Fully Encrypted Protocols (FEPs) have arisen in practice as a technique to avoid network censorship. Such protocols are designed to produce messages that appear completely random. This design hides communications metadata, such as version and length fields, and makes it difficult to even determine what protocol is being used. Moreover, these protocols frequently support padding to hide the length of protocol fields and the contained message. These techniques have relevance well beyond censorship circumvention, as protecting protocol metadata has security and privacy benefits for all Internet communications. The security of FEP designs depends on cryptographic assumptions, but neither security definitions nor proofs exist for them. We provide novel security definitions that capture the metadata-protection goals of FEPs. Our definitions are given in both the datastream and datagram settings, which model the ubiquitous TCP and UDP interfaces available to protocol designers. We prove relations among these new notions and existing security definitions. We further present new FEP constructions and prove their security. Finally, we survey existing FEP candidates and characterize the extent to which they satisfy FEP security. We identify novel ways in which these protocols are identifiable, including their responses to the introduction of data errors and the sizes of their smallest protocol messages.

翻译：全加密协议（FEP）在实践中已成为规避网络审查的一种技术。此类协议旨在生成完全随机的消息。这种设计隐藏了通信元数据（如版本和长度字段），甚至难以识别正在使用的协议。此外，这些协议通常支持填充机制以隐藏协议字段及所承载消息的长度。这些技术的意义远超审查规避范畴，因为保护协议元数据对所有互联网通信的安全性和隐私性均有益处。FEP设计的安全性依赖于密码学假设，但目前既缺乏安全性定义也缺少形式化证明。我们提出了新的安全性定义，用以刻画FEP保护元数据的设计目标。我们的定义同时涵盖数据流和数据报场景，分别对应协议设计者普遍可用的TCP与UDP接口。我们证明了这些新概念与现有安全性定义之间的关联关系，并进一步提出新的FEP构造方案及其安全性证明。最后，我们对现有FEP候选方案进行系统性评估，分析其满足FEP安全性的程度。我们发现了这些协议可被识别的新途径，包括其对数据错误注入的响应特征以及最小协议消息的尺寸特征。