Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Parrot is Dead: Observing Unobservable Network Communications

Published byAshlynn Cook Modified over 9 years ago

Similar presentations

Presentation on theme: "The Parrot is Dead: Observing Unobservable Network Communications"— Presentation transcript:

1 The Parrot is Dead: Observing Unobservable Network Communications
Amir Houmansadr Chad Brubaker Vitaly Shmatikov

2 Internet Censorship The Internet is a big threat to repressive regimes! Repressive regimes censor the Internet: IP filtering, DNS hijacking, Deep packet-inspection, etc. Circumvention systems

3 X Censorship Region The Internet Allowed Destination Blocked

4 Censorship Region The Internet DPI X Blocked Destination

5 We need unobservable circumvention
Censors should not be able to identify circumvention traffic or end-hosts through passive, active, or proactive techniques

6 Let’s hide! Censorship Region The Internet

7 Parrot systems Imitate a popular protocol SkypeMorph (CCS’12)
StegoTorus (CCS’12) CensorSpoofer (CCS’12)

8 What's, uh... What's wrong with it? 'E's dead, that's what's wrong with it!

9 SkypeMorph The Internet Censorship Region Traffic Shaping SkypeMorph
A Tor node SkypeMorph Bridge SkypeMorph Client

10 SoM header The start of message (SoM) header field is MISSING!
Single-packet identifier, instead of sophisticated statistical traffic analysis

11 SkypeMorph The Internet Censorship Region TCP control SkypeMorph
Bridge A Tor node SkypeMorph Client

12 No, no.....No, 'e's stunned!

13 Let’s imitate the missing!
SkypeMorph+ Let’s imitate the missing! Hard to mimic dynamic behavior Active/proactive tests

14 Dropping UDP packets

15 Other tests Test Skype SkypeMorph+ Flush Supernode cache
Serves as a SN Rejects all Skype messages Drop UDP packets Burst of packets in TCP control No reaction Close TCP channel Ends the UDP stream Delay TCP packets Reacts depending on the type of message Close TCP connection to a SN Initiates UDP probes Block the default TCP port Connects to TCP ports 80 and 443

16 Now that's what I call a dead parrot.

17 StegoTorus The Internet Censorship Region HTTP HTTP A Tor node
Bridge Skype Ventrilo HTTP StegoTorus Client

18 StegoTorus chopper Dependencies between links

19 StegoTorus-Skype The same attacks as SkypeMorph Even more attacks!

20 StegoTorus-HTTP Does not look like a typical HTTP server!
Most HTTP methods not supported!

21 CensorSpoofer The Internet Censorship Region SIP Spoofer server
Censored destination RTP downstream Dummy host RTP upstream CensorSpoofer Client

22 SIP probing The Internet Censorship Region SIP Spoofer server Censored
destination RTP downstream Dummy host RTP upstream CensorSpoofer Client

23 No no! 'E's pining! 'E's not pinin'! 'E's expired and gone to meet 'is maker!

24 Unobservability by imitation is fundamentally flawed!
Lesson 1 Unobservability by imitation is fundamentally flawed!

25 Imitation Requirements
Correct SideProtocols IntraDepend InterDepend Err Network Content Patterns Users Geo Soft OS

26 Partial imitation is worse than no imitation!
Lesson 2 Partial imitation is worse than no imitation!

27 Alternative Do not imitate, but Run the target protocol
IP over Voice-over-IP [NDSS’13] Challenge: efficiency

28 Thanks

Download ppt "The Parrot is Dead: Observing Unobservable Network Communications"

Similar presentations

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr (The University of Texas at Austin) Thomas.

I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention Amir Houmansadr (The University of Texas at Austin) Thomas.
Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.

Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
SkypeMorph: Protocol Obfuscation for Tor Bridges

SkypeMorph: Protocol Obfuscation for Tor Bridges
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 28 Real-Time Traffic over the Internet.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 28 Real-Time Traffic over the Internet.
NAT/Firewall Traversal April 2009. NAT revisited – “port-translating NAT”

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.

Censorship Resistance: Parrots Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.
Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.

Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Module 1: Reviewing the Suite of TCP/IP Protocols.

Module 1: Reviewing the Suite of TCP/IP Protocols.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Similar presentations

Ads by Google