30 July 2002. Thanks to B.
aims to beat censors
18:40 22 July 02
NewScientist.com news service
New computer software promises to undermine government and workplace restrictions on internet use by camouflaging suspicious communications within innocent internet traffic. The banned content is returned hidden inside innocuous-looking digital images.
Computer scientists at Massachusetts Institute of Technology (MIT), in the US, have developed the new software, called Infranet.
They hope the program will eventually be used to defeat government-enforced controls on internet use. "As things progress we definitely see it being used in China and Saudi Arabia," says MIT researcher Nick Feamster.
The team claims that unlike existing anti-censorship technology, Infranet should leave virtually no trace. Monitoring someone using Infranet should only reveal apparently normal traffic going to unrestricted web servers.
In order for Infranet to work, software must be installed on a user's computer, as well as normal web servers beyond the national firewall. When someone requests a banned web page, a request will automatically be made to an Infranet-enabled server. The request is encoded in a series of URLs which are indistinguishable to those used for normal communications.
An Infranet server will be able to decode the request and then deliver the banned page. But this page is hidden in an innocuous image by subtly changing its underlying bits of information, without altering its appearance. This practice is called steganography.
The team says web proxies, like Safeweb, route restricted content around internet filters and controls, but can be identified and blocked themselves. Programs that make it possible to retrieve restricted information through other personal computers, such as Triangle Boy, are more difficult to detect, but also rely on encrypted communications. The researchers believe this can attract suspicion.
Although a prototype of Infranet has been developed, the full version will not be released for some months, Feamster says. This is to ensure there are no major bugs in the code: "It's not the sort of thing I would want to release until its ready."
The team will present a
paper outlining their research at the USENIX security conference, held in San
Francisco from 5 August 2002.