FORBES - Keeping secrets on the web in a country as digitally repressive as Iran isn’t easy. But as Iran tightens the screws on its Web censorship, the hackers at the anti-censorship Tor project are working on something harder: Keeping secret the act of keeping secrets.
Ahead of the anniversary of Iran’s revolution Saturday, the country’s government has locked down its already-censored Internet, blocking access to many services and in some cases cutting off all encrypted traffic on the Web of the kind used by secure email, social networking and banking sites.
In response, the information-freedom-focused Tor Project is testing a new idea: Encrypted connections that don’t look encrypted. To skirt the so called “deep packet inspection” filters Iran’s government has deployed to block all Secure Sockets Layer and Transport Layer Security (SSL and TLS) encryption that protesters might use to communicate privately, Tor is trying a new kind of bridge to the Web, one the group is calling “obfsproxy,” or obfuscated proxy.
Tor executive director Andrew Lewman says the idea is to “make your Ferrari look like a Toyota by putting an actual Toyota shell over the Ferrari,” where the Toyota is normal communications and the Ferrari underneath is the encrypted communications. “Basically, say you want to look like an XMPP chat instead of SSL,” he writes to me, referring to a protocol for instant messaging as the decoy for the encrypted SSL communications. “Obfsproxy should start up, you choose XMPP, and obfsproxy should emulate XMPP to the point where even a sophisticated [deep packet inspection] device cannot find anything suspicious.”
Lewman warns that obfsproxy is in a “super alpha” stage of development, and in its current form might only last a short time before Iran finds a way to detect the obscured encrypted communications. The tool currently only obscures SSL and TLS as the SOCKS protocol used by proxy servers, but in the future, he hopes it will be able to impersonate any sort of traffic, including HTTP or instant messages.
In addition to its crackdown on encryption, sources inside Iran are reporting that the country is blocking access to sites including Gmail, Hotmail, and Yahoo! using its traditional IP blocking technology. Tor typically circumvents that censorship technique by routing Internet traffic through a series of volunteers’ computers around the world, and in recent years using a collection of more secret encrypted “bridge” connections that relay users’ traffic to that network. Between 50,000 and 60,000 users in the country use Tor daily.
But the country’s efforts to block all SSL and TLS traffic put that strategy at risk. Hence the group’s efforts to prevent the government’s censors from distinguishing its encrypted traffic from normal traffic with the new obfsproxy tool.
Lewman says that despite a few bugs, the early users of obfsproxy report that it’s “working well in-country.”
In the mean time, Tor is looking for technically-skilled users to run obfsproxy bridges to give Iranians a path to the uncensored web. “This kind of help is not for the technically faint of heart but it’s absolutely needed for people in Iran, right now,” wrote Tor developer Jacob Appelbaum in an email to the Tor Talk mail list.
Read Appelbaum’s full message asking for obfsproxy volunteers here, and read a full technical desription of how obfsproxy works here.