Cirripede: circumvention infrastructure using router redirection with plausible deniability

Many users face surveillance of their Internet communications and a significant fraction suffer from outright blocking of certain destinations. Anonymous communication systems allow users to conceal the destinations they communicate with, but do not hide the fact that the users are using them. The mere use of such systems may invite suspicion, or access to them may be blocked. We therefore propose Cirripede, a system that can be used for unobservable communication with Internet destinations. Cirripede is designed to be deployed by ISPs; it intercepts connections from clients to innocent-looking destinations and redirects them to the true destination requested by the client. The communication is encoded in a way that is indistinguishable from normal communications to anyone without the master secret key, while public-key cryptography is used to eliminate the need for any secret information that must be shared with Cirripede users. Cirripede is designed to work scalably with routers that handle large volumes of traffic while imposing minimal overhead on ISPs and not disrupting existing traffic. This allows Cirripede proxies to be strategically deployed at central locations, making access to Cirripede very difficult to block. We built a proof-of-concept implementation of Cirripede and performed a testbed evaluation of its performance properties.

[1]  Robert N. M. Watson,et al.  Ignoring the Great Firewall of China , 2006, Privacy Enhancing Technologies.

[2]  Chae Hoon Lim,et al.  A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp , 1997, CRYPTO.

[3]  Stefan Katzenbeisser,et al.  Hide and Seek in Time - Robust Covert Timing Channels , 2009, ESORICS.

[4]  J.A. O'Sullivan,et al.  Information theoretic analysis of steganography , 1998, Proceedings. 1998 IEEE International Symposium on Information Theory (Cat. No.98CH36252).

[5]  Marc Smeets,et al.  Research Report: Covert Channels , 2006 .

[6]  W. Timothy Strayer,et al.  Decoy Routing: Toward Unblockable Internet Communication , 2011, FOCI.

[7]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[8]  Andrew S. Tanenbaum,et al.  Safe and Private Data Sharing with Turtle: Friends Team-Up and Beat the System , 2004, Security Protocols Workshop.

[9]  Alexander A. Grusho,et al.  Statistical Covert Channels Through PROXY Server , 2005, MMM-ACNS.

[10]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[11]  Nikita Borisov,et al.  CoCo: Coding-Based Covert Timing Channels for Network Flows , 2011, Information Hiding.

[12]  Mohammad Mahdian Fighting censorship with algorithms , 2011, XRDS.

[13]  R. Dingledine,et al.  Design of a blocking-resistant anonymity system , 2006 .

[14]  Michalis Faloutsos,et al.  On routing asymmetry in the Internet , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[15]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[16]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[17]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[18]  Marianne Winslett,et al.  Proceedings of the 5th ACM workshop on Privacy in electronic society , 2006, CCS 2006.

[19]  Sebastian Zander,et al.  An Empirical Evaluation of IP Time To Live Covert Channels , 2007, 2007 15th IEEE International Conference on Networks.

[20]  Saurabh Bagchi,et al.  TCP/IP Timing Channels: Theory to Implementation , 2009, IEEE INFOCOM 2009.

[21]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[22]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.

[23]  Grzegorz Lewandowski,et al.  Covert Channels in IPv6 , 2005, Privacy Enhancing Technologies.

[24]  L ChaumDavid Untraceable electronic mail, return addresses, and digital pseudonyms , 1981 .

[25]  Nicholas Hopper,et al.  Membership-concealing overlay networks , 2009, CCS.

[26]  Ian Clarke,et al.  Protecting Free Expression Online with Freenet , 2002, IEEE Internet Comput..

[27]  Gene Tsudik,et al.  Di e-hellman key distribution extended to groups , 1996, CCS 1996.

[28]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[29]  Mike Hibler,et al.  An integrated experimental environment for distributed systems and networks , 2002, OPSR.

[30]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[31]  Nicholas Hopper,et al.  On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design , 2009, WPES '09.

[32]  Fang Yu,et al.  How dynamic are IP addresses? , 2007, SIGCOMM '07.

[33]  Nick Feamster,et al.  Thwarting Web Censorship with Untrusted Messenger Discovery , 2003, Privacy Enhancing Technologies.

[34]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[35]  Andrei Serjantov,et al.  Nonesuch: a mix network with sender unobservability , 2006, WPES '06.

[36]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[37]  Sebastian Zander,et al.  Stealthier Inter-packet Timing Covert Channels , 2011, Networking.

[38]  Damon McCoy,et al.  Proximax: Measurement-Driven Proxy Dissemination (Short Paper) , 2011, Financial Cryptography.

[39]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[40]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[41]  Vincent H. Berk,et al.  Detection of Covert Channel Encoding in Network Packet Delays , 2005 .

[42]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[43]  Hannes Federrath,et al.  International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability , 2001 .

[44]  C. Leberknight A Taxonomy of Internet Censorship and Anti-Censorship Draft Version December 31 , 2010 , 2011 .

[45]  Benjamin Edelman,et al.  Internet Filtering in China , 2003, IEEE Internet Comput..

[46]  Matthias Bauer New covert channels in HTTP: adding unwitting Web browsers to anonymity sets , 2003, WPES '03.

[47]  Nikita Borisov,et al.  Preventing encrypted traffic analysis , 2011 .

[48]  Jinyang Li,et al.  Pass it on: social networks stymie censors , 2008, IPTPS.

[49]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[50]  Bogdan M. Wilamowski,et al.  The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[51]  Sushil Jajodia,et al.  Model-Based Covert Timing Channels: Automated Modeling and Evasion , 2008, RAID.

[52]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[53]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[54]  Ian Goldberg,et al.  Telex: Anticensorship in the Network Infrastructure , 2011, USENIX Security Symposium.

[55]  J. Boyan DATA AND INFORMATION COLLECTION ON THE NET The Anonymizer Protecting User Privacy on the Web , 1997 .

[56]  Mauro Barni,et al.  Information Hiding, 7th International Workshop, IH 2005, Barcelona, Spain, June 6-8, 2005, Revised Selected Papers , 2005, Information Hiding.

[57]  Damon McCoy,et al.  Proximax : A Measurement Based System for Proxies Dissemination , 2010 .

[58]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.

[59]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.