DOCSLIB.ORG

Towards More Effective Censorship Resistance Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Towards More Effective Censorship Resistance Systems Towards more Effective Censorship Resistance Systems by Mohammad Tariq Elahi A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Doctor of Philosophy in Computer Science Waterloo, Ontario, Canada, 2015 © Mohammad Tariq Elahi 2015 Some rights reserved. BY NC SA This thesis consists of material all of which I authored or co-authored: see Statement of Contributions included in the thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Statement of Contributions The content in Chapter 2 was co-authored with Colleen Swanson, who provided the dis- cussion of the global adversary and the failed limited sphere of influence assumption. John Doucette provided the framework and preliminary analysis of the simple censor cases, Steven Murdoch provided the real world problem motivation and the simulator and its de- scription, and Hadi Hosseini provided a portion of the related work discussion in Chapter 3. George Danezis provided a sketch and core code for the two PrivEx variants in Chapter 4. Kevin Bauer provided the Tor simulation patch and scripts while Mashael AlSabah pro- vided the related work discussion in Chapter 5. The rest of this thesis contains original content and was authored under the supervision of Ian Goldberg. iii Abstract Internet censorship resistance systems (CRSs) have so far been designed in an ad-hoc manner. The fundamentals are unclear and the foundations are shaky. Censors are, more and more, able to take advantage of this situation. Future censorship resistance systems ought to be built from strong theoretical underpinnings and be based on empirical evidence. Our approach is based on systematizing the CRS field and its players. Informed by this systematization we develop frameworks that have broad scope, from which we gain general insight as well as answers to specific questions. We develop theoretical and simulation- based analysis tools 1) for learning how to manipulate censor behavior using game-theoretic tactics, 2) for learning about CRS-client activity levels on CRS networks, and finally 3) for evaluating security parameters in CRS designs. We learn that there are gaps in the CRS designer’s arsenal: certain censor attacks go unmitigated and the dynamics of the censorship arms race are not modeled. Our game- theoretic analysis highlights how managing the base rate of CRS traffic can cause stable equilibriums where the censor allows some amount of CRS communication to occur. We design and deploy a privacy-preserving data gathering tool, and use it to collect statistics to help answer questions about the prevalence of CRS-related traffic in actual CRS commu- nication networks. Finally, our security evaluation of a popular CRS exposes suboptimal settings, which have since been optimized according to our recommendations. All of these contributions help support the thesis that more formal and empirically driven CRS designs can have better outcomes than the current state of the art. iv Acknowledgements الْحَمْدُ رَبِّل َِل ّهِ الْعَالَمِين These too few and inadequate words on this page can not convey the gratitude that I have for the many mentors and supporters who have made possible this work, nor can the sum of their influence and impact on myself and where I now stand be bound between these covers; and yet, to thank them I must try. Foremost is Ian Goldberg, my supervisor. I am truly indebted to him for his generosity; from the freedom to take my time to explore and pick my topic, to the copious funding that allowed me to focus on research, to all the time that I stole away by walking into his always-open office with questions, and to the always collegial manner in which heshared his knowledge and helped me work towards answers. I am grateful to Nick Hopper for agreeing to be my external examiner and for spear- heading the many areas of Internet censorship resistance that make it an interesting and active field. I am grateful also to Srinivasan Keshav and Bernard Wong for their invalu- able critique and feedback of my research proposal and along with Mahesh Tripunitara for agreeing to be on my examining committee. I would like to thank my many co-authors, especially Mashael Alsabah, Kevin Bauer, George Danezis, Roger Dingledine, John Doucette, Hadi Hoseinni, Steven Murdoch, and Colleen Swanson, for the great fun we have had solving hard problems and fighting the good fight. I would also like to call out my CrySP lab mates Erinn Atwater, Cecylia Bocovic, Navid Esfahani, Sarah Harvey, Kevin Henry, Ryan Henry, Atif Khan, Hassan Khan, Nikolas Unger, Jalaj Upadhyay, and certainly not least, Tao Wang, for their gracious mental