CS590B/690B Detecting Network Interference (Fall 2016)

Slides:



Advertisements
Similar presentations
I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr (The University of Texas at Austin) Thomas.
Advertisements

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
Review of a research paper on Skype
Module 5: Configuring Access to Internal Resources.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Introduction To Networking
Skype & its protocol Aaron Loar CPE 401. Introduction Skype’s Background Topology 3 Node Types Questions.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
The Parrot is Dead: Observing Unobservable Network Communications
Internet Ethernet Token Ring Video High Speed Router Host A: Client browser: REQUEST:http//mango.ee.nogradesu.edu/c461.
ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 26.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
NATs and UDP Victor Norman CS322 Spring NAPT Suppose we have a router doing NAT: half is the “public side”, IP address ; other half is.
Covert Channels Thomas Arnold CSCI 5235/Summer /12/2010.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 Figure 3-27: Use of TCP and UDP Port Number Client From: :50047 To: :80 SMTP Server Port 25 Webserver.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Module 10: How Middleboxes Impact Performance
An analysis of Skype protocol Presented by: Abdul Haleem.
Routing Around Decoys Max Schuchard, John Geddes, Christopher Thompson, Nicholas Hopper Proposed in FOCI'11, USINIX Security'11 and CCS'11 Presented by:
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 20 PHILLIPA GILL - STONY BROOK U.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 22 PHILLIPA GILL - STONY BROOK U.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.
Submitted To: Submitted By: Seminar On Parasitic Computing.
Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj
Defining Network Infrastructure and Network Security Lesson 8.
CS 3700 Networks and Distributed Systems
CS 4700 / CS 5700 Network Fundamentals
Transport Layer Slides are originally from instructor: Carey Williamson at University of Calgary Very minor modification are made Notes derived from “Computer.
Presented by Nelson Mandela Date 7th February 2017
CS590B/690B Detecting Network Interference (Fall 2016)
CS590B/690B Detecting Network Interference (Fall 2016)
CS590B/690B Detecting Network Interference (FALL 2016)
CS590B/690B Detecting network interference (Fall 2016)
CS590B/690B Detecting Network Interference (Fall 2016)
CS 4700 / CS 5700 Network Fundamentals
CS590/690 Detecting network interference Fall 2016
5. End-to-end protocols (part 1)
Outline Basics of network security Definitions Sample attacks
Practical Censorship Evasion Leveraging Content Delivery Networks
Anonymous Communication
Implementing TMG Server Publishing
CS590B/690B Detecting Network Interference
Introduction to Networking
CSE 4905 Network Security Overview
Net 431: ADVANCED COMPUTER NETWORKS
Net431:advanced net services
Transport Layer Our goals:
Skype P2P communication
0x1A Great Papers in Computer Security
Process-to-Process Delivery:
Anonymous Communication
TCP/IP Networking An Example
Firewalls Jiang Long Spring 2002.
Process-to-Process Delivery: UDP, TCP
Outline Basics of network security Definitions Sample attacks
Anonymous Communication
Transport Layer 9/22/2019.
Presentation transcript:

CS590B/690B Detecting Network Interference (Fall 2016) Lecture 17 Part II – Attacks on covert channels Phillipa Gill – Umass -- Amherst

Where we are Last time: Started on covert channels SkypeMorph FreeWave Today Parrot is dead Cover your ACKs

Review What properties do circumvention systems aim to have? What is the key difference between SkypeMorph and FreeWave? What properties might we consider when evaluating stealthiness of our covert channel? Can we make any guarantees? Why is this hard?

TodaY Why imitating existing protocols doesn’t work. -> Parrot is Dead Idea: imitation doesn’t work ACKs: http://dedis.cs.yale.edu/dissent/papers/parrot-slides.pptx -> Cover your ACKS Idea: even tunneling over another protocol isn’t enough

Part 1: Parrot is dead Goals of unobservable circumvention: Censors should not be able to identify circumvention traffic or end-hosts through passive, active, or proactive techniques Side note: Parrot is dead is a reference to this skit: https://www.youtube.com/watch?v=4vuW6tQ0218

Let’s hide! Censorship Region The Internet

Parrot systems Imitate a popular protocol SkypeMorph (CCS’12) StegoTorus (CCS’12) CensorSpoofer (CCS’12)

SkypeMorph The Internet Censorship Region Traffic Shaping SkypeMorph A Tor node SkypeMorph Bridge SkypeMorph Client

SoM header The start of message (SoM) header field is MISSING! Single-packet identifier, instead of sophisticated statistical traffic analysis

SkypeMorph The Internet Censorship Region TCP control SkypeMorph Bridge A Tor node SkypeMorph Client

Let’s imitate the missing! SkypeMorph+ Let’s imitate the missing! Hard to mimic dynamic behavior Active/proactive tests

Checking for super nodes Idea: see if the SkypeMorph node is a real Skype node or not. Step 1: If the node can receive Skype calls from NATed users in the censor’s network then it must be a super node. OR: If the censor has the IP address of a suspected SkypeMorph, check if it is behind a NAT or not. If a Skype node is not behind a NAT by definition it is a super node. Step 2: Run a Skype client, flush the cache of SuperNodes and force connection to suspected SkypeMorph relay If no response/call support  this is a SkypeMorph node.

Other tests Test Skype SkypeMorph+ Flush Supernode cache Serves as a SN Rejects all Skype messages Drop UDP packets Burst of packets in TCP control No reaction Close TCP channel Ends the UDP stream Delay TCP packets Reacts depending on the type of message Close TCP connection to a SN Initiates UDP probes Block the default TCP port Connects to TCP ports 80 and 443

StegoTorus The Internet Censorship Region Who does this??? HTTP HTTP A Tor node StegoTorus Bridge Skype Ventrilo HTTP StegoTorus Client Looks strange!!!

StegoTorus chopper Chops Tor connection across other protocols. Creates dependencies between links

StegoTorus-HTTP Does not look like a typical HTTP server! Most HTTP methods not supported!

Unobservability by imitation is fundamentally flawed! Lesson 1 Unobservability by imitation is fundamentally flawed! You basically have to implement the entire protocol… Bugs and all!

Partial imitation is worse than no imitation! Lesson 2 Partial imitation is worse than no imitation! Before you looked like a Tor user… … now you look like a SkypeMorph users K anonymity anyone?

Alternative Do not imitate, but Run the target protocol i.e., FreeWave IP over Voice-over-IP [NDSS’13]

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.