ScrambleSuit is a pluggable transport protocol for obfsproxy
. It is written
in pure Python and solves two problems:
- Protection against active probing attacks by requiring a shared secret between the client and the server. This secret is communicated out-of-band via Tor's BridgeDB.
- Rudimentary defence against traffic analysis attacks by altering flow features. In particular, ScrambleSuit alters its inter-arrival times and packet length distribution.
Besides, ScrambleSuit's payload is computationally indistinguishable from randomness. Clients can authenticate themselves towards a ScrambleSuit bridge by conducting a modified UniformDH handshake or by redeeming a session ticket.
For a more detailed overview of ScrambleSuit, please have a look at the project page available at http://veri.nymity.ch/scramblesuit/. The research paper is available at http://veri.nymity.ch/pdf/wpes2013.pdf. Finally, the directory "doc/" in this repository contains the protocol specification for ScrambleSuit.
The following instructions were tested on Debian wheezy but they should work just fine on other GNU/Linux distributions as well.
-
Two additional Python packages are necessary: gmpy and yaml. Debian has them under the names "python-gmpy" and "python-yaml".
-
Clone and compile the current Tor-git (or use a version of your choice as long as it is >= v0.2.5.0-alpha-dev):
git clone https://git.torproject.org/tor.git
-
Clone the current version of pyptlib (or use a version of your choice as long as it is >= 0.0.5):
git clone https://git.torproject.org/pluggable-transports/pyptlib.git
-
Clone a modified version of obfsproxy which contains the scramblesuit branch:
git clone -b scramblesuit https://git.torproject.org/user/phw/obfsproxy.git
cd obfsproxy/
git submodule init
git submodule update
The directory "test/" in this repository contains two configuration files for
tor
which provide a simple ScrambleSuit setup. Furthermore, the script
generate_secret.py
can be used to generate shared secrets for Tor's
configuration file.
Contact: Philipp Winter phw@torproject.org
OpenPGP fingerprint: B369 E7A2 18FE CEAD EB96 8C73 CF70 89E3 D7FD C0D0