Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Telex - A Radical New Approach to Bypass Security

Published: 2011-08-14
Last Updated: 2011-08-14 22:59:18 UTC
by Guy Bruneau (Version: 1)
3 comment(s)

This radical new process was presented at the USENIX Security Symposium last Friday and according to its authors has the potential to turn the entire web into a giant proxy server. "Telex is markedly different from past anticensorship systems, making it easy to distribute and very difficult to detect and block."[1]

This is still a concept rather than a full production system but so far the tests conducted with proof-of-concept software by the researchers had encouraging results. According to the Telex website, "The client secretly marks the connection as a Telex request by inserting a cryptographic tag into the headers. We construct this tag using a mechanism called public-key steganography. This means anyone can tag a connection using only publicly available information, but only the Telex service (using a private key) can recognize that a connection has been tagged."[1]

In order for Telex client to reach a blacklisted site, it needs to use a ISP Telex station that holds a private key that recognize the client Telex connections, decrypt the data and divert the connection to an anti-censorship service such as proxy servers or Tor to access the blocked site. The end result is an encrypted tunnel between the Telex client and an ISP station reaching any sites on the Internet.

A paper published by computer science researchers at The University of Michigan and Waterloo is available here. For updates, source code and an online demonstration, visit their website.[2]

If Telex works as advertized, it has the potential of bypassing current technologies deployed in an organization. How can we prevent a client from accessing this friendly ISP station? Application whitelisting might work, another option might be finding and blocking "friendly ISP" but seems like an impractical proposition. What else do you think could be done to prevent a Telex client from leaving a corporate network to access a Telex ISP station?

[1] https://telex.cc
[2] http://www.scribd.com/doc/60268543/2011-Telex-Anti-Censorship-in-the-Network-Infrastructure
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

 

Keywords: Proxy Telex
3 comment(s)

FireCAT 2.0 Released

Published: 2011-08-14
Last Updated: 2011-08-14 12:05:07 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

FireCAT: Firefox Catalog of Auditing exTensions version 2.0 has just been released. It contains 90 addons divided in 7 categories further subdivided in 19 sub-categories. A new Protection subcategory (in Misc) has been added to protect Navigation with TrackMeNot, NoScript, cookieSafe, TrackerBlock and Adblock Plus.

The graph showing the list of extensions can be viewed here and mindmap can be downloaded here.


[1] http://www.firecat.fr/news.html
[2] https://addons.mozilla.org/en-US/firefox/addon/trackmenot/
[3] https://addons.mozilla.org/en-US/firefox/addon/noscript/
[4] https://addons.mozilla.org/en-US/firefox/addon/cookiesafe/
[5] https://addons.mozilla.org/en-US/firefox/addon/trackerblock/
[6] https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

 Community SANS SEC 503 coming to Ottawa Sep 2011

0 comment(s)
Diary Archives