censorship resistance - umd
TRANSCRIPT
![Page 1: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/1.jpg)
CENSORSHIPRESISTANCE
CMSC 414APR 17 2018
![Page 2: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/2.jpg)
CENSORSHIP COMES IN MANY FORMSDROPPING PACKETS
Network operators: Block traffic in their own networks/countries
Routing-capable adversaries: Can influence routes on the Internet
Black-holing: Announce a low-cost path, drop traffic
MONITORING TRAFFIC
MISDIRECTING TRAFFICDNS injection: Send back false DNS responses
Boomerang routing: Source/destination close, but route goes through a country known to eavesdrop
https://www.youtube.com/watch?v=IzLPKuAOe50
DEANONYMIZATIONIdentifying and going after whistleblowers
Off-path attackers: Inject TCP RST packets (next week)
![Page 3: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/3.jpg)
ENEMIES OF THE INTERNET~Annual report by Reporters without Borders
2014 •Syria
•Russia
•Saudia Arabia
•UAE
•Cuba
•Belarus
•Pakistan
•Vietnam
•Turkmenistan
•Sudan
•Iran
•Bahrain
•USA
•UK
•Uzbekistan
•India
•China
•North Korea
•Ethiopia
•Surveillance dealers
![Page 4: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/4.jpg)
ENEMIES OF THE INTERNET
![Page 5: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/5.jpg)
ENEMIES OF THE INTERNET
![Page 6: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/6.jpg)
ENEMIES OF THE INTERNET
![Page 7: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/7.jpg)
COLLATERAL DAMAGE OF INTERNET CENSORSHIPChina censors the traffic to or from those within its borders Known
They do this via DNS injectionKnown / expected
They do this to any traffic that traverses its borders Not known
More traffic traverses China’s borders than we realized Oh geez..
![Page 8: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/8.jpg)
CIRCUMVENTING THE CONSTITUTION
Patriot Act Foreign Intelligence Surveillance Act (FISA) EO 12333
LEGAL REGIMES
Communication with foreign entitiesWHAT CAN BE MONITORED?
What if the US routed traffic out of its borders, then back in — would this count as communication with a foreign entity?
DO ROUTERS COUNT?
THIS PAPER: YES, PROBABLYSo any traffic could be easily monitored
![Page 9: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/9.jpg)
BLOCKING TOR
Downturn event: Drops below Possibly indicates censorship
Estimate the number of users on day i based on previous days’ users
Gray area: Range of estimated users; Usage naturally fluctuates
Upturn event: Rises above “normal” Possibly indicates circumvention
![Page 10: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/10.jpg)
BLOCKING TOR
Downturn event: Drops below Possibly indicates censorship
Estimate the number of users on day i based on previous days’ users
Gray area: Range of estimated users; Usage naturally fluctuates
Upturn event: Rises above “normal” Possibly indicates circumvention
![Page 11: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/11.jpg)
HOW TO BLOCK TOROption 1: Get a list of all Tor nodes Insert them as firewall rules
Bridge nodes: Tor does not list some nodes; Users must learn them out of band
Censors ca discover them by actively probing
Scan IP addresses, sending protocol-specific messages: handshake (TLS, obfs), Versions (Tor), HTTPS Post (SoftEther), HTTP GET (AppSpot)
![Page 12: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/12.jpg)
HOW TO BLOCK TOR
![Page 13: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/13.jpg)
HOW TO BLOCK TOROption 2: IP-based reputation schemes; Will eventually block exit nodes because attackers launder their attack traffic thru Tor
![Page 14: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/14.jpg)
DECOY ROUTING
Censoring regime
Accepted website
Censored website𝗫
![Page 15: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/15.jpg)
DECOY ROUTING
Censoring regime
Accepted website
Censored website
Decoy router, on the path to the accepted website
𝗫
After session initialization, divert traffic to the censored site
How does the decoy router know the true destination but the censor doesn’t?
Client includes “tags” in TLS handshakes that only the decoy router can identify
![Page 16: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/16.jpg)
DECOY ROUTING
Censoring regime
Accepted website
Censored website
Decoy router, on the path to the accepted website
𝗫
After session initialization, divert traffic to the censored site
How does the decoy router know the true destination but the censor doesn’t?
Client includes “tags” in TLS handshakes that only the decoy router can identify
![Page 17: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/17.jpg)
DECOY ROUTING TAGS
![Page 18: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/18.jpg)
AVOIDING CENSORS
1. Map the Internet
2. Choose paths that do not go through the attackers’ countries
One approach
![Page 19: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/19.jpg)
AVOIDING CENSORS
1. Map the Internet
2. Choose paths that do not go through the attackers’ countries
Incredibly difficult research problem unto itself!One approach
![Page 20: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/20.jpg)
AVOIDING CENSORS
1. Map the Internet
2. Choose paths that do not go through the attackers’ countries
Incredibly difficult research problem unto itself!One approach
Is it possible to get provable avoidance?
