After the huge chemical explosion in Tianjin, China, this month, two cleanup efforts began. Amid the wreckage, first responders rescued people and doused fires. On the Web, China’s censors began deleting content suggesting the government could have done more to prevent or contain the disaster. Hundreds of websites and social-media accounts have now been shut down.
Improved censorship technology has made it harder for people in countries such as China, Iran, and Syria to bypass Internet controls and access uncensored information and services. Governments can now block anticensorship tools such as the Tor anonymity network or encrypted VPN connections, for example. But a new censorship evasion tool called Marionette may help reverse that trend.
Marionette helps Internet traffic that would normally be blocked masquerade as ordinary, permitted online behavior. It can be configured to make your activity emulate just about any type of “innocent” activity, such as online gaming or Skype, by analyzing samples of that kind of traffic. Marionette can even be programmed to respond in the right way to maintain its cover if actively probed by a censorship computer system, a tactic China sometimes uses to investigate suspicious connections before blocking them.
“It sort of levels the playing field,” says Scott Coull, a security researcher with security firm RedJack, who helped develop Marionette. “If China is updating its censorship, you can adapt, too.”
Coull hopes that Marionette will one day be integrated into the anonymity network Tor or the censorship evasion tool Lantern—two systems backed by the U.S. government and used by activists, government workers, and NGOs. He’s already talked with Tor developers about Marionette’s open-source code. The system was introduced in a paper at the USENIX Security conference in Washington, D.C., this month, and developed by Coull with Kevin Dyer and Thomas Shrimpton of Portland State University.
The chameleon approach to hiding Internet traffic has been tried before, but Marionette is a more flexible and accurate mimic. Tor already supports a censorship evasion method called Format Transforming Encryption, or FTE, which adjusts some properties of the data sent out by a computer to make them resemble a particular format, like that used by Skype. But FTE doesn’t tweak every facet of the data a censorship system might look for, or re-create the variation in the stream of data that someone truly using Skype or browsing the Web would produce, says Coull.
Marionette can do that, if properly programmed. And it can respond in the right way to maintain the illusion if probed by the kind of equipment used in some censorship systems to check suspect connections. Coull hopes that people will start creating and sharing settings for his tool so that just about anyone can pick one ready-made and hide from censorship.
Phillipa Gill, an assistant professor at Stony Brook University, is working on her own chameleon-style censorship system, which smuggles data by manipulating online games such as StarCraft. She says that Marionette’s flexibility introduces a useful new design for censorship tools. “There is a censorship arms race – tools like Tor come up with new ideas and then the censors respond to that,” she says. “Making your tools more evolvable like this is an interesting idea.”
However, Gill notes that going from a new idea to something that developers of tools such as Tor can offer to people takes time. “They need validation before you give it to people in countries where they could get arrested for using it,” she says.