Search Mailing List Archives
[liberationtech] thoughts about Telex?
joss-liberationtech at pseudonymity.net
joss-liberationtech at pseudonymity.net
Sun Aug 7 21:16:58 PDT 2011
On 07/08/11 20:47, Katy Pearce ucsb wrote:
> The confusingly named Telex...
I posted this as a reply to an earlier thread, but somehow it seems to
have been lost. I'll repost it here. :)
(A few random thoughts from reading the paper, that turned into a few
more random thoughts. All of these could be totally wrong based on a
misunderstanding of how the system works, or missing a critical detail.)
The basic idea is very interesting, and certainly would be a new
challenge for those looking to detect and block.
I'm particularly impressed with the scheme of hiding the random-looking
hijack signal in a part of the https stream that is supposed to be
random already. That's going to give any filtering regime a headache.
Having said that, I think that there are one or two major issues with
Firstly, there is no analysis of what sort of installed base you would
need to make the scheme remotely practical. The authors acknowledge this
in the paper, and are working on the numbers, but at a first glance it
seems that you would need Telex relays installed on a large number of
relatively critical points in the infrastructure before this became usable.
A related point is that the potential relay points have no incentives,
beyond contributing to anti-censorship efforts, to participate. If I
understand correctly, this isn't the sort of thing that could be set up
by an average home user with a good connection (like Tor), it relies on
being installed by infrastructure providers. I'm much less sure that
they would go to the time and effort, unlike Tor relay providers who
tend to be "amateur" enthusiasts. This security (or privacy) economics
problem is always a tricky one to solve.
Having said all that, the idea of a user proactively tagging their
stream during normal browsing in order to discover Telex-enabled routes
is yet another very clever idea.
I'm a little unsure as to the details of how they're planning to solve
the key distribution problem, or perhaps what you might call the key
selection problem. Whilst public-key cryptography nicely provides the
ability to tag a stream with a random value that can only be identified
as a tag by the holder of the appropriate private key, it relies on the
client knowing which Telex station might pick up that key. That seems to
me to make the discovery problem much harder, as the client will have to
pick (more or less) random keys in the hope that they might hit their
target. Getting hold of a huge database of public keys isn't too much of
a problem, but matching keys to (unknown) targets might prove impractical.
I'd also be interested to see some real thought into how a filtering
regime might approach this. Obviously, they will be able to discover
Telex stations in the same way that ordinary clients can. At the
national level, with some level of, admittedly minor, control over
routing, a state could potentially decrease the likelihood of a given
Telex station turning up on a route. Whilst this wouldn't stop the
system entirely, it could potentially increase further the number of
stations required in the infrastructure to make the scheme practical.
I suppose that it would also be possible for a filter to discover Telex
stations, and occasionally drop all https connections (or a random
subset of them) that are heading towards them. The connection will
renegotiate, but potentially over a different route. Not a problem for
people legitimately trying to reach the "fake" site, but a real problem
for Telex clients.
I also imagine that some sort of timing or traffic analysis might be
able to identify users whose connections are not going to the claimed site.
Having said all that, I think that it's a /very/ interesting and /very/
clever idea and I'm looking forward to seeing the presentation at USENIX
in a few days, as well as the seemingly-very-similar concept called
"Decoy Routing" at FOCI
(https://db.usenix.org/events/foci11/tech/tech.html) tomorrow (by
(I'd also suggest that whether the system succeeds or fails depends on a
lot more than its technical properties. As Tor has demonstrated, it's at
least equally important that the system be usable, easy to install, well
supported, well publicized, well documented and somehow able to reach
critical mass. Luckily, it seems to be getting a nice amount of attention!)
More information about the liberationtech