Delivery-Date: Thu, 26 Mar 2015 08:38:06 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id EB8451E00CC
	for <archiver@seul.org>; Thu, 26 Mar 2015 08:38:04 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3377134588;
	Thu, 26 Mar 2015 12:37:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7C81834583
 for <tor-talk@lists.torproject.org>; Thu, 26 Mar 2015 12:37:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Qmga7Kyb8aDB for <tor-talk@lists.torproject.org>;
 Thu, 26 Mar 2015 12:37:55 +0000 (UTC)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com
 [IPv6:2607:f8b0:4001:c05::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 57EC934572
 for <tor-talk@lists.torproject.org>; Thu, 26 Mar 2015 12:37:55 +0000 (UTC)
Received: by igcau2 with SMTP id au2so12561911igc.1
 for <tor-talk@lists.torproject.org>; Thu, 26 Mar 2015 05:37:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=GBhc29Tycy0V8uG05roPUPCoaRd+Z5PzJfG50Xk2wlc=;
 b=fdA+0VF0eTfR02L8F7gNHzM5zR1DFm/68et1RzLePVq/jkoIwZli/nUUlh1DgYnpiL
 Rr2MT9nZkCaXodz1v7KcmQIOEHaVWP/xsKQsoe3hUoRwTDpzgemdtgzi2unCXELTrr7Q
 4E4ffjWGaO9AdfCpk4Thx7RBtbxXJXd0gGk5Xn4HWF0UJr/uzkfGlA7b2fpwNPIqdaJ7
 /uX0oEZ74vQ9DCuUq7gN5LLxQWzLi3O8Hjs1ZqMV+3r38Ih9xXNLWrF8w/GSw4b/IYPV
 b9fhm6TFA+Q7fXTgfQC3ylV/x65QIwzFjO5Y116aj6UafULrsaW3escDJGKIsugnSJhr
 YF8A==
MIME-Version: 1.0
X-Received: by 10.51.17.7 with SMTP id ga7mr36058150igd.42.1427373473097; Thu,
 26 Mar 2015 05:37:53 -0700 (PDT)
Received: by 10.36.64.65 with HTTP; Thu, 26 Mar 2015 05:37:52 -0700 (PDT)
In-Reply-To: <CAPkfgVZQuOTDxGUYJw97dRfYSfq_Ji59HW9i+5kpSnXbUZPP6w@mail.gmail.com>
References: <CAA+0wAHe0E+x7JRWSshrOrMQaXEADdp3+0ytgLXxDbcsEpmz=w@mail.gmail.com>
 <CAPkfgVZQuOTDxGUYJw97dRfYSfq_Ji59HW9i+5kpSnXbUZPP6w@mail.gmail.com>
Date: Thu, 26 Mar 2015 08:37:52 -0400
Message-ID: <CAA+0wAGkxaTASLw-d75hsb_A8vO82+e8GsGpENApFU+D+RBKuQ@mail.gmail.com>
From: Rishab Nithyanand <rishabn.uci@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Games Without Frontiers: Investigating Video Games
 as a Covert Channel
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hey Jon,

Please correct me if I'm misunderstanding you. I think you don't buy some
subset of the following implicit (I believe to be reasonable) assumptions
that we make:

(1) There is no collusion between application developers and censors.
(2) There is a secure application distribution medium that the censors
cannot "hijack".
(3) Crypto attacks against authenticated, encrypted, and integrity
protected channels are not possible.

In general, the security community has agreed that (3) is a fine assumption
to make. Now there is the question of whether (1) and (2) are reasonable.

I think if we're ever going to succeed in making a good
"look-like-something" protocol, we're going to have to assume that (1) and
(2) hold for the cover application. This assumption has been made in the
past -- e.g., assuming the integrity of the Skype binary, etc. The idea of
"look-like-something" protocols completely fall apart when the cover
application does not obey (1) and (2).

Now, do these hold in the real-world, for video games? I think so. I
haven't seen any evidence (yet) that they do not. The leak you mention says
nothing about the NSA having back-doors and open attack surfaces in the
software. It just reveals that they're monitoring in-game behavior
(something that they cannot do with Castle if we can distribute passwords
out-of-band). I suspect that getting backdoors to all RTS games (past and
future) is completely non-trivial and very expensive for a censor and
Castle will continue to work reasonably well until this happens.



On Thu, Mar 26, 2015 at 3:06 AM, Jon Tullett <jon.tullett@gmail.com> wrote:

> On 20 March 2015 at 05:45, Rishab Nithyanand <rishabn.uci@gmail.com>
> wrote:
> > Hey all,
> >
> > I just thought I'd share and get feedback about some recent work from our
> > team at Stony Brook University.
>
> Interesting, thanks!
>
> I do question one of the early assumptions, though: "Many games also
> include the notion of private games between a limited number of
> players which may only be accessed using a password. This means that,
> even a highly motivated adversary (e.g., one who is willing to run a
> game client themselves) still cannot observe the game state."
>
> That seems to be making risky assumptions. Chiefly that the only
> possible attack is via an external game client - this may be mistaken:
> an adversary could attack many places: by attacking or subverting the
> game client software itself, by attacking the game network, by
> attacking the operator of the game (eg: Blizzard, in the case of WoW,
> etc), and so on.
>
> We shouldn't be surprised to find the likes of the NSA attacking
> gaming communities, because they are large communities, often overly
> trusting of their environment (notably the client software), and
> frequently with central control built in.
>
> For example: http://www.propublica.org/documents/item/889134-games
>
> You could mitigate some of that, sure. You could choose a less popular
> game (ie: less targeted), with open source client and server software
> (though you'd have to review it too, which is probably beyond the
> skill of most users), which operates in encrypted peer to peer
> fashion. And you can use behavioural steganography as your paper
> describes. Keep raising the bar, I guess. But a lot of that sounds
> like security by obscurity, and a skilled adversary should be able to
> attack that. Any opsec leak, and that castle would fall down fairly
> fast, I suspect.
>
> Still, fun research. Literally :)
>
> -J
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