agility, unconditional emotional support, and overall inclusiveness which made the CrySP lab a home away from home and the Vortex a never-ending ride. Finally, and with great affection, I want to thank my family—Ammi, Baba, Sanobar, Bilal, and Sundus—for your unyielding faith in me as I embarked on this uncharted journey. My dearest wife Mahvish, I will never forget the sacrifices you have made, the endless support you bolstered me up with, and your wit and humor when I was feeling overwhelmed; you have made all the difference. Little Sophia, the wheels on the bus do go roundand round, and may they always turn forever more. v In Memoriam Mehboob Elahi (1951–1998) vi Table of Contents List of Tables xi List of Figures xii 1 Introduction 1 1.1 Motivation .................................... 2 1.2 Contributions .................................. 4 2 A Systematization of Internet Censorship and Resistance 5 2.1 CRS Users and Use Cases ........................... 8 2.2 Internet Censorship ............................... 11 2.2.1 A Model of Censorship Apparatus .................. 12 2.2.2 General Censor Threat Model ..................... 15 2.2.3 General Censor Goals ......................... 16 2.3 Censorship Resistance ............................. 16 2.3.1 Censorship Resistance Components .................. 16 2.4 Attack Surfaces ................................. 21 2.4.1 CRS Information ............................ 21 2.4.2 Dissemination channel ......................... 22 2.4.3 Data channel .............................. 23 2.4.4 Overt and Covert Destinations .................... 23 vii 2.4.5 CRS Client ............................... 24 2.5 Desired CRS Design Goals ........................... 25 2.6 Censorship Resistance Strategies ....................... 27 2.6.1 Exposure Phase ............................. 28 2.6.2 Detection Phase ............................ 32 2.6.3 Response Phase ............................. 35 2.7 Attack Mitigation and Remaining Gaps .................... 37 2.7.1 CRS Information and the Dissemination Channel .......... 37 2.7.2 Data Channel .............................. 39 2.7.3 Overt and Covert Destinations .................... 40 2.7.4 CRS Client ............................... 41 2.7.5 Mitigation Summary and Trends ................... 41 2.8 Revisiting Use Cases—Security and QoS ................... 43 2.9 Revisiting Collateral Damage ......................... 46 2.10 Conclusions ................................... 47 3 Game-Theoretic Approaches to CRS Design 50 3.1 Introduction ................................... 50 3.2 Censorship Games ............................... 52 3.3 A Simple Censor Model ............................ 53 3.3.1 Step 1: Single Round, No Apparatus ................. 53 3.3.2 Step 2: Multiple Rounds, No Apparatus ............... 55 3.3.3 Step 3: Multiple Rounds, With an Apparatus ............ 57 3.4 More Realistic Censor Models ......................... 61 3.4.1 Strategy Simulator ........................... 63 3.4.2 Parameter Analysis ........................... 67 3.5 Closing the Loop ................................ 70 3.5.1 Methodology .............................. 71 viii 3.5.2 Censor Equivalence Classes ...................... 72 3.6 Related Work .................................. 74 3.7 Conclusion .................................... 75 4 Privacy-preserving Collection of CRS Statistics 77 4.1 Introduction ................................... 77 4.2 Background ................................... 79 4.3 Threat Model .................................. 82 4.4 The PrivEx Schemes .............................. 83 4.4.1 PrivEx based on Secret Sharing .................... 83 4.4.2 PrivEx based on Distributed Decryption ............... 85 4.4.3 PrivEx Scheme Comparison ...................... 88 4.4.4 Calculating and Applying Noise .................... 89 4.5 Security Analysis ................................ 94 4.5.1 Resistance to Attacks ......................... 94 4.5.2 Correlation Attack with Auxiliary Information ............ 96 4.5.3 Security Proof for PrivEx-D2 Variant ................. 96 4.6 Implementation ................................. 99 4.6.1 Computational Overhead ....................... 100 4.6.2 Communication Overhead ....................... 102 4.7 Real-World Deployment ............................ 105 4.8 Related Work .................................. 108 4.9 Future Work .................................. 111 4.10 Conclusion .................................... 111 5 An Analysis of Path Selection Security in Tor 113 5.1 Introduction ................................... 113 5.2 Background ................................... 116 ix 5.2.1 Tor Overview .............................. 116 5.2.2 Entry Guard Relays .........................
