurements can be downloaded here.


For questions or remarks of any kind, please contact Philipp using <philwint@kau.se>. You can use this OpenPGP key for encrypting emails.

Valid HTML 4.01 Transitional Valid CSS! created with vim
Last change: 2014-02-13