SoK: Making Sense of Censorship Resistance Systems

Khattak, Sheharbano; Elahi, Tariq; Simon, Laurent; Swanson, Colleen M.; Murdoch, Steven J.; Goldberg, Ian

doi:10.1515/popets-2016-0028

Cited by 40 publications

(31 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yet, the censor can still disrupt access to subsequent queried domains (subdomains and thirdparties). We note that quality degradation is a strategy already used in the wild as a stealthy form of censorship [68].…”

Section: Censor Dns-blocking Strategymentioning

confidence: 99%

Encrypted DNS --> Privacy? A Traffic Analysis Perspective

Siby

Juárez

Díaz

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Virtually every connection to an Internet service is preceded by a DNS lookup. These lookups are performed in the clear without integrity protection, enabling manipulation, redirection, surveillance, and censorship. In parallel with standardization efforts that address these issues, large providers such as Google and Cloudflare are deploying solutions to encrypt lookups, such as DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). In this paper we examine whether encrypting DoH traffic can protect users from traffic analysis-based monitoring and censoring. We find that performing traffic analysis on DoH traces requires different features than those used to attack HTTPS or Tor traffic. We propose a new feature set tailored to the characteristics of DoH traffic. Our classifiers obtain an F1-score of 0.9 and 0.7 in closed and open world settings, respectively. We show that although factors such as location, resolver, platform, or client affect performance, they are far from completely deterring the attacks. We then study deployed countermeasures and show that, in contrast with web traffic, Tor effectively protects users. Specified defenses, however, still preserve patterns and leave some webs unprotected. Finally, we show that web censorship is still possible by analysing DoH traffic and discuss how to selectively block content with low collateral damage.

show abstract

Section: Censor Dns-blocking Strategymentioning

confidence: 99%

Encrypted DNS --> Privacy? A Traffic Analysis Perspective

Siby

Juárez

Díaz

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…In 2013, tunneling loss-intolerant protocols over loss-tolerant cover channels, was shown [26] to allow censors to interfere with the channel safely, without disrupting intended use of cover-protocol. For details on observability and traffic analysis resistance of existing anti-censorship tools, reader can refer to Systematizations of Knowledge [33], [59]. lib•erate [37] is a library, that takes alternative approach, and instead of hiding the traffic, it features numerous techniques that use bugs in DPI to evade identification.…”

Section: Traffic Obfuscation Analysismentioning

confidence: 99%

The use of TLS in Censorship Circumvention

Фролов¹,

Wustrow²

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

TLS, the Transport Layer Security protocol, has quickly become the most popular protocol on the Internet, already used to load over 70% of web pages in Mozilla Firefox. Due to its ubiquity, TLS is also a popular protocol for censorship circumvention tools, including Tor and Signal, among others. The problem was temporarily corrected by updating to Firefox 45, but only a few months later, meek was blocked again in the same manner, this time by the FortiGuard firewall, which identified a combination of SNI extension values sent by meek and otherwise matching the signature of Firefox 45 [22]. At that time, Firefox 47 had been released, supporting a distinguishable set of features. The rapid pace of new implementations and versions is a difficult task to keep up with. Another motivating example of these challenges is found in the Signal secure messaging application [57]. Until recently, Signal employed domain fronting to evade censorship in several countries including Egypt, Saudi Arabia, and the United Arab Emirates [25], [41]. However, due to a complicated interaction with the library it used to implement TLS, we find that Client Hello messages sent by Signal while domain fronting differ from their intended specification, ultimately allowing them to be distinguished from the implementations

show abstract

“…Open HTTP Proxies: Users also resort to Open HTTP proxies and other censorship resistance systems to anonymize their traffic [16,42]. One of these services is VPN Gate, an open and free service analyzed by Nobori et al [23].…”

Section: Vpn-based Measurementsmentioning

confidence: 99%

An Empirical Analysis of the Commercial VPN Ecosystem

Khan¹,

DeBlasio

Voelker

et al. 2018

Proceedings of the Internet Measurement Conference 2018

View full text Add to dashboard Cite

Global Internet users increasingly rely on virtual private network (VPN) services to preserve their privacy, circumvent censorship, and access geo-filtered content. Due to their own lack of technical sophistication and the opaque nature of VPN clients, however, the vast majority of users have limited means to verify a given VPN service's claims along any of these dimensions. We design an active measurement system to test various infrastructural and privacy aspects of VPN services and evaluate 62 commercial providers. Our results suggest that while commercial VPN services seem, on the whole, less likely to intercept or tamper with user traffic than other, previously studied forms of traffic proxying, many VPNs do leak user traffic-perhaps inadvertently-through a variety of means. We also find that a non-trivial fraction of VPN providers transparently proxy traffic, and many misrepresent the physical location of their vantage points: 5-30% of the vantage points, associated with 10% of the providers we study, appear to be hosted on servers located in countries other than those advertised to users.

show abstract

SoK: Making Sense of Censorship Resistance Systems

Cited by 40 publications

References 58 publications

Encrypted DNS --> Privacy? A Traffic Analysis Perspective

Encrypted DNS --> Privacy? A Traffic Analysis Perspective

The use of TLS in Censorship Circumvention

An Empirical Analysis of the Commercial VPN Ecosystem

Contact Info

Product

Resources

About