DOCSLIB.ORG

Novel Cryptographic Primitives and Protocols for Censorship Resistance

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Novel Cryptographic Primitives and Protocols for Censorship Resistance Portland State University PDXScholar Dissertations and Theses Dissertations and Theses Summer 7-24-2015 Novel Cryptographic Primitives and Protocols for Censorship Resistance Kevin Patrick Dyer Portland State University Follow this and additional works at: https://pdxscholar.library.pdx.edu/open_access_etds Part of the Information Security Commons Let us know how access to this document benefits ou.y Recommended Citation Dyer, Kevin Patrick, "Novel Cryptographic Primitives and Protocols for Censorship Resistance" (2015). Dissertations and Theses. Paper 2489. https://doi.org/10.15760/etd.2486 This Dissertation is brought to you for free and open access. It has been accepted for inclusion in Dissertations and Theses by an authorized administrator of PDXScholar. Please contact us if we can make this document more accessible: [email protected]. Novel Cryptographic Primitives and Protocols for Censorship Resistance by Kevin Patrick Dyer A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Dissertation Committee: Thomas Shrimpton, Chair Charles Wright Wu-chang Feng John Caughman IV Portland State University 2015 Abstract Internet users rely on the availability of websites and digital services to engage in political discussions, report on newsworthy events in real-time, watch videos, etc. However, sometimes those who control networks, such as governments, censor certain websites, block specific applications or throttle encrypted traffic. Understandably, when users are faced with egregious censorship, where certain websites or applications are banned, they seek reliable and efficient means to circumvent such blocks. This tension is evident in countries such as a Iran and China, where the Internet censorship infrastructure is pervasive and continues to increase in scope and effectiveness. An arms race is unfolding with two competing threads of research: (1) network operators’ ability to classify traffic and subsequently enforce policies and (2) network users’ ability to control how network operators classify their traffic. Our goal is to un- derstand and progress the state-of-the-art for both sides. First, we present novel traf- fic analysis attacks against encrypted communications. We show that state-of-the-art cryptographic protocols leak private information about users’ communications, such as the websites they visit, applications they use, or languages used for communica- tions. Then, we investigate means to mitigate these privacy-compromising attacks. Towards this, we present a toolkit of cryptographic primitives and protocols that simultaneously (1) achieve traditional notions of cryptographic security, and (2) en- able users to conceal information about their communications, such as the protocols used or websites visited. We demonstrate the utility of these primitives and proto- cols in a variety of real-world settings. As a primary use case, we show that these new primitives and protocols protect network communications and bypass policies of state-of-the-art hardware-based and software-based network monitoring devices. i Dedication To my brilliant and beautiful wife Susannah, who made this work possible, enjoyable and meaningful. ii Acknowledgements This work is a summary of published [47, 48, 36] and unpublished results. The work in Section 3 was done with Coull and published [36] in ACM SIGCOMM Com- puter Communication Review in 2014. The work in Section 4 was presented [47] at IEEE Security and Privacy in 2012, and done in collaboration with Coull, Ristenpart and Shrimpton. The work in Section 6 was presented [48] at ACM Conference on Computer and Communications Security in 2013, and was also in collaboration with Coull, Ristenpart and Shrimpton. Finally, the work in Section 7 was presented [49] at USENIX Security 