Tor Arms Race

Iran blocks Tor, and Tor releases a workaround on the same day.

How did the filter work technically? Tor tries to make its traffic look like a web browser talking to an https web server, but if you look carefully enough you can tell some differences. In this case, the characteristic of Tor's SSL handshake they looked at was the expiry time for our SSL session certificates: we rotate the session certificates every two hours, whereas normal SSL certificates you get from a certificate authority typically last a year or more. The fix was to simply write a larger expiration time on the certificates, so our certs have more plausible expiry times.

Posted on September 26, 2011 at 6:41 AM • 18 Comments

Comments

Dom De VittoSeptember 26, 2011 7:38 AM

Hmmm,

Frankly, I'm surprised they just don't use certificates that are copies (with minimal changes) of well-known sites - rather than creating wholly new certs and trying to make them 'look right'.

PaeniteoSeptember 26, 2011 7:55 AM

@Dom De Vitto:
I would think that a "near perfect copy" of a well-known certificate would be easier to spot than a certificate for somewebsitethecensorshipsystemhasneverseenbefore.com.

Clive RobinsonSeptember 26, 2011 8:49 AM

All information leaks information, even an absence of information leaks one bit (ie nobodies talking currently). That is all information acts as meta-information about other information.

Since the likes of traffic analysis started (in WWII) the question has been can your enemy glean more information than you want them to from any information. That is can they workout what the meta-information is.

In this case one piece of information (expiry time) correctly gave rise to the meta-information that it was used for Tor traffic. Which begs the question how much more visable metayinformation is there to be had either from an individual message item or from the usage nature of the node etc.

Or to put it another way can the mouse out smart the cat, by making the cheese on it's whiskers smell like dog food ;)

Nick PSeptember 26, 2011 11:17 AM

@ Clive Robinson

"Since the likes of traffic analysis started (in WWII) the question has been can your enemy glean more information than you want them to from any information. That is can they workout what the meta-information is."

That's actually my thoughts on the matter too. I haven't ever done a thorough traffic analysis on Tor sessions but I figured they would behave significantly different from normal HTTPS sessions. At the least, it should be easy for a nation state to identify potential Tor traffic, confirm it with a more targeted approach, and then punish the user.

LucasSeptember 26, 2011 11:23 AM

You couldn't copy a well known site's certificate because the private key is unknown. And if you self-signed and copied the metadata, it wouldn't be any more disguised than if it were for any other hostname.

The best Iran could do is onlyto permit an SSL session if the certificate exchange involves certificates signed by root CAs they whitelist.

But then Tor could use plain HTTP and do some tricks. For example, convert the key exchange and later, the ciphertext to base64 and spread out the characters within plain text documents. It would blend right in with regular HTTP traffic.

eve_wears_a_badgeSeptember 26, 2011 1:48 PM

I'd be surprised if Iran just doesn't run tor exit nodes and inject js code that detects the clients ip address for HTTP sessions. Attempting to do this sort of filtering seems like the silly request of someone that doesn't understand network security.

Am I wrong in thinking that state/corporate terror has been more effective than firewalls?

vwmSeptember 26, 2011 2:26 PM

@eve: How can they be sure to attract the traffic, they are actually interested in (and not just relay a huge load of not-at-all-ḥalāl pictures and videos for western infidels)? Guess why TOR (besides other things) discourages the use of active scripting and advocates the use of https?

belornSeptember 26, 2011 2:54 PM

@eve: The traffic Iran is interested in is what get sent from Iran, and what get accessed by people inside Iran. In either case, the only tor node that Iran has a sure possibility to find is a tor entry node. The exit node can be anywhere in the world, and any exit nodes Iran makes has to compete with everyone else for the traffic.

AnonSeptember 26, 2011 4:59 PM

@Moderator

Given the URL & generic comment matching the URL I strongly suspect that Theresa's comment above is comment SPAM

go2nullSeptember 26, 2011 5:40 PM

@Theresa - seems like the spammer's site has been spammed as well :-)

Or maybe they used the same engine to generate favourable comments.

Either way, it's a fun read.

Network GestapoSeptember 26, 2011 6:57 PM

Ah, the good ol' days, when Tor SSL certificates simply said "Tor" in the organization name.

Much easier to filter!

PaeniteoSeptember 27, 2011 3:13 AM

@eve: "inject js code that detects the clients ip address for HTTP sessions"

I wonder how such a code would work given that all Javascript network accesses must run through TOR as well.
Any links describing such techniques?

JonSeptember 28, 2011 2:16 PM

I'm wondering why nobody has pointed out the problem with the duration of SSL certifications.

Why do they last a year or more? To save time downloading them again? At broadband speeds, that's completely irrelevant, and as our heroes(?!) at Diginotar showed us, excessive duration is simply a bigger window for a crook to jump in through.

J.

Dirk PraetSeptember 28, 2011 7:02 PM

Kudos to a non-profit organisation like Tor to catch up that fast, knowing that many commercial big corps react much slower. (Did anybody say Siemens ?)

Although I'm not in Iran, I upgraded immediately to the new version. While I was at it, I did the same with my I2P and Freenet stacks, including most of their plugins. It would be kinda nice if someone would develop a couple of social media plugins (Twitter, Facebook) for both, allowing to interact with them in a safe way, thus creating yet another headache for repressive governments, spy agencies and the media's own management alike.

PaeniteoSeptember 29, 2011 6:21 AM

@Chris Thompson:
> the injected JS was used to create a
> steady tick of timing information

That's quite interesing, thanks for the link.

> Since the JS is run client-side, it could
> potentially gather their normal IP address

Yes, I knew about the "could potentially"...
I was more interested in maybe replacing it with "actually can" or "in reality cannot". ;-)

atkSeptember 29, 2011 3:14 PM

Regarding running your own exit node: if the user is connecting to an authenticated, TLS protected webserver, then the traffic seen on the exit node will be encrypted and unavailable to Iran. That means that the user must only use "safe" certificates, (for some definition of safe).

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..