Towards a Scalable Censorship-Resistant Overlay Network based on WebRTC Covert Channels
Diogo Barradas, Nuno Santos
Protozoa showed a way of making peer-to-peer covert channels using WebRTC, but left open the questions of how peers were to discover each other and establish trust, and what to do if you don’t directly know anyone with access to the free Internet. This paper sketches a design for a censorship-resistant overlay network (CRON) built on top of point-to-point Protozoa links. The overlay network could support censorship circumvention, as well as other applications such as a CDN, file system, or key–value database.
CRON takes advantage of an existing graph of social relationships. If Alice and Bob know each other, they can start a Protozoa chatroom and exchange information with each other directly. If Alice and Bob know each other, and Bob and Carol know each other, but Alice and Carol do not know each other, then Bob can facilitate a connection between Alice and Carol in one of two ways. As a rendezvous, Bob can create a chatroom and invite both Alice and Carol to it, and then Alice and Carol can correspond. Or, as a relay, Bob makes a chatroom with Alice and a separate chatroom with Carol, then copies information from one to the other. If the goal is censorship circumvention, many of these segments can be chained together in order to reach a user who is in a position to proxy to the outside network. If all the chatrooms are online at the same time, CRON supports real-time proxying; otherwise it can operate according to a delay-tolerant, store-and-forward model.
Section 4 considers countermeasures to various attacks. A censor might be suspicious of unusual WebRTC connection patterns, such as a user apparently being on two video calls at the same time, or unusual call durations. For this the authors suggest putting constraints on peer-to-peer communication, in either a passive mode, where communication only happens opportunistically during naturally occurring chatrooms, or an active mode, in which the software creates new chatrooms on demand, but tries to keep traffic features within expected parameters. A censor that is able to subvert the WebRTC signaling mechanism could inspect the decrypted purported media content and easily identify that Protozoa is in use (because Protozoa replaces encoded media with its own unrelated ciphertext). For this, the authors propose replacing Protozoa with keyed video steganography (which would eventually be realized as Stegozoa). To protect against infiltration of the social graph by a censor, the authors consider configurable trust settings for a user’s direct contacts.