Load more

Recommended publications
  • Reporters Without Borders TV5 Monde Prize 2015 Nominees
    Reporters Without Borders ­ TV5 Monde Prize 2015 Nominees Journalist Category Mahmoud Abou Zeid, aka Shawkan (Egypt) “I am a photojournalist, not a criminal,” Shawkan wrote from Tora prison in February. “My ​ ​ ​ indefinite detention is psychologically unbearable. Not even animals would survive in these conditions." ​ Shawkan is an Egyptian freelance photojournalist who has been in pre­trial detention for more than 760 days. He was arrested on 14 August 2013 while providing the US photojournalism agency Demotix and the US digital media company Corbis with coverage of ​ ​ ​ ​ the violence used to disperse demonstrations by deposed President Mohamed Morsi’s supporters in Rabiaa Al­Awadiya Square. Three journalists were killed that day in connection with their work Aged 28, Shawkan covered developments in Egypt closely from Mubarak’s fall to Morsi’s overthrow and on several occasions obtained striking shots of the popular unrest. His detention became illegal in August of this year because, under Egyptian law, pre­trial detention may surpass two years only in exceptional cases. Few people in Egypt have ever been held pending trial as long as him. A date has finally been set for the start of his trial, 12 December 2015, when he will be prosecuted before a Cairo criminal court along with more than 700 other defendants including members of the Muslim Brotherhood, which was declared a terrorist organization in December 2013. Many charges have been brought against him without any evidence, according to his lawyer, Karim Abdelrady. The most serious include joining a banned organization [the Muslim Brotherhood], murder, attacking the security forces and possession of weapons.
    [Show full text]
  • The Limits of Commercialized Censorship in China
    The Limits of Commercialized Censorship in China Blake Miller∗ September 27, 2018 Abstract Despite massive investment in China's censorship program, internet platforms in China are rife with criticisms of the government and content that seeks to organize opposition to the ruling Communist Party. Past works have attributed this \open- ness" to deliberate government strategy or lack of capacity. Most, however, do not consider the role of private social media companies, to whom the state delegates information controls. I suggest that the apparent incompleteness of censorship is largely a result of principal-agent problems that arise due to misaligned incentives of government principals and private media company agents. Using a custom dataset of annotated leaked documents from a social media company, Sina Weibo, I find that 16% of directives from the government are disobeyed by Sina Weibo and that disobedience is driven by Sina's concerns about censoring more strictly than com- petitor Tencent. I also find that the fragmentation inherent in the Chinese political system exacerbates this principal agent problem. I demonstrate this by retrieving actual censored content from large databases of hundreds of millions of Sina Weibo posts and measuring the performance of Sina Weibo's censorship employees across a range of events. This paper contributes to our understanding of media control in China by uncovering how market competition can lead media companies to push back against state directives and increase space for counterhegemonic discourse. ∗Postdoctoral Fellow, Program in Quantitative Social Science, Dartmouth College, Silsby Hall, Hanover, NH 03755 (E-mail: [email protected]). 1 Introduction Why do scathing criticisms, allegations of government corruption, and content about collective action make it past the censors in China? Past works have theorized that regime strategies or state-society conflicts are the reason for incomplete censorship.
    [Show full text]
  • Shedding Light on Mobile App Store Censorship
    Shedding Light on Mobile App Store Censorship Vasilis Ververis Marios Isaakidis Humboldt University, Berlin, Germany University College London, London, UK [email protected] [email protected] Valentin Weber Benjamin Fabian Centre for Technology and Global Affairs University of Telecommunications Leipzig (HfTL) University of Oxford, Oxford, UK Humboldt University, Berlin, Germany [email protected] [email protected] ABSTRACT KEYWORDS This paper studies the availability of apps and app stores across app stores, censorship, country availability, mobile applications, countries. Our research finds that users in specific countries do China, Russia not have access to popular app stores due to local laws, financial reasons, or because countries are on a sanctions list that prohibit ACM Reference Format: Vasilis Ververis, Marios Isaakidis, Valentin Weber, and Benjamin Fabian. foreign businesses to operate within its jurisdiction. Furthermore, 2019. Shedding Light on Mobile App Store Censorship. In 27th Conference this paper presents a novel methodology for querying the public on User Modeling, Adaptation and Personalization Adjunct (UMAP’19 Ad- search engines and APIs of major app stores (Google Play Store, junct), June 9–12, 2019, Larnaca, Cyprus. ACM, New York, NY, USA, 6 pages. Apple App Store, Tencent MyApp Store) that is cross-verified by https://doi.org/10.1145/3314183.3324965 network measurements. This allows us to investigate which apps are available in which country. We primarily focused on the avail- ability of VPN apps in Russia and China. Our results show that 1 INTRODUCTION despite both countries having restrictive VPN laws, there are still The widespread adoption of smartphones over the past decade saw many VPN apps available in Russia and only a handful in China.
