A Fast, Cross-Platform Transport Method to Obscure Traffic

Internet privacy and circumvention technologies often depend upon tunneling protocols to avoid traffic from being blocked or altered. However, these protocols often use non-standard transport methods that make the traffic identifiable. This makes it difficult to deploy privacy and circumvention tools widely.

MASQUE (Multiplexed Application Substrate over QUIC Encryption), is an emerging IETF standard that enables tunneling of TCP/UDP traffic through web servers and services using HTTPS (so traffic sent via a MASQUE tunnel, from the network’s standpoint, will appear to be HTTPS traffic). This allows ordinary web server stacks to reuse many of their existing mechanisms for security (TLS), connection handling, load balancing, and more.

OTF previously supported the development and release of an open-source MASQUE client stack for general use. This high-performance MASQUE stack amplifies existing efforts on pluggable transports, censorship circumvention, multi-hop tunneling, and other related internet freedom technologies.

The second phase of the project, which OTF is currently supporting, includes:

  • developing a MASQUE-based Android VPN tunneling, enabling Android devices to use MASQUE within existing applications;
  • creating MASQUE for WebRTC to better secure network metadata for group video and voice communication;
  • developing a Network Function Virtualization (NFV) stack for server infrastructure that enables high-performance MASQUE services, which will allow MASQUE services to run on commodity infrastructure more efficiently;
  • and performing ongoing maintenance of the MASQUE stack.