Trying to get out in front of what they call a censorship arms race, a team of researchers has come up with technology that lets users exchange messages through heavily censored networks in countries such as China and North Korea in hidden channels via user-generated content sites such as Twitter or Flickr.
Researchers with the Georgia Tech School of Computer Science will demo the technology known as Collage for the first time at next month's Usenix security conference and ideally have a working package the public can download by the end of August. The researchers will have a test version of the Collage tool here.
Collage has two components: a message vector layer for embedding content in cover traffic; and a rendezvous mechanism to allow parties to publish and retrieve messages in the cover traffic, according to one of the Collage authors Sam Burnett, a researcher with Georgia Tech.
Burnett says Collage isn't designed for mega-downloads of videos or large files but rather is directed at getting blog posts and other smaller missives through censored sites. "Text messages for most people would be the perfect amount," Burnett said.
Collage uses user-generated content as "drop sites" for hidden messages, the researchers state in their paper on the system. "To send a message, a user embeds it into cover traffic and posts the content on some site, where receivers retrieve this content using a sequence of tasks. Collage makes it difficult for a censor to monitor or block these messages by exploiting the sheer number of sites where users can exchange messages and the variety of ways that a message can be hidden," they state.
Technically speaking Collage is written in Python and uses an image steganography tool called Outguess for hiding content in images and a text steganography tool called Snow for embedding content in text. "We recognize that steganography techniques offer no formal security guarantees; in fact, these schemes can and have been subject to various attacks," the researchers noted.
Steganography has been in the news this month as it was one of the techniques allegedly used by the Russian spy ring (that was today swapped with US spies) to hide messages and retrieve them from images on Web sites.
According to Burnett and his fellow researchers, Collage's 650-line Python library handles the logic of the message layer, including the task database, vector encoding and decoding, and the erasure coding algorithm. To execute tasks, the library uses Selenium, a popular web browser automation tool; Selenium visits web pages, fills out forms, clicks buttons and downloads vectors. Executing tasks using a real web browser frees us from implementing an HTTP client that produces realistic Web traffic.
Burnett says it is possible, in fact likely that upon discovering Collage messages, censors will take the steps towards disrupting communications channels through the firewall-perhaps by mangling content, analyzing joint distributions of access patterns, or analyzing request timing distributions.
Collage's success lies on a censor's unwillingness to block large quantities of legitimate content. "We believe that its underpinnings-the use of user-generated content to pass messages through censorship firewalls-will survive, even as censorship techniques grow increasingly more sophisticated," the researchers stated.
Follow Michael Cooney on Twitter: nwwlayer8
Layer 8 Extra
Check out these other hot stories: