The advent of the Internet has been a great boon to activists and political dissidents worldwide, allowing many to share information, connect and organize on a much larger scale than previously possible. Global movements like Occupy and the Arab Spring were largely sustained by the tools offered by social media outlets such as Twitter and Facebook, facilitating rapid communication between ordinary citizens and giving them unprecedented opportunities to speak out and mobilize with ease. Not surprisingly, a number of countries with oppressive regimes are trying to discourage popular uprisings at home and the free flow of information by suppressing these tools, through online surveillance and censoring certain websites.
But blocking access to websites doesn’t stop people from finding other ways to get around, and in recent years a number of techniques and tools are being developed to help netizens circumvent government censorship of the Internet. In addition to using web mirrors, archive sites, alternate DNS servers, proxy websites, virtual private networks (VPNs), and sneakernets, a whole horde of anti-censorship software has emerged to camouflage online activity that would normally be forbidden by countries like China, Iran and Syria. With names like ScrambleSuit, FreeWave and Dust, each of these censorship evasion systems differ in their approach and implementation, which can range from using randomization, to tunneling or mimicking permitted protocols.
But some of these programs don’t adapt well to ever-evolving censorship strategies. So in an effort to overcome some of the limits to these programs, security researchers Scott Coull of RedJack, Thomas Shrimpton and cryptography professor Kevin Dyer of Portland State University, are developing Marionette, an open source “network-traffic obfuscation system” that allows users to re-configure it according to their own needs, without having to re-program or re-design the underlying system.
Programmable and Flexible Anti-censorship Tool
Here’s how Marionette works: the system is based on a “powerful type of probabilistic automata” that enables users to disguise any banned online activity by utilizing samples of permitted activity — say, online gaming — as a smokescreen of sorts to hide the true nature of the protocol being sent. It’s a bit of a flexible, all-in-one alternative, without the shortcomings of similar software (see chart below).
Marionette’s system is capable of simultaneously controlling encrypted traffic features, from “ciphertext formats to stateful protocol semantics and statistical properties,” meaning that it can be programmed to imitate any number of features currently offered by other popular obfuscation systems. To make things easier, it’s also written in a “user-friendly domain specific language (DSL), which enables rapid development and testing of new obfuscation strategies that are robust and responsive to future network monitoring tools.”
In a paper recently published during the USENIX Security Conference, the team emphasized one of the major advantages of Marionette: it can be adapted to suit the user’s unique network environment, and programmed to respond in a way that won’t arouse suspicion if government censor systems actively probe a questionable connection. Marionette sets itself apart from the rest because it is a flexible tool that can be tailored to the needs of the moment, writes the team:
The primary goal of Marionette, therefore, is not to develop a system that implements a single obfuscation method to defeat all possible censor strategies, but instead to provide the user with the ability to choose the obfuscation method that best fits their use case in terms of breadth of target protocols, depth of controlled traffic features, and overall network throughput.
The team is hoping that established anonymity networks like Tor or censorship evasion tool Lantern will adopt Marionette, while the open-source nature of the system will allow individual netizens and developers to tweak and publicly share their anti-censorship settings with others looking for quick, restriction-thwarting presets. It may take time to be widely embraced, but tools like Marionette are essential to global Internet freedom. In a world where game-changing information is now just a click away, determined and proactive users will somehow resist government-imposed censorship, one way or another. More over at Technology Review, and check out Marionette on GitHub or read the full paper here.