DOCSLIB.ORG

Running Refraction Networking for Real

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Running Refraction Networking for Real Proceedings on Privacy Enhancing Technologies ; 2020 (4):321–335 Benjamin VanderSloot*, Sergey Frolov, Jack Wampler, Sze Chuen Tan, Irv Simpson, Michalis Kallitsis, J. Alex Halderman, Nikita Borisov, and Eric Wustrow Running Refraction Networking for Real time, popular circumvention techniques, such as domain Abstract: Refraction networking is a next-generation fronting and VPNs, are becoming harder to deploy or censorship circumvention approach that locates proxy more frequently blocked [15]. There is an urgent need to functionality in the network itself, at participating field more advanced circumvention technologies in order ISPs or other network operators. Following years of re- to level the playing field. search and development and a brief pilot, we established One proposed new circumvention approach, Refrac- the world’s first production deployment of a Refrac- tion Networking, has the potential to fill this need, and tion Networking system. Our deployment uses a high- has been developed in the form of several proposed pro- performance implementation of the TapDance protocol tocols [2, 7, 9, 13, 16, 17, 20, 27, 28] and other re- and is enabled as a transport in the popular circum- search [3, 10, 14, 19, 25] over the past decade. It works vention app Psiphon. It uses TapDance stations at four by deploying technology at ISPs or other network oper- physical uplink locations of a mid-sized ISP, Merit Net- ators that observes connections in transit and provides work, with an aggregate bandwidth of 140 Gbps. By the censorship circumvention functionality. Though promis- end of 2019, our system was enabled as a transport op- ing in concept, deploying Refraction Networking in the tion in 559,000 installations of Psiphon, and it served real world has faced a number of obstacles, including the upwards of 33,000 unique users per month. This pa- complexity of the technology and the need to attract per reports on our experience building the deployment cooperation from ISPs. Other than a one-month pilot and operating it for the first year. We describe how we that our project conducted in 2017 [8], no Refraction overcame engineering challenges, present detailed per- implementation has ever served real users at ISP scale, formance metrics, and analyze how our system has re- leaving the approach’s practical feasibility unproven. sponded to dynamic censor behavior. Finally, we review In this paper, we describe lessons and results from lessons learned from operating this unique artifact and a real-world deployment of Refraction Networking that discuss prospects for further scaling Refraction Network- we have operated in production for over a year and that ing to meet the needs of censored users. is enabled as a transport in more than 559,000 installa- tions of the popular Psiphon circumvention tool for PC and mobile users. Building on our 2017 pilot, the deploy- ment is based on a high-performance implementation of 1 Introduction the TapDance protocol [8]. It operates from stations in- stalled at Merit Network, a mid-sized ISP, that observe National-governments are deploying increasingly sophis- an average of 70 Gbps of aggregate commodity traffic ticated systems for Internet censorship, which often from four network locations, each of which individually take the form of deep-packet inspection (DPI) middle- processes a peak of 10–40 Gbps. The system has served boxes located at network choke-points [5]. At the same up to 500 Mbps of proxied traffic to circumvention users. Building and running this deployment required solv- ing complex technical, operational, and logistical chal- *Corresponding Author: Benjamin VanderSloot: Uni- lenges and necessitated collaboration among researchers, versity of Michigan, E-mail: [email protected] network engineers, and circumvention tool developers. Sergey Frolov: University of Colorado Boulder, E-mail: This reflects a non-trivial challenge to Refraction Net- [email protected] Jack Wampler: University of Colorado Boulder, E-mail: working systems: Refraction Networking cannot func- [email protected] tion in isolation from the rest of the Internet, and so Sze Chuen Tan: University of Illinois, Urbana-Champaign, its success depends on close interactions between the E-mail: [email protected] Internet operator and Internet freedom communities. Irv Simpson: Psiphon, E-mail: [email protected] In order to serve users well and meet requirements Michalis Kallitsis: Merit Network, E-mail: [email protected] set by our ISP and circumvention tool partners, we J. Alex Halderman: University of Michigan, E-mail: jhal- worked within the following technical constraints: [email protected] Nikita Borisov: University of Illinois, Urbana-Champaign, E-mail: [email protected] Eric Wustrow: University of Colorado Boulder, E-mail: [email protected] Running Refraction Networking for Real 322 – Each TapDance station could use only 1U of physi- 2 Background cal rack space at one of the ISP’s uplink locations. – All stations at the ISP would need to coordinate to Refraction Networking (previously