Hah! I was wondering when someone was going to start throwing parse tree differentials at regex-based DPI.
Obviously the next step in the arms race is DPI systems that use correct parsers, but this is hard to do at wire speed. For now, anyway. Cheers, --mlp On Mon, Jan 27, 2014 at 09:50:02AM -0800, coderman wrote: > https://kpdyer.com/publications/ccs2013-fte.pdf > and > https://fteproxy.org/about > """ > Format-Transforming Encryption (FTE) is a novel cryptographic > primitive that extends traditional encryption... FTE takes a key, > message and format (a compact set descriptor) as input and outputs a > ciphertext in the format set. As an example, a format may describe the > set of valid HTTP messages. > > fteproxy bootstraps FTE to relay arbitrary data streams. In turn, this > enables fteproxy to use a regular expression that captures an > uncensored protocol (e.g., HTTP), then employ fteproxy to tunnel a > censored protocol (e.g., Tor, TLS, SSH, etc.) To the network monitor, > traffic looks like HTTP, even though it's actually a censored > protocol. > """ > > > git clone https://github.com/kpdyer/fteproxy.git fteproxy-unstable > cd fteproxy-unstable > make > ./bin/fteproxy
