Defcon 21 – Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine

Description: The greatest danger to free speech on the Internet today is filtering of traffic using protocol fingerprinting. Protocols such as SSL, Tor, BitTorrent, and VPNs are being summarily blocked, regardless of their legal and ethical uses. Fortunately, it is possible to bypass this filtering by reencoding traffic into a form which cannot be correctly fingerprinted by the filtering hardware. I will be presenting a tool called Dust which provides an engine for reencoding traffic into a variety of forms. By developing a good model of how filtering hardware differentiates traffic into different protocols, a profile can be created which allows Dust to reencode arbitrary traffic to bypass the filters.

Dust is different than other approaches because it is not simply another obfuscated protocol. It is an engine which can encode traffic according to the given specifications. As the filters change their algorithms for protocol detection, rather than developing a new protocol, Dust can just be reconfigured to use different parameters. In fact, Dust can be automatically reconfigured using examples of what traffic is blocked and what traffic gets through. Using machine learning a new profile is created which will reencode traffic so that it resembles that which gets through and not that which is blocked. Dust has been created with the goal of defeating real filtering hardware currently deployed for the purpose of censoring free speech on the Internet. In this talk I will discuss how the real filtering hardware work and how to effectively defeat it.

Brandon Wiley (@blanu) is a peer-to-peer pioneer who creates tools to circumvent Internet censorship. In 1999 he co-founded the Freenet project to create a censorship-resistant publishing platform. He is also known for the Curious Yellow superworm design. When working for BitTorrent, Inc. he was given the difficult task of trying to reason with the Internet service providers that were engaging in BitTorrent throttling. More recently he has been working for the Tor project on their next generation blocking-resistant protocols such as pyobfsproxy and obfs3. He is currently in the final stages of his PhD, where he is studying all of the most popular Deep Packet Inspection hardware and figuring out how to defeat it. His interests include Bayesian statistics, polymorphic encodings, and chiptune music.

Show More


Mr. OU Phannarith is one of the well-known cybersecurity experts in Cambodia and the region. He is the founder of the first leading information security website ( in Cambodia. He has been invited to present in global conferences, forums, and seminars and he was awarded in Information Security Leadership Achievements (ISLA) in 2016 by (ISC)2 and in December 2012 as one of the top 10 Chief Information Security Officers (CISO) in ASEAN by the International Data Group (IDG). Mr. OU has been the Professor specializing in Cybersecurity.

Related Articles

Back to top button