2013-zhou-sweet
findings extracted from this paper
-
SWEET argues that mimicking complex protocols (SkypeMorph, CensorSpoofer, StegoTorus) is fundamentally breakable because comprehensive imitation of today's protocols is infeasible. The paper instead advocates tunneling inside genuine traffic from actual, widely-used protocol providers — in this case real email services — so the censor observes authentic protocol behavior rather than a simulation.
-
When using a foreign encrypted email provider (AlienMail), the censor observes only an encrypted connection to the foreign mail server (e.g., Gmail's servers in the U.S.); it cannot see the recipient address or the SWEET server's IP, making spam-filtering-style blocking of the SWEET endpoint entirely infeasible. This anonymity is provided by the mail provider's own TLS, requiring no additional obfuscation from the client.
-
When using a domestic email provider that collaborates with the censor (DomesticMail), SWEET clients must embed tunneled data via steganography (image or text) and coordinate a secondary secret email account with the SWEET server out-of-band. This prevents the censor from discovering the SWEET server association via recipient-field inspection, but adds operational complexity and requires an out-of-band bootstrapping channel.
-
In a prototype using Gmail, ~90% of SWEET emails traveled from client to server in under 3 seconds; the median time-to-first-appearance (TFA) for the top-10 Alexa sites was approximately 5 seconds; most of the delay comes from email provider handling (spam checks, SMTP connection setup) rather than geographic network latency, so performance degrades little with increased client distance from the mail server.
-
Traffic analysis poses a concrete throughput ceiling: a conservative SWEET user can perform only 35–70 web downloads per day or 10–20 interactive web sessions while staying within the bounds of normal email volume (2012 averages: 35 sent, 75 received daily). Most websites require fewer than 3 SWEET emails in each direction, with Yahoo as an outlier due to its many hosted objects.