New anti-censorship scheme could make it impossible to block individual sites

Aug 10, 2011

A radical new approach to thwarting Internet censorship would essentially turn the whole web into a proxy server, making it virtually impossible for a censoring government to block individual sites.

The system is called Telex, and it is the brainchild of computer science researchers at the University of Michigan and the University of Waterloo in Canada. They will present it Aug. 12 at the USENIX Security Symposium in San Francisco.

"This has the potential to shift the arms race regarding censorship to be in favor of free and ," said J. Alex Halderman, assistant professor of computer science and engineering at U-M and one of Telex's developers.

"The Internet has the ability to catalyze change by empowering people through information and . Repressive governments have responded by aggressively filtering it. If we can find ways to keep those channels open, we can give more people the ability to take part in and access to information."

Today's typical anticensorship schemes get users around site blocks by routing them through an outside server called a proxy. But the censor can monitor the content of traffic on the whole network, and eventually finds and blocks the proxy, too.

"It creates a kind of cat and mouse game," said Halderman, who was at the blackboard explaining this to his computer and network security class when it hit him that there might be a different approach---a bigger way to think about the problem.

Here's how Telex would work:

Users install Telex software. Halderman envisions they could download it from an intermittently available website or borrow a copy from a friend.

Internet Service Providers (ISPs) outside the censoring nation deploy equipment called Telex stations.

When a user wants to visit a blacklisted site, he or she would establish a secure connection to an HTTPS website, which could be any password-protected site that isn't blocked. This is a decoy connection. The Telex software marks the connection as a Telex request by inserting a secret-coded tag into the page headers. The tag utilizes a cryptographic technique called "public-key steganography."

"Steganography is hiding the fact that you're sending a message at all," Halderman said. "We're able to hide it in the cryptographic protocol so that you can't even tell that the message is there."

The user's request passes through routers at various ISPs, some of which would be Telex stations. These stations would hold a private key that lets them recognize tagged connections from Telex clients. The stations would divert the connections so that the user could get to any site on the Internet.

Under this system, large segments of the Internet would need to be involved through participating ISPs.

"It would likely require support from nations that are friendly to the cause of a free and open Internet," Halderman said. "The problem with any one company doing this, for example, is they become a target. It's a collective action problem. You want to do it on a wide scale that makes connecting to the Internet almost an all or nothing proposition for the repressive state."

The researchers are at the proof-of-concept stage. They've developed software for researchers to experiment with. They've put up one Telex station on a mock ISP in their lab. They've been using it for their daily web browsing for the past four months and have tested it with a client in Beijing who was able to stream YouTube videos even though the site is blocked there.

Explore further: Computer scientists can predict the price of Bitcoin

More information: The paper to be presented at USENIX Security is called "Telex: Anticensorship in the Network Infrastructure." Full text is at telex.cc/paper.html

Related Stories

Georgia Tech to pursue 'transparent Internet'

Mar 22, 2011

What if Internet users could click a button and determine whether their service was being artificially slowed down? Or if the government were censoring their content? In the name of Internet transparency, a team of Georgia ...

Spyware poses identity-theft risk (Update)

Sep 15, 2005

A new study finds that a growing amount of Internet spyware -- programs downloaded to users' computers without their knowledge -- is designed specifically to steal personal information that could be used for identity theft. ...

Recommended for you

Tablets, cars drive AT&T wireless gains—not phones

5 hours ago

AT&T says it gained 2 million wireless subscribers in the latest quarter, but most were from non-phone services such as tablets and Internet-connected cars. The company is facing pricing pressure from smaller rivals T-Mobile ...

Twitter looks to weave into more mobile apps

6 hours ago

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Blink, point, solve an equation: Introducing PhotoMath

7 hours ago

"Ma, can I go now? My phone did my homework." PhotoMath, from the software development company MicroBlink, will make the student's phone do math homework. Just point the camera towards the mathematical expression, ...

Google unveils app for managing Gmail inboxes

7 hours ago

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

User comments : 14

Adjust slider to filter visible comments by rank

Display comments: newest first

krundoloss
2.5 / 5 (4) Aug 10, 2011
This would never work. If you did this, China would just start using whitelisting! Only allowing certain sites and blocking ALL others. Face it, China will control its population no matter what!
SemiNerd
5 / 5 (2) Aug 10, 2011
This would never work. If you did this, China would just start using whitelisting! Only allowing certain sites and blocking ALL others. Face it, China will control its population no matter what!

Remember that the internet isn't just used for surfing and personal use. Its also used by business. Significant restrictions like whitelisting would impact business in a big big way.
Osiris1
1 / 5 (3) Aug 10, 2011
Semi is right. The Chinese WANT to sell us their ill fitting shoes, sox that wear out in a day, and appliances that work well and are reliable but you can never get part for. They will not choke the chicken that feeds it. But they may start back-of-the-head shootin those in country customers of this system that it finds out about and placin' the rotting corpses in public squares as an 'example'. Nawww, they will skin 'em and sell the skin extract as collagens for western women's face creams. After all, they really need the money we send them for 'consumer goods' junk (our jobs sent to China by our rich to make them richer...tax free) in order to build super aircraft carriers and submarines and stuff for their invasion of our west coast....or of Mexico to link up with their drug cartel proxy army.
Techno1
3.4 / 5 (5) Aug 10, 2011
Osiris1:

Ironically, in spite of western fear mongering, China shows little evidence of being interested in invading anyone. I don't think they've gone on a sustained offensive in what? Thousands of years?

