Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anticensorship in the Network Infrastructure Eric Wustrow University of Michigan.

Published byAsher Hamilton Modified over 9 years ago

Similar presentations

Presentation on theme: "Anticensorship in the Network Infrastructure Eric Wustrow University of Michigan."— Presentation transcript:

1 Anticensorship in the Network Infrastructure Eric Wustrow University of Michigan

2 Background | Internet Censorship 2 Pervasive censorship Substantial censorship Changing situation Little or no censorship Selective censorship

3 3 Censor… controls client’s network, but not external network … blocks according to a blacklist … allows HTTPS connections to non-blocked sites Threat Model

4 4 Telex | Overview

5 5

6 6

7 7

8 8

9 9

10 Prototype | Test Deployment Hosted sites 10 Single Telex Station on lab-scale “ISP” at Michigan Blocked.telex.cc Simulated censored site only reachable via Telex NotBlocked.telex.cc Unobjectionable content * Inline Blocking Asymmetric flows

11 Telex v2: Passive tap 11

12 ClientServerISP Proxy “GET / HTTP/1.1\r\nX-Ignore: \x81\x28\x66 …” ACK [seq=Y, ack=X] “PROXY OK” [seq=Y, ack=X, len=M] ACK [seq=X, ack=Y+M] ack != Y? “\x95\x1f\x6b\x27\xe2 … \xc8\x3f\x22 …” Tag: Plaintext: Ciphertext: Plaintext: “GET http://blocked.com/ …” [seq=X, ack=Y+M] Plaintext: “HTTP/1.1 200 OK … ….” Plaintext: New architecture -- passive ISP tap TLS Handshake

13 New architecture -- passive ISP tap Pros –No inline blocking required, only passive tap –Works with asymmetric flows (client -> server) Cons –Censor can use active attacks (though we can use “active defenses”) 13

14 Anticensorship in the Network Infrastructure Future work –Looking for ISPs willing to help Technical feedback Prototype deployment –Strategies for optimal deployment –Improving traffic analysis defense 14

15 https://telex.cc Anticensorship in the Network Infrastructure Eric Wustrow Colleen M. Swanson Scott Wolchok Ian Goldberg J. Alex Halderman

Download ppt "Anticensorship in the Network Infrastructure Eric Wustrow University of Michigan."

Similar presentations

1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, 2006. 2.Robert Zalenski, Firewall Technologies,

1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, Robert Zalenski, Firewall Technologies,
Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.

Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
1 Advanced Security Research Wes Hardaker Eric Monteith, Russ Mundy, Eric O’Brian, Ron Ostrenga, Dan Sterne, Roshan Thomas NAI Labs under contract to DARPA.

1 Advanced Security Research Wes Hardaker Eric Monteith, Russ Mundy, Eric O’Brian, Ron Ostrenga, Dan Sterne, Roshan Thomas NAI Labs under contract to DARPA.
1 Depth First Search 0 1 2 3 4 dfs(0, 0) 01234 open site blocked site reachable from top via open sites.

1 Depth First Search dfs(0, 0) open site blocked site reachable from top via open sites.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lecture 1 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network structure,

Lecture Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  network structure,
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Putting the Network to Work

Putting the Network to Work
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
MPTCP Proxy Support Costin Raiciu. Explicit Proxies The MPTCP host knows about the proxy (e.g. via DHCP) All connections are made to the proxy – Signaling.

MPTCP Proxy Support Costin Raiciu. Explicit Proxies The MPTCP host knows about the proxy (e.g. via DHCP) All connections are made to the proxy – Signaling.
Introducing Fiddler Web Debugging for Performance and Operations www.fiddler2.com/perf/

Introducing Fiddler Web Debugging for Performance and Operations
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.

Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.
OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.

OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.
DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO.

DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO.
Towards a Safe Playground for HTTPS and Middle-Boxes with QoS2 Zhenyu Zhou CS Dept., Duke University.

Towards a Safe Playground for HTTPS and Middle-Boxes with QoS2 Zhenyu Zhou CS Dept., Duke University.
Access Gateway Operation

Access Gateway Operation

Similar presentations

Ads by Google