Presentation is loading. Please wait.

Presentation is loading. Please wait.

Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.

Published byOswald Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the."— Presentation transcript:

1 Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide for acknowledgements!

2 Classes of Information Hiding Digital watermarking Steganography Covert channels Anonymous communications Protocol obfuscation CS660 - Advanced Information Assurance - UMassAmherst 2

3 Definition Protocol obfuscation: Concealing the type of the underlying network protocol from a traffic monitoring entity 3 CS660 - Advanced Information Assurance - UMassAmherst

4 Why Hide the Protocol? Bypass ISP restrictions: – BitTorrent blocked on campus – Skype blocked in some corporate networks Bypass nation-state censorship (censorship circumvention): – Tor is blocked by various countries – VPN is blocked by the Great Firewall of China 4 CS660 - Advanced Information Assurance - UMassAmherst

5 Types of Protocol Obfuscation De-identification: look like nothing Impersonation: look like some other protocol 5 CS660 - Advanced Information Assurance - UMassAmherst

6 Internet Censorship

7 7 CS660 - Advanced Information Assurance - UMassAmherst

8 The Non-Democratic Republic of Repressistan Gateway 8 (IP=A.B.C.D) X A.B.C.D Censorship model CS660 - Advanced Information Assurance - UMassAmherst

9 Censorship circumvention 9 CS660 - Advanced Information Assurance - UMassAmherst

10 Using Tor for circumvention 10 The Non-Democratic Republic of Repressistan Blocked Destination Tor Network Tor Bridge Not effective anymore! Gateway Active probes Easily recognizable at the network level Deep Packet Inspection (DPI) Insider attacks CS660 - Advanced Information Assurance - UMassAmherst

11 Challenge! We need unobservable circumvention Censors should not be able to easily identify circumvention traffic or end-hosts through passive, active, or proactive techniques 11 CS660 - Advanced Information Assurance - UMassAmherst

12 Hide and seek! 12 The Non-Democratic Republic of Repressistan Blocked Destination Tor Bridge Tor Network Gateway CS660 - Advanced Information Assurance - UMassAmherst

13 Parrot systems Imitate a popular protocol – SkypeMorph (CCS’12) – StegoTorus (CCS’12) – CensorSpoofer (CCS’12) 13 CS660 - Advanced Information Assurance - UMassAmherst

14 SkypeMorph (CCS’12) 14 The Non-Democratic Republic of Repressistan Blocked Destination SkypeMorph Bridge Tor Network SkypeMorph Client Skype Client Traffic Shaping CS660 - Advanced Information Assurance - UMassAmherst

15 StegoTorus Client Censorship Region The Internet StegoTorus A Tor node StegoTorus Bridge HTTP Skype Ventrilo HTTP CS660 - Advanced Information Assurance - UMassAmherst 15

16 Dummy host Censorship Region The Internet CensorSpoofer Censored destination Spoofer RTP upstream RTP downstream SIP server CensorSpoofer Client CS660 - Advanced Information Assurance - UMassAmherst 16

17 The Parrot is Dead: Observing Unobservable Network Communications Amir Houmansadr, Chad Brubaker, Vitaly Shmatikov IEEE S&P (Oakland) 2013 Received the Best Practical Paper Award

18 Detecting SkypeMorph 18 The Non-Democratic Republic of Repressistan Blocked Destination Tor Bridge Tor Network SOM TCP control stream CS660 - Advanced Information Assurance - UMassAmherst

19 19 No, no..... no, 'e's stunned! CS660 - Advanced Information Assurance - UMassAmherst

20 SkypeMorph+ Let’s imitate the missing parts! Problem: hard to mimic dynamic behavior in response to active tests 20 CS660 - Advanced Information Assurance - UMassAmherst

21 Dropping UDP packets 21 CS660 - Advanced Information Assurance - UMassAmherst

22 Other tests TestSkypeSkypeMorph+ Flush Supernode cacheServes as a SNRejects all Skype messages Drop UDP packetsBurst of packets in TCP control No reaction Close TCP channelEnds the UDP streamNo reaction Delay TCP packetsReacts depending on the type of message No reaction Close TCP connection to a SN Initiates UDP probesNo reaction Block the default TCP port Connects to TCP ports 80 and 443 No reaction 22 CS660 - Advanced Information Assurance - UMassAmherst

23 23 Now that's what I call a dead parrot. CS660 - Advanced Information Assurance - UMassAmherst

24 Unobservability by imitation is fundamentally flawed! 24 CS660 - Advanced Information Assurance - UMassAmherst

25 Perfect imitation of a complex real system is extremely hard A complex protocol in it entirety Inter-dependent sub-protocols with complex, dynamic behavior Bugs in specific versions of the software User behavior 25 Not enough to mimic a "protocol," need to mimic a specific implementation with all its quirks CS660 - Advanced Information Assurance - UMassAmherst

26 So, what is the real problem?

27 27 The Non-Democratic Republic of Repressistan Tor (and its flavors) Psiphon Ultrasurf Tor relays Ultrasurf proxies Psiphon proxies X X X Custom tunnels are easy to recognize! CS660 - Advanced Information Assurance - UMassAmherst

28 Wait! We already have lots of encrypted tunnels! 28 CS660 - Advanced Information Assurance - UMassAmherst

29 29 The Non-Democratic Republic of Repressistan VoIP VoIP servers (e.g., Skype) Email Email servers (e.g., Gmail) File sharing File hosts (e.g., BitTorent) Online games Gaming servers (e.g., Warcraft) Cloud storage Cloud servers (e.g., Amazon EC2) Tor CS660 - Advanced Information Assurance - UMassAmherst