2015 and done in collaboration with Coull and Shrimpton. This dissertation was possible because of the patience, guidance and funding pro- vided by my advisor Thomas Shrimpton. The quality, consistency, and vision for this work was immeasurably elevated by my coauthors Scott Coull and Thomas Risten- part. I am grateful for the patience of the engineers I collaborated with at Google, The Tor Project, and Lantern, for supporting software deployments of the ideas in this document. In addition, this work was made possible by a number of generous sponsors, including: Eric Schmidt, Fariborz Maseeh, The NLnet Foundation, The National Science Foundation, and Portland State University. What’s more, while pursuing the ideas in this document I had the pleasure of discussing it with, and getting feedback from many wonderful people, including: Will Landecker, Lucas Dixon, Roger Dingledine, George Kadianakis, David Fifield, Shan- jian Li, Trevor Johnston, Akshay Dua, Tariq Elahi, Tim Chevalier, Charles Wright, Justin Reidy, R. Seth Terashima, and Soeren Pirk. iii Table of Contents Abstract i Dedication ii Acknowledgments iii List of Tables vii List of Figures ix 1 Introduction 1 1.1 Censorship Circumvention . 1 2 Overview: Traffic Analysis of Encrypted Communications 5 2.1 Attacks on Encrypted Messaging Services . 5 2.2 Website Fingerprinting Attacks . 6 3 Traffic Analysis of Encrypted Message Services 11 3.1 iMessage Overview . 12 3.2 Analyzing Information Leakage . 14 3.2.1 Data and Methodology . 14 3.2.2 Operating System . 16 3.2.3 User Actions . 18 3.2.4 Message Attributes . 20 3.3 Beyond iMessage . 22 4 Website Fingerprinting Countermeasures 26 4.1 Experimental Methodology . 29 4.2 Traffic Classifiers . 31 4.2.1 Liberatore and Levine Classifier . 31 4.2.2 Herrmann et al. Classifier . 32 4.2.3 Panchenko et al. Classifier . 33 4.3 Countermeasures . 33 4.3.1 Type-1: SSH/TLS/IPSec-Motivated Countermeasures . 34 4.3.2 Type-2: Other Padding-based Countermeasures . 35 4.3.3 Type-3: Distribution-based Countermeasures . 36 4.3.4 Overhead . 38 4.4 Existing Countermeasures versus Existing Classifiers . 39 4.4.1 Comparing the Datasets . 39 4.4.2 Comparison of Classifiers . 41 4.4.3 Comparison of Countermeasures . 41 iv 4.5 Exploring Coarse Features . 44 4.5.1 Total Time . 45 4.5.2 Total Per-Direction Bandwidth . 46 4.6 Variable n-gram . 47 4.6.1 Combining Coarse Features: the VNG++ Classifier . 49 4.6.2 Discussion . 50 4.7 BuFLO: Buffered Fixed-Length Obfuscator . 51 4.7.1 BuFLO Description . 52 4.7.2 Experiments . 53 4.7.3 Observations about BuFLO . 54 4.8 Concluding Discussion . 54 5 Overview: Internet Censorship and Censorship Circumvention 57 5.1 Randomization . 58 5.2 Mimicry . 59 5.3 Tunneling . 60 6 Censorship Circumvention with Format-Transforming Encryption 62 6.1 Modern DPI Systems . 64 6.2 Format-Transforming Encryption . 68 6.2.1 FTE via Encrypt-then-Unrank . 69 6.2.2 FTE Record Layer . 72 6.3 Protocol Misclassification . 75 6.3.1 DPI-Extracted Regular Expressions . 77 6.3.2 Manually-Generated Regular Expressions . 79 6.3.3 Automatically-Generated Regular Expressions . 80 6.4 Performance . 83 6.5 Censorship Circumvention . 87 6.6 Concluding Thoughts . 91 7 Marionette: A Unified Framework for Censorship Circumvention 92 7.1 Models and actions . 95 7.2 Templates and Template Grammars . 99 7.3 Proxy Architecture . 101 7.4 Implementation . 103 7.5 Record Layer . 104 7.6 Plugins . 106 7.7 The Marionette DSL . 107 7.8 Case Studies . 108 7.8.1 Regex-Based DPI . 110 7.8.2 Protocol-Compliance . 110 7.8.3 Proxy Traversal . 113 7.8.4 Traffic Analysis Resistance . 116 v 7.9 Conclusion . 118 8 Concluding Thoughts 122 References 124 Appendices 143 Appendix A BuFLO Countermeasure 143 Appendix B Experimental Results 144 Appendix C Algorithms for Ranking and Unranking a Regular Lan- guage 146 Appendix D Marionette POP3 Format 147 Appendix E Marionette FTP Format 148 vi List of Tables 1 Summary of attack results for Apple iMessage. 