2004-k-psell-achieve
findings extracted from this paper
-
The paper presents a systematic taxonomy of blocking criteria across ISO/OSI layers: circumstance-based (addresses including sender/receiver/kind/physical location; timing including send time, receive time, duration, frequency; data-transfer properties; services including protocols, names, addresses) and content-based (file type/MIME, statistical detection of encrypted or compressed data, pattern matching for keywords or phrases, and website fingerprinting via request-count/byte-volume signatures).
-
The paper proposes using CAPTCHAs (hard AI problems) to gate forwarder-list access, forcing the blocker to expend human resources solving every puzzle while each blockee solves only one. However, a 'stealing cycles from humans' attack allows a censor to relay CAPTCHAs to unwitting third parties (e.g., visitors to an attacker-operated website) who solve them on the censor's behalf.
-
NAT and firewalls make volunteer forwarders (JAPR) unreachable for inbound connections by default, removing the incentive for volunteers to reconfigure their systems for no personal benefit. The design response is to reverse the connection direction — JAPR initiates contact with JAPB — shifting the NAT/firewall configuration burden to the motivated blockee who gains direct benefit from solving it.
-
For a secure steganographic system the embedding ratio is at least 1:10, meaning 1 MB of web content requires 10 MB of transmitted cover data; for a system robust against active attacks (e.g., StirMark bilinear distortions) the ratio is probably 1:100. A censor need not break the steganographic algorithm with high accuracy — suspicion alone is sufficient, since the censor can probe suspected nodes directly by acting as a blockee.
-
The protocol between blockee and volunteer forwarder is designed to be transport-layer independent from the outset, allowing substitution of plain TCP with SSL tunnels, SMTP, or steganographic channels as the censor escalates detection. The system is intentionally deployed in a weak initial form to observe how quickly and in what manner the censor adapts, then hardened iteratively based on measured censor behavior.