30 Hide-within circumvention (or, parasites!)

31 Definition Tunneling circumvention traffic through a popular service provider via an allowed, already deployed network protocol 31 CS660 - Advanced Information Assurance - UMassAmherst

32 I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr, Thomas Riedl, Nikita Borisov, Andrew Singer NDSS 2013

33 FreeWave: IP over Voice-over-IP Target protocol: Voice-over IP (VoIP) Why VoIP – Widely used – Encrypted – Many VoIP provider options How to hide? – The dial-up modems are back! 33 CS660 - Advanced Information Assurance - UMassAmherst

34 34 The Non-Democratic Republic of Repressistan Gateway 34 Blocked Destination Tor Bridge Tor Network X FreeWave architecture CS660 - Advanced Information Assurance - UMassAmherst

35 System components 35 CS660 - Advanced Information Assurance - UMassAmherst

36 MoDem component A typical acoustic modem – QAM modulation Reliable transmission – Turbo codes – Use Preambles 36 CS660 - Advanced Information Assurance - UMassAmherst

37 Unobservability

38 Unobservability in hide-within 7. Application 6. PresentationData 5. Session 4. TransportSegments 3. NetworkPacket/Datagram 2. Data linkBit/Frame 1. PhysicalBit 38 The OSI model Parrot systems Hide-within systems CS660 - Advanced Information Assurance - UMassAmherst

39 Costs of censorship 39 More resource-intensive Slower More false positives Cheap and fast Doable at line speed Very accurate Machine learning Statistical analysis Proactive probing Active probing Inspecting protocol signatures Inspecting keywords IP filtering Hide-within Traditional systems CS660 - Advanced Information Assurance - UMassAmherst

40 Some of the tools used to analyze the attacks Probability theory to model types of traffic – E.g., Chernoff bound, stochastic processes Detection and estimation theory to distinguish instances of a traffic type – E.g., hypothesis testing, LRT tests Statistics to find deviations from a type – E.g., K-S test, Q-Q plot Information theory to derive the bounds of deviation 40 CS660 - Advanced Information Assurance - UMassAmherst

41 Unique properties of hide- within systems

42 1. Resistant to partial compromise

43 43 The Non-Democratic Republic of Repressistan Gateway 43 Blocked Destination Tor Bridge Tor Network X Tor Detecting one user makes it easier to detect other users Gateway X X CS660 - Advanced Information Assurance - UMassAmherst

44 44 The Non-Democratic Republic of Repressistan Circumvention user Benign user Oblivious server Tor X Hide-within Detecting one user does not help detect others CS660 - Advanced Information Assurance - UMassAmherst

45 45 The Non-Democratic Republic of Repressistan Gateway 45 Blocked Destination FreeWave Tor Bridge Tor Network X FreeWave Gateway CS660 - Advanced Information Assurance - UMassAmherst

46 This is a big step forward! 46 CS660 - Advanced Information Assurance - UMassAmherst

47 2. Censorship causes collateral damage

48 Censors are rational! 48 CS660 - Advanced Information Assurance - UMassAmherst

49 49 The Non-Democratic Republic of Repressistan Gateway 49 Blocked Destination Tor Bridge Tor Network X Tor Censoring Tor bridges has zero impact on benign users Gateway X X CS660 - Advanced Information Assurance - UMassAmherst

50 50 The Non-Democratic Republic of Repressistan Circumvention user Benign user Oblivious server Tor X X X X Hide-within Censoring disrupts benign users as well X CS660 - Advanced Information Assurance - UMassAmherst

51 51 The Non-Democratic Republic of Repressistan Gateway 51 Blocked Destination FreeWave Tor Bridge Tor Network FreeWave X Censoring FreeWave bridges disrupts benign users as well (collateral damage) Gateway X X X X CS660 - Advanced Information Assurance - UMassAmherst

52 This is another big step forward! 52 CS660 - Advanced Information Assurance - UMassAmherst

53 Challenge: designing efficient hide-within systems 53 CS660 - Advanced Information Assurance - UMassAmherst

54 Hide-within designs FreeWave v2 – Encode directly in video stream – Bandwidth and latency sufficient for interactive web browsing Additional hide-within designs: SWEET (Email) CloudTransport (Cloud services) Under development: – BitTorrent 54 CS660 - Advanced Information Assurance - UMassAmherst

55 Acknowledgement Some pictures are obtained through Google search without being referenced 55 CS660 - Advanced Information Assurance - UMassAmherst

Download ppt "Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the."

Similar presentations

I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr (The University of Texas at Austin) Thomas.

I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr (The University of Texas at Austin) Thomas.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Web Filtering and Deep Packet Inspection Artyom Churilin Tallinn University of Technology 2011.

Web Filtering and Deep Packet Inspection Artyom Churilin Tallinn University of Technology 2011.
Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.

Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
Information Hiding: Watermarking and Steganography

Information Hiding: Watermarking and Steganography
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Security and Privacy of Future Internet Architectures: Named-Data Networking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content.

Security and Privacy of Future Internet Architectures: Named-Data Networking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content.
Introduction to the Application Layer Computer Networks Computer Networks Spring 2012 Spring 2012.

Introduction to the Application Layer Computer Networks Computer Networks Spring 2012 Spring 2012.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Information Hiding: Covert Channels Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.

Information Hiding: Covert Channels Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.

Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
1 CMSCD1011 Introduction to Computer Audio Lecture 10: Streaming audio for Internet transmission Dr David England School of Computing and Mathematical.

1 CMSCD1011 Introduction to Computer Audio Lecture 10: Streaming audio for Internet transmission Dr David England School of Computing and Mathematical.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Similar presentations

Ads by Google