2014-li-facet
findings extracted from this paper
-
Content inconsistency — transmitting non-native payloads (e.g., modem signals or general web traffic) over VBR-encoded VoIP/video channels — is sufficient for censors to detect camouflage systems via packet-length traffic analysis. Channel inconsistency — requiring reliable transport over a loss-tolerant UDP channel — allows selective disruption: dropping 5% of packets stalls SkypeMorph indefinitely, and dropping 90% for under one second desynchronizes the FreeWave modem.
-
A single Facet server with 15 Mbit/s bandwidth and 4 virtual CPU cores supports up to 20 simultaneous video-streaming sessions. Server-side downstream bandwidth consumption is approximately 150 kbit/s lower than a Squid HTTP proxy for equivalent video quality (240p), because Facet fetches only the video stream without page overhead such as advertisements and images.
-
For decentralized videoconferencing systems (e.g., Skype) where peers communicate directly, publicly distributing the Facet server's conferencing ID allows a censor to pinpoint the server's IP address via active probing. Centralized systems (e.g., Google Hangout, FaceTime) hide the proxy IP behind the provider's relay server, making active probing unable to identify the Facet server.
-
Without traffic morphing, a χ² packet-length classifier can identify 90% of Facet (video-over-Skype) sessions with only a 10% false positive rate on genuine videoconferencing. To block 80% of Facet connections, the censor need only disrupt 4% of genuine Skype calls; blocking 70% requires disrupting only 2%.
-
Facet's video morphing — embedding the requested video in a fraction s of H.264 macroblocks within a randomly chosen chat video — raises the censor's required false positive rate dramatically. At steganography level s=0.125, blocking 90% of Facet connections requires disrupting over 40% of genuine videoconferencing traffic; blocking 80% requires disrupting at least 20% of legitimate calls.