Hi!

I have talked with some of you in the IRC meetings this year, but I have not updated the mailing list on my work. A little over a month ago I completed my Master's thesis on "Reducing distinguishability of DTLS for usage in Snowflake", at the Norwegian University of Science (NTNU) in the Department of Information Security and Communication Technology, supervised by David Palma.

The thesis can be found on my website: https://theodorsm.net/thesis

Here is a trimmed abstract:

" [...] We have seen that censors have been able to do so [blocking Snowflake] by fingerprinting the DTLS implementation that is produced by the Pion library used by Snowflake. The aim of this thesis is to reduce the distinguisability of said DTLS library. We developed a tool named, dfind [1] for analyzing and finding passive field-based fingerprints of DTLS. This tool was validated using a data set with known fingerprints, and found that the extensions field was especially vulnerable for identification. To combat such fingerprints, we implemented covertDTLS [2], a Go library inspired by uTLS. Our module extends the Pion DTLS library with handshake hooking to offer mimicry and randomization features. To ensure that mimicking remains up-to-date, we developed a novel continuous delivery workflow for generating fresh DTLS-WebRTC handshakes from popular browsers. Using covertDTLS with Snowflake resulted in us not being able to find any fingerprints."

[1]: https://github.com/theodorsm/dfind [2]: https://github.com/theodorsm/covert-dtls

I have only tested covertDTLS in a messy fork of Snowflake, which had promising results. I am currently working on upgrading the Pion DTLS and WebRTC version used by Snowflake to the most recent version to integrate covertDTLS properly. In addition, I plan to condense my thesis into a paper, thus making the work more accessible. I would greatly appreciate any feedback on the thesis so that I can address those in the paper. I am also open to collaborating on the paper, feel free to reach out if you have some ideas to be explored.

Cheers, Theodor Signebøen Midtlien