sid

README

SID: Server In Disguise
=======================

(c) 2011-2012 Bernd Fix   >Y<

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at
your option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

Scenario
--------

A number of clients "C_n" want to sent documents to a receiver "R" by using
a web browser (file upload). An eavesdropper "E" wants to know which "C_n"
communicates with "R" and what information was exchanged.      

Objective
---------

Hide the fact that "C_n" communicates with "R" from "E" and protect the
information exchanged.

Assumptions
-----------
    
1. "E" may know that a "C_n" wants to communicate with "R"

2. "E" knows **all** information given by "R" to "C_n" on how to communicate;
   this especially includes the IP address of the server to which the document
   should be uploaded by "C_n" and any additional technical settings and
   advice given to "C_n".   
        
3. "E" has no (physical/logical) access to the computers of "C_n" or "R".

4. "E" has the capabilities to monitor all possible net traffic involved.
          
5. "C_n" is technically able to follow any technical instruction given by "R"
   on how to communicate (what applications to use, what configuration
   settings to be applied,...)

Approach
--------

1. "R" operates a computer that runs a "TOR exit node" and a "SID" instance to
    receive the documents (via HTTP/POST requests) on the same machine. This
    setup is similar to the (no longer officially supported) TOR enclaved
    server scheme. Traffic from the TOR exit node to the SID instance is not
    visible from the outside.
    
2. "C_n" needs to install a TOR browser bundle on his/her computer once (and
   keep it up-to-date with appropriate security updates). "C_n" also needs to
   modify the TOR configuration file (*torrc*) on the computer to allow the
   *.exit* address scheme involved ("*AllowDotExit 1*"). 
        
2. If "C_n" want to sent a document, the following steps have to be
   performed:
    
    * "C_n" uses the TOR-enabled browser to connect to "SID" by specifying
      the TOR address of the server in a special notation called a DotExit
      address. This ensures that the TOR circuit builder will use the TOR
      exit node of "R" for communication with the SID instance.
              
    * For all communication between "C_n" and the SID instance, a cover
      communication is generated between the SID instance and a "Cover
      Server". The "Cover Server" is not a server operated by "R" but is a
      public web server on the Internet. Traffic between SID and the "Cover
      Server" look exactly like traffic between the "TOR exit node" and the
      "Cover Server"; this way "E" has to believe that "C_n" is talking to
      the cover server by looking at packet timing and size analysis.
      
      To enhance security, it is possible to "torify" the cover traffic by
      sending it across the Tor network to the cover server. Since the cover
      traffic and the client communication is matched in packet sizes and
      timing as much as possible, the new Tor trafiic will look like the
      SID node is an intermediate Tor node for "C_n" (see the COVER_HIDING
      document).

Additional and detailed information...
======================================

... can be found in the "docs/" folder