Skip to content

Pluggable Transports

Explain me… Pluggable Transports.

What are Pluggable Transports?
What’s the purpose of Pluggable Transports?

Pluggable Transports modify the traffic flow in order to hinder traffic analysis or fool the DPI system. Pluggable Transports allow to (re-)encrypt the traffic or modulate how it looks like.

Why are they called Pluggable Transports?

They are called “pluggable” because you can plug them in and out and replace them quickly with each other.

Clients and Bridges have to run Pluggable Transports on each end.

What are Pluggable Transports be used for?

With Tor (and possibly other tools) they can be used to evade censorship by blocking due to DPI. Tor implements Pluggable Transports to enable bridge operators and users to plug-in a transport that seems practical.

Does Tor integrate a specific transport by default?

There are no specific transports directly built into Tor as of April 2013.

Why not integrate them into Tor by default?

It’s more beneficial to have Pluggable transports to do this rather than having Tor doing this, because with Pluggable transports others can use it as well (VPN for instance) and not everyone has to hack on Tor.

It’s experimental, though the idea is not novel, which gives researchers the opportunity to fool around with new ways and ideas. It’s a large playground.

Could specific transports make its way into Tor?

Yes, there is the possibility that a specific transport makes its way into Tor, when it proofs itself as practical useful. May depend on the language it is written in and what license it was written under.

Can you explain/show what Pluggable Transports are and how they work?

I drew something to make it easier. I hope the image below will be helpful to you. I created it on my own.
I use Tor as an example, because it’s implemented already.

Pluggable Transports and Tor

Above you can see the client computer running the Tor Browser along with Tor as well as a Pluggable Transport. You also see a Bridge that runs a Pluggable Transport and Tor of course. Both are separated by an imaginary border. The blue boxes represent the computer and the local network.

The red lines show the traffic flow as it would flow without the Pluggable Transport. Tor on the client side tries to reach the bridge (assuming known relays are blocked by IP:PORT) by sending a TLS client hello to the bridge to tell it which ciphers it supports. The Bridge would reply with a TLS server hello to tell the client which ciphers it supports. The DPI devices recognize either the TLS client hello or the TLS server hello, maybe both and closes the connection.

Note that the red lines inside the computers and the local network have arrows to indicate that the traffic could flow freely. Also note that the red line between the client and the bridge has endpoints instead of arrows to indicate that the traffic does not follow freely. The client can’t reach the Bridge, and the Bridge can’t respond to the client.

With Pluggable Transports Tor sends it’s traffic trough a Pluggable Transport before the traffic leaves the client computer and the local network. The server-side (the Bridge) receives the client data and passes them through the Pluggable Transport which passes the data to Tor. That’s the reason why client and Bridge have to run Pluggable Transports. Given that there are multiple techniques both have to understand the same technique.

Client and Bridge still send the TLS hellos, but since the traffic looks different the DPI devices don’t recognize them.

Now you can type “https://roastedonion.wordpress.com” (for example) in your TorBrowser. The request leaves the TorBrowser and enters Tor, which passes it to a Pluggable Transport, which modifies the traffic flow then sends the request through the client network over a previous established connection.

The Bridge computer receives the data and forwards them to the Pluggable Transport which processes the traffic and hands it to Tor. From there the request gets passed to the rest of the Tor Network before it reaches its final destination.

Please remember that the Bridge doesn’t know what you request, with or without Pluggable Transports.

Pages: 1 2