Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.

Slides:



Advertisements
Similar presentations
I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr (The University of Texas at Austin) Thomas.
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Web Filtering and Deep Packet Inspection Artyom Churilin Tallinn University of Technology 2011.
Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
Information Hiding: Watermarking and Steganography
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Security and Privacy of Future Internet Architectures: Named-Data Networking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content.
Introduction to the Application Layer Computer Networks Computer Networks Spring 2012 Spring 2012.
Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Information Hiding: Covert Channels Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
1 CMSCD1011 Introduction to Computer Audio Lecture 10: Streaming audio for Internet transmission Dr David England School of Computing and Mathematical.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
The Internet, World Wide Web, and Computer Communication.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
Chapter 6: Packet Filtering
Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,
The Parrot is Dead: Observing Unobservable Network Communications
Skype P2P Kedar Kulkarni 04/02/09.
Module 4: Designing Routing and Switching Requirements.
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Usable Security Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide for.
Covert Channels Thomas Arnold CSCI 5235/Summer /12/2010.
Traffic Analysis: Network Flow Watermarking Amir Houmansadr CS660: Advanced Information Assurance Spring CS660 - Advanced Information Assurance.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
Enabling Technologies (Chapter 1)  Understand the technology and importance of:  Virtualization  Cloud Computing  WAN Acceleration  Deep Packet Inspection.
Module 10: How Middleboxes Impact Performance
Class 16 Deniable Authentication CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
An analysis of Skype protocol Presented by: Abdul Haleem.
Internet Architecture and Governance
NETWORKING COMPONENTS Buddy Steele Assignment 3, Part 1 CECS-5460: Summer 2014.
TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.
Security fundamentals Topic 10 Securing the network perimeter.
Routing Around Decoys Max Schuchard, John Geddes, Christopher Thompson, Nicholas Hopper Proposed in FOCI'11, USINIX Security'11 and CCS'11 Presented by:
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 20 PHILLIPA GILL - STONY BROOK U.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 22 PHILLIPA GILL - STONY BROOK U.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U.
COMPUTER NETWORKS Hwajung Lee. Image Source:
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
Reduce Lag which is Destroying Your Online Fun Lag, delays, and regional filters can kill your online experience. Whether it is playing online games, trying.
The Great Firewall of China What is it and how does it work?
Presented by Nelson Mandela Date 7th February 2017
CS590B/690B Detecting Network Interference (FALL 2016)
CS590B/690B Detecting Network Interference (Fall 2016)
Practical Censorship Evasion Leveraging Content Delivery Networks
CS590B/690B Detecting Network Interference (Fall 2016)
Anonymous Communication
CS590B/690B Detecting Network Interference
Introduction to Networking
Packet Sniffing.
Privacy Through Anonymous Connection and Browsing
0x1A Great Papers in Computer Security
File Transfer Issues with TCP Acceleration with FileCatalyst
Anonymous Communication
Beyond FTP & hard drives: Accelerating LAN file transfers
Presentation transcript:

Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide for acknowledgements!

Classes of Information Hiding Digital watermarking Steganography Covert channels Anonymous communications Protocol obfuscation CS660 - Advanced Information Assurance - UMassAmherst 2

Definition Protocol obfuscation: Concealing the type of the underlying network protocol from a traffic monitoring entity 3 CS660 - Advanced Information Assurance - UMassAmherst

Why Hide the Protocol? Bypass ISP restrictions: – BitTorrent blocked on campus – Skype blocked in some corporate networks Bypass nation-state censorship (censorship circumvention): – Tor is blocked by various countries – VPN is blocked by the Great Firewall of China 4 CS660 - Advanced Information Assurance - UMassAmherst

Types of Protocol Obfuscation De-identification: look like nothing Impersonation: look like some other protocol 5 CS660 - Advanced Information Assurance - UMassAmherst

Internet Censorship

7 CS660 - Advanced Information Assurance - UMassAmherst

The Non-Democratic Republic of Repressistan Gateway 8 (IP=A.B.C.D) X A.B.C.D Censorship model CS660 - Advanced Information Assurance - UMassAmherst

