• Stars
    star
    286
  • Rank 144,690 (Top 3 %)
  • Language
    Python
  • Created over 15 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Polymorphic Engine for Filtering-Resistant Transport Protocols
Dust: A Censorship-Resistant Internet Transport Protocol
Brandon Wiley
The University of Texas at Austin School of Information

Introduction
Dust is an Internet protocol designed to resist a number of attacks currently in active use to censor Internet communication. While adherence to the theoretical maxims of cryptographic security are observed where possible, the focus of Dust is on real solutions to real attacks.

Use Case
The use case for Dust assumes that there is an area of the Internet surrounded by a packet filtering firewall. All normal Internet traffic passing between the inside and outside of the zone is filtered using standard packet filtering techniques, disallowing the transmission of certain banned content. It is also assumed that there is a secure, but perhaps expensive and high latency, channel into the filtered zone. This channel is considered to be out of band, i.e. it is not over the Internet (phone, letter, messenger, etc.). Given this scenario, Dust creates an inexpensive, unfiltered channel from inside the firewall to outside.

Packet Filtering Techniques
The packet filtering techniques currently in use attempt to keep as little state as possible in order to be scalable. Filtering can happen either at the individual packet level (drop banned packets) or at the stream level (block or throttle streams containing banned packets). For stream level filtering it is common to sample only the initial packets of the stream, or to do random statistical sampling of packets. Filters do not keep persistent state about streams other than whether they have been marked as banned. Technique for defeating filtering can therefore concentrate on not sending packets which will be marked as banned.

There are two general classificiations of techniques for determining of a whether a packet is banned. Shallow packet inspection (SPI) uses just the headers of the packet. This is less expensive because the headers need to be examined anyway in order to route the packet. Deep packet inspection (DPI) simply refers to examining the packet contents as well as the headers. DPI used to be considered too expensive to be practical, but is now in widespread use by some filters.

SPI techniques in active use for marking packets are as follows: source IP and port, destination IP and port, and packet length.
DPI techniques in active use for marking packets are as follows: examing packet for connection headers and handshakes of known protocols, examining packet contents for banned static strings, and examining packet contents for banned string patterns.

How Dust Circumvents Filters
Dust is an engine for generating Internet protocols used to send packets which defeat the various filtering techniques currently in use. There is a client and a server. In order for them to communicate they must both be using the same encoding. Encodings can be devised which make traffic look random or which mimic existing protocols.

IP and port blacklists - This is outside of the scope of the protocol. Communication over the Internet requires a destination IP and port which has not been blacklisted by the filter. For the source IP and port, packet spoofing could be used. For more information on how to circumvent IP blacklists, see the Arcadia paper. http://blanu.net/Arcadia.pdf

Packet length - Dust packets have randomized lengths, shaped to a target distribution. Different encodings can make the packet lengths look random or like an existing protocol.

Connection headers and handshakes - Unlike SSH and SSL (both now filtered but some filters), Dust contains no plaintext handshake.

Static strings and string patterns - Dust packets are encrypted, therefore the contents are randomized and static strings and string patterns are removed.

Statistical properties of content - Even encrypted content can filtered, either by looking for high entropy content, or requiring that the content conform to the statistical properties of a certain protocol. After encryption, Dust content is shaped to have a statistical distribution based on a target distribution. Different encodings can make the content look random or like an existing protocol.

For further details of the mechanics of Dust, please view the documentation for either the original Dust v1 in v1/README or the newer and more advanced Dust v2 in hs/README.

More Repositories

1

codec2-arduino

A proof-of-concept for running the Codec2 audio codec on an Arduino-compatible Adafruit Feather nRF52 Bluefruit LE board
C
31
star
2

py-obfsproxy

A python implementation of obfsproxy
Python
12
star
3

CreditCoin

A credit-based digital currency
Objective-C
10
star
4

AdversaryLab

A service that tests obfuscating protocols against simulated filters
JavaScript
9
star
5

jscrypto

Pure Javascript Crypto Functions
JavaScript
7
star
6

sneakermesh

Java
6
star
7

GitBank

GitCoin transaction records
5
star
8

arcadiadht

A distributed hashtable with an AJAX interface
4
star
9

Dust-tools

A set of tools for exploring network filtering
Haskell
4
star
10

synapthein-minecraft

Synapthein Minecraft Website
Shell
3
star
11

InternetMeetupTime

It's like Swatch Internet Time, but better.
Java
3
star
12

juicer

The RSS Juicer demolishes RSS files, extracting the sweet nectar of content contained within
Haskell
2
star
13

esh

A programming friendly shell
Ruby
2
star
14

blocking-test

A framework for testing blocking-resistant Internet transport protocols
Python
2
star
15

AdversaryLab-offline

Offline processing tools to run the same analysis as the AdversaryLab online service
Python
2
star
16

freefallweb

FreefallDB.com Website
JavaScript
2
star
17

freefallnode

Server-side Javascript execution for the Freefall cloud web app hosting environment
JavaScript
2
star
18

VotingMachine

A simple to use e-democracy tool for cooperatives and other community-run organizations
JavaScript
2
star
19

pyptlib

Python Pluggable Transport libary
Python
2
star
20

Audio-Swift

Audio-Swift is a port of the Teensy Audio library from C++ to Swift
Swift
2
star
21

freefall

A cloud database for writing client-side web applications
Python
2
star
22

edemocracy

Electronic democracy and consensus tools
JavaScript
1
star
23

flaaare

Notification when people want to hang out
JavaScript
1
star
24

vitals

Health statistics graphing application
JavaScript
1
star
25

LettersIOS

Forum client for iOS
Objective-C
1
star
26

vitals-mobile

Mobile health statistics
1
star
27

AdventOfCode2021

Answers to Advent of Code 2021 puzzle questions
Python
1
star
28

blanu.net

The blanu.net website
JavaScript
1
star
29

CryptoTest

Testing the new CryptoKit framework
Swift
1
star
30

Blueprint

Blueprint is an intermediate representation language for expressing code that is going to be transpiled
Swift
1
star
31

Bell

Bell is a small Smalltalk-like languages that compiles to C++, targeting Arduino
Swift
1
star
32

Audio-SAMD51

Audio-SAMD51 is an extraction of the platform-specific parts of Adafruit's port of the Teensy Audio library to the SAMD51 microcontroller
C++
1
star
33

arbre

Arbre is an experimental pure functional programming language based on trees
Haskell
1
star
34

freefallroutes

Freefall Routing Service
1
star
35

embiggen

An HTML5 game
JavaScript
1
star
36

Silkscreen

The software behind Silkscreen News
1
star
37

Protoculture

Graphical user interace client for uploading traffic captures to Adversary Lab
NSIS
1
star
38

freefallsocial

Freefall Social Networking Services
Python
1
star
39

freefalldb

Scalable NoSQL database for mobile apps
Objective-C
1
star
40

Stack

Stack is an over-engineered implementation of a stack data structure for Swift.
Swift
1
star
41

Vajra

Headless daemon for uploading network traffic captures to Adversary Lab
Go
1
star