CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing

A key challenge in censorship-resistant web browsing is being able to direct legitimate users to redirection proxies while preventing censors, posing as insiders, from discovering their addresses and blocking them. We propose a new framework for censorship-resistant web browsing called CensorSpoofer that addresses this challenge by exploiting the asymmetric nature of web browsing traffic and making use of IP spoofing. CensorSpoofer de-couples the upstream and downstream channels, using a low-bandwidth indirect channel for delivering outbound requests (URLs) and a high-bandwidth direct channel for downloading web content. The upstream channel hides the request contents using steganographic encoding within Email or instant messages, whereas the downstream channel uses IP address spoofing so that the real address of the proxies is not revealed either to legitimate users or censors. We built a proof-of-concept prototype that uses encrypted VoIP for this downstream channel and demonstrated the feasibility of using the CensorSpoofer framework in a realistic environment.

[1]  Benjamin Edelman,et al.  Internet Filtering in China , 2003, IEEE Internet Comput..

[2]  Mohammad Mahdian Fighting censorship with algorithms , 2011, XRDS.

[3]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[4]  Raj Jain,et al.  Packet Trains-Measurements and a New Model for Computer Network Traffic , 1986, IEEE J. Sel. Areas Commun..

[5]  Damon McCoy,et al.  Proximax : A Measurement Based System for Proxies Dissemination , 2010 .

[6]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.

[7]  Nicholas Hopper,et al.  On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design , 2009, WPES '09.

[8]  UhligSteve,et al.  IP geolocation databases , 2011 .

[9]  Andrew S. Tanenbaum,et al.  Safe and Private Data Sharing with Turtle: Friends Team-Up and Beat the System , 2004, Security Protocols Workshop.

[10]  Lixin Gao,et al.  CAM04-4: AS Path Inference by Exploiting Known AS Paths , 2006, IEEE Globecom 2006.

[11]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[12]  Ian Clarke,et al.  Protecting Free Expression Online with Freenet , 2002, IEEE Internet Comput..

[13]  Jari Arkko,et al.  MIKEY: Multimedia Internet KEYing , 2004, RFC.

[14]  W. Timothy Strayer,et al.  Decoy Routing: Toward Unblockable Internet Communication , 2011, FOCI.

[15]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[16]  Vincent Roca,et al.  Reed-Solomon Forward Error Correction (FEC) Schemes , 2009, RFC.

[17]  Nick Feamster,et al.  Thwarting Web Censorship with Untrusted Messenger Discovery , 2003, Privacy Enhancing Technologies.

[18]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[19]  Jinyang Li,et al.  Pass it on: social networks stymie censors , 2008, IPTPS.

[20]  Damon McCoy,et al.  Proximax: Measurement-Driven Proxy Dissemination (Short Paper) , 2011, Financial Cryptography.

[21]  Nicholas Hopper,et al.  Membership-concealing overlay networks , 2009, CCS.

[22]  Nikita Borisov,et al.  Cirripede: circumvention infrastructure using router redirection with plausible deniability , 2011, CCS '11.

[23]  Steven B. Lowen,et al.  Analysis and Estimation , 2005 .

[24]  Kevin Wallace Cisco Voice over IP , 2006 .

[25]  Sushil Jajodia,et al.  Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[26]  Ian Goldberg,et al.  Telex: Anticensorship in the Network Infrastructure , 2011, USENIX Security Symposium.

[27]  C. Leberknight A Taxonomy of Internet Censorship and Anti-Censorship Draft Version December 31 , 2010 , 2011 .

[28]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[29]  Santosh S. Vempala,et al.  Chipping Away at Censorship Firewalls with User-Generated Content , 2010, USENIX Security Symposium.

[30]  Jon Callas,et al.  ZRTP: Media Path Key Agreement for Unicast Secure RTP , 2011, RFC.