Threat modeling and circumvention of Internet censorship

Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities—such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations.My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements. Rather, let us state the assumptions about censor behavior atop which we build circumvention designs, and let those assumptions be based on an informed understanding of censor behavior.

[1]  Jedidiah R. Crandall,et al.  Empirical Study of a National-Scale Distributed Intrusion Detection System: Backbone-Level Filtering of HTML Responses in China , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[2]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.

[3]  Nick Feamster,et al.  Global Measurement of DNS Manipulation , 2017, USENIX Security Symposium.

[4]  Nicholas Hopper,et al.  On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design , 2009, WPES '09.

[5]  Santosh S. Vempala,et al.  Chipping Away at Censorship Firewalls with User-Generated Content , 2010, USENIX Security Symposium.

[6]  Nikita Borisov,et al.  rBridge: User Reputation based Tor Bridge Distribution with Privacy Preservation , 2013, NDSS.

[7]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[8]  Art Benstein Thanks for the feedback, Trev. NMI , 2017 .

[9]  Sebastian Wolfgarten Investigating large-scale Internet content filtering , 2006 .

[10]  W. Timothy Strayer,et al.  Decoy Routing: Toward Unblockable Internet Communication , 2011, FOCI.

[11]  Eric Rescorla,et al.  Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP) , 2010, RFC.

[12]  Vitaly Shmatikov,et al.  No Direction Home: The True Cost of Routing Around Decoys , 2014, NDSS.

[13]  Philipp Winter Measuring and circumventing Internet censorship , 2014 .

[14]  Dan Wing,et al.  Session Traversal Utilities for NAT (STUN) , 2020, RFC.

[15]  Nick Feamster,et al.  Monitoring Internet Censorship with UBICA , 2015, TMA.

[16]  Dan S. Wallach,et al.  Whiskey, Weed, and Wukan on the World Wide Web: On Measuring Censors' Resources and Motivations , 2012, FOCI.

[17]  Nikita Borisov,et al.  Cirripede: circumvention infrastructure using router redirection with plausible deniability , 2011, CCS '11.

[18]  Vern Paxson,et al.  An Analysis of China's "Great Cannon" , 2015 .

[19]  Henning Schulzrinne,et al.  An Offer/Answer Model with Session Description Protocol (SDP) , 2002, RFC.

[20]  J. Alex Halderman,et al.  Internet Censorship in Iran: A First Look , 2013, FOCI.

[21]  Ian Goldberg,et al.  BridgeSPA: improving Tor bridges with single packet authorization , 2011, WPES.

[22]  Srikanth V. Krishnamurthy,et al.  Your state is not mine: a closer look at evading stateful internet censorship , 2017, Internet Measurement Conference.

[23]  Roy T. Fielding,et al.  Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing , 2014, RFC.

[24]  Nick Feamster,et al.  Augur: Internet-Wide Detection of Connectivity Disruptions , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[25]  Ian Goldberg,et al.  SoK: Making Sense of Censorship Resistance Systems , 2016, Proc. Priv. Enhancing Technol..

[26]  Jonathan D. Rosenberg,et al.  Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN) , 2020, RFC.

[27]  Micah Sherr,et al.  The Eavesdropper's Dilemma , 2006 .

[28]  Collin Anderson,et al.  Dimming the Internet: Detecting Throttling as a Mechanism of Censorship in Iran , 2013, ArXiv.

[29]  Damon McCoy,et al.  Proximax : A Measurement Based System for Proxies Dissemination , 2010 .

[30]  Andrew Schulman,et al.  Deanonymizing Users of the SafeWeb Anonymizing Service , 2002, USENIX Security Symposium.

[31]  Alexey Melnikov,et al.  The WebSocket Protocol , 2011, RFC.

[32]  Stefan Köpsell,et al.  How to achieve blocking resistance for existing systems enabling anonymous web surfing , 2004, WPES '04.

[33]  Carmela Troncoso,et al.  Dissecting Tor Bridges: A Security Evaluation of their Private and Public Infrastructures , 2017, NDSS.