12 2 Language statistics for Tatoeba dataset compared to Battestini et al. text messaging study. 16 3 Confusion matrix for message type classification. 19 4 Confusion matrix for language classification. 22 5 Summary of attacks evaluated in our work. The Classifier column in- dicates the classifier used: naïve Bayes (NB), multinomial naïve Bayes (MNB) or support vector machine (SVM.) The Features Consid- ered column indicates the features used by the classifier. The k = 128 and k = 775 columns indicate the classifier accuracy for a privacy set of size k. ................................. 28 6 Bandwidth overhead of evaluated countermeasures calculated on Lib- eratore and Levine (LL) and Herrmann et al. (H) datasets. 37 7 The lowest average accuracy for each countermeasure class against LL, H, and P classifiers using the Hermann dataset. Random guessing yields 50% (k = 2) or 0.7% (k = 128) accuracy. 38 8 Statistics illustrating the presence of degenerate or erroneous traces in the Liberatore and Levine and Hermann datasets. 41 9 Accuracies (%) of P, P-NB, and VNG++ classifiers at k = 128. 48 10 A summary of blacklist strategies employed by six countries. Each citation references an empirical study that confirms that the blacklist strategy was employed for an extended period of time within the coun- try. A “-" indicates there is no published evidence to support that the blacklist strategy has been deployed in the specific country. 58 11 A summary of proposed censorship-circumvention solutions. Strategy describes the underlying strategy used for the system. Low latency indicates if the system can be used for tasks such as web browsing. Used by... listed which systems the solution has actually been de- ployed in. 58 12 Summary of evaluated DPI systems. Type indicates the kind of DPI engine used. Multi-stage pipelines chain together several passes over packet contents. Classifier complexity is the number of DFA states used for regular expressions or total lines non-whitespace/non-comment C/C++ code. 65 13 Misclassification rates for the twelve DPI-Extracted FTE formats against the six classifiers in our evaluation testbed. 78 14 Misclassification rates for the manually-generated and automatically- generated FTE formats against all six classifiers.
Load more

Recommended publications
  • Libressl Presentatie2
    Birth of LibreSSL and its current status Frank Timmers Consutant, Snow B.V. Background What is LibreSSL • A fork of OpenSSL 1.0.1g • Being worked on extensively by a number of OpenBSD developers What is OpenSSL • OpenSSL is an open source SSL/TLS crypto library • Currently the de facto standard for many servers and clients • Used for securing http, smtp, imap and many others Alternatives • Netscape Security Services (NSS) • BoringSSL • GnuTLS What is Heartbleed • Heartbleed was a bug leaking of private data (keys) from both client and server • At this moment known as “the worst bug ever” • Heartbeat code for DTLS over UDP • So why was this also included in the TCP code? • Not the reason to create a fork Why did this happen • Nobody looked • Or at least didn’t admit they looked Why did nobody look • The code is horrible • Those who did look, quickly looked away and hoped upstream could deal with it Why was the code so horrible • Buggy re-implementations of standard libc functions like random() and malloc() • Forces all platforms to use these buggy implementations • Nested #ifdef, #ifndefs (up to 17 layers deep) through out the code • Written in “OpenSSL C”, basically their own dialect • Everything on by default Why was it so horrible? crypto_malloc • Never frees memory (Tools like Valgrind, Coverity can’t spot bugs) • Used LIFO recycling (Use after free?) • Included debug malloc by default, logging private data • Included the ability to replace malloc/free at runtime #ifdef trees • #ifdef, #elif, #else trees up to 17 layers deep • Throughout the complete source • Some of which could never be reached • Hard to see what is or not compiled in 1.