    [Show full text]
  • Internet Infrastructure Review Vol.27
    Internet Infrastructure Vol.27 Review May 2015 Infrastructure Security Increasingly Malicious PUAs Messaging Technology Anti-Spam Measure Technology and DMARC Trends Web Traffic Report Report on Access Log Analysis Results for Streaming Delivery of the 2014 Summer Koshien Inte r ne t In f r ast r uc t ure Review Vol.27 May 2015 Executive Summary ———————————————————3 1. Infrastructure Security ———————————————4 Table of Contents Table 1.1 Introduction —————————————————————— 4 1.2 Incident Summary ——————————————————— 4 1.3 Incident Survey ——————————————————— 11 1.3.1 DDoS Attacks —————————————————————— 11 1.3.2 Malware Activities ———————————————————— 13 1.3.3 SQL Injection Attacks —————————————————— 16 1.3.4 Website Alterations ——————————————————— 17 1.4 Focused Research —————————————————— 18 1.4.1 Increasingly Malicious PUAs —————————————— 18 1.4.2 ID Management Technology: From a Convenience and Security Perspective ————— 22 1.4.3 Evaluating the IOCs of Malware That Reprograms HDD Firmware —————————————————————— 25 1.5 Conclusion —————————————————————— 27 2. Messaging Technology —————————————— 28 2.1 Introduction ————————————————————— 28 2.2 Spam Trends ————————————————————— 28 2.2.1 Spam Ratios Decline Further in FY2014 ————————— 28 2.2.2 Higher Risks Despite Lower Volumes —————————— 29 2.3 Trends in Email Technologies ——————————— 29 2.3.1 The DMARC RFC ————————————————————— 29 2.3.2 Problems with DMARC and Reporting —————————— 30 2.3.3 Use of DMARC by Email Recipients ——————————— 30 2.3.4 Domain Reputation ——————————————————— 31 2.3.5
    [Show full text]
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • Cyber Defense Emagazine – June 2018 Edition Copyright © Cyber Defense Magazine, All Rights Reserved Worldwide
    …130+ Packed Pages This Month… CyberDefenseTV.com continues to grow with more interviews of C level executives in the Cyber HotSeat… BlackHat Trip Report and Great C Level InfoSec Thought Leader interviews… Transforming Cyber Security An End to the Era of Passwords? The Impact of SOAR on Incident Response Steps The Art of Phishing and How To Fight It …and much more… 1 Cyber Defense eMagazine – June 2018 Edition Copyright © Cyber Defense Magazine, All rights reserved worldwide CONTENTS BlackHat Conference 2018 Trip Report........................................................................................ 15 Transforming Cyber Security........................................................................................................ 35 Cyber Security Tips for Business Travelers................................................................................... 38 Building blocks to manage the supply chain ............................................................................... 40 Cyber PSYOP: The New Way to Impact Opinons and Politics ..................................................... 42 Let Passwords Go Extinct ............................................................................................................. 45 The Impact of SOAR on Incident Response Steps ........................................................................ 47 2018 is Late but Still the Right Time to Bid Goodbye to Malware Prone SMBv1 ...................... 50 Best Practices for DDoS Mitigation in the Terabit Attack Era ...................................................
    [Show full text]
  • Style Counsel: Seeing the (Random) Forest for the Trees in Adversarial Code Stylometry∗
    Style Counsel: Seeing the (Random) Forest for the Trees in Adversarial Code Stylometry∗ Christopher McKnight Ian Goldberg Magnet Forensics University of Waterloo [email protected] [email protected] ABSTRACT worm based on an examination of the reverse-engineered code [17], The results of recent experiments have suggested that code stylom- casting style analysis as a forensic technique. etry can successfully identify the author of short programs from This technique, however, may be used to chill speech for soft- among hundreds of candidates with up to 98% precision. This poten- ware developers. There are several cases of developers being treated tial ability to discern the programmer of a code sample from a large as individuals of suspicion, intimidated by authorities and/or co- group of possible authors could have concerning consequences for erced into removing their software from the Internet. In the US, the open-source community at large, particularly those contrib- Nadim Kobeissi, the Canadian creator of Cryptocat (an online se- utors that may wish to remain anonymous. Recent international cure messaging application) was stopped, searched, and questioned events have suggested the developers of certain anti-censorship by Department of Homeland Security officials on four separate oc- and anti-surveillance tools are being targeted by their governments casions in 2012 about Cryptocat and the algorithms it employs [16]. and forced to delete their repositories or face prosecution. In November 2014, Chinese developer Xu Dong was arrested, pri- In light of this threat to the freedom and privacy of individual marily for political tweets, but also because he allegedly “committed programmers around the world, we devised a tool, Style Counsel, to crimes of developing software to help Chinese Internet users scale aid programmers in obfuscating their inherent style and imitating the Great Fire Wall of China” [4] in relation to proxy software he another, overt, author’s style in order to protect their anonymity wrote.
