Castle structurally avoids all three covert-channel pitfalls identified by Geddes et al.: architecture mismatch is avoided by supporting both client-server and P2P modes; channel mismatch is avoided because RTS games implement application-layer reliability over UDP (matching proxied TCP requirements, unlike VoIP), blocking selective-drop denial-of-service attacks; content mismatch is avoided because legitimate RTS traffic has high natural variance driven by map, strategy, and player count.

Password-protected Castle game sessions (passwords distributed via a BridgeDB-like mechanism) prevent censors from joining instances to observe in-game state or identify participants; when a client fails to supply the correct password within a timeout, the Castle proxy falls back to an AI player, making Castle instances indistinguishable from legitimate games even to an adversary who enters the lobby.

§6.2 defense

A single undergraduate ported Castle to two closed-source commercial RTS games (each with >8.5 million copies sold, from different studios) in under 6 hours per game using a ~500-LOC Python/AutoHotkey codebase; 17 of the Top 20 best-selling RTS games share the unit-command structure Castle requires, and 11 have community-decoded replay formats, enabling rapid adaptation to new titles.

§7, Table 1 defense

Castle's packet-size and inter-packet-time distributions (measured via Kolmogorov-Smirnov statistic) fall within the variance observed between legitimate human-game sessions when using ≤50 units/command at ~1 command/second; the best-performing classifier (Herrmann) achieved only ~60% accuracy—roughly 10% above random guessing—against multiple Castle configurations, while two other classifiers (Liberatore, Shmatikov timing) performed near chance.

§6.1, Figures 3–5 defense

Vanilla Castle achieves 42–190 bytes/second (average) and transfers a 10 KB file in 52–238 seconds depending on the game (0-A.D. / Aeons / Conquerors); game-specific exploitation of per-unit click logging in Aeons raised throughput to ~3 KB/s. These rates are sufficient for asynchronous text-based communication (tweets, email, news articles) and bootstrapping Tor bridge IP distribution.

§8, Table 2, §8.3 evaluation

The server-side variant of the blind VPN inference attack—where an in/on-path adversary exploits predictable NAT assignment and tunnel routing semantics to inject spoofed packets indistinguishable from legitimate encrypted traffic—has remained unacknowledged and unmitigated across all tested platforms since its concurrent disclosure in 2019. Unlike the client-side variant, which received partial fixes from Google (CVE-2019-9461, CVE-2024-49734) and Apple (iOS 17.2.1), no vendor has proposed a viable remediation or claimed ownership of the server-side attack surface.

2026-tolley-architectural §2.1, §3.1, §3.4 traffic-shaperst-injectionmiddlebox-interference

A censor can identify Slitheen relay connections by observing that all packets in a suspected overt flow arrive in strict order while flows from the same source naturally exhibit out-of-order delivery: the relay station's traffic-server component reorders TCP segments to enable TLS record decryption, creating a statistically anomalous per-connection ordering pattern. The reordering buffer also increases per-packet round-trip times, providing a secondary timing signal.

2020-birtel-slitheen §4, §6 traffic-shapemiddlebox-interferenceflow-correlation

Marionette is the first programmable obfuscation system to simultaneously satisfy all five threat-model dimensions evaluated in Figure 2: resistance to blacklist DPI, whitelist DPI, statistical-test DPI, protocol-enforcing proxy traversal, and multi-layer traffic control, while sustaining throughput above 1 Mbps (up to 6.7 Mbps). Every prior system (obfs4, ScrambleSuit, SkypeMorph, StegoTorus, FTE, JumpBox, etc.) fails at least one dimension, most commonly stateful proxy traversal or statistical-feature control.

2015-dyer-marionette §2, Figure 2 dpitraffic-shapemiddlebox-interferenceactive-probing

OONI's traffic manipulation test suite uses bidirectional traceroute comparison: asymmetry between inbound and outbound paths for specific source/destination port pairs is treated as an indicator that traffic is being diverted to an interception device. Additional per-flow indicators include timing differences in packets directed at specific ports and layer-7 header field manipulation detectable at the receiving endpoint.

2012-filast-ooni §5.5 Traffic Manipulation dpimiddlebox-interferencepacket-injectiontraffic-shape

The paper identifies two unresolved fingerprinting surfaces: (1) traffic-shape analysis of packet sizes and inter-arrival times could distinguish Telex flows from normal TLS, and (2) the prototype exhibits detectable deviations from real servers at the IP layer (stale IP ID fields), TCP layer (incorrect congestion windows detectable by early acknowledgements), and TLS layer (different compression methods and cipher-suite extensions). Convincingly mimicking a diverse population of TCP/TLS server implementations is flagged as requiring substantial engineering effort.

2011-wustrow-telex §9 traffic-shapetls-fingerprintmiddlebox-interference

A three-stage detection pipeline exploiting the "dual-role" behavioral fingerprint of single-IP circumvention relays achieved 23.2% recall (96/414 ground-truth relays) with a 0.18% false-positive rate against 97,651 benign TLS servers, for an overall accuracy of 99.5%. The ground-truth set covered OpenVPN, WireGuard, and SOCKS relays identified in a 17 TB single-day backbone trace (WIDE Project, April 9, 2025).

2026-almutairi-server §3.4, Table 1 traffic-shapedpiflow-correlation