Circumventing Web Surveillance Using Covert Channels
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Covert Channel Capacity
COVERT CHANNEL CAPACITY Jonathan K. Millen The MITRE Corporation Bedford, MA 01730 Techniques for detecting covert channels are Some models are aimed at defining information based on information flow models. This paper flow exactly, with necessary and sufficient conditions. establishes a connection between Shannon’s theory These models share the philosophy that information of communication and information flow models, such flow in a computer security context is related to as the Goguen-Meseguer model, that view a reference inference: if one user can, by observing outputs monitor as a state-transition automaton. The channel available to him, deduce something about inputs from associated with a machine and a compromise policy is another user, there has been some information flow. defined, and the capacity of that channel is taken as a Conversely, if there is no information flow, the user’s measure of covert channel information rate. outputs would be the same regardless of the input from the other user. This ap roach was suggested in f INTRODUCTION a paper by Jones and Lipton investigating protection mechanisms in the context of computations, considered as functions rather than machines. This One of the objectives of computer security is to paper defined a security policy as an prevent the unauthorized disclosure of information. information-hiding function applied to the input, and Models of protection mechanisms and policies that said that a protection mechanism was “sound” if the espouse this objective fall into one of two categories: computational values received by the user could have access control models or information flow models. been obtained from such censored input. -
THE BUSINESS of CENSORSHIP: CONTENT MANAGEMENT and the CHINESE ECONOMY By
THE BUSINESS OF CENSORSHIP: CONTENT MANAGEMENT AND THE CHINESE ECONOMY by JOSHUA CLARK B.A. (Hons.), Queen's University at Kingston, 2009 MASTER OF ARTS in THE FACULTY OF GRADUATE STUDIES (Political Science) THE UNIVERSITY OF BRITISH COLUMBIA (Vancouver) August 2010 ©Joshua Clark, 2010 Abstract Content control and censorship on the Internet are increasingly important topics for scholars of democratization, media and communications. Most studies have examined the relationship between the Internet, content management and various elements important to democratization such as the formation of civil society organizations. This thesis attempts to expand this discussion by examining the effects of online content management on economic systems, using the People's Republic of China as an example. China features a globally integrated economy that is increasing dependent on manufacturing and services while simultaneously maintaining one of the most extensive online content management systems in the world. This paper attempts to show how the Communist Party of China is able to reconcile the need for connectivity in order to drive their economy while maintaining political control. It also discusses the long-term implications of this strategy. The first section consists of a series of quantitative and qualitative tests to determine how various classes of websites are managed. These tests reveal that in order to maintain the flow of information necessary for a globally integrated economy, the Chinese Communist Party utilizes strategies that manage but not block the information flows related to business. This survey is followed by a case study examining the relationship between Google and China, and the implications of Chinese regulation and control for the broader economy. -
Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses
Poster: Introducing MassBrowser: A Censorship Circumvention System Run by the Masses Milad Nasr∗, Anonymous∗, and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] ∗Equal contribution Abstract—We will present a new censorship circumvention sys- side the censorship regions, which relay the Internet traffic tem, currently being developed in our group. The new system of the censored users. This includes systems like Tor, VPNs, is called MassBrowser, and combines several techniques from Psiphon, etc. Unfortunately, such circumvention systems are state-of-the-art censorship studies to design a hard-to-block, easily blocked by the censors by enumerating their limited practical censorship circumvention system. MassBrowser is a set of proxy server IP addresses [14]. (2) Costly to operate: one-hop proxy system where the proxies are volunteer Internet To resist proxy blocking by the censors, recent circumven- users in the free world. The power of MassBrowser comes from tion systems have started to deploy the