Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS-sly: Avoiding Censorship through Network Complexity

Published byArlene Blake Modified over 6 years ago

Similar presentations

Presentation on theme: "DNS-sly: Avoiding Censorship through Network Complexity"— Presentation transcript:

1 DNS-sly: Avoiding Censorship through Network Complexity
Qurat-Ul-Ann Akbar, Northwestern U. Marcel Flores, Northwestern U. Aleksandar Kuzmanovic, Northwestern U. Qurat-Ul-Ann Akbar

2 Internet Censorship is a prevalent problem

3

4 problem

5 Circumvention Techniques
Covertness Deniability Performance Proxies Anonymous Networks DNS Tunneling Techniques HTTP Tunneling Yes No High Yes No High Yes No High Understand clearly the difference between covertness and deniability Yes Statistical Deniability Low Qurat-Ul-Ann Akbar

6 Research Problem Deniability Performance
Can we create a circumvention technique with high deniability with minimum impact on performance ? Should present the system on a higher abstract level…… after this …. Animation … and then network complexity Qurat-Ul-Ann Akbar

7 Our Solution DNS is a core Internet service
Significant network complexity in todays Internet Trillions of DNS requests per day Proliferation of public DNS servers CDNs Leverage this complexity in DNS traffic to hide information Explain the point of CDNs clearly….maybe add a diagram here Qurat-Ul-Ann Akbar

8 Outline Motivation DNS-sly Protocol Case for DNS-sly Evaluation

9 DNS-sly Overview Components : DNS-sly requester and responder
DNS-sly responder profiles the clients DNS behavior Exchanges profile information with the requester In the downstream direction, responder encodes the content from the ‘censored website’ in DNS response packets See if you wanna use requester or client in second point……before we get into more details of the system lets look at how a typical DNS response looks like Qurat-Ul-Ann Akbar

10 First Phase - Endpoint Profiling
DNS-sly responder profiles clients DNS behavior Records domains Forms IP set per domain Creates profile map – a mapping of domains to the server IPs they are hosted on Exchanges profile map with the requester via out-of-band communication Change out-of-band communication Qurat-Ul-Ann Akbar

11 Second Phase - Communication
In the upstream direction, the DNS-sly requester crafts DNS requests using the profile map Upon receiving the request, the responder retrieves the content from Web In the downstream direction, the DNS-sly responder encodes content using DNS responses S choose c formula after the goal … split into four and visual for each toy example repqrest this many bits fpr this many s and c….. which semantically overlap with the regular DNS requests, to ask for content from the responder to regular, non-DNS-sly-requester generated, DNS requests Qurat-Ul-Ann Akbar

12 DNS Packet Format Domain Associated IP addresses Qurat-Ul-Ann Akbar

13 Encoding Data Goal -  Represent data as a choice of A records from a pool of IP addresses Responder computes the number of bytes of data to be encoded Uses a number representation scheme to map data to a set of IP addresses Forms a valid DNS response and sends it back to the DNS-sly requester

14 Encoding Data - Example
Domain = “ facebook.com ” IP set size = 256 Number of A records = 6 Choices ~ P(256,6) Data encoded = 6 Bytes A Records Number Representation Scheme “ abcdef ”

15 System Overview DNS-sly Client DNS-sly Server Censor Client
Resp + Content DNS Req DNS Req / Hidd. Mess. DNS Req Censor DNS-sly Requester DNS-sly Responder Color not visible …… type url goes into the requester and then that takes car of that …. Turn that into http req/resp Visible DNS Req Visible DNS Req DNS Req Decode Encode DNS Resp / Hidden Content Visible DNS Resp / Hidden Content Visible DNS Resp / Hidden Content DNS Resp / Hidden Content Qurat-Ul-Ann Akbar

16 Outline Motivation DNS-sly Protocol Case for DNS-sly Evaluation
case for DNS-sly----check mark Qurat-Ul-Ann Akbar

17 DNS Request Variability
Fragmented Web pages Larger number of DNS requests better for deniability: DNS-sly requests hard to detect Leads to increased probability of DNS responses suitable for data encoding Qurat-Ul-Ann Akbar

18 Number of DNS Resolutions per Domain
Per page title …. Dontt talk about top….change the number 100 Median is ~50 DNS resolutions per domain 20% of domains have >90 DNS resolutions Qurat-Ul-Ann Akbar

19 DNS Response Variability
Number of IP addresses a domain maps to determines the potential for encoding downstream data Global and local Number of A records determines data that can be embedded in a single DNS response Rate of change in A records determines the timescales at which to operate to retain statistical deniability This is an A record …. These are the things which we are gonna use ….. Qurat-Ul-Ann Akbar