known as “decoy function as a single distributed system. routing”) is an anticensorship strategy that places cir- – The deployment had to operate continuously, de- cumvention technology at Internet service providers spite occasional downtime of individual stations. (ISPs) and other network operators, rather than at – We had to strictly avoid interfering with the ISP’s network endpoints. Clients access the service by mak- network operations or its customers systems. ing innocuous-looking encrypted connections to existing, – The deployment had to achieve acceptable network uncensored websites (“decoys”) that are selected so that performance to users in censored environments. the connection travels through a participating network. The client covertly requests proxy service by including In this paper we describe our experience meeting these a steganographic tag in the connection envelope that requirements and the implications this has for further is constructed so that it can only be detected using a deployment of Refraction Networking. private key. At certain points within the ISP’s network, In addition, we analyze data from four months of devices (“stations”) inspect passing traffic to identify operations to evaluate the system’s performance. This tagged connections, use data in the tag to decrypt the four-month period reflected typical behavior for our ISP request, proxy it to the desired destination, and return partners and concluded with a significant censorship the response as if it came from the decoy site. To the event that applied stress to infrastructure of our cir- censor, this connection looks like a normal connection to cumvention tool deployment partner. It shows that our an unblocked decoy site. If sufficiently many ISPs par- deployment’s load is affected by censorship practices, ticipate, censors will have a difficult time blocking all and that it was able to handle the spike in utilization available decoy sites without also blocking a prohibitive effectively. During the censorship event, we provided In- volume of legitimate traffic [24]. ternet access to more users than at any previous time, Refraction Networking was first proposed in 2011. and the system handled this load without measurable Three independent works that year—Telex [28], Curve- degradation in quality of service or generating excessive ball [16] and Cirripede [13]—all proposed the idea of load on decoy websites, as reflected by the opt-out rate. placing proxy “stations” at ISPs, with various propos- Our final contribution is a discussion of lessons we als for how clients would signal the ISP station. For learned from building and operating the deployment instance, Curveball used a pre-shared secret between that can inform future work on Refraction Networking the client and station, while Telex and Cirripede used and other circumvention technologies. We identify two public-key steganography to embed tags in either TLS particular areas—decoy site discovery and reducing sta- client-hello messages or TCP initial sequence numbers. tion complexity—where further research and develop- Without the correct private key, these tags are crypto- ment work would be greatly beneficial. graphically indistinguishable from the random protocol We conclude that Refraction Networking can be de- values they replace, so censors cannot detect them. ployed continuously to end-users with sufficient network However, all of these first-generation schemes re- operator buy-in. Although attracting ISP partnership quired inline blocking at the ISP; that is, the station remains the largest hurdle to the technology’s practical needed to be able to stop packets in individual tag- scalability, even with relatively limited scale, Refraction carrying TCP connections from reaching their destina- can meet a critical real-world need as a fall-back trans- tion. This lets the station pretend to be the decoy server port that can provide service when other, lighter-weight without the real decoy responding to the client’s pack- transports are disrupted by censors. ets. While this makes for a conceptually simpler design, The remainder of this paper is structured as follows. inline blocking is expensive to do in production ISP In Section 2, we discuss existing techniques for and use networks, where traffic can exceed 100s of Gbps. Inline of Refraction Networking. We then describe our deploy- blocking devices also carry a higher risk of failing closed, ment’s architecture in Section 3. In Section 4, we quan- which would disrupt other network traffic, making ISPs tify the performance of our deployment using data from leery of deploying the Telex-era protocols. the first four months of 2019. We end the discussion with To address this concern, researchers developed Tap- a comparison to existing decoy routing schemes. In Sec- Dance [27], which only requires a passive tap at the ISP tion 5, we draw lessons from our deployment experience. station, obviating the need for inline blocking. Instead, Finally, we conclude in Section 6. Running Refraction Networking for Real 323 TapDance clients mute the decoy server by sending an 3.1 Station Placement incomplete HTTP request inside the encrypted TLS con- nection.