    [Show full text]
  • Digital Authoritarianism and the Global Threat to Free Speech Hearing
    DIGITAL AUTHORITARIANISM AND THE GLOBAL THREAT TO FREE SPEECH HEARING BEFORE THE CONGRESSIONAL-EXECUTIVE COMMISSION ON CHINA ONE HUNDRED FIFTEENTH CONGRESS SECOND SESSION APRIL 26, 2018 Printed for the use of the Congressional-Executive Commission on China ( Available at www.cecc.gov or www.govinfo.gov U.S. GOVERNMENT PUBLISHING OFFICE 30–233 PDF WASHINGTON : 2018 VerDate Nov 24 2008 12:25 Dec 16, 2018 Jkt 081003 PO 00000 Frm 00001 Fmt 5011 Sfmt 5011 C:\USERS\DSHERMAN1\DESKTOP\VONITA TEST.TXT DAVID CONGRESSIONAL-EXECUTIVE COMMISSION ON CHINA LEGISLATIVE BRANCH COMMISSIONERS Senate House MARCO RUBIO, Florida, Chairman CHRIS SMITH, New Jersey, Cochairman TOM COTTON, Arkansas ROBERT PITTENGER, North Carolina STEVE DAINES, Montana RANDY HULTGREN, Illinois JAMES LANKFORD, Oklahoma MARCY KAPTUR, Ohio TODD YOUNG, Indiana TIM WALZ, Minnesota DIANNE FEINSTEIN, California TED LIEU, California JEFF MERKLEY, Oregon GARY PETERS, Michigan ANGUS KING, Maine EXECUTIVE BRANCH COMMISSIONERS Not yet appointed ELYSE B. ANDERSON, Staff Director PAUL B. PROTIC, Deputy Staff Director (ii) VerDate Nov 24 2008 12:25 Dec 16, 2018 Jkt 081003 PO 00000 Frm 00002 Fmt 0486 Sfmt 0486 C:\USERS\DSHERMAN1\DESKTOP\VONITA TEST.TXT DAVID C O N T E N T S STATEMENTS Page Opening Statement of Hon. Marco Rubio, a U.S. Senator from Florida; Chair- man, Congressional-Executive Commission on China ...................................... 1 Statement of Hon. Christopher Smith, a U.S. Representative from New Jer- sey; Cochairman, Congressional-Executive Commission on China .................. 4 Cook, Sarah, Senior Research Analyst for East Asia and Editor, China Media Bulletin, Freedom House ..................................................................................... 6 Hamilton, Clive, Professor of Public Ethics, Charles Sturt University (Aus- tralia) and author, ‘‘Silent Invasion: China’s Influence in Australia’’ ............
    [Show full text]
  • July 20, 2020 the Honorable David N. Cicilline Chairman
    July 20, 2020 The Honorable David N. Cicilline Chairman, Subcommittee on Antitrust, Commercial and Administrative Law U.S. House of Representatives Subject: House Judiciary Committee’s July 27 hearing of Apple’s CEO Tim Cook Chairman Cicilline, GreatFire is a China-based, anti-censorship organization that has been working since 2011 to bring transparency to online censorship in China and to help Chinese citizens to freely access information. We would like to draw to your attention Apple’s current policy of censorship of its App Store, which constitutes a serious abuse of its dominant position in the digital marketplace as well as a violation of human rights. On July 27, the Subcommittee on Antitrust, Commercial and Administrative Law of the U.S House of Representatives Judiciary Committee will question Apple Inc. CEO Tim Cook, along with the CEOs of Amazon, Google and Facebook, as part of the Committee’s ongoing investigation into competition in the digital marketplace. The “Online Platforms and Market Power, Part 6: Examining the Dominance of Amazon, Facebook, Google and Apple” hearing will conclude an investigation which began last year and has already covered Apple’s anti-competitive practices and their impact, most notably on a “Free and Diverse Press”. We believe that one crucial consequence of Apple’s dominant position in the digital market has not been covered by the investigation: Apple’s opaque and arbitrary management of its China App Store. In China, currently Apple’s biggest market worldwide, Apple directly collaborates with the Chinese authorities to censor apps that the government does not want its population to use.