proxies on shared-IP the large number of volunteer proxies who frequently change platforms such as CDNs, App Engines, and Cloud Storage, their IP addresses as the volunteer users move to different a technique broadly referred to as domain fronting [3]. networks. To get a large number of volunteer proxies, we This mechanism, however, is prohibitively expensive [11] provide the volunteers the control over how their computers to operate for large scales of users. (3) Poor QoS: Proxy- are used by the censored users. Particularly, the volunteer based circumvention systems like Tor and it’s variants suffer users can decide what websites they will proxy for censored from low quality of service (e.g., high latencies and low users, and how much bandwidth they will allocate. -
Brocade Vyatta Network OS ALG Configuration Guide, 5.2R1
CONFIGURATION GUIDE Brocade Vyatta Network OS ALG Configuration Guide, 5.2R1 Supporting Brocade 5600 vRouter, VNF Platform, and Distributed Services Platform 53-1004711-01 24 October 2016 © 2016, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, and MyBrocade are registered trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands, product names, or service names mentioned of Brocade Communications Systems, Inc. are listed at www.brocade.com/en/legal/ brocade-Legal-intellectual-property/brocade-legal-trademarks.html. Other marks may belong to third parties. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd. -
West Censoring East
West Censoring East The Use of Western Technologies by Middle East Censors 2010-2011 Executive Summary The OpenNet Initiative has documented network filtering of the Internet by national governments in over forty countries worldwide. Countries use this network filtering as one of many methods to control the flow of online content that is objectionable to the filtering governments for social, political, and security reasons. Filtering is particularly appealing to governments as it allows them to control content not published within their national borders. National governments use a variety of technical means to filter the Internet; in this paper, we analyze the use of American- and Canadian- made software for the purpose of government-level filtering in the Middle East and North Africa. In this report, the authors find that nine countries in the region utilize Western-made tools for the purpose of blocking social and political content, effectively blocking a total of over 20 million Internet users from accessing such websites. 1 The authors analyze as well the increasing opacity of the usage of Western-made tools for filtering at the national level. Helmi Noman and Jillian C. York authored this report. ONI principal investigators Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain authored the foreword. Noman is a Senior Research Fellow at the Munk School of Global Affairs, University of Toronto, and is a Berkman Center Research Affiliate. York is the coordinator for the OpenNet Initiative at the Berkman Center for Internet & Society. The authors would like to thank James Tay of Citizen Lab for technical support and test data analysis. -
POWER-Supplay: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers Mordechai Guri Ben-Gurion University of the Negev, Israel Cyber-Security Research Center [email protected] Air-Gap research page: http://www.covertchannels.com Demo video: http://www.covertchannels.com Abstract—It is known that attackers can exfiltrate data from insiders. Famous air-gap breaching cases include Stuxnet [4] air-gapped computers through their speakers via sonic and and Agent.BTZ [5], but other incidents have also been reported ultrasonic waves. To eliminate the threat of such acoustic covert [6], [7]. In 2018, The US Department of Homeland Security channels in sensitive systems, audio hardware can be disabled and the use of loudspeakers can be strictly forbidden. Such audio-less accused Russian government hackers of penetrating America’s systems are considered to be audio-gapped, and hence immune power utilities [8]. Due to reports in the Washington Post to acoustic covert channels. in November 2019, the Nuclear Power Corporation of India In this paper, we introduce a technique that enable attackers Limited (NPCIL) confirmed that the Kudankulam Nuclear leak data acoustically from air-gapped and audio-gapped systems. Power Plant suffered a cyber-attack earlier that year [9]. Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary A. Air-Gap Covert Channels speaker with limited capabilities. The malicious code manipulates the internal switching frequency of the power supply and hence While the infiltration of such networks has been shown to be controls the sound waveforms generated from its capacitors and feasible, the exfiltration of data from non-networked computers transformers. -
