Researchers Develop ‘End-to-Middle’ Proxy System to Evade Censorship

As state-level censorship continues to grow in various countries around the globe in response to political dissent and social change, researchers have begun looking for news ways to help Web users get around these restrictions. Now, a group of university researchers has developed an experimental system called Telex that replaces the typical proxy architecture with a scheme that hides the fact that the users is even trying to communicate at all.

As state-level censorship continues to grow in various countries around the globe in response to political dissent and social change, researchers have begun looking for news ways to help Web users get around these restrictions. Now, a group of university researchers has developed an experimental system called Telex that replaces the typical proxy architecture with a scheme that hides the fact that the users is even trying to communicate at all.

The Telex system is the work of J. Alex Halderman and two other researchers at the University of Michigan, and Ian Goldberg of the University of Waterloo, and it has a couple of fundamental differences from other anti-censorship or anonymity tools such as Tor or proxy networks. The key innovation in Telex is that it uses “stations” installed at ISPs to recognize and reroute specially tagged requests from clients trying to reach censored sites.

Those requests also are completely hidden from censors because it is part of an established HTTPS connection to a benign site that the censor or government allows. That connection is used as a red herring to prevent the censor from even seeing the other connection request. Each user would have a copy of the Telex client on his or her machine, which would generate the requests and insert the secret tags in them.

“The client secretly marks the connection as a Telex request by
inserting a cryptographic tag into the headers. We construct this tag
using a mechanism called public-key steganography. This means anyone can
tag a connection using only publicly available information, but only
the Telex service (using a private key) can recognize that a connection
has been tagged,” Halderman, an assistant professor at Michigan, wrote in a blog post announcing Telex.

“As the connection travels over the Internet en route to the
non-blacklisted site, it passes through routers at various ISPs in the
core of the network. We envision that some of these ISPs would deploy
equipment we call Telex stations. These devices hold a private key that
lets them recognize tagged connections from Telex clients and decrypt
these HTTPS connections. The stations then divert the connections to
anti­censorship services, such as proxy servers or Tor entry points,
which clients can use to access blocked sites. This creates an
encrypted tunnel between the Telex user and Telex station at the ISP,
redirecting connections to any site on the Internet.”

Governments and other orgnaizations interested in censoring the sites that their users can access have become quite adept at detecting circumvention methods and finding the addresses of the proxy servers that other anonymity systems use, making it difficult–and in some cases, dangerous–for people to use them. Telex is designed to help alleviate this problem by using proxy servers that for all intents and purposes don’t have public IP addresses that are discoverable by outsiders.

“The kernel of the idea was to do something in the middle of the network,” Halderman said in an interview. “Working out how to do it with the ISPs is one of the hard parts. It was an idea that had a lot of contours that needed to be thought out and fleshed out because it is so different from the existing proxy-based tools out there.”

Goldberg, of the University of Waterloo in Canada, is the former chief scientist at Zero-Knowledge Systems, creators of the pioneering privacy and anonymity system, Freedom.

The Telex system is in the experimental stage, but Halderman wrote that he and his fellow researchers have been using it via a Telex station in their lab for a few months now and it’s worked as designed. The researchers, who also include Halderman’s graduate students Eric Wustrow and Scott Wolchok, plan to present their research on Telex at Usenix Security 2011 next month.

Suggested articles