Censorship circumvention 9 CS660 - Advanced Information Assurance - UMassAmherst

Using Tor for circumvention 10 The Non-Democratic Republic of Repressistan Blocked Destination Tor Network Tor Bridge Not effective anymore! Gateway Active probes Easily recognizable at the network level Deep Packet Inspection (DPI) Insider attacks CS660 - Advanced Information Assurance - UMassAmherst

Challenge! We need unobservable circumvention Censors should not be able to easily identify circumvention traffic or end-hosts through passive, active, or proactive techniques 11 CS660 - Advanced Information Assurance - UMassAmherst

Hide and seek! 12 The Non-Democratic Republic of Repressistan Blocked Destination Tor Bridge Tor Network Gateway CS660 - Advanced Information Assurance - UMassAmherst

Parrot systems Imitate a popular protocol – SkypeMorph (CCS’12) – StegoTorus (CCS’12) – CensorSpoofer (CCS’12) 13 CS660 - Advanced Information Assurance - UMassAmherst

SkypeMorph (CCS’12) 14 The Non-Democratic Republic of Repressistan Blocked Destination SkypeMorph Bridge Tor Network SkypeMorph Client Skype Client Traffic Shaping CS660 - Advanced Information Assurance - UMassAmherst

StegoTorus Client Censorship Region The Internet StegoTorus A Tor node StegoTorus Bridge HTTP Skype Ventrilo HTTP CS660 - Advanced Information Assurance - UMassAmherst 15

Dummy host Censorship Region The Internet CensorSpoofer Censored destination Spoofer RTP upstream RTP downstream SIP server CensorSpoofer Client CS660 - Advanced Information Assurance - UMassAmherst 16

The Parrot is Dead: Observing Unobservable Network Communications Amir Houmansadr, Chad Brubaker, Vitaly Shmatikov IEEE S&P (Oakland) 2013 Received the Best Practical Paper Award

Detecting SkypeMorph 18 The Non-Democratic Republic of Repressistan Blocked Destination Tor Bridge Tor Network SOM TCP control stream CS660 - Advanced Information Assurance - UMassAmherst

19 No, no..... no, 'e's stunned! CS660 - Advanced Information Assurance - UMassAmherst

SkypeMorph+ Let’s imitate the missing parts! Problem: hard to mimic dynamic behavior in response to active tests 20 CS660 - Advanced Information Assurance - UMassAmherst

Dropping UDP packets 21 CS660 - Advanced Information Assurance - UMassAmherst

Other tests TestSkypeSkypeMorph+ Flush Supernode cacheServes as a SNRejects all Skype messages Drop UDP packetsBurst of packets in TCP control No reaction Close TCP channelEnds the UDP streamNo reaction Delay TCP packetsReacts depending on the type of message No reaction Close TCP connection to a SN Initiates UDP probesNo reaction Block the default TCP port Connects to TCP ports 80 and 443 No reaction 22 CS660 - Advanced Information Assurance - UMassAmherst

23 Now that's what I call a dead parrot. CS660 - Advanced Information Assurance - UMassAmherst

Unobservability by imitation is fundamentally flawed! 24 CS660 - Advanced Information Assurance - UMassAmherst

Perfect imitation of a complex real system is extremely hard A complex protocol in it entirety Inter-dependent sub-protocols with complex, dynamic behavior Bugs in specific versions of the software User behavior 25 Not enough to mimic a "protocol," need to mimic a specific implementation with all its quirks CS660 - Advanced Information Assurance - UMassAmherst

So, what is the real problem?

27 The Non-Democratic Republic of Repressistan Tor (and its flavors) Psiphon Ultrasurf Tor relays Ultrasurf proxies Psiphon proxies X X X Custom tunnels are easy to recognize! CS660 - Advanced Information Assurance - UMassAmherst

Wait! We already have lots of encrypted tunnels! 28 CS660 - Advanced Information Assurance - UMassAmherst

29 The Non-Democratic Republic of Repressistan VoIP VoIP servers (e.g., Skype) servers (e.g., Gmail) File sharing File hosts (e.g., BitTorent) Online games Gaming servers (e.g., Warcraft) Cloud storage Cloud servers (e.g., Amazon EC2) Tor CS660 - Advanced Information Assurance - UMassAmherst

Hide-within circumvention (or, parasites!)

