Cryptology ePrint Archive: Report 2012/494

Format-Transforming Encryption: More than Meets the DPI

Kevin P. Dyer and Scott E. Coull and Thomas Ristenpart and Thomas Shrimpton

Abstract: Nation-states and other organizations are increasingly deploying deep-packet inspection (DPI) technologies to censor Internet traffic based on application-layer content. We introduce a new DPI circumvention approach, format-transforming encryption (FTE), that cryptographically transforms the format of arbitrary plaintext data (e.g. packet contents) into specified formats that are designed to bypass DPI tests. We show how to build a general-purpose FTE system, in which these formats are defined compactly by families of regular expressions. Moreover, we specify and implement a full FTE record-layer protocol.

We exhibit formats that are guaranteed to avoid known filters, and give a framework for learning formats from non-censored HTTP traffic. These formats are put to use in our FTE record layer, to explore trade-offs between performance and steganographic capabilities. As one example, we visit the top 100 Alexa webpages through an FTE tunnel, incurring an average overhead of roughly 5%.

Category / Keywords: applications / applications, censorship, censorship circumvention, deep-packet inspection, implementation, information hiding, regular expressions, secret-key cryptography, steganography

Date: received 28 Aug 2012, last revised 4 Sep 2012

Contact author: kdyer at cs pdx edu

Available formats: PDF | BibTeX Citation

Version: 20120904:151109 (All versions of this report)

Discussion forum: Show discussion | Start new discussion