    [Show full text]
  • Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses
    Poster: Introducing MassBrowser: A Censorship Circumvention System Run by the Masses Milad Nasr∗, Anonymous∗, and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] ∗Equal contribution Abstract—We will present a new censorship circumvention sys- side the censorship regions, which relay the Internet traffic tem, currently being developed in our group. The new system of the censored users. This includes systems like Tor, VPNs, is called MassBrowser, and combines several techniques from Psiphon, etc. Unfortunately, such circumvention systems are state-of-the-art censorship studies to design a hard-to-block, easily blocked by the censors by enumerating their limited practical censorship circumvention system. MassBrowser is a set of proxy server IP addresses [14]. (2) Costly to operate: one-hop proxy system where the proxies are volunteer Internet To resist proxy blocking by the censors, recent circumven- users in the free world. The power of MassBrowser comes from tion systems have started to deploy the proxies on shared-IP the large number of volunteer proxies who frequently change platforms such as CDNs, App Engines, and Cloud Storage, their IP addresses as the volunteer users move to different a technique broadly referred to as domain fronting [3]. networks. To get a large number of volunteer proxies, we This mechanism, however, is prohibitively expensive [11] provide the volunteers the control over how their computers to operate for large scales of users. (3) Poor QoS: Proxy- are used by the censored users. Particularly, the volunteer based circumvention systems like Tor and it’s variants suffer users can decide what websites they will proxy for censored from low quality of service (e.g., high latencies and low users, and how much bandwidth they will allocate.
    [Show full text]
  • Cisco SCA BB Protocol Reference Guide
    Cisco Service Control Application for Broadband Protocol Reference Guide Protocol Pack #60 August 02, 2018 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Running Head: Wikileaks and the Censorship of News Media in the U.S
    RUNNING HEAD: WIKILEAKS AND THE CENSORSHIP OF NEWS MEDIA IN THE U.S. WikiLeaks and the Censorship of News Media in the U.S. Author: Asa Hilmersson Faculty Mentor: Professor Keeton Ramapo College of New Jersey WIKILEAKS AND THE CENSORSHIP OF NEWS MEDIA IN THE U.S. 1 “Censorship in free societies is infinitely more sophisticated and thorough than in dictatorships, because ‘unpopular ideas can be silenced, and inconvenient facts kept dark, without any need for an official ban’.” – George Orwell Introduction Throughout history, media has been censored or obscured in different ways which seem to fit the dominant ideology or ruling regime. As William Powers (1995) from The Washington Post said; the Nazis were censored, Big Brother was a censor, and nightmare regimes such as China have censors. Though we are all aware of censorship around the world and in history, little do we look to ourselves because as Powers writes, “None of that [censorship] for us. This is America” (para. 3). People in America have long been led to believe that they live in a free world where every voice is heard. It is not until someone uses the opportunities of this right that we see that this freedom of speech might only be an illusion. The emergence of WikiLeaks in 2010 and the censorship exercised against this organization by the United States’ government exemplifies the major obstacles individuals can face when seeking to expose potential wrongdoing by public officials. Through questioning of media’s power as whistleblowers it is hinted that there are institutions which may carry more weight than the truth in making decisions that affect that public interest.
