UPGen's generator samples 18 independent parameters to produce 4.2×10^22 distinct
structured encrypted protocols (entropy 38.4 bits). Each proxy is assigned a unique
generated protocol, so identifying one protocol exposes only a single proxy. The
generator was designed by studying 27 real-world encrypted protocols and sampling
from observed structural patterns (greeting strings, handshake patterns, field
orderings, key encodings).
From 2025-wails-censorship — Censorship Evasion with Unidentified Protocol Generation
· §2.4, Table 1
· 2025
· USENIX Security Symposium
Implications
Deploy a per-proxy unique protocol rather than a single shared transport; a censor must develop a new classifier for each proxy rather than blocking the entire network with one rule.
Protocol parameters should be sampled from features observed in real-world encrypted protocols so that generated protocols blend into the tail of benign encrypted traffic without mimicking any single known protocol exactly.