Definition Tunneling circumvention traffic through a popular service provider via an allowed, already deployed network protocol 31 CS660 - Advanced Information Assurance - UMassAmherst

I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr, Thomas Riedl, Nikita Borisov, Andrew Singer NDSS 2013

FreeWave: IP over Voice-over-IP Target protocol: Voice-over IP (VoIP) Why VoIP – Widely used – Encrypted – Many VoIP provider options How to hide? – The dial-up modems are back! 33 CS660 - Advanced Information Assurance - UMassAmherst

34 The Non-Democratic Republic of Repressistan Gateway 34 Blocked Destination Tor Bridge Tor Network X FreeWave architecture CS660 - Advanced Information Assurance - UMassAmherst

System components 35 CS660 - Advanced Information Assurance - UMassAmherst

MoDem component A typical acoustic modem – QAM modulation Reliable transmission – Turbo codes – Use Preambles 36 CS660 - Advanced Information Assurance - UMassAmherst

Unobservability

Unobservability in hide-within 7. Application 6. PresentationData 5. Session 4. TransportSegments 3. NetworkPacket/Datagram 2. Data linkBit/Frame 1. PhysicalBit 38 The OSI model Parrot systems Hide-within systems CS660 - Advanced Information Assurance - UMassAmherst

Costs of censorship 39 More resource-intensive Slower More false positives Cheap and fast Doable at line speed Very accurate Machine learning Statistical analysis Proactive probing Active probing Inspecting protocol signatures Inspecting keywords IP filtering Hide-within Traditional systems CS660 - Advanced Information Assurance - UMassAmherst

Some of the tools used to analyze the attacks Probability theory to model types of traffic – E.g., Chernoff bound, stochastic processes Detection and estimation theory to distinguish instances of a traffic type – E.g., hypothesis testing, LRT tests Statistics to find deviations from a type – E.g., K-S test, Q-Q plot Information theory to derive the bounds of deviation 40 CS660 - Advanced Information Assurance - UMassAmherst

Unique properties of hide- within systems

1. Resistant to partial compromise

43 The Non-Democratic Republic of Repressistan Gateway 43 Blocked Destination Tor Bridge Tor Network X Tor Detecting one user makes it easier to detect other users Gateway X X CS660 - Advanced Information Assurance - UMassAmherst

44 The Non-Democratic Republic of Repressistan Circumvention user Benign user Oblivious server Tor X Hide-within Detecting one user does not help detect others CS660 - Advanced Information Assurance - UMassAmherst

45 The Non-Democratic Republic of Repressistan Gateway 45 Blocked Destination FreeWave Tor Bridge Tor Network X FreeWave Gateway CS660 - Advanced Information Assurance - UMassAmherst

This is a big step forward! 46 CS660 - Advanced Information Assurance - UMassAmherst

2. Censorship causes collateral damage

Censors are rational! 48 CS660 - Advanced Information Assurance - UMassAmherst

49 The Non-Democratic Republic of Repressistan Gateway 49 Blocked Destination Tor Bridge Tor Network X Tor Censoring Tor bridges has zero impact on benign users Gateway X X CS660 - Advanced Information Assurance - UMassAmherst

50 The Non-Democratic Republic of Repressistan Circumvention user Benign user Oblivious server Tor X X X X Hide-within Censoring disrupts benign users as well X CS660 - Advanced Information Assurance - UMassAmherst

51 The Non-Democratic Republic of Repressistan Gateway 51 Blocked Destination FreeWave Tor Bridge Tor Network FreeWave X Censoring FreeWave bridges disrupts benign users as well (collateral damage) Gateway X X X X CS660 - Advanced Information Assurance - UMassAmherst

This is another big step forward! 52 CS660 - Advanced Information Assurance - UMassAmherst

Challenge: designing efficient hide-within systems 53 CS660 - Advanced Information Assurance - UMassAmherst

Hide-within designs FreeWave v2 – Encode directly in video stream – Bandwidth and latency sufficient for interactive web browsing Additional hide-within designs: SWEET ( ) CloudTransport (Cloud services) Under development: – BitTorrent 54 CS660 - Advanced Information Assurance - UMassAmherst

Acknowledgement Some pictures are obtained through Google search without being referenced 55 CS660 - Advanced Information Assurance - UMassAmherst

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.