    [Show full text]
  • Brocade Vyatta Network OS ALG Configuration Guide, 5.2R1
    CONFIGURATION GUIDE Brocade Vyatta Network OS ALG Configuration Guide, 5.2R1 Supporting Brocade 5600 vRouter, VNF Platform, and Distributed Services Platform 53-1004711-01 24 October 2016 © 2016, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, and MyBrocade are registered trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands, product names, or service names mentioned of Brocade Communications Systems, Inc. are listed at www.brocade.com/en/legal/ brocade-Legal-intellectual-property/brocade-legal-trademarks.html. Other marks may belong to third parties. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
    [Show full text]
  • Skype Voip Service- Architecture and Comparison Hao Wang Institute of Communication Networks and Computer Engineering University of Stuttgart Mentor: Dr.-Ing
    INFOTECH Seminar Advanced Communication Services (ACS), 2005 Skype VoIP service- architecture and comparison Hao Wang Institute of Communication Networks and Computer Engineering University of Stuttgart Mentor: Dr.-Ing. S. Rupp ABSTRACT Skype is a peer-to-peer (P2P) overlay network for VoIP and other applications, developed by KaZaa in 2003. Skype can traverse NAT and firewall more efficiently than traditional VoIP networks and it offers better voice quality. To find and locate users, Skype uses “supernodes” that are running on peer machines. In contrast, traditional systems use fixed central servers. Also Skype uses encrypted media channel to protect the dada. The main contribution of this article is illustrating the architecture and components of Skype networks and basically analyzing key Skype functions such as login, NAT and firewall traversal. Furthermore, it contains comparisons of Skype networks with VoIP networks regarding different scenarios. On that basis it reveals some reasons why Skype has much better performance than previous VoIP products. Keywords Voice over IP (VoIP), Skype, Peer-to-peer (p2p), Super Node (SN) 1. Introduction It is expected that real-time person-to-person communication, like IP telephony (VoIP), instant messaging, voice, video and data collaboration will be the next big wave of Internet usage. VoIP refers to technology that enables routing of voice conversations over the Internet or any other IP network. Another technology is peer-to-peer, which is used for sharing content like audio, video, data or anything in digital format. Skype is a combination of these two technologies. It has much better performance by making use of advantages of both technologies.
    [Show full text]
  • Devicelock® DLP 8.3 User Manual
    DeviceLock® DLP 8.3 User Manual © 1996-2020 DeviceLock, Inc. All Rights Reserved. Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means for any purpose other than the purchaser’s personal use without the prior written permission of DeviceLock, Inc. Trademarks DeviceLock and the DeviceLock logo are registered trademarks of DeviceLock, Inc. All other product names, service marks, and trademarks mentioned herein are trademarks of their respective owners. DeviceLock DLP - User Manual Software version: 8.3 Updated: March 2020 Contents About This Manual . .8 Conventions . 8 DeviceLock Overview . .9 General Information . 9 Managed Access Control . 13 DeviceLock Service for Mac . 17 DeviceLock Content Security Server . 18 How Search Server Works . 18 ContentLock and NetworkLock . 20 ContentLock and NetworkLock Licensing . 24 Basic Security Rules . 25 Installing DeviceLock . .26 System Requirements . 26 Deploying DeviceLock Service for Windows . 30 Interactive Installation . 30 Unattended Installation . 35 Installation via Microsoft Systems Management Server . 36 Installation via DeviceLock Management Console . 36 Installation via DeviceLock Enterprise Manager . 37 Installation via Group Policy . 38 Installation via DeviceLock Enterprise Server . 44 Deploying DeviceLock Service for Mac . 45 Interactive Installation . 45 Command Line Utility . 47 Unattended Installation . 48 Installing Management Consoles . 49 Installing DeviceLock Enterprise Server . 52 Installation Steps . 52 Installing and Accessing DeviceLock WebConsole . 65 Prepare for Installation . 65 Install the DeviceLock WebConsole . 66 Access the DeviceLock WebConsole . 67 Installing DeviceLock Content Security Server . 68 Prepare to Install . 68 Start Installation . 70 Perform Configuration and Complete Installation . 71 DeviceLock Consoles and Tools .