[34]  Ronald J. Deibert,et al.  Internet Filtering in China in 2004-2005: A Country Study , 2005 .

[35]  Nick Feamster,et al.  Ethical Concerns for Censorship Measurement , 2015, NS Ethics@SIGCOMM.

[36]  Hanns Holger Rutz The Limits of Control , 2020, Mapplethorpe and the Flower.

[37]  Nikita Borisov,et al.  I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention , 2013, NDSS.

[38]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[39]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[40]  Donald Eastlake rd,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011 .

[41]  David Fifield,et al.  Fingerprintability of WebRTC , 2016, ArXiv.

[42]  Hal Roberts,et al.  2011 Circumvention Tool Evaluation , 2011 .

[43]  Emiliano De Cristofaro,et al.  Censorship in the Wild: Analyzing Internet Filtering in Syria , 2014, Internet Measurement Conference.

[44]  Vern Paxson,et al.  SoK: Towards Grounding Censorship Circumvention in Empiricism , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[45]  Aditya Akella,et al.  Seeing through Network-Protocol Obfuscation , 2015, CCS.

[46]  Dan Wing,et al.  Session Description Protocol (SDP) Security Descriptions for Media Streams , 2006, RFC.

[47]  Harald Alvestrand,et al.  Overview: Real-Time Protocols for Browser-Based Applications , 2021, RFC.

[48]  Dan S. Wallach,et al.  The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions , 2013, USENIX Security Symposium.

[49]  Fang Binxing,et al.  Towards Measuring Unobservability in Anonymous Communication Systems , 2015 .

[50]  Jeffrey Knockel,et al.  Forgive Us our SYNs: Technical and Ethical Considerations for Measuring Internet Filtering , 2015, NS Ethics@SIGCOMM.

[51]  Vitaly Shmatikov,et al.  CloudTransport: Using Cloud Storage for Censorship-Resistant Networking , 2014, Privacy Enhancing Technologies.

[52]  Vern Paxson,et al.  A Look at the Consequences of Internet Censorship Through an ISP Lens , 2014, Internet Measurement Conference.

[53]  Benjamin Edelman,et al.  Internet Filtering in China , 2003, IEEE Internet Comput..

[54]  Xun Gong,et al.  CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing , 2012, CCS.

[55]  Shawn P. Healy,et al.  The Great Firewall of China. , 2007 .

[56]  Matthew Caesar,et al.  Salmon: Robust Proxy Distribution for Censorship Circumvention , 2016, Proc. Priv. Enhancing Technol..

[57]  Yasushi Shinjo,et al.  VPN Gate: A Volunteer-Organized Public VPN Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls , 2014, NSDI.

[58]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[59]  Nicholas Hopper,et al.  Routing around decoys , 2012, CCS.

[60]  Will Scott,et al.  Exploring the Design Space of Longitudinal Censorship Measurement Platforms , 2016, ArXiv.

[61]  Stefan Lindskog,et al.  How the Great Firewall of China is Blocking Tor , 2012, FOCI.

[62]  Vinod Yegneswaran,et al.  StegoTorus: a camouflage proxy for the Tor anonymity system , 2012, CCS.

[63]  Nicholas Hopper,et al.  Cover your ACKs: pitfalls of covert channel censorship circumvention , 2013, CCS.

[64]  Brandon Wiley Dust : A Blocking-Resistant Internet Transport Protocol , 2011 .

[65]  Philipp Winter,et al.  ScrambleSuit: a polymorphic network protocol to circumvent censorship , 2013, WPES.

[66]  Minaxi Gupta,et al.  Inferring Mechanics of Web Censorship Around the World , 2012, FOCI.

[67]  David G. Robinson,et al.  An ISP-Scale Deployment of TapDance , 2018, FOCI @ USENIX Security Symposium.

[68]  Zubair Nabi The Anatomy of Web Censorship in Pakistan , 2013, FOCI.