![Page 21: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/21.jpg)
SOME RESEARCH HERE AT UMD
Can we provably avoid countries known to censor/attack?
QUESTION
DEMONSTRATES:
![Page 22: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/22.jpg)
SOME RESEARCH HERE AT UMD
Can we provably avoid countries known to censor/attack?
QUESTION
It is possible to get “provable avoidance” without even knowing where exactly packets go
DEMONSTRATES:
![Page 23: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/23.jpg)
Users lack control over routingMostly relegated to destination-based routing
send to
![Page 24: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/24.jpg)
Users lack control over routingMostly relegated to destination-based routing
send to
![Page 25: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/25.jpg)
Users lack control over routingCollateral damage of censorship
send to
Censoring country
Censor-free Censor-free
![Page 26: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/26.jpg)
Users lack control over routingCollateral damage of censorship
✘
send to
Censoring country
Censor-free Censor-free
![Page 27: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/27.jpg)
Users lack control over routingCollateral damage of censorship
✘
send to
Censoring country
Censor-free Censor-free
Encryption(HTTPS)
Anonymity(Tor)
Hide info, but are still subject to censorship
![Page 28: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/28.jpg)
This work
✘
send to
Censoring country
Censor-free Censor-free
![Page 29: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/29.jpg)
This work
send to
Censoring country
Censor-free Censor-free
![Page 30: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/30.jpg)
Provable avoidance routing
send to but avoid
![Page 31: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/31.jpg)
Provable avoidance routing
send to but avoid
A broadly applicable primitiveDiffie-Hellman
Provably disjoint paths
Avoiding boomerangsDistinct vantage points
![Page 32: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/32.jpg)
Provable route avoidance goals
Provide proofs of avoidanceProof
Users request their traffic to avoidtransiting arbitrary geographic regions
Flexibility
![Page 33: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/33.jpg)
Provable route avoidance goals
Users request their traffic to avoidtransiting arbitrary geographic regions
Flexibility
Provide proofs of avoidanceProof
![Page 34: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/34.jpg)
Provable route avoidance goals
Users request their traffic to avoidtransiting arbitrary geographic regions
Flexibility
Without having to know underlying routes
Provide proofs of avoidanceProof
![Page 35: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/35.jpg)
Users request their traffic to avoidtransiting arbitrary geographic regions
Flexibility
Provable route avoidance goals
Provide proofs of avoidanceProof
![Page 36: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/36.jpg)
Users request their traffic to avoidtransiting arbitrary geographic regions
Flexibility
Provable route avoidance goals
Provide proofs of avoidanceProof
Goal: proof that it did not traverse
![Page 37: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/37.jpg)
Users request their traffic to avoidtransiting arbitrary geographic regions
Flexibility
Provable route avoidance goals
Provide proofs of avoidanceProof
Goal: proof that it did not traverse
Non-goal: proof that it cannot traverse
![Page 38: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/38.jpg)
Users request their traffic to avoidtransiting arbitrary geographic regions
Flexibility
Provable route avoidance goals
Provide proofs of avoidanceProof
Goal: proof that it did not traverse
Non-goal: proof that it cannot traverseUnadulterated roundtrip of communication
![Page 39: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/39.jpg)
Provable route avoidance goals
How do you prove that something did not happen?
Provide proofs of avoidanceProof
Users request their traffic to avoidtransiting arbitrary geographic regions
Flexibility
![Page 40: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/40.jpg)
Proving the impossibleHow do you prove did not happen
without enumerating everything that could have?X
![Page 41: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/41.jpg)
Proving the impossibleHow do you prove did not happen
without enumerating everything that could have?X
A
![Page 42: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/42.jpg)
Proving the impossibleHow do you prove did not happen
without enumerating everything that could have?X
A A !X⇒&&
Mutually exclusive
![Page 43: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/43.jpg)
Proving the impossibleHow do you prove did not happen
without enumerating everything that could have?X
A A !X⇒&&
Mutually exclusive
!X⇒
![Page 44: CENSORSHIP RESISTANCE - UMD](https://reader031.vdocuments.mx/reader031/viewer/2022012920/61c779f17bb413108c2fa046/html5/thumbnails/44.jpg)
Proving the impossibleHow do you prove did not happen
without enumerating everything that could have?X
A A !X⇒&&
Mutually exclusive
!X⇒
A is an alibi