The Parrot Is Dead: Observing Unobservable Network Communications

  • Authors:
  • Amir Houmansadr;Chad Brubaker;Vitaly Shmatikov

  • Affiliations:
  • -;-;-

  • Venue:
  • SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

In response to the growing popularity of Tor and other censorship circumvention systems, censors in non-democratic countries have increased their technical capabilities and can now recognize and block network traffic generated by these systems on a nationwide scale. New censorship-resistant communication systems such as Skype Morph, Stego Torus, and Censor Spoofer aim to evade censors' observations by imitating common protocols like Skype and HTTP. We demonstrate that these systems completely fail to achieve unobservability. Even a very weak, local censor can easily distinguish their traffic from the imitated protocols. We show dozens of passive and active methods that recognize even a single imitated session, without any need to correlate multiple network flows or perform sophisticated traffic analysis. We enumerate the requirements that a censorship-resistant system must satisfy to successfully mimic another protocol and conclude that "unobservability by imitation" is a fundamentally flawed approach. We then present our recommendations for the design of unobservable communication systems.