    [Show full text]
  • Success Strategies in Emerging Iranian American Women Leaders
    Pepperdine University Pepperdine Digital Commons Theses and Dissertations 2017 Success strategies in emerging Iranian American women leaders Sanam Minoo Follow this and additional works at: https://digitalcommons.pepperdine.edu/etd Recommended Citation Minoo, Sanam, "Success strategies in emerging Iranian American women leaders" (2017). Theses and Dissertations. 856. https://digitalcommons.pepperdine.edu/etd/856 This Dissertation is brought to you for free and open access by Pepperdine Digital Commons. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of Pepperdine Digital Commons. For more information, please contact [email protected], [email protected], [email protected]. Pepperdine University Graduate School of Education and Psychology SUCCESS STRATEGIES IN EMERGING IRANIAN AMERICAN WOMEN LEADERS A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Education in Organizational Leadership by Sanam Minoo July, 2017 Farzin Madjidi, Ed.D. – Dissertation Chairperson This dissertation, written by Sanam Minoo under the guidance of a Faculty Committee and approved by its members, has been submitted to and accepted by the Graduate Faculty in partial fulfillment of the requirements for the degree of DOCTOR OF EDUCATION Doctoral Committee: Farzin Madjidi, Ed.D., Chairperson Lani Simpao Fraizer, Ed.D. Gabriella Miramontes, Ed.D. © Copyright by Sanam Minoo 2017 All Rights Reserved TABLE OF CONTENTS Page LIST OF TABLES ........................................................................................................................
    [Show full text]
  • Cloudtransport: Using Cloud Storage for Censorship-Resistant Networking
    CloudTransport: Using Cloud Storage for Censorship-Resistant Networking Chad Brubaker1,2, Amir Houmansadr2, and Vitaly Shmatikov2 1 Google 2 The University of Texas at Austin Abstract. Censorship circumvention systems such as Tor are highly vulnerable to network-level filtering. Because the traffic generated by these systems is disjoint from normal network traffic, it is easy to recog- nize and block, and once the censors identify network servers (e.g., Tor bridges) assisting in circumvention, they can locate all of their users. CloudTransport is a new censorship-resistant communication system that hides users’ network traffic by tunneling it through a cloud storage ser- vice such as Amazon S3. The goal of CloudTransport is to increase the censors’ economic and social costs by forcing them to use more expen- sive forms of network filtering, such as large-scale traffic analysis, or else risk disrupting normal cloud-based services and thus causing collateral damage even to the users who are not engaging in circumvention. Cloud- Transport’s novel passive-rendezvous protocol ensures that there are no direct connections between a CloudTransport client and a CloudTrans- port bridge. Therefore, even if the censors identify a CloudTransport connection or the IP address of a CloudTransport bridge, this does not help them block the bridge or identify other connections. CloudTransport can be used as a standalone service, a gateway to an anonymity network like Tor, or a pluggable transport for Tor. It does not require any modifications to the existing cloud storage, is compatible with multiple cloud providers, and hides the user’s Internet destinations even if the provider is compromised.
    [Show full text]
  • A Privacy Threat for Internet Users in Internet-Censoring Countries
    A Privacy Threat for Internet Users in Internet-censoring Countries Feno Heriniaina R. College of Computer Science, Chongqing University, Chongqing, China Keywords: Censorship, Human Computer Interaction, Privacy, Virtual Private Networks. Abstract: Online surveillance has been increasingly used by different governments to control the spread of information on the Internet. The magnitude of this activity differs widely and is based primarily on the areas that are deemed, by the state, to be critical. Aside from the use of keywords and the complete domain name filtering technologies, Internet censorship can sometimes even use the total blocking of IP addresses to censor content. Despite the advances, in terms of technology used for Internet censorship, there are also different types of circumvention tools that are available to the general public. In this paper, we report the results of our investigation on how migrants who previously had access to the open Internet behave toward Internet censorship when subjected to it. Four hundred and thirty-two (432) international students took part in the study that lasted two years. We identified the most common circumvention tools that are utilized by the foreign students in China. We investigated the usability of these tools and monitored the way in which they are used. We identified a behaviour-based privacy threat that puts the users of circumvention tools at risk while they live in an Internet-censoring country. We also recommend the use of a user-oriented filtering method, which should be considered as part of the censoring system, as it enhances the performance of the screening process and recognizes the real needs of its users.
    [Show full text]