Example, U.S., Russia, and several other Nuclear states adopted a policy of "Assured Destruction".

China adopted a "minimum deterance" policy, whereby they made just a few nukes, and rely on the fear of just one nuke being used...This makes them less agressive than the allegedly morally superior west.

I'm not justifying any of the political oppressions going on there, not at all, but not everything you are led to believe by fearmongering ultra-conservatives is true.
that_guy
5 / 5 (5) Aug 10, 2011
This would never work. If you did this, China would just start using whitelisting! Only allowing certain sites and blocking ALL others. Face it, China will control its population no matter what!


You don't seem to understand the concept here.

You connect to a whitelisted site. Your connection request for the whitelisted site goes through a number of servers before you actually get the white listed site. One of those servers would be one that does proxy server work for this project. It sees that your request has a special, innocuous looking code on it, proxies your connection for you. All the while, your censoring govt believes you are still on the whitelisted site, because that is what this proxy server is saying about the now encrypted traffic.

Meanwhile, you are happily surfing for censored lolcat pictures and judas priest songs.
TechnoCore
not rated yet Aug 10, 2011
This is an awesome idea!
that_guy is right, since any connection between sites goes through a series of routers there is no way of telling if one of them intercepts the key, no matter if the site is white listed or not.
YouAreRight
5 / 5 (2) Aug 10, 2011
I thought the Tor project already dealt quite well with this issue.

https://www.torproject.org
cdt
not rated yet Aug 10, 2011
Brilliant though the idea is, I think this has to be seen as at best something that will tilt the tables only temporarily toward freedom of information. Don't ask me what the countering software will look like, but if China puts all their resources toward thwarting this attempt to thwart censorship I'm sure they'll eventually succeed.
RMcKenna
1 / 5 (1) Aug 11, 2011
Osiris1:

"Ironically, in spite of western fear mongering, China shows little evidence of being interested in invading anyone. I don't think they've gone on a sustained offensive in what? Thousands of years?
Osiris1:

"Ironically, in spite of western fear mongering, China shows little evidence of being interested in invading anyone. I don't think they've gone on a sustained offensive in what? Thousands of years?"

You might want to ask the Tibetans about their opinion on this.

In reference to the article it seems that this system would also provide another avenue for cyber attacks, either by hackers that managed to infiltrate a large number of ISP's or by governments that actively installed this software on the systems of a large number of ISP's within their borders.


You might want to ask the Tibetans about their opinion on this.
gwrede
2.3 / 5 (3) Aug 11, 2011
If I were the Minister of Censorship, I'd start by looking at the contents people receive. Receive the wrong kind of content and you're screwed. Similarly, possession of this software would be criminal. (Compare with the ridiculous Munitions laws of the US only a few years ago, when normal encryption programs were considered a Big No-No.)

But I think the easiest way to make the internet a better place would be to cut off the republicans.
physyD
2 / 5 (4) Aug 11, 2011
Dumb question but wouldn't it be easier for the powers that be to have their own program/virus (anti-virus software aside) to see if you've installed this software? If you have then they can assume you visit or attempted to visit censored sites.
jscroft
1.8 / 5 (4) Aug 11, 2011
I love it! The Internet is becoming the primary vehicle of economic activity worldwide. So... by reducing repressive governments to a question of either connecting to the WHOLE internet, or not, "overly" repressive governments become SELF-sanctioning.

That's brilliant.
that_guy
not rated yet Aug 11, 2011
I thought the Tor project already dealt quite well with this issue.

https://www.torproject.org

You understand the concept. The key here is that TOR/VPN traffic can be blocked. Also, if you are watching close enough, you can get information about the traffic if you own the last node (Even if you can't read the actual traffic) Also, TOR traffic can be broken by brute force attack if a country wanted to bad enough. TOR is very secure, but there are a few theoretical weaknesses.

This specific software uses the same kind of VPN network technology as TOR, but it is set up in a way as to not arouse suspicion - That is the specific innovation this has. If I'm on TOR, someone who's watching knows it - even if they aren't able to get into my data stream (Don't cross the streams!). With this software, it's set up to that the watcher might not realize that I am connecting to a VPN.
that_guy
5 / 5 (1) Aug 11, 2011
In a Nutshell:

With TOR traffic, you connect directly to your Proxy Server, which can be detected.

With this system, you 'connect' to a whitelist site, and the proxy server intercepts your traffic and sets up the proxy. This way an encrypted proxy is sent your way from offsite, but disguised as a secure connection to a 'legal' site.