Avernus: Leveraging Botnet-derived Stealth Propagation Techniques for Censorship-Resistant Communication
Scientific Research Project Notice: This project is developed for educational and research purposes within the field of Distributed Systems and Cyber-Security. It aims to study the resilience of communication protocols against state-level censorship and advanced traffic analysis by repurposing techniques typically found in evasive malware (botnets).
The goal of Avernus is to demonstrate a "Ghost Network" architecture that remains operational in hostile network environments.
- Forensic Insight: By building the protocol from scratch, the project demonstrates how to analyze, detect, and mitigate malicious-style C2 (Command & Control) traffic.
- Resiliency Design: Engineering a communication substrate that survives state-level monitoring, active probing, and infrastructure-based censorship.
Avernus utilizes a decentralized, ad-hoc mesh topology to eliminate single points of failure and central dictionaries.
To avoid being "burned" by simple IP blocking, Avernus uses high-reputation, free public infrastructures as immutable bulletin boards.
- Idea: Multi-Source Parasitic Discovery.
- Mechanism: Utilizing GitHub Commits, IPFS Gateways, or Social Media metadata to store encrypted Entry Bridge addresses.
- Problem Solved: Centralized DNS Censorship & Cost. Since it uses existing free platforms, the network has zero operational cost for signaling.
- Stealth Handshake: Bridges remain "Silent" (dropping all unauthorized packets) until a Secret Knock (HMAC-based cryptographic trigger) is received.
- Disposable Bridges: Leveraging high-churn IP rotation. If one entry point is blocked, the DGA (Domain Generation Algorithm) points the client to a new set of mirrors.
Below is the matrix theoretical defenses against advanced network analysis.
| Category | Mechanism | Problem Solved |
|---|---|---|
| Transmission | Adaptive Padding | Defeats Deep Packet Inspection (DPI) and fixed-size cell analysis. |
| Transmission | Jitter | Randomizes packet timing to mask hardware clock-skew fingerprinting. |
| Topology | Multi-Homing | Message fragments travel through different bridges/paths simultaneously. |
| Topology | Mixnets | Buffers and reorders packets to avoid end-to-end timing correlation. |
| Discovery | Dynamic PoW | Prevents Sybil attacks by requiring CPU cycles for NodeID registration. |
| Stealth | Dead Mode | Silent response to Active Probing; node appears dead to unauthorized scans. |
| Stealth | Env Poisoning | Detects "Laboratory/Sandbox" environments and connects to false endpoints. |
| Integrity | Remote Attestation | Program verifies its own integrity before decrypting network secrets. |
| Obfuscation | Chaffing & Winnowing | Injects cryptographically valid decoy traffic to mask real data volume. |
Avernus should implement at least a 3-hop circuit with Telescopic Handshakes.
- Algorithm: AES-256-GCM (for Windows via BCrypt API).
- Integrity: AEAD tags ensure that any modification of the packet by a middle-node results in immediate drop.
- Privacy: Each hop only knows the previous and next node; the final destination is obscured from the entry point.
Using ECDH (P-256) for every session. Even if the long-term Identity Key is compromised in the future, past communications remain undecipherable as session keys are never stored on disk.
As a research project, Avernus acknowledges existing limitations:
- Global Passive Observation: A nation-state attacker controlling major IXPs could still perform traffic volume correlation despite padding.
- Temporal Fragmentation: Splitting messages over long periods of time is required to mitigate correlation, which introduces latency.
- Open Source Paradox: While the code is open for trust, it should utilize Polimorphic Logic and External Policies (fetched via Beacons) to prevent simple signature-based detection.
This project is part of research on decentralized systems and offensive security techniques applied to defensive privacy tools.