Detecting Covert Storage Channels Using Relative Entropy
Raising Flags: Detecting Covert Storage Channels Using Relative Entropy Josephine Chow Xiangyang Li Xenia Mountrouidou University of Maryland, College Park Johns Hopkins University Information College of Charleston College Park, Maryland, US Security Institute Charleston, South Carolina, US [email protected] Baltimore, Maryland, US [email protected] [email protected] Abstract— This paper focuses on one type of Covert Storage Storage Channel (CSC) and Covert Timing Channel (CTC) [1]. Channel (CSC) that uses the 6-bit TCP flag header in TCP/IP A CSC writes to a storage location by a sender process and network packets to transmit secret messages between then a receiver process reads the message according to a pre- accomplices. We use relative entropy to characterize the defined coding scheme of information [2]. In order to transmit irregularity of network flows in comparison to normal traffic. A information secretly, a CTC schematically modulates the normal profile is created by the frequency distribution of TCP temporal characteristic of a process by a sender, which is then flags in regular traffic packets. In detection, the TCP flag measured by the receiver. frequency distribution of network traffic is computed for each unique IP pair. In order to evaluate the accuracy and efficiency Unlike most other exploits, covert channels often go of the proposed method, this study uses real regular traffic data unnoticed by the access control mechanisms of most operating sets as well as CSC messages using coding schemes under systems. They can use a regular medium, such as unused assumptions of both clear text, composed by a list of keywords protocol bits in a networking protocol, in a way that does not common in Unix systems, and encrypted text. -
Everyone's Guide to Bypassing Internet Censorship
EVERYONE’S GUIDE TO BY-PASSING INTERNET CENSORSHIP FOR CITIZENS WORLDWIDE A CIVISEC PROJECT The Citizen Lab The University of Toronto September, 2007 cover illustration by Jane Gowan Glossary page 4 Introduction page 5 Choosing Circumvention page 8 User self-assessment Provider self-assessment Technology page 17 Web-based Circumvention Systems Tunneling Software Anonymous Communications Systems Tricks of the trade page 28 Things to remember page 29 Further reading page 29 Circumvention Technologies Circumvention technologies are any tools, software, or methods used to bypass Inter- net filtering. These can range from complex computer programs to relatively simple manual steps, such as accessing a banned website stored on a search engine’s cache, instead of trying to access it directly. Circumvention Providers Circumvention providers install software on a computer in a non-filtered location and make connections to this computer available to those who access the Internet from a censored location. Circumvention providers can range from large commercial organi- zations offering circumvention services for a fee to individuals providing circumven- tion services for free. Circumvention Users Circumvention users are individuals who use circumvention technologies to bypass Internet content filtering. 4 Internet censorship, or content filtering, has become a major global problem. Whereas once it was assumed that states could not control Internet communications, according to research by the OpenNet Initiative (http://opennet.net) more than 25 countries now engage in Internet censorship practices. Those with the most pervasive filtering policies have been found to routinely block access to human rights organi- zations, news, blogs, and web services that challenge the status quo or are deemed threatening or undesirable. -
Managed Firewalls
DEDICATED HOSTING PRODUCT OVERVIEW MANAGED FIREWALLS Securing your network from malicious activity. Rackspace delivers expertise and service for the world’s leading clouds and technologies. TRUST RACKSPACE And we can help secure your dedicated servers and your cloud, with firewalls from Cisco® and • A leader in the 2017 Gartner Magic Quadrant Juniper Networks — fully supported around the clock by certified Rackspace engineers. Your for Public Cloud Infrastructure Managed Service firewall is dedicated completely to your environment for the highest level of network security Providers, Worldwide and connectivity, and includes access to our Firewall Manager and our One-Hour Hardware • Hosting provider for more than half of the Replacement Guarantee. Fortune 100 • 16+ years of hosting experience WHY RACKSPACE FOR DEDICATED, FULLY MANAGED FIREWALLS? • Customers in 150+ countries You have valuable and confidential information stored on your dedicated and cloud