Load more

Recommended publications
  • An ISP-Scale Deployment of Tapdance
    An ISP-Scale Deployment of TapDance Sergey Frolov Fred Douglas Will Scott Eric Wustrow Google Allison McDonald University of Colorado Boulder Benjamin VanderSloot University of Michigan Rod Hynes Michalis Kallitsis David G. Robinson Adam Kruger Merit Network Upturn Psiphon Steve Schultze Nikita Borisov J. Alex Halderman Georgetown University Law University of Illinois University of Michigan Center ABSTRACT network operators, who provide censorship circumvention In this talk, we will report initial results from the world’s functionality for any connection that passes through their net- first ISP-scale field trial of a refraction networking system. works. To accomplish this, clients make HTTPS connections Refraction networking is a next-generation censorship cir- to sites that they can reach, where such connections traverse cumvention approach that locates proxy functionality in the a participating network. The participating network operator middle of the network, at participating ISPs or other network recognizes a steganographic signal from the client and ap- operators. We built a high-performance implementation of pends the user’s requested data to the encrypted connection the TapDance refraction networking scheme and deployed it response. From the perspective of the censor, these connec- on four ISP uplinks with an aggregate bandwidth of 100 Gbps. tions are indistinguishable from normal TLS connections to Over one week of operation, our deployment served more sites the censor has not blocked. To block the refraction con- than 50,000 real users. The experience demonstrates that nections, the censor would need to block all connections that TapDance can be practically realized at ISP scale with good traverse a participating network.
    [Show full text]
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • Enhancing System Transparency, Trust, and Privacy with Internet Measurement
    Enhancing System Transparency, Trust, and Privacy with Internet Measurement by Benjamin VanderSloot A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science and Engineering) in the University of Michigan 2020 Doctoral Committee: Professor J. Alex Halderman, Chair Assistant Professor Roya Ensafi Research Professor Peter Honeyman Assistant Professor Baris Kasikci Professor Kentaro Toyama Benjamin VanderSloot [email protected] ORCID iD: 0000-0001-6528-3927 © Benjamin VanderSloot 2020 ACKNOWLEDGEMENTS First and foremost, I thank my wife-to-be, Alexandra. Without her unwavering love and support, this dissertation would have remained unfinished. Without her help, the ideas here would not be as strong. Without her, I would not be here. Thanks are also due to my advisor, J. Alex Halderman, for giving me the independence and support I needed to find myself. I also thank Peter Honeyman for sharing his experience freely, both with history lessons and mentorship. Thank you Roya Ensafi, for watching out for me since we met. Thank you Baris Kasikci and Kentaro Toyama, for helping me out the door, in spite of the ongoing pandemic. I owe a great debt to my parents, Craig and Teresa VanderSloot, for raising me so well. No doubt the lessons about perseverance and hard work were put to good use. Your pride has been fuel to my fire for a very long time now. I also owe so much to my sister, Christine Kirbitz, for being the best example a little brother could hope for. I always had a great path to follow and an ear to share my problems with.
    [Show full text]
  • Predictroute: a Network Path Prediction Toolkit
    PredictRoute: A Network Path Prediction Toolkit RACHEE SINGH, University of Massachusetts, Amherst, USA DAVID TENCH, University of Massachusetts, Amherst, USA PHILLIPA GILL, University of Massachusetts, Amherst, USA ANDREW MCGREGOR, University of Massachusetts, Amherst, USA Accurate prediction of network paths between arbitrary hosts on the Internet is of vital importance for network operators, cloud providers, and academic researchers. We present PredictRoute, a system that predicts network paths between hosts on the Internet using historical knowledge of the data and control plane. In addition to feeding on freely available traceroutes and BGP routing tables, PredictRoute optimally explores network paths towards chosen BGP prefixes. PredictRoute’s strategy for exploring network paths discovers 4X more autonomous system (AS) hops than other well-known strategies used in practice today. Using a corpus of traceroutes, PredictRoute trains probabilistic models of routing towards prefixes on the Internet to predict network paths and their likelihood. PredictRoute’s AS-path predictions differ from the measured path byat most 1 hop, 75% of the time. We expose PredictRoute’s path prediction capability via a REST API to facilitate its inclusion in other applications and studies. We additionally demonstrate the utility of PredictRoute in improving real-world applications for circumventing Internet censorship and preserving anonymity online. CCS Concepts: • Mathematics of computing ! Paths and connectivity problems; Markov networks; • Net- works ! Routing protocols; Wide area networks; Public Internet. Additional Key Words and Phrases: network measurement; Internet path prediction ACM Reference Format: Rachee Singh, David Tench, Phillipa Gill, and Andrew McGregor. 2021. PredictRoute: A Network Path Prediction Toolkit . Proc. ACM Meas. Anal. Comput. Syst.
