Towards freedom of speech on the internet: censorship-resistant communication and storage

This work explores the problem space of censorship resistance with the explicit goal of protecting a censorship-resistant system and its users from powerful adversaries who control the network gateways. The result of this work is a document storage system which is highly available and robust to targeted censorship. It is designed to resist attacks from very powerful adversaries, who are willing to shut down large sections of the Internet in order to accomplish their censorship goals. Our design aims to be as easy to use, but far more robust than, some current centralized systems, so we use a completely distributed peer-to-peer infrastructure but still support human-readable keyword search. Network participants who contribute storage enjoy plausible deniability, in that they have no easy way to determine what content they are storing locally. We also explicitly support edited content, such that any information can be published, but only popular or editor-approved information will be kept. A major building block of our system is membership concealment — the idea of a network that hides the real-world identities of participants. We formalize the concept of membership concealment, show that it is required for censorship resistance, discuss a number of attacks against existing systems, and present real-world attack results. Since membership concealment requires resisting hypothesis testing and brute-force scanning, we ensure that network members are not identifiable as such by unauthorized parties. To that end, we construct an authenticated transmission control protocol, adding steganographic authentication to TCP in a provably undetectable manner. Finally, we show through theoretical analysis and simulation that the complete system, while imposing a factor of 10 storage overhead, can tolerate node failure rates up to 70% while retaining the ability to route messages and retrieve every stored file with probability 99.99998666%, even when the volume of stored content is on the order of hundreds of exabytes.

[1]  Larry Carter,et al.  Universal classes of hash functions (Extended Abstract) , 1977, STOC '77.

[2]  Nancy A. Lynch,et al.  An Efficient Algorithm for Byzantine Agreement without Authentication , 1982, Inf. Control..

[3]  Maurice Herlihy,et al.  Impossibility and universality results for wait-free synchronization , 1988, PODC '88.

[4]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[5]  John D. Valois Lock-free linked lists using compare-and-swap , 1995, PODC '95.

[6]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[7]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[8]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[9]  A. Schlessinger United States constitution , 1996 .

[10]  Victor Shoup,et al.  On Fast and Provably Secure Message Authentication Based on Universal Hashing , 1996, CRYPTO.

[11]  R. Anderson The Eternity Service , 1996 .

[12]  W. Straw Manufacturing Consent: Noam Chomsky and the Media , 1996 .

[13]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[14]  Birgit Pfitzmann,et al.  Real-time mixes: a bandwidth-efficient anonymity protocol , 1998, IEEE J. Sel. Areas Commun..

[15]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[16]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[17]  David Mazières,et al.  The design, implementation and operation of an email pseudonym server , 1998, CCS '98.

[18]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[19]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[20]  J. Morsink,et al.  The Universal Declaration of Human Rights: Origins, Drafting, and Intent , 1999 .

[21]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[22]  Pankaj Rohatgi,et al.  Can Pseudonymity Really Guarantee Privacy? , 2000, USENIX Security Symposium.

[23]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[24]  Aviel D. Rubin,et al.  Publius: a robust, tamper-evident, censorship-resistant web publishing system , 2000 .

[25]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[26]  Michael K. Reiter,et al.  An Architecture for Survivable Coordination in Large Distributed Systems , 2000, IEEE Trans. Knowl. Data Eng..

[27]  Jon M. Kleinberg,et al.  The small-world phenomenon: an algorithmic perspective , 2000, STOC '00.

[28]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[29]  H. Federrath Freenet : A Distributed Anonymous Information Storage and Retrieval System in Designing Privacy Enhancing Technologies , 2001 .

[30]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM 2001.

[31]  Antony I. T. Rowstron,et al.  PAST: a large-scale, persistent peer-to-peer storage utility , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[32]  David Mazières,et al.  Tangler: a censorship-resistant publishing system based on document entanglements , 2001, CCS '01.

[33]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[34]  Gene Tsudik,et al.  Communication-Efficient Group Key Agreement , 2001, SEC.

[35]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[36]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[37]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[38]  Chanathip Namprempre,et al.  Authenticated encryption in SSH: provably fixing the SSH binary packet protocol , 2002, CCS '02.

[39]  Timothy Roscoe,et al.  Techniques for Lightweight Concealment and Authentication in IP Networks , 2002 .

[40]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[41]  Deepa Kundur,et al.  Practical Data Hiding in TCP/IP , 2002 .

[42]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[43]  Andrei Serjantov,et al.  Anonymizing Censorship Resistant Systems , 2002, IPTPS.

[44]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[45]  Christian Grothoff,et al.  Efficient Sharing of Encrypted Data , 2002, ACISP.

[46]  Amos Fiat,et al.  Censorship resistant peer-to-peer content addressable networks , 2002, SODA '02.

[47]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[48]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[49]  Sean Quinlan,et al.  Venti: A New Approach to Archival Storage , 2002, FAST.

[50]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[51]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[52]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.

[53]  Jacob R. Lorch,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OSDI '02.

[54]  Dennis Kügler,et al.  An Analysis of GNUnet and the Implications for Anonymous, Censorship-Resistant Networks , 2003, Privacy Enhancing Technologies.

[55]  Matthias Bauer New covert channels in HTTP: adding unwitting Web browsers to anonymity sets , 2003, WPES '03.

[56]  Nick Feamster,et al.  Thwarting Web Censorship with Untrusted Messenger Discovery , 2003, Privacy Enhancing Technologies.

[57]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[58]  Brian D. Noble,et al.  Samsara: honor among thieves in peer-to-peer storage , 2003, SOSP '03.

