Code name: Turbo Tunnel
Designing circumvention protocols for speed, flexibility, and robustness

David Fifield
david@bamsoftware.com

FOCI 2019

Full writeup:
https://github.com/net4people/bbs/issues/9
https://www.bamsoftware.com/sec/turbotunnel.html

Let’s incorporate a sequencing/reliability layer into our application-layer circumvention protocols.

Something like QUIC or SCTP that does reordering and retransmission.

Instead of transporting a raw unstructured data stream, transport (encoded, encapsulated) packets of the sequencing/reliability protocol.

A design pattern, not a specific implementation.

Example: protocol layering of meek with Tor

↑ network ↑
TLS
HTTP
Tor TLS
Tor cells
application data
↓ user ↓
↑ network ↑
TLS
HTTP
🆕 session/reliability 🆕
Tor TLS
Tor cells
application data
↓ user ↓
Problem: Censors can terminate long-lived TCP connections.
Create a new “virtual” session independent of the TCP connection.
Problem: meek is half-duplex.
Sequence number reordering lets us send when we want.
Snowflake only uses one proxy at a time
Sequence numbers let us multiplex across multiple proxies.
DNS over HTTPS may make a good tunnel but is an unreliable channel.
Solved by retransmissions in the reliability layer.