"Obfuscated TCP" (was Re: [clug] OT: Protesting the proposed clean feed?)

Daniel Pittman daniel at rimspace.net
Thu Oct 23 01:19:47 GMT 2008

Sunnz <sunnzy at gmail.com> writes:
> 2008/10/23 Sam Couter <sam at couter.id.au>:
>>> I have been looking at "Obfuscated TCP":
>>> http://code.google.com/p/obstcp/ which from what I understand, it uses
>>> DH to establish an encrypted TCP connection between any 2 endpoints,
>>> could it possibly be used to make https remain a secure protocol free
>>> of interception?
>> If I'm going to the trouble of setting this up, why not just use IPSec?
>> And what makes Obfuscated TCP more difficult to intercept than HTTPS
>> already is?
> From what I have read, it just seems like OTCP is easier for the
> general public, if both client and server side supports it, it kind of
> just does it automatically, the user don't have to click on anything
> special

This is indistinguishable for opportunistic encryption within IPSec,
which operates on exactly the same basis, and can form any IPSec
supported associated dynamically.[1]

> OTCP is installed on their computer, any OTCP enabled servers will do
> encryption automatically. Like wise, if only one of the side doesn't
> support OTCP, the OTCP-enabled side just knows what to do, no user
> interaction required.

Again, these are the same properties that IPSec (or TLS, come to that)
protocols have.

> It uses DH which from what I understand, you can't do a MITM, or can
> you?

Absolutely.  The ability to perform a "man in the middle" attack is
related entirely, absolutely, one hundred percent to having a
trustworthy proof of identity for the third party.

Otherwise, you know, you just used the DH exchange to securely verify
that you were talking to the police data logger -- which isn't exactly
what you set out to achieve, right?

That proof of identity generally means you need one of a secure channel
to pre-exchange identity information, or a trusted third party to vouch
for the participants.

In this case, where you have no pre-shared secret, and no trusted third
party, MITM is trivial: you have no way of verifying that the remote
host is, in fact, the remote host and not a third party in the middle of
the exchange.

Also, in the context of a legally mandated, nation wide system, you can
assume that DNS is subject to tampering; unless you have suitably strong
authentication there[2] then you have *no* assurance of, well, anything.

Finally, note that this is a risk with TLS as implemented in your web
browser: because you have a list of trusted third parties, it would be
possible to conduct a successful MITM attack with the cooperation of any
one of those trusted certificate authorities.[3]

> Anyway, yea, IPsec or VPN would be more general solution, except, when
> the ISP do intercept your connection, and use their own certificate,
> then what are you going to do? If you don't accept it you can't
> connect to the server you want; if you accept it then you know your
> connection is being intercepted.

Knowing that the connection has been intercepted is a significant
advantage compared to not knowing.


[1]  In fact, the specific goal of the now defunct FreeSWAN project was
     to get this form of oportunistic IPSec security widely deployed on
     the Internet; the project shut down because after close to ten
     years of effort they had made practically no inroads on this task.

[2]  You don't.

[3]  Not an invisible attack, thankfully, but a successfull attack that
     would not raise significant red flags with traditional SSL
     certificate validation.  The newer extended validation, I don't
     know about, not having looked into the protocol closely enough yet.

More information about the linux mailing list