Kuedza: Maitiro ekuvanza kushandiswa kweTor kunzvenga zvivharo

Internet censorship inyaya iri kuramba ichikosha pasi rose. Izvi zviri kutungamira mukusimbaradza "mujaho wezvombo" sezvo masangano ehurumende nemasangano akazvimiririra munyika dzakasiyana achitsvaga kuvharidzira zvakasiyana siyana uye kunetsekana nenzira dzekunzvenga zvirambidzo zvakadaro, ukuwo vanogadzira uye vanoongorora vachiyedza kugadzira maturusi anoshanda kurwisa censorship.

Masayendisiti kubva kuCarnegie Mellon, Stanford University uye SRI International mayunivhesiti akaita kuyedza, panguva yavakagadzira sevhisi yakakosha yekuvharisa kushandiswa kweTor, chimwe chezvishandiso zvakakurumbira zvekunzvenga zvivharo. Tinokupa nyaya pamusoro pebasa rakaitwa nevatsvakurudzi.

Tor against blocking

Tor inovimbisa kusazivikanwa kwevashandisi kuburikidza nekushandiswa kweakakosha relay - ndiko kuti, maseva epakati pakati pemushandisi nesaiti yaanoda. Kazhinji, mareyi akati wandei anowanikwa pakati pemushandisi nesaiti, imwe neimwe inogona kuburitsa zvishoma chete data mupaketi inotumirwa - inongokwana kuti uwane iyo inotevera poindi mucheni uye utumire ikoko. Nekuda kweizvozvo, kunyangwe kana relay inodzorwa nevanorwisa kana censors ichiwedzerwa kune cheni, ivo havazokwanise kuziva iyo addressee uye kwainoenda kune traffic.

Tor inoshanda nemazvo senge anti-censorship chishandiso, asi macensors achiri kugona kuivharira zvachose. Iran neChina dzakaita zvirongwa zvekuvharisa zvakabudirira. Ivo vakakwanisa kuona Tor traffic nekutarisa TLS maoko ekubata uye mamwe akasarudzika maTor maitiro.

Zvadaro, vagadziri vakakwanisa kugadzirisa iyo system kuti ipfuure nekuvharira. Censors vakapindura nekuvharira HTTPS kubatana kune akasiyana saiti, kusanganisira Tor. Vagadziri veprojekiti vakagadzira iyo obfsproxy chirongwa, iyo inowedzera encrypts traffic. Makwikwi aya anoenderera mberi nguva dzose.

Yekutanga data yekuyedza

Vatsvagiri vakasarudza kugadzira chishandiso chinovhara kushandiswa kweTor, zvichiita kuti kushandiswa kwayo kugoneke kunyangwe munzvimbo dzakavharwa zvachose.

• Sekufunga kwekutanga, masayendisiti anoisa zvinotevera:
• Iyo censor inodzora yakasarudzika yemukati segment yetiweki, inobatanidza kune yekunze, isina uncensored Internet.
• Kuvharisa zviremera zvinodzora network yese network mukati mecensored network segment, asi kwete software pamakomputa ekupedzisira.
• Iyo censor inotsvaga kudzivirira vashandisi kuti vasawane zvinhu zvisingadiwe kubva pamaonero ake; zvinofungidzirwa kuti zvinhu zvese zvakadaro zviri pamaseva kunze kwechikamu chinodzorwa network.
• Marouter ari padenderedzwa rechikamu ichi anoongorora iyo isina kuvharwa data yemapakiti ese kuvharira zvisingadiwe uye kudzivirira mapaketi akakodzera kubva pakupinda mukati.
• Yese maTor relays ari kunze kweiyo perimeter.

Sei basa iri

Kuvanza kushandiswa kweTor, vaongorori vakagadzira iyo StegoTorus chishandiso. Chinangwa chayo chikuru ndechekuvandudza kugona kweTor kuramba otomatiki protocol kuongororwa. Icho chishandiso chiri pakati pemutengi uye yekutanga relay mucheni, inoshandisa yayo encryption protocol uye steganography modules kuita kuti zviome kuziva Tor traffic.

Padanho rekutanga, module inonzi chopper inouya mukutamba - inoshandura traffic kuita nhevedzano yemabhuraki ehurefu hwakasiyana, ayo anotumirwa kunze kwehurongwa.

Dhata yakavharidzirwa uchishandisa AES muGCM modhi. Musoro weblock une nhamba ye 32-bit sequence, minda miviri yakareba (d uye p) - izvi zvinoratidza huwandu hwe data, munda unokosha F uye 56-bit check field, kukosha kwayo kunofanira kuva zero. Hurefu hwevhavha hudiki 32 bytes, uye huwandu hunosvika 217+32 bytes. Kureba kunodzorwa ne steganography modules.