[69]  Marco Chiesa,et al.  Analysis of country-wide internet outages caused by censorship , 2011, IMC '11.

[70]  Jeffrey Knockel,et al.  Measuring Decentralization of Chinese Keyword Censorship via Mobile Games , 2017, FOCI @ USENIX Security Symposium.

[71]  G. Lowe,et al.  The Great DNS Wall of China , 2007 .

[72]  Nick Feamster,et al.  Thwarting Web Censorship with Untrusted Messenger Discovery , 2003, Privacy Enhancing Technologies.

[73]  Zhuoqing Morley Mao,et al.  Internet Censorship in China: Where Does the Filtering Occur? , 2011, PAM.

[74]  Thomas Ristenpart,et al.  Protocol misidentification made easy with format-transforming encryption , 2013, CCS.

[75]  Nick Feamster,et al.  Examining How the Great Firewall Discovers Hidden Circumvention Servers , 2015, Internet Measurement Conference.

[76]  Ian Goldberg,et al.  SkypeMorph: protocol obfuscation for Tor bridges , 2012, CCS.

[77]  Dan Boneh,et al.  Evading Censorship with Browser-Based Proxies , 2012, Privacy Enhancing Technologies.

[78]  Maximillian Dornseif,et al.  Government mandated blocking of foreign Web content , 2004, DFN-Arbeitstagung über Kommunikationsnetze.

[79]  Van Jacobson,et al.  TCP Extensions for High Performance , 1992, RFC.

[80]  Philipp Winter,et al.  Analyzing the Great Firewall of China Over Space and Time , 2015, Proc. Priv. Enhancing Technol..

[81]  Philipp Winter,et al.  Global Network Interference Detection Over the RIPE Atlas Network , 2014, FOCI.

[82]  Ian Goldberg,et al.  Telex: Anticensorship in the Network Infrastructure , 2011, USENIX Security Symposium.

[83]  Robert N. M. Watson,et al.  Ignoring the Great Firewall of China , 2006, Privacy Enhancing Technologies.

[84]  David Fifield,et al.  Censors' Delay in Blocking Circumvention Proxies , 2016, FOCI.

[85]  Antonio Pescapè,et al.  Analyzing internet censorship in Pakistan , 2016, 2016 IEEE 2nd International Forum on Research and Technologies for Society and Industry Leveraging a better tomorrow (RTSI).

[86]  Jedidiah R. Crandall,et al.  ConceptDoppler: a weather tracker for internet censorship , 2007, CCS '07.

[87]  Adam Senft,et al.  A method for identifying and confirming the use of URL filtering products for censorship , 2013, Internet Measurement Conference.

[88]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[89]  Jacob Appelbaum,et al.  OONI: Open Observatory of Network Interference , 2012, FOCI.

[90]  Ronald J. Deibert,et al.  Planet Blue Coat: Mapping Global Censorship and Surveillance Tools , 2013 .

[91]  Vitaly Shmatikov,et al.  The Parrot Is Dead: Observing Unobservable Network Communications , 2013, 2013 IEEE Symposium on Security and Privacy.

[92]  Vern Paxson,et al.  Towards Illuminating a Censorship Monitor's Model to Facilitate Evasion , 2013, FOCI.

[93]  Sotiris Ioannidis,et al.  CensMon: A Web Censorship Monitor , 2011, FOCI.

[94]  R. Dingledine,et al.  Design of a blocking-resistant anonymity system , 2006 .

[95]  Margaret E. Roberts,et al.  How Censorship in China Allows Government Criticism but Silences Collective Expression , 2013, American Political Science Review.

[96]  Tulio de Souza,et al.  Fine-Grained Censorship Mapping: Information Sources, Legality and Ethics , 2011, FOCI.

[97]  Jonathan D. Rosenberg,et al.  Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols , 2010, RFC.

[98]  Richard Clayton,et al.  Failures in a Hybrid Content Blocking System , 2005, Privacy Enhancing Technologies.