ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship

Jürgen Fuß, Philipp Winter, Tobias Pulls

Research output: Chapter in Book/Report/Conference proceedingsConference contributionpeer-review

48 Citations (Scopus)


Deep packet inspection technology became a cornerstone of Internet censorship by facilitating cheap and effective filtering of what censors consider undesired information. Moreover, filtering is not limited to simple pattern matching but makes use of sophisticated techniques such as active probing and protocol classification to block access to popular circumvention tools such as Tor. In this paper, we propose ScrambleSuit; a thin protocol layer above TCP whose purpose is to obfuscate the transported application data. By using morphing techniques and a secret exchanged out-of-band, we show that ScrambleSuit can defend against active probing and other fingerprinting techniques such as protocol classification and regular expressions. We finally demonstrate that our prototype exhibits little overhead and enables effective and lightweight obfuscation for application layer protocols.

Original languageEnglish
Title of host publicationWPES 2013 - Proceedings of the 2013 ACM Workshop on Privacy in the Electronic Society, Co-located with CCS 2013
Number of pages12
Publication statusPublished - 2013
EventWorkshop on Privacy in the Electronic Society - Berlin, Germany
Duration: 4 Nov 20134 Nov 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


ConferenceWorkshop on Privacy in the Electronic Society
Internet address


  • active probing
  • bridge
  • censorship
  • circumvention
  • pluggable transport
  • tor
  • traffic analysis


Dive into the research topics of 'ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship'. Together they form a unique fingerprint.

Cite this