    [Show full text]
  • Insight Into the Gtalk Protocol
    1 Insight into the Gtalk Protocol Riyad Alshammari and A. Nur Zincir-Heywood Dalhousie University, Faculty of Computer Science Halifax NS B3H 1W5, Canada (riyad,zincir)@cs.dal.ca Abstract Google talk (Gtalk) is an instant messeger and voice over IP client developed by Google in 2005. Gtalk can work across firewalls and has very good voice quality. It encrypts calls end-to-end, and stores user information in a centralized fashion. This paper analyzes fundamental Gtalk functions such as login, firewall traversal, and call establishment under different network scenarios. The analysis is performed by both active and passive measurement techniques to understand the Gtalk network traffic. Based on our analysis, we devised algorithms for login and call establishment processes as well as data flow models. I. INTRODUCTION Voice over IP (VoIP) is becoming a major communication service for enterprises and individuals since the cost of VoIP calls is low and the voice quality is getting better. To date, there are many VoIP products that are able to provide high call quality such as Skype [1], Google Talk (Gtalk) [2], Microsoft Messenger (MSN) [3], and Yahoo! Messenger (YMSG) [4]. However, few information has been documented about protocol design used by these VoIP clients since the protocols are not standardized, many of them are proprietary, and the creators of these softwares want to keep their information confidential and protect their protocol design form competitors. In this paper, we have generated and captured network traffic in order to determine the broad characteristics of one of the most recent and fast growing VoIP applications, Google Talk.
    [Show full text]
  • Managed Firewalls
    DEDICATED HOSTING PRODUCT OVERVIEW MANAGED FIREWALLS Securing your network from malicious activity. Rackspace delivers expertise and service for the world’s leading clouds and technologies. TRUST RACKSPACE And we can help secure your dedicated servers and your cloud, with firewalls from Cisco® and • A leader in the 2017 Gartner Magic Quadrant Juniper Networks — fully supported around the clock by certified Rackspace engineers. Your for Public Cloud Infrastructure Managed Service firewall is dedicated completely to your environment for the highest level of network security Providers, Worldwide and connectivity, and includes access to our Firewall Manager and our One-Hour Hardware • Hosting provider for more than half of the Replacement Guarantee. Fortune 100 • 16+ years of hosting experience WHY RACKSPACE FOR DEDICATED, FULLY MANAGED FIREWALLS? • Customers in 150+ countries You have valuable and confidential information stored on your dedicated and cloud servers. Dedicated firewalls from Cisco and Juniper Networks add an additional layer of security to your servers, helping to stop potentially malicious packets from ever reaching your network. “RACKSPACE’S SECURITY CONTROLS AND REPUTATION AS AN SSAE 16 CERTIFIED KEY BENEFITS PROVIDER HAS BEEN A Highest level of security: Help protect your data and stop potentially malicious packets TREMENDOUS FACTOR IN OUR from entering your network with an IPSec, and Common Criteria EAL4 evaluation status certified firewall. SUCCESS.” DAVID SCHIFFER :: FOUNDER AND PRESIDENT, Expertise: Rackspace security experts fully manage your firewalls 24x7x365. Consult with SAFE BANKING SYSTEMS CISSP-certified security engineers to assess and architect your firewalls to help you meet your security and compliance requirements. Visibility and control: Help protect your infrastructure with deep packet inspection of traffic based on traffic filtering rules you define.
    [Show full text]
  • Subtitling in the Iranian Mediascape: Towards a Culture-Specific Typology
    Subtitling in the Iranian Mediascape: Towards a Culture-Specific Typology Masood Khoshsaligheh1a, Saeed Ameri2a, Farzaneh Shokoohmand3a, Milad Mehdizadkhani4b Abstract Given the increasing pace of dissemination of cultural ARTICLE HISTORY: content across global borders, subtitling as a cost-effective Received May 2020 solution for rendering audiovisual programs is gaining more Received in revised form July 2020 popularity, even in societies, which have been traditionally Accepted July 2020 using dubbing as the dominant modality for foreign films and Available online August 2020 television series. Likewise, various types of subtitling practices have developed and are used in Iran both at official and non-official outlets. While official dubbing has failed in some aspect in addressing the growing interest of Iranian viewers of foreign content, a variety of non-professional subtitling has been filling the gap, and subtitling appears to be dominating the audiovisual media market. Despite such KEYWORDS: developments, the necessities of professional practice of Non-professional subtitling subtitling, including standardized guidelines, codes of ethics Amateur subtitling and practice, and training, have never been realized in Iran. Quasi-professional subtitling In the absence of a professional subtitling tradition, this Professional subtitling article presents the status quo of non-professional subtitling Subtitling for the d/Deaf and hard of into Persian and introduces the specific typology of this hearing practice in the Iranian mediascape. © 2020 IJSCL. All rights reserved. 1 Associate Professor, Email: [email protected] (Corresponding Author) Tel: +98-915-5012669 2 PhD, Email: [email protected] 3 Assistant Professor, Email: [email protected] 4 PhD Candidate, Email: [email protected] a Ferdowsi University of Mashhad, Iran b University of Szeged, Hungary 56 Subtitling in the Iranian Mediascape: Towards a Culture-Specific Typology 1.
