Networking

How the TOR Project defeated Iran filters inside 24 hours

When Iran detected and shut down TOR connections recently, the project's developers reacted quickly to defeat Iran's filters and enable Iran's users to continue to protect their identities.

Iran is well known as a country that censors Internet access for its citizens. Like China and a handful of other countries, the Government there considers a lot of activities online to be against the regime. With 20 million Internet users in that country, Iran has deployed more and more filters to make it very difficult for dissidents to talk freely online.

That's why projects like TOR are very important. The basic premise of TOR is to provide online anonymity. Using it protects your privacy, and prevents your traffic from being monitored. According to the TOR metrics, thousands of people in Iran use the software to protect themselves.

It's no wonder then that regimes like Iran have been trying to cut all TOR traffic. But the TOR protocols are incredibly well done, and blend themselves amongst regular traffic. They use traditional HTTPS connections to bypass filters, and look like any secure, encrypted connection. But last week, Iran successfully found a way to detect TOR and block it.

To understand how they did it, you need to understand how SSL connections are established. For a secure link to be made, a server has to authenticate itself using a certificate, signed by a trusted Certificate Authority (CA). This ensures that the website is who it says it is, and that there's no impersonation going on. TOR mimics this, but there are some differences. For a start, it doesn't use CAs. Iran looked into the way the SSL handshake is done to spot one such difference: the expiration date on the certificate.

Typically, a certificate is issued for one or two years. But in the case of TOR, the certificates used are session certificates, used for a single connection, and the expiration date on them was set to two hours instead. So the new Iran filter simply looked at these times and started blocking traffic of all connections that had a certificate with a small valid window of time. This successfully cut off all TOR users from the rest of the Internet.

Within a day however, the TOR Project was notified, and realized what had happened. They published a fix to simply increase the expiration date on session certificates, and the problem was resolved inside of a day. And since certificates are issued by servers, in TOR's case relays, and not clients, that means people inside Iran don't have to upgrade, only the relays around the world do. When enough relays have upgraded, connections will resume normally.

Meanwhile though, this event sparked quite a lot of discussion on the TOR mailing lists. It's conceivable that Iran, or any other country, could block TOR again based on other differences that they could find in the certificates. So more solutions are being proposed, permanent solutions that would make TOR even stealthier.

One such proposal would remove the ability for TOR links to renegotiate their TLS connections, which would mean the certificate would only be exchanged at the beginning, then they would use another method to keep authenticating between both nodes. This would make it harder to track the various TOR connections.

Another proposal to the developers intends to randomize much of the information contained on those certificates, to avoid having easy-to-detect data. A hard-to-detect cover channel would be instigated through which relays would signal that they support the latest TOR protocol.

Finally, a longer term proposal suggests removing SSL from the core TOR project, and instead allow multiple transport protocols to be plugged in and used at will, such as VPN. This would allow relays and clients to negotiate which protocol they want to use, and switch if one becomes filtered out.

Still, the quick reaction of the developers was received with a lot of praise, as evidenced by the comments on the TOR blog. Many people from Iran depend on anonymity to speak their mind without fear of being imprisoned, and yet again they are now able to do so. But the work is never done, and censorship is always a cat and mouse game. There are companies working on TOR detectors all around the world.

With the proposed changes likely being implemented in the coming months, hopefully this will make this software even more immune to blocking and filtering, and promote freedom of expression, as was the original intent by its creators.

Also read:

Online anonymity: Balancing the needs to protect privacy and prevent cybercrime (Deb Shinder)

Compromised certificate authorities: How to protect yourself (Patrick Lambert)

About

Patrick Lambert has been working in the tech industry for over 15 years, both as an online freelancer and in companies around Montreal, Canada. A fan of Star Wars, gaming, technology, and art, he writes for several sites including the art news commun...

15 comments
VytautasB
VytautasB

Good article. Freedom of access to the internet is develping into a major issue for an increasing number of countries. Interesting to read about the techical "cat and mouse" aspects going on behind the scenes.

