规避审查系统的检测以及建议

the thesis is talking about:

• explain the censorship circumvention systems how to work.
• explain why censorship circumvention systems fail to achieve unobservability.
• present our recommendations for the design of unobservable communication systems

Parrot circumvention systems aim to achieve unobservability
by mimicking a widely used, uncensored target protocol.
for example

Skype
基于P2P覆盖网络的即时网络电话系统
1. Voice-over-IP (VoIP) system
based on a P2P overlay network of users running Skype
software.
2. A Skype supernode is a resource-rich user
with a public IP address and sufficient CPU, memory, and
network bandwidth [1, 5]. Supernodes relay media and
signals between clients that cannot communicate directly due
to network address translation (NAT) and firewalls.

IETF-based VoIP.
是扩展VoIP协议，有多个标准，例如连接VoIP的网络发现（network discovery）,
开启和接收拨号的会话控制，交流语音数据报的媒体传送

会话控制
Session Initiation Protocol (SIP) is a popular session
control protocol. SIP is an application-layer protocol and can
run over TCP or UDP. A SIP system comprises user agents,
location services, registrar servers, and proxy servers.

媒体传送(RTP,RTCP)
Once a VoIP session is established between two SIP
user agents, they use a media transmission protocol to
communicate the call traffic.

规避审查的系统

StegoTorus

可插拔的Tor传输。在Tor的客户端和桥增加了切分和速记式加密

The chopper aims to foil statistical
analysis by changing packet sizes and timings. It carries Tor
traffic over links comprised of multiple connections. Each
connection is a sequence of blocks, padded and delivered
out of order.
The steganography module aims to hide traffic contents by mimicking HTTP, Skype, and Ventrilo

对手模型

• 能力类别（被动攻击，积极攻击，前瞻性攻击）
• 知识类别
• 现实的监控者（长城防火墙）
• 规避审查的系统中的对手模型

规避审查的系统的一些要求

1. 模拟整个协议
2. 模拟对网络条件和错误的反应

搭建侦测环境

侦测Skype模仿，侦测StegoTorus系统

• 模仿不彻底，导致被被动攻击识别。imitation of Skype is incomplete and can thus be recognized even by low-cost, passive attacks
• 通过增加模仿Skype的行为来提高SkypeMorph和StegoTorus的版本。hypothetical improved versions of SkypeMorph and StegoTorus, designed specifically to
  imitate Skype behaviors that are missing in their current prototypes
• 提高版本是如何被积极攻击和前瞻性攻击识破的。

教训和建议

1. 了解对手是必须的，像StegoTorus等等系统虽然采用了专门的抵御大范围流量分析的方法，但是还是留下了一些微小可被识别的东西
2. 通过模仿来达到不被监测的方式基本上是不可取的。
3. 部分模仿比不模仿还要糟糕
4. 不去模仿，而是把信息运行在真正的协议上，比如把隐藏的信息移动到协议栈的更高处。