    [Show full text]
  • The Long Shadow of Chinese Censorship: How the Communist Party’S Media Restrictions Affect News Outlets Around the World
    The Long Shadow of Chinese Censorship: How the Communist Party’s Media Restrictions Affect News Outlets Around the World A Report to the Center for International Media Assistance By Sarah Cook October 22, 2013 The Center for International Media Assistance (CIMA), at the National Endowment for Democracy, works to strengthen the support, raise the visibility, and improve the effectiveness of independent media development throughout the world. The Center provides information, builds networks, conducts research, and highlights the indispensable role independent media play in the creation and development of sustainable democracies. An important aspect of CIMA’s work is to research ways to attract additional U.S. private sector interest in and support for international media development. CIMA convenes working groups, discussions, and panels on a variety of topics in the field of media development and assistance. The center also issues reports and recommendations based on working group discussions and other investigations. These reports aim to provide policymakers, as well as donors and practitioners, with ideas for bolstering the effectiveness of media assistance. Don Podesta Interim Senior Director Center for International Media Assistance National Endowment for Democracy 1025 F Street, N.W., 8th Floor Washington, DC 20004 Phone: (202) 378-9700 Fax: (202) 378-9407 Email: [email protected] URL: http://cima.ned.org Design and Layout by Valerie Popper About the Author Sarah Cook Sarah Cook is a senior research analyst for East Asia at Freedom House. She manages the editorial team producing the China Media Bulletin, a biweekly news digest of media freedom developments related to the People’s Republic of China.
    [Show full text]
  • Closed Groups, Messaging Apps & Online
    FIRST DRAFT'S ESSENTIAL GUIDE TO Closed Groups, Messaging Apps & Online Ads November 2019 TABLE OF CONTENTS Introduction 5 CHAPTER 1 Understanding ad libraries 13 CHAPTER 2 Facebook groups 21 CHAPTER 3 Closed messaging apps 27 CHAPTER 4 Ethical considerations 37 Conclusion 43 3 ABOUT THE AUTHORS Carlotta Dotto is a research reporter at First Draft, specialising in data-led investigations into global information disorder and coordinated networks of amplification. She previously worked with The Times’ data team and La Repubblica’s Visual Lab, and written for a number of publications including The Guardian, the BBC and the New Internationalist. Rory Smith is a senior investigator at First Draft where he researches and writes about information disorder. Before joining First Draft, Rory worked for CNN, Vox, Vice and Introduction Truthout, covering various topics from immigration and food policy to politics and organized crime. Claire Wardle currently leads the strategic direction and research for First Draft. In 2017 she co-authored the seminal report, Information Disorder: An interdisciplinary Framework for Research and Policy, for the Council of Europe. Previous to that she was a Fellow at the Shorenstein Center for Media, Politics and Public Policy at Harvard's Kennedy School, the Research Director at the Tow Center for Digital Journalism at Columbia University Graduate School of Journalism and head of social media for the United Nations Refugee Agency. She was also the project lead for the BBC Academy in 2009, where she designed a comprehensive training program for social media verification for BBC News, that was rolled out across the organization.
    [Show full text]