20 Experimental Results Maximum number of IPs a domain maps to is 850
Change is the fraction of A records that have exactly the same IP addresses in the same position. Maximum number of IPs a domain maps to is 850 ~ 1/3rd of DNS responses have 8 A records with maximum up to 15, Every 30 minutes the responses change completely Qurat-Ul-Ann Akbar

21 Outline Motivation DNS-sly Protocol Case for DNS-sly Evaluation

22 Security Evaluation: Methodology
Emulated a censors probing attack For every response from a DNS-sly responder, queried five other DNS resolvers for the same domain Evaluated by computing the mean and variance of the change between the DNS responses Change is fraction of A records that have exacly the same IP address in the same positom …..1 – similiarity=change Qurat-Ul-Ann Akbar

23 Security Evaluation: Results

24 Performance Evaluation: Methodology
Evaluated downstream performance using the metric, bytes per click Single click defined as loading of a page, including DNS resolutions for all domains included on the page Deployed DNS-sly in a known-censored environment to exchange data from a known-censored website Don’t say top Qurat-Ul-Ann Akbar

25 Performance Evaluation: Results
Median number of clicks Median Page Click (global) > 100 Bytes Median Page Click (local) ~ 75 Bytes Maximum Bytes encoded ~ 600 Bytes Qurat-Ul-Ann Akbar

26 Conclusion DNS-sly: a system that enables a DNS covert channel which provides high deniability while maintaining good performance DNS-sly adjusts its behavior to the clients Utilizes frequently changing A records to embed data in DNS responses Achieves downstream throughput of upto 600 Bytes of hidden data per Web page click Given a page size n, how many bits can you encode compared to collage and Infranet Qurat-Ul-Ann Akbar

27 Thank You Qurat-Ul-Ann Akbar

Download ppt "DNS-sly: Avoiding Censorship through Network Complexity"

Similar presentations

Circumventing Web Censorship Nick Feamster. An Old Problem Many governments/companies trying to limit their citizens access to information –Censorship.

Circumventing Web Censorship Nick Feamster. An Old Problem Many governments/companies trying to limit their citizens access to information –Censorship.
How Many Ways Can You Connect To The Internet?

How Many Ways Can You Connect To The Internet?
EEC-484/584 Computer Networks Lecture 6 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 6 Wenbing Zhao
EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao

EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao
Paper Presentation – CAP 6135. Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion.

Paper Presentation – CAP Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion.
HOW WEB SERVER WORKS? By- PUSHPENDU MONDAL RAJAT CHAUHAN RAHUL YADAV RANJIT MEENA RAHUL TYAGI.

HOW WEB SERVER WORKS? By- PUSHPENDU MONDAL RAJAT CHAUHAN RAHUL YADAV RANJIT MEENA RAHUL TYAGI.
DNS Tunneling Mihir Nanavati & Long Zhang {mihirn, April 19th 2010.

DNS Tunneling Mihir Nanavati & Long Zhang {mihirn, April 19th 2010.
Chapter 19 - Binding Protocol Addresses

Chapter 19 - Binding Protocol Addresses
The Intranet.

The Intranet.
TCP/IP (Transmission Control Protocol / Internet Protocol)

TCP/IP (Transmission Control Protocol / Internet Protocol)
The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.

The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 22 PHILLIPA GILL - STONY BROOK U.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 22 PHILLIPA GILL - STONY BROOK U.
Content Delivery Networks: Status and Trends Speaker: Shao-Fen Chou Advisor: Dr. Ho-Ting Wu 5/8/2012 1.

Content Delivery Networks: Status and Trends Speaker: Shao-Fen Chou Advisor: Dr. Ho-Ting Wu 5/8/
John S. Otto Mario A. Sánchez John P. Rula Fabián E. Bustamante Northwestern, EECS.

John S. Otto Mario A. Sánchez John P. Rula Fabián E. Bustamante Northwestern, EECS.
Scaling the Network: Subnetting and Protocols

Scaling the Network: Subnetting and Protocols
4.01 How Web Pages Work.

4.01 How Web Pages Work.
Understand Names Resolution

Understand Names Resolution
Web fundamentals: Clients, Servers, and Communication

Web fundamentals: Clients, Servers, and Communication
Chapter 10: Web Basics.

Chapter 10: Web Basics.
Remote Logging, Electronic Mail, and File Transfer

Remote Logging, Electronic Mail, and File Transfer

Similar presentations

Ads by Google