    [Show full text]
  • The Use of TLS in Censorship Circumvention
    The use of TLS in Censorship Circumvention Sergey Frolov Eric Wustrow University of Colorado Boulder University of Colorado Boulder [email protected] [email protected] Abstract—TLS, the Transport Layer Security protocol, has TLS [54], and adoption continues to grow as more websites, quickly become the most popular protocol on the Internet, already services, and applications switch to TLS. used to load over 70% of web pages in Mozilla Firefox. Due to its ubiquity, TLS is also a popular protocol for censorship Given the prevalence of TLS, it is commonly used by circumvention tools, including Tor and Signal, among others. circumvention tools to evade Internet censorship. Because However, the wide range of features supported in TLS makes censors can easily identify and block custom protocols [30], it possible to distinguish implementations from one another by circumvention tools have turned to using existing protocols. what set of cipher suites, elliptic curves, signature algorithms, and TLS offers a convenient choice for these tools, providing other extensions they support. Already, censors have used deep plenty of legitimate cover traffic from web browsers and packet inspection (DPI) to identify and block popular circumven- other TLS user, protection of content from eavesdroppers, and tion tools based on the fingerprint of their TLS implementation. several libraries to choose from that support it. In response, many circumvention tools have attempted to mimic popular TLS implementations such as browsers, but this However, simply using TLS for a transport protocol is technique has several challenges. First, it is burdensome to keep not enough to evade censors. Since TLS handshakes are not up with the rapidly-changing browser TLS implementations, and encrypted, censors can identify a client’s purported support for know what fingerprints would be good candidates to mimic.
    [Show full text]
  • Conjure: Summoning Proxies from Unused Address Space
    Conjure: Summoning Proxies from Unused Address Space Sergey Frolov Jack Wampler Sze Chuen Tan University of Colorado Boulder University of Colorado Boulder UIUC J. Alex Halderman Nikita Borisov Eric Wustrow University of Michigan UIUC University of Colorado Boulder ABSTRACT Refraction Networking (formerly known as “Decoy Routing”) has emerged as a promising next-generation approach for circumvent- ing Internet censorship. Rather than trying to hide individual cir- cumvention proxy servers from censors, proxy functionality is implemented in the core of the network, at cooperating ISPs in friendly countries. Any connection that traverses these ISPs could be a conduit for the free flow of information, so censors cannot eas- ily block access without also blocking many legitimate sites. While one Refraction scheme, TapDance, has recently been deployed at ISP-scale, it suffers from several problems: a limited number of “decoy” sites in realistic deployments, high technical complexity, Figure 1: Conjure Overview — An ISP deploys a Conjure station, which and undesirable tradeoffs between performance and observability sees a passive tap of passing traffic. Following a steganographic registration by the censor. These challenges may impede broader deployment process, a client can connect to an unused IP address in the ISP’s AS, and and ultimately allow censors to block such techniques. the station will inject packets to communicate with the client as if there were a proxy server at that address. We present Conjure, an improved Refraction Networking ap- proach that overcomes these limitations by leveraging unused ad- dress space at deploying ISPs. Instead of using real websites as the decoy destinations for proxy connections, our scheme connects 1 INTRODUCTION to IP addresses where no web server exists leveraging proxy func- Over half of Internet users globally now live in countries that block tionality from the core of the network.
    [Show full text]
  • Protocol Proxy: an FTE-Based Covert Channel
    Computers & Security 92 (2020) 101777 Contents lists available at ScienceDirect Computers & Security journal homepage: www.elsevier.com/locate/cose Protocol Proxy: An FTE-based covert channel ∗ Jonathan Oakley , Lu Yu, Xingsi Zhong, Ganesh Kumar Venayagamoorthy, Richard Brooks Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA a r t i c l e i n f o a b s t r a c t Article history: In a hostile network environment, users must communicate without being detected. This involves blend- Received 25 September 2019 ing in with the existing traffic. In some cases, a higher degree of secrecy is required. We present a proof- Revised 24 December 2019 of-concept format transforming encryption (FTE)-based covert channel for tunneling TCP traffic through Accepted 22 February 2020 protected static protocols. Protected static protocols are UDP-based protocols with variable fields that can- Available online 24 February 2020 not be blocked without collateral damage, such as power grid failures. We (1) convert TCP traffic to UDP Keywords: traffic, (2) introduce observation-based FTE, and (3) model interpacket timing with a deterministic Hid- Covert channel den Markov Model (HMM). The resulting Protocol Proxy has a very low probability of detection and is Format Transforming Encryption (FTE) an alternative to current covert channels. We tunnel a TCP session through a UDP protocol and guaran- Steganography tee delivery. Observation-based FTE ensures traffic cannot be detected by traditional rule-based analysis Traffic analysis or DPI. A deterministic HMM ensures the Protocol Proxy accurately models interpacket timing to avoid Deep Packet Inspection (DPI) detection by side-channel analysis.
