Data Smuggling Software Defeats China Firewall

David Jamieson,

Computer scientists in the US have successfully disguised data to evade Chinese censorship

Data smuggling software has been developed by US computer scientists to circumvent Internet filters such as China’s Great Firewall.

‘Telex’, based on public-key cryptography, is at the prototype stage but it has already been able to defeat Chinese web filters by hiding banned website data among approved traffic.

Anti-censorship technology typically tries to beat censoring measures by connecting users to a server outside of the censoring country, and spreading word among citizens these servers exist.

But as more citizens hear about these servers discovery becomes more likely.

Behind enemy lines

With Telex, however, users connect with approved sites, the Telex software installed on their PC marks the data being sent to the site.

The marker is recognised by net routers outside the country and a request is sent to a censored site and the reply is disguised so as to appear to be from a safe site.

The routers that spot the Telex marker also have the corresponding public encryption key and can decipher the intended website.

Further down the line ISPs may be asked to install software on their networks to spot the markers.

Dr Alex Halderman, one of the four scientists working on the project, told the BBC Telex had been tested by bouncing their computers off Chinese computers and successfully viewing banned YouTube content.

“The most difficult part is making sure the connections the user is making to an uncensored website that we use to disguise the censored content are convincing enough,” he said. “That’s the parameter we would adjust as the censor becomes more sophisticated.”

Other challenges, according to Dr Halderman, include getting the software into users without it being spotted and spyware or key loggers being added by those charged with keeping it out.

It was reported last week that China had lost nearly half of its websites in a year, either to censorship, as claimed by some analysts, or to legitimate targeting of illegal websites according to authorities.

Telex will be formally launched at August’s Usenix security conference in San Francisco.