Kana chinongedzo chikasimbiswa, mashoma ekutanga eruzivo meseji yekubata ruoko, nerubatsiro rwayo sevha inonzwisisa kana iri kubata neiyo iripo kana nyowani yekubatanidza. Kana iyo yekubatanidza iri yemubatanidzwa mutsva, ipapo sevha inopindura nekubata ruoko, uye mumwe nemumwe wevatori vechikamu vanotora makiyi echikamu kubva mairi. Uye zvakare, iyo sisitimu inoshandisa rekeying meshini - yakafanana nekugoverwa kwekiyi yechikamu, asi mabhuroko anoshandiswa pachinzvimbo chekubata mameseji. Iyi nzira inoshandura nhamba yekutevedzana, asi haina kukanganisa ID yekubatanidza.

Kana vese vatori vechikamu mukutaurirana vatumira uye vagamuchira iyo fin block, chinongedzo chinovharwa. Kuti udzivirire kubva kurwiswa kwekudzokorora kana kuvharira kunonoka kuendesa, vese vatori vechikamu vanofanirwa kurangarira ID kwenguva yakareba sei mushure mekuvhara.

Iyo yakavakirwa-mukati steganography module inovanza Tor traffic mukati me p2p protocol - yakafanana nemashandiro anoita Skype mune yakachengeteka VoIP kutaurirana. Iyo HTTP steganography module inotevedzera isina kunyorwa HTTP traffic. Iyo sisitimu inoteedzera mushandisi chaiye ane yenguva dzose browser.

Kuramba kurwiswa

Kuti uedze kuti yakawanda sei nzira yakatsanangurwa inovandudza kushanda kweTor, vaongorori vakagadzira mhando mbiri dzekurwiswa.

Yekutanga yeiyi kupatsanura Tor hova kubva kuTCP hova zvichibva pane zvakakosha hunhu hweTor protocol - iyi ndiyo nzira inoshandiswa kuvharira hurongwa hwehurumende yeChina. Kurwiswa kwechipiri kunosanganisira kudzidza kwatozivikanwa maTor nzizi kuti utore ruzivo rwekuti ndeapi masaiti akashanyira mushandisi.

Vatsvaguri vakasimbisa kushanda kwerudzi rwekutanga rwekurwisa "vanilla Tor" - nekuda kweizvi vakaunganidza zvimiro zvekushanya kumasaiti kubva kumusoro 10 Alexa.com kamakumi maviri kuburikidza neyakajairwa Tor, obfsproxy uye StegoTorus ine HTTP steganography module. Iyo CAIDA dataset ine data pachiteshi 80 yakashandiswa sereferensi yekuenzanisa - zvinenge zvese izvi zvinongedzo zveHTTP.

Kuedza kwakaratidza kuti zviri nyore kuverenga yenguva dzose Tor. Iyo Tor protocol yakanyanyisa uye ine huwandu hwehunhu huri nyore kuverenga - semuenzaniso, kana uchiishandisa, TCP yekubatanidza inopera 20-30 masekondi. Iyo Obfsproxy chishandiso zvakare inoita zvishoma kuvanza idzi dziri pachena nguva. StegoTorus, zvakare, inogadzira traffic iri padyo neCAIDA referensi.

Panyaya yekurwiswa kwenzvimbo dzakashanyirwa, vaongorori vakafananidza mukana wekuburitswa kwedata muchiitiko che "vanilla Tor" uye yavo StegoTorus mhinduro. Chiyero chakashandiswa kuongororwa AUC (Nzvimbo iri pasi peCurve). Zvichienderana nemhedzisiro yekuongorora, zvakazoitika kuti mune yenguva dzose Tor pasina kumwe kuchengetedzwa, mukana wekuburitsa data nezve nzvimbo dzakashanyirwa wakakwira zvakanyanya.

mhedziso

Nhoroondo yekunetsana pakati pezviremera zvenyika dziri kuunza censorship paInternet uye vanogadzira masisitimu ekunzvenga kuvhara inoratidza kuti nzira dzekudzivirira dzakakwana chete dzinogona kushanda. Kushandisa chishandiso chimwe chete hakugone kuvimbisa kuwana iyo data inodiwa uye kuti ruzivo rwekupfuura chivharo haruzozivikanwa kune censors.

Naizvozvo, kana uchishandisa chero zvakavanzika uye zvemukati maturusi ekuwana, zvakakosha kuti usakanganwe kuti hapana mhinduro dzakakodzera, uye pazvinogoneka, batanidza nzira dzakasiyana kuti ubudirire zvakanyanya.

Zvishandiso zvinobatsira uye zvinhu kubva Infatica:

• Tsvagiridzo: Kugadzira block-resistant proxy sevhisi uchishandisa mutambo dzidziso
• Nhoroondo yekurwisa censorship: iyo flash proxy nzira yakagadzirwa nemasayendisiti kubva kuMIT neStanford inoshanda
• Maitiro ekunzwisisa kana ma proxies achinyepa: kusimbiswa kwenzvimbo dzemuviri dze network proxies uchishandisa inoshanda geolocation algorithm.
• Maitiro ekuzvivanza iwe paInternet: kuenzanisa sevha uye ekugara proxies

Source: www.habr.com