servers. Dedicated firewalls from Cisco and Juniper Networks add an additional layer of security to your servers, helping to stop potentially malicious packets from ever reaching your network. “RACKSPACE’S SECURITY CONTROLS AND REPUTATION AS AN SSAE 16 CERTIFIED KEY BENEFITS PROVIDER HAS BEEN A Highest level of security: Help protect your data and stop potentially malicious packets TREMENDOUS FACTOR IN OUR from entering your network with an IPSec, and Common Criteria EAL4 evaluation status certified firewall. SUCCESS.” DAVID SCHIFFER :: FOUNDER AND PRESIDENT, Expertise: Rackspace security experts fully manage your firewalls 24x7x365. Consult with SAFE BANKING SYSTEMS CISSP-certified security engineers to assess and architect your firewalls to help you meet your security and compliance requirements. Visibility and control: Help protect your infrastructure with deep packet inspection of traffic based on traffic filtering rules you define. -
The Internet Beyond Borderless Versus Balkanized
POROUS TERRITORIES: THE INTERNET BEYOND BORDERLESS VERSUS BALKANIZED LUKE MUNN Western Sydney University (Australia) [email protected] Abstract: If the internet was once viewed as a borderless realm, critics now warn it is in danger of being “balkanized”, splintering into nationalized fragments. Certainly nation-states increasingly see the Internet as “their” internet, a national space to be regulated and actively shaped. The first half of this article charts the technologies that appear to place this vision within reach: data localization, internet shutdowns, and internet filtering. These moves promise to exert sovereign control, to make the inter- net an extension of national territory. Yet by drawing on two recent events in China, this article argues that these territories are messy and their borders are permeable. Pro-government activists jump across the firewall in order to attack individuals and organizations who threaten the stability and security of their motherland. Simultane- ously, individuals scale the firewall in order to question the party line and express solidarity with democratic movements, undermining the political and technical boundaries established by their nation. Internet architectures create a condition where territorialization is constantly being both amplified and undermined by “extra- territorial” activities. These practices demonstrate the everyday porosity of internet territories, providing a messier portrait that goes beyond the dichotomy of borderless vs balkanized. Keywords: territory, fragmentation, balkanization, internet, China. When nations speak of the internet today, they no longer use the language of the virtual, but of soil. At the dawn of the internet, cyberspace was framed as a new realm decoupled from the state. This digital sphere stretched across the globe, making it essentially ungovernable. -
Threat Modeling and Circumvention of Internet Censorship by David Fifield
Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements. -
Data Localization Requirements Across Different Jurisdictions 70
The Localisation Gambit Unpacking Policy Measures for Sovereign Control of Data in India 19th March, 2019 By Arindrajit Basu, Elonnai Hickok, and Aditya Singh Chawla Edited by Pranav M Bidare, Vipul Kharbanda, and Amber Sinha Research Assistance Anjanaa Aravindan The Centre for Internet and Society, India Acknowledgements 2 Executive Summary 3 Introduction 9 Methodology 10 Defining and Conceptualizing Sovereign Control of Data 11 Mapping of Current Policy Measures for Localization of Data in India 13 The Draft Personal Data Protection Bill, 2018 13 Draft E-commerce Policy (s) 17 RBI Notification on ‘Storage of Payment System Data’ 19 Draft E-Pharmacy Regulations 20 FDI Policy 2017 20 National Telecom M2M Roadmap 21 Unified Access License for Telecom 21 Companies Act, 2013 and Rules 21 The IRDAI (Outsourcing of Activities by Indian Insurers) Regulations, 2017 22 Guidelines on Contractual Terms Related to Cloud Services 22 Reflecting on Objectives, Challenges and Implications of National Control of Data 24 Enabling Innovation and Economic Growth 24 Enhancing National Security and Law Enforcement Access 34 Law Enforcement Access 34 Protecting Against Foreign Surveillance 36 Threat to fibre-optic cables 37 Widening Tax Base 40 Data Sovereignty and India’s Trade Commitments 41 A Survey of Stakeholder Responses 48 Data Localisation Around the World 49 Conclusions and Recommended Approaches 61 Annexure I 70 Mapping Data Localization Requirements Across Different Jurisdictions 70 Annexure 2 75 A survey of stakeholder responses 75 1 Acknowledgements The authors would like to thank Pranav MB, Vipul Kharbanda, Amber Sinha, and Saumyaa Naidu for their invaluable edits and comments on the draft.