Balboa: Bobbing and Weaving around Network Censorship

We introduce Balboa, a link obfuscation framework for censorship circumvention. Balboa provides a general framework for tunneling data through existing applications. Balboa sits between an application and the operating system, intercepting outgoing network traffic and rewriting it to embed data. To avoid introducing any distinguishable divergence from the expected application behavior, Balboa only rewrites traffic that matches an externally specified traffic model pre-shared between the communicating parties. The traffic model captures some subset of the network traffic (e.g., some subset of music an audio streaming server streams). The sender uses this model to replace outgoing data with a pointer to the associated location in the model and embed data in the freed up space. The receiver then extracts the data, replacing the pointer with the original data from the model before passing the data on to the application. When using TLS, this approach means that application behavior with Balboa is equivalent, modulo small (protocol-dependent) timing differences, to if the application was running without Balboa. Balboa differs from prior approaches in that it (1) provides a framework for tunneling data through arbitrary (TLSprotected) protocols/applications, and (2) runs the unaltered application binaries on standard inputs, as opposed to most prior tunneling approaches which run the application on nonstandard—and thus potentially distinguishable—inputs. We present two instantiations of Balboa—one for audio streaming and one for web browsing—and demonstrate the difficulty of identifying Balboa by a machine learning classifier.

[1]  Rob Johnson,et al.  Games without Frontiers: Investigating Video Games as a Covert Channel , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[2]  John K. Ousterhout,et al.  NanoLog: A Nanosecond Scale Logging System , 2018, USENIX Annual Technical Conference.

[3]  Nikita Borisov,et al.  I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention , 2013, NDSS.

[4]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[5]  Luís Rodrigues,et al.  Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC , 2020, CCS.

[6]  Milad Nasr,et al.  The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks , 2017, CCS.

[7]  Ian Goldberg,et al.  Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement , 2016, CCS.

[8]  Thomas Shrimpton,et al.  Marionette: A Programmable Network Traffic Obfuscation System , 2015, USENIX Security Symposium.

[9]  Nicholas Hopper,et al.  Cover your ACKs: pitfalls of covert channel censorship circumvention , 2013, CCS.

[10]  Tadayoshi Kohno,et al.  Rook: Using Video Games as a Low-Bandwidth Censorship Resistant Communication Platform , 2015, WPES@CCS.

[11]  Ian Goldberg,et al.  SoK: Making Sense of Censorship Resistance Systems , 2016, Proc. Priv. Enhancing Technol..

[12]  Dave Levin,et al.  Geneva: Evolving Censorship Evasion Strategies , 2019, CCS.

[13]  Vern Paxson,et al.  SoK: Towards Grounding Censorship Circumvention in Empiricism , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[14]  Aditya Akella,et al.  Seeing through Network-Protocol Obfuscation , 2015, CCS.

[15]  Nuno Santos,et al.  Effective Detection of Multimedia Protocol Tunneling using Machine Learning , 2018, USENIX Security Symposium.

[16]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[17]  Nuno Santos,et al.  DeltaShaper: Enabling Unobservable Censorship-resistant TCP Tunneling over Videoconferencing Streams , 2017, Proc. Priv. Enhancing Technol..

[18]  Somesh Jha,et al.  LibFTE: A Toolkit for Constructing Practical, Format-Abiding Encryption Schemes , 2014, USENIX Security Symposium.

[19]  W. Timothy Strayer,et al.  Rebound: Decoy routing on asymmetric routes via error messages , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[20]  Eric Wustrow,et al.  The use of TLS in Censorship Circumvention , 2019, NDSS.

[21]  Thomas Ristenpart,et al.  Protocol misidentification made easy with format-transforming encryption , 2013, CCS.

[22]  Charles V. Wright,et al.  Uncovering Spoken Phrases in Encrypted Voice over IP Conversations , 2010, TSEC.

[23]  Ian Goldberg,et al.  Telex: Anticensorship in the Network Infrastructure , 2011, USENIX Security Symposium.

[24]  Vitaly Shmatikov,et al.  The Parrot Is Dead: Observing Unobservable Network Communications , 2013, 2013 IEEE Symposium on Security and Privacy.