[59]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[60]  Craig A. N. Soules,et al.  Self-securing storage: protecting data in compromised systems , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[61]  Riccardo Bettati,et al.  On countermeasures to traffic analysis attacks , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[62]  Paul England,et al.  The Darknet and the Future of Content Distribution , 2003 .

[63]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[64]  Benjamin Edelman,et al.  Internet Filtering in China , 2003, IEEE Internet Comput..

[65]  Kevin Jeffay,et al.  Variability in TCP round-trip times , 2003, IMC '03.

[66]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[67]  Andrew S. Tanenbaum,et al.  Safe and Private Data Sharing with Turtle: Friends Team-Up and Beat the System , 2004, Security Protocols Workshop.

[68]  George Danezis,et al.  The Economics of Censorship Resistance , 2004 .

[69]  Eric Cole,et al.  Taking a lesson from stealthy rootkits , 2004, IEEE Security & Privacy Magazine.

[70]  Peter Sewell,et al.  Passive-attack analysis for connection-based anonymity systems , 2004, International Journal of Information Security.

[71]  Daniel J. Bernstein,et al.  The Poly1305-AES Message-Authentication Code , 2005, FSE.

[72]  John Aycock,et al.  Improved port knocking with strong authentication , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[73]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.

[74]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[75]  Mary Baker,et al.  The LOCKSS peer-to-peer digital preservation system , 2005, TOCS.

[76]  George Danezis,et al.  The Dining Freemasons (Security Protocols for Secret Societies) , 2005, Security Protocols Workshop.

[77]  Brighten Godfrey,et al.  OpenDHT: a public DHT service and its uses , 2005, SIGCOMM '05.

[78]  Bogdan M. Wilamowski,et al.  The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[79]  Douglas M. Blough,et al.  An approach for fault tolerant and secure data storage in collaborative work environments , 2005, StorageSS '05.

[80]  Ethan L. Miller,et al.  Disk infant mortality in large storage systems , 2005, 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems.

[81]  Greg Hoglund,et al.  Rootkits: Subverting the Windows Kernel , 2005 .

[82]  Andreas Haeberlen,et al.  Glacier: highly durable, decentralized storage despite massive correlated failures , 2005, NSDI.

[83]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[84]  Juan E. Tapiador,et al.  Attacks on Port Knocking Authentication Mechanism , 2005, ICCSA.

[85]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[86]  Michael K. Reiter,et al.  Censorship Resistance Revisited , 2005, Information Hiding.

[87]  John Langford,et al.  Covert two-party computation , 2005, STOC '05.

[88]  Robert N. M. Watson,et al.  Ignoring the Great Firewall of China , 2006, Privacy Enhancing Technologies.

[89]  Ethan L. Miller,et al.  Long-term threats to secure archives , 2006, StorageSS '06.

[90]  Peng Wang,et al.  Robust Accounting in Decentralized P2P Storage Systems , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[91]  Rodrigo Rodrigues,et al.  Tolerating Byzantine Faulty Clients in a Quorum System , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[92]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[93]  Andrei Serjantov,et al.  Nonesuch: a mix network with sender unobservability , 2006, WPES '06.

[94]  Oskar Sandberg,et al.  Distributed Routing in Small-World Networks , 2006, ALENEX.

[95]  Jean-Philippe Martin,et al.  Fast Byzantine Consensus , 2006, IEEE Transactions on Dependable and Secure Computing.

[96]  Antony Rowstron,et al.  Virtual ring routing: network routing inspired by DHTs , 2006, SIGCOMM 2006.

[97]  R. Dingledine,et al.  Design of a blocking-resistant anonymity system , 2006 .

[98]  George Danezis,et al.  The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications , 2006, WEIS.

[99]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[100]  David Mazières,et al.  Beyond One-Third Faulty Replicas in Byzantine Fault Tolerant Systems , 2007, NSDI.

[101]  Michael K. Reiter,et al.  Low-overhead byzantine fault-tolerant storage , 2007, SOSP.

[102]  Ethan L. Miller,et al.  POTSHARDS: Secure Long-Term Storage Without Encryption , 2007, USENIX Annual Technical Conference.

[103]  G. Danezis,et al.  Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity , 2007 .

[104]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[105]  Yuanyuan Zhou,et al.  Designing and Implementing Malicious Hardware , 2008, LEET.

[106]  Prateek Mittal,et al.  Information leaks in structured peer-to-peer anonymous communication systems , 2008, CCS.

[107]  Jinyang Li,et al.  Pass it on: social networks stymie censors , 2008, IPTPS.

[108]  Maxwell Young,et al.  Reducing communication costs in robust peer-to-peer networks , 2008, Inf. Process. Lett..

[109]  Angelos Stavrou,et al.  PAR: Payment for Anonymous Routing , 2008, Privacy Enhancing Technologies.

[110]  Nicholas Hopper,et al.  SilentKnock: practical, provably undetectable authentication , 2008, International Journal of Information Security.

[111]  Access Denied The Practice and Policy of Global Internet Filtering , 2008, CrimRxiv.

[112]  Yongdae Kim,et al.  Towards complete node enumeration in a peer-to-peer botnet , 2009, ASIACCS '09.

[113]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[114]  John Langford,et al.  Provably Secure Steganography , 2009, IEEE Trans. Computers.

[115]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[116]  Roger Dingledine,et al.  Building Incentives into Tor , 2010, Financial Cryptography.

[117]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks , 2010, IEEE/ACM Trans. Netw..

[118]  Chandra Prakash,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2011 .