    [Show full text]
  • Practical Countermeasures Against Network Censorship
    Practical Countermeasures against Network Censorship by Sergey Frolov B.S.I.T., Lobachevsky State University, 2015 M.S.C.S., University of Colorado, 2017 A thesis submitted to the Faculty of the Graduate School of the University of Colorado in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Computer Science 2020 Committee Members: Eric Wustrow, Chair Prof. Sangtae Ha Prof. Nolen Scaife Prof. John Black Prof. Eric Keller Dr. David Fifield ii Frolov, Sergey (Ph.D., Computer Science) Practical Countermeasures against Network Censorship Thesis directed by Prof. Eric Wustrow Governments around the world threaten free communication on the Internet by building increasingly complex systems to carry out Network Censorship. Network Censorship undermines citizens’ ability to access websites and services of their preference, damages freedom of the press and self-expression, and threatens public safety, motivating the development of censorship circumvention tools. Inevitably, censors respond by detecting and blocking those tools, using a wide range of techniques including Enumeration Attacks, Deep Packet Inspection, Traffic Fingerprinting, and Active Probing. In this dissertation, I study some of the most common attacks, actually adopted by censors in practice, and propose novel attacks to assist in the development of defenses against them. I describe practical countermeasures against those attacks, which often rely on empiric measurements of real-world data to maximize their efficiency. This dissertation also reports how this work has been successfully deployed to several popular censorship circumvention tools to help censored Internet users break free of the repressive information control. iii Acknowledgements I am thankful to many engineers and researchers from various organizations I had a pleasure to work with, including Google, Tor Project, Psiphon, Lantern, and several universities.
    [Show full text]
  • Obfuscating Network Traffic to Circumvent Censorship
    Obfuscating Network Traffic to Circumvent Censorship Awn Umar MEng Mathematics and Computer Science University of Bristol May 21, 2021 Abstract This report explores some techniques used to censor information in transit on the Internet. The attack surface of the Internet is explained as well as how this affects the potential for abuse by powerful nation state adversaries. Previous research and existing traffic fingerprinting and obfuscation techniques are discussed. Rosen, a modular and flexible proxy tunnel, is introduced and evaluated against state-of-the- art DPI engines, as are some existing censorship circumvention tools. Rosen is also successfully tested from behind the Great Firewall in China. 1 Contents 1 Contextual Background 3 1.1 Information on the Internet.....................................3 1.2 Security of Internet Protocols....................................3 1.3 Exploitation of the Internet by Nation States...........................5 1.3.1 Mass Surveillance.......................................5 1.3.2 Censorship..........................................6 1.4 Ethic of Responsibility........................................7 2 Project Definition 7 2.1 Aim and Objectives.........................................7 2.2 Scope.................................................8 2.3 Vocabulary..............................................8 3 Adversarial Model 8 4 Traffic Identification Methods 11 4.1 Endpoint-Based Filtering...................................... 11 4.2 Traffic Fingerprinting........................................ 13 5 Network
    [Show full text]
  • To Date, Only Tapdance [59], One of Six Refraction Networking Future Censor Techniques with Greater Agility
    CCS ’19, November 11–15, 2019, London, United Kingdom Sergey Frolov, Jack Wampler, Sze Chuen Tan, J. Alex Halderman, Nikita Borisov, and Eric Wustrow To date, only TapDance [59], one of six Refraction Networking future censor techniques with greater agility. We believe that these proposals, has been deployed at ISP scale [20]. advantages will make Conjure a strong choice for future Refraction TapDance was designed for ease of deployment. Instead of in-line Networking deployments. network devices required by earlier schemes, it calls for only a pas- We have released the open source implementation of the Conjure sive tap. This łon-the-sidež approach, though much friendlier from client at https://github.com/refraction-networking/gotapdance/tree/ an ISP’s perspective, leads to major challenges when interposing dark-decoy. in an ongoing client-to-decoy connection: • Implementation is complex and error-prone, requiring kernel 2 BACKGROUND patches or a custom TCP stack. • To avoid detection, the system must carefully mimic subtle Refraction Networking operates by injecting covert communica- features of each decoy’s TCP and TLS behavior. tion inside a client’s HTTPS connection with a reachable site, also • The architecture cannot resist active probing attacks, where known as a decoy site. In a regular HTTPS session, a client es- the censor sends specially crafted packets to determine whether tablishes a TCP connection, performs a TLS handshake with a a suspected connection is using TapDance. destination site, sends an encrypted web request, and receives an • Interactions with the decoy’s network stack limit the length encrypted response. In Refraction Networking, at least one direc- and duration of each connection, forcing TapDance to multi- tion of this exchange is observed by a refraction station, deployed plex long-lived proxy connections over many shorter decoy at some Internet service provider (ISP).
