hides Web access
Ted Smalley Bowen,
Technology Research News
The ringing declaration that information
wants to be free often bounces off a hard reality -- the free flow of
information can attract interference. The reality online is that censorship
and surveillance are widespread and growing.
The everyday flow of ordinary Internet traffic, however, could provide
cover for political dissidents, whistleblowers, or anyone else who wants
to access censored information online without the activity being recorded
or blocked by others.
Researchers from the Massachusetts Institute of Technology have come up
with a scheme that could guarantee users access to data in such a way
that their actions could not be monitored.
The development follows an age-old pattern. Strictures on communication
traditionally provoke workarounds, from prisoners tapping on cell bars
to con men gaming early telegraph systems to get the jump on stock market
or horse race results.
Latter-day examples have played out on the Internet for years. Proxy software
allows users to surf anonymously, covering virtual tracks by masking Internet
Protocol addresses and other personal information; and the Web's hypertext
transfer protocol -- HTTP -- allows users to encrypt requests for information.
But these solutions have not proved watertight.
Proxy software, which serves as an intermediary to let people access Web
pages anonymously, can draw attention and be blocked by censorship software.
Common security protocol software can also fail to protect users' identities,
and it can be stymied by firewall software.
The MIT researchers' scheme, dubbed Infranet, allows Internet users to
navigate using standard hypertext transfer protocol without being noticed.
The key to the scheme's ability to allow users to avoid monitoring is
that it handles covert communications without adding a conspicuous amount
of traffic. To be useful, a covert Internet communications system needs
to cloak transmissions well enough to foil most would-be detectors, but
must also be efficient enough to permit reasonably speedy browsing.
Infranet consists of software for Web servers and browsers. The scheme's
responder software runs on public Web servers that store or are able to
access data that is blocked or banned for some parts of the Web. Its requester
software runs on systems seeking secure access to that data.
The software employs a transmission cloaking method, tried-and-true public-private
key and shared session key encryption mechanisms, and existing data-hiding
Public-private key encryption allows anyone to use a receiver's freely-available
public key to encrypt a message so that only the receiver's private key
can decrypt the message and access its contents.
A shared session key is a single key that can be used to decrypt the messages
it was used to encrypt.
To gain access to blocked data using Infranet, the requester begins a
session by sending a shared session key using a responder's public key.
"As long as either the requester or responder know how to communicate
with the other initially, they can come to agreement on the session key,"
said Nick Feamster, a researcher at MIT's Laboratory for Computer Science.
The responder then uses the session key to send code to the requester
that translates hypertext transfer protocol traffic into a kind of alphabet
that will allow the requester to hide ensuing transmissions to the responder
within ordinary requests for non-censored Web pages.
This coded alphabet is made up hypertext transfer protocol requests for
pages on the responder's Web site, and the code is different for each
requester. A request for a covert Web page consists only of a series of
requests for permissible Web pages on the server.
The order and timing of the requests for openly available pages determines
the covert request. "If the requester and responder agree on how visible
HTTP traffic maps to hidden messages, then everything works," said Feamster.
The responder uses the shared session key to encrypt the requested information,
uses separate data-hiding techniques to embed the encrypted information
in non-censored material, and sends that material to the requester as
ordinary hypertext transfer protocol traffic.
The scheme currently calls for hiding the data served to the requester
in JPEG's, one of several types of image files that can be transferred
using the hypertext transfer protocol. In theory, responders can hide
data in many types of files served up by Web computers, including MPEG
video streams, said Feamster. "Our basic philosophy is to leverage existing
steganography and data hiding techniques for the downstream communication,"
he said. In downstream communication served to the requester, "we're dealing
with a pretty traditional data hiding problem," he said.
Although the researchers chose to conceal the requested information in
JPEGs, and embed requests in the order and timing of hypertext transfer
protocol requests, the method could work with any number of bi-directional
communications, said Feamster. "Many possibilities exist: instant messaging,
news feeds, stock tickers, satellite radio, online games, just to name
a few," said Feamster.
The main qualification of a suitably innocuous scheme is that the communications
be largely unidirectional, with more downstream than upstream traffic.
The cloaked requests need only contain small amounts of information, while
the responses pack the censored data into larger, more ordinary files
that are openly sent to the requester. This fits well with the uneven
nature of most Web communications: requests for data typically require
much less bandwidth than serving up that data.
The researchers tested Infranet by subjecting it to passive attacks by
monitors that logged all transactions and packets passing through a given
segment of the Internet, and to active attacks by detection schemes that
mimicked Infranet systems.
The process of covertly requesting and then serving up data hidden within
other files turns out to be reasonably efficient. Half of the researchers'
tested requests fit in six or fewer served files, and 90 percent of the
requests required ten or fewer files. The requested files could be concealed
in typical Web images by adding about 1 kilobyte of hidden data to each
ordinary transmission, which typically range between 5 and 50 kilobytes.
One potential drawback of with this type of scheme is that users might
suspect that the scheme itself is a surveillance tool. This can probably
be addressed by including existing mechanisms that ensure that users can
trust downloaded software, Feamster said.
Another issue is how to conceal the initial download of the Infranet software,
a problem the researchers are currently addressing, said Feamster. Physically
distributing the software via disks is one way to minimize the risk of
For a scheme like Infranet to succeed, the responder software would have
to be installed on a considerable number of public Web servers. "We're
thinking of starting with something on the order of 50 to 100," Feamster
said. If the responder software were bundled with a Web server like Apache,
active participants would be much harder to detect, according to Feamster.
The researchers' requester prototype is an Apache module.
"The trick is that you need to allow clients to discover the responders,"
Feamster said. "But if it's too easy to discover all of them, the censor
can simply block them. Thus, we have to have enough to make it difficult
for the censor to keep up with where all of the responders are."
In the cat-and-mouse contest that pits censorship and surveillance against
the free flow of information, time works against such schemes, according
to Avi Rubin, a secure systems researcher at AT&T Labs. "[It] illustrates
an arms race. Once the adversary, in this case, a censoring government,
knows about Infranet and how it works, they can attempt to detect and
block it," he said.
Infranet is an impressive, novel scheme, said Rubin. "This is a big step
forward towards evading that kind of censorship," he said. "It's actually
going to be a bit of work for the censoring bodies to counter this, so
it forces them to put in some additional effort, thus raising the cost
Infranet could probably be optimized to allow more information to be exchanged
without detection, Rubin said. "They could eventually develop high-bandwidth
covert channels," he added.
Feamster's MIT colleagues were Magdalena Balazinska, Greg Harfst, Hari
Balakrishnan, and David Karger. The researchers presented the work at
the 11th USENIX Security Symposium in San Francisco, August 5 through
Timeline: < six months
TRN Categories: Computers and Society; Computer Science;
Cryptography and Security; Internet
Story Type: News
Related Elements: Technical paper, "Infranet: Circumventing
Web Censorship and Surveillance," Proceedings of the 11th USENIX Security
Symposium, San Francisco, California, August 5-9, 2002 (www.usenix.org/publications/library/proceedings/sec02/feamster.html)
Integrated biochips debut
Metal mix boosts batteries
Plastic tag makes foolproof
Scheme hides Web access
Small jolts move
Research News Roundup
Research Watch blog
View from the High Ground Q&A
How It Works
News | Blog
Buy an ad link