HAL 9000
HAL 9000

But is it right to work against any Sovereign Government wishes? OK at the moment TOR may help some people who do not do as their Governments wish but that shows a large possibility of say the US Government wanting to do something that is found unpalatable by even a small % of the people so they resort to this type of thing. Like for instance Terrorist Cells inside the US. Is it right to ignore Sovereign Governments Legal Rules simply because someone doesn't like them? Col

AnsuGisalas
AnsuGisalas

My, my, my... that's the tiniest call to saboteur arms I've ever heard. Fits with the subject matter, though.

erik67c
erik67c

Yeah, when the government may kill you.

techrepublic@
techrepublic@

If the government is tyrannical or dictatorial government then it is a moral and ethical obligation to do so. But even if the government is democratic. Had more people in the USA opposed the invasion of Iraq and maybe over half a million Iraqi lives would not have been lost. Answering to those that use the terrorism and organized crime argument, I say this, government's action (including democratic ones) cause orders of magnitude more death, pain and suffering than terrorism or organized crime.

AnsuGisalas
AnsuGisalas

Ah, you mean pollies... ;) Yes, you must ignore the pollies, always.

HAL 9000
HAL 9000

Stopping you for a Traffic Infringement who shots first and looks latter? That's a silly argument any Government may kill you either by Accident or as a Deliberate Act to shut you up. ;) Col

HAL 9000
HAL 9000

The basic thing here is Who Decides what is good and what is not? Some may say that what happens in lets say Nt Korea is the ideal and what happens in the USA is just so wrong and the US Government doesn't care for it's citizens so they allow them to suffer. I'm not saying I agree just that what some think of as good others may see as a disadvantage. so [i]If the government is tyrannical or dictatorial government then it is a moral and ethical obligation to do so.[/i] As the USA wants to Veto the Palestinians in the UN they are Tyrannical to the Middle East Citizens so we must do everything possible to destroy the US Government right? [i]Answering to those that use the terrorism and organized crime argument, I say this, government's action (including democratic ones) cause orders of magnitude more death, pain and suffering than terrorism or organized crime. .[/i] And North Korea is the ideal paradise for the multitude where they all live as they are told and do exactly what they are told. It's a society where the Peoples Own Good is told to them and they accept. Not something I would do but as so many do there must be something to it. :D Col

HAL 9000
HAL 9000

Lollies are something you want to keep unlike Pollies. :p I do however see a potential problem with this system in overriding Individual Countries Internal Security. What's to stop any Terrorist from using this type of service to plan their attacks? Who's to even say that this system was not introduced by Terrorists so that they could remain invisible? Now that the ball is rolling lets see what they think. :D Col

HAL 9000
HAL 9000

Each and every person has to be well educated to understand what it is that they are making a decision on. In the above do you honestly expect those from Nt Korea to believe anything but what is told to them by their leaders? In the case of the Middle East where the People come to the conclusion that the USA is keeping them down because they refuse to allow Palestine into the UN. In the case of the Radical Wingnuts in the US who believe that Hate and Personal Attacks are the way that Politics should be, and despite hundreds of years of Scientific Evidence the world is only 6,000 years old and what is written in the Bible is Word Perfect of what God said? What you are describing allowed Hitler to be Democratically Elected and be the Popular Leader in Germany prior to WW11 and look where that ended. I don't want to see a repeat of that but unfortunately from where I sit that's all I can see coming. ;) Col

techrepublic@
techrepublic@

As for what you wrote, what argument are you trying to make?

AnsuGisalas
AnsuGisalas

They have two little dog-eared black books circulating... one by the KGB on how to hide comms from the CIA, and one by the CIA on how to hide comms from the KGB. Both with extensive notes scribbled in the margins. Their kind played both teams, and both teams thought it was great. Normal people benefit infinitely more from systems like TOR than do the bad guys, also because the bad guys can have their own systems written up from scrap, which they'll probably want to do anyway - for fear of NSA back doors.

seanferd
seanferd

internal security security theater has massively overstepped its bounds. Get a damn reasonable warrant. Under even more authoritarian regimes, people should have the option to risk communicating somewhat freely. I'd like to see any evidence that randomly snooping or simply deny access to communications has thwarted any terrorist cell or organized crime. (Wait, no, that's top secret, right?) The determined thrive under such conditions.