    [Show full text]
  • Decentralized Control: a Case Study of Russia
    Decentralized Control: A Case Study of Russia Reethika Ramesh∗, Ram Sundara Raman∗, Matthew Bernhard∗, Victor Ongkowijaya∗, Leonid Evdokimov†, Anne Edmundson†, Steven Sprecher∗, Muhammad Ikram‡, Roya Ensafi∗ ∗University of Michigan, {reethika, ramaks, matber, victorwj, swsprec, ensafi}@umich.edu ‡ Macquarie University, †Independent, [email protected] Abstract—Until now, censorship research has largely focused decades, receiving significant global and academic attention as a on highly centralized networks that rely on government-run result. [4], [30], [44], [83]. As more citizens of the world begin technical choke-points, such as the Great Firewall of China. to use the Internet and social media, and political tensions begin Although it was previously thought to be prohibitively difficult, to run high, countries with less centralized networks have also large-scale censorship in decentralized networks are on the started to find tools to exert control over the Internet. Recent rise. Our in-depth investigation of the mechanisms underlying years have seen many unsophisticated attempts to wrestle with decentralized information control in Russia shows that such large-scale censorship can be achieved in decentralized networks decentralized networks, such as Internet shutdowns which, due through inexpensive commodity equipment. This new form of to their relative ease of execution, have become the de facto information control presents a host of problems for censorship censorship method of choice in some countries [14], [36], measurement, including difficulty identifying censored content, re- [82]. While some preliminary studies investigating information quiring measurements from diverse perspectives, and variegated control in decentralized networks have examined India [88], censorship mechanisms that require significant effort to identify Thailand [26], Portugal [60], [61], and other countries, there has in a robust manner.
    [Show full text]
  • Traffic Analysis Resistant Infrastructure
    Clemson University TigerPrints All Dissertations Dissertations August 2020 Traffic Analysis Resistant Infrastructure Jonathan Oakley Clemson University, [email protected] Follow this and additional works at: https://tigerprints.clemson.edu/all_dissertations Recommended Citation Oakley, Jonathan, "Traffic Analysis Resistant Infrastructure" (2020). All Dissertations. 2673. https://tigerprints.clemson.edu/all_dissertations/2673 This Dissertation is brought to you for free and open access by the Dissertations at TigerPrints. It has been accepted for inclusion in All Dissertations by an authorized administrator of TigerPrints. For more information, please contact [email protected]. Traffic Analysis Resistant Infrastructure A Dissertation Presented to the Graduate School of Clemson University In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy Computer Engineering by Jonathan Oakley August 2020 Accepted by: Dr. Richard Brooks, Committee Chair Dr. James Martin Dr. Harlan Russell Dr. Kuang-Ching Wang Abstract Network traffic analysis is using metadata to infer information from traffic flows. Network traffic flows are the tuple of source IP, source port, destination IP, and destination port. Additional information is derived from packet length, flow size, interpacket delay, Ja3 signature, and IP header options. Even connections using TLS leak site name and cipher suite to observers. This metadata can profile groups of users or individual behaviors. Statistical properties yield even more information. The hidden Markov model can track the state of protocols where each state transition results in an observation. Format Transforming Encryption (FTE) encodes data as the payload of another protocol. The emulated protocol is called the host protocol. Observation-based FTE is a particular case of FTE that uses real observations from the host protocol for the transformation.
    [Show full text]