Researchers Develop No-Proxy Anonymity System

Monday, July 18, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

A research team at the University of Michigan headed by J. Alex Halderman and Ian Goldberg of the University of Waterloo has developed a prototype anonymity system called Telex which allows users to covertly access the Internet and avoid detection.

The development of the proxy-less system is in response to an increase in state-sponsored monitoring of Internet activities from totalitarian regimes in nations with active political opposition movements.

The innovative system utilizes stations deployed at ISPs that will reroute transmissions to banned websites by using specially tagged requests and non-banned https connections that prevent censors from even being aware of the prohibited traffic.

"The client secretly marks the connection as a Telex request by inserting a cryptographic tag into the headers. We construct this tag using a mechanism called public-key steganography. This means anyone can tag a connection using only publicly available information, but only the Telex service (using a private key) can recognize that a connection has been tagged," Halderman wrote in a blog post.

The system not only able to provide a level of anonymity similar to that provided by proxy systems, but will also prevent those monitoring the web from being able to see that a user is attempting to communicate in the first place.

Users would need to have specially designed Telex client on their computer which would issue the the requests and the required tags.

"As the connection travels over the Internet en route to the non-blacklisted site, it passes through routers at various ISPs in the core of the network. We envision that some of these ISPs would deploy equipment we call Telex stations. These devices hold a private key that lets them recognize tagged connections from Telex clients and decrypt these HTTPS connections. The stations then divert the connections to anti­censorship services, such as proxy servers or Tor entry points, which clients can use to access blocked sites. This creates an encrypted tunnel between the Telex user and Telex station at the ISP, redirecting connections to any site on the Internet," Halderman continued.

The Telex system would employ proxy servers that do not use known IP addresses that can be monitored by authorities.

"The kernel of the idea was to do something in the middle of the network. Working out how to do it with the ISPs is one of the hard parts. It was an idea that had a lot of contours that needed to be thought out and fleshed out because it is so different from the existing proxy-based tools out there," Halderman said in an interview with ThreatPost.

The experimental system has proven successful for several months in a laboratory setting, and the researchers plan to unveil their findings at the Telex at Usenix Security 2011 in August.

Source:  http://threatpost.com/en_us/blogs/researchers-develop-proxy-less-anonymity-system-071811

Possibly Related Articles:
14952
Privacy
Encryption Research Proxy Headlines ISP Steganography Censorship Anonymity Telex
Post Rating I Like this!
591052017c12c3277d83b0b437c13302
Tom Coats Well it isn't TOR but it is still a proxy scheme, and doesn't the provider have the possibility of tracking your activity??? Either I am confused or this isn't really such a great advance.
1311057714
44a2e0804995faf8d2e3b084a1e2db1d
Don Eijndhoven No, from the somewhat meager information in the article I would agree with you Tom. It doesn't sound particularly new or innovative. In fact, involving ISP's in the matter severely hampers the whole anonymity thing, doesn't it? Even the TOR dev's warned people for this eventuality with their tool and they're quite experienced in this sort of thing.

Im sceptical. I'd like to see more.
1311080569
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.