Skip to main content
SpringerLink
Log in

CloudTransport: Using Cloud Storage for Censorship-Resistant Networking

  • Conference paper
Privacy Enhancing Technologies (PETS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8555))

Included in the following conference series:

Abstract

Censorship circumvention systems such as Tor are highly vulnerable to network-level filtering. Because the traffic generated by these systems is disjoint from normal network traffic, it is easy to recognize and block, and once the censors identify network servers (e.g., Tor bridges) assisting in circumvention, they can locate all of their users.

CloudTransport is a new censorship-resistant communication system that hides users’ network traffic by tunneling it through a cloud storage service such as Amazon S3. The goal of CloudTransport is to increase the censors’ economic and social costs by forcing them to use more expensive forms of network filtering, such as large-scale traffic analysis, or else risk disrupting normal cloud-based services and thus causing collateral damage even to the users who are not engaging in circumvention. Cloud- Transport’s novel passive-rendezvous protocol ensures that there are no direct connections between a CloudTransport client and a CloudTransport bridge. Therefore, even if the censors identify a CloudTransport connection or the IP address of a CloudTransport bridge, this does not help them block the bridge or identify other connections.

CloudTransport can be used as a standalone service, a gateway to an anonymity network like Tor, or a pluggable transport for Tor. It does not require any modifications to the existing cloud storage, is compatible with multiple cloud providers, and hides the user’s Internet destinations even if the provider is compromised.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amazon: Conditions of Use, http://www.amazon.com/gp/help/customer/display.html?ie=UTF8&nodeId=508088

  2. Anonymizer, https://www.anonymizer.com/

  3. Joining China and Iran, Australia to Filter Internet, http://www.foxnews.com/scitech/2009/12/15/like-china-iran-australia-filter-internet

  4. Burnett, S., Feamster, N., Vempala, S.: Chipping Away at Censorship Firewalls with User-Generated Content. In: USENIX Security (2010)

    Google Scholar 

  5. Cai, X., Zhang, X., Joshi, B., Johnson, R.: Touching from a Distance: Website Fingerprinting Attacks and Defenses. In: CCS (2012)

    Google Scholar 

  6. Dingledine, R., Mathewson, N.: Design of a Blocking-Resistant Anonymity System, https://svn.torproject.org/svn/projects/design-paper/blocking.html

  7. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-generation Onion Router. In: USENIX Security (2004)

    Google Scholar 

  8. Donoho, D.L., Flesia, A.G., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 17–35. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Dropbox: Acceptable Use Policy, https://www.dropbox.com/terms#acceptable_use

  10. Dusi, M., Crotti, M., Gringoli, F., Salgarelli, L.: Tunnel Hunter: Detecting Application-layer Tunnels with Statistical Fingerprinting. Computer Networks 53(1), 81–97 (2009)

    Article  Google Scholar 

  11. Dyer, K., Coull, S., Ristenpart, T., Shrimpton, T.: Protocol Misidentification Made Easy with Format-transforming Encryption. In: CCS (2013)

    Google Scholar 

  12. Egypt Leaves the Internet, http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml

  13. Ethiopia Bans Skype, Other VoIP Services, http://www.sudantribune.com/spip.php?article42946

  14. Ethiopia: Govt Denies Banning Skype and Other Internet Communication Services, http://allafrica.com/stories/201206250202.html

  15. Feamster, N., Balazinska, M., Harfst, G., Balakrishnan, H., Karger, D.: Infranet: Circumventing Web Censorship and Surveillance. In: USENIX Security (2002)

    Google Scholar 

  16. Google App Engine, https://developers.google.com/appengine/

  17. China’s GitHub Censorship Dilemma, http://mobile.informationweek.com/80269/show/72e30386728f45f56b343ddfd0fdb119/

  18. GoAgent proxy, https://code.google.com/p/goagent/

  19. Google Transparency Report, http://www.google.com/transparencyreport/traffic/

  20. Activists Say They Have Found Way Round Chinese Internet Censorship, http://www.theguardian.com/world/2013/nov/18/activists-chinese-internet-censorship-mirror-sites

  21. Houmansadr, A., Brubaker, C., Shmatikov, V.: The Parrot Is Dead: Observing Unobservable Network Communications. In: S&P (2013)

    Google Scholar 

  22. Houmansadr, A., Kiyavash, N., Borisov, N.: RAINBOW: A Robust and Invisible Non-Blind Watermark for Network Flows. In: NDSS (2009)

    Google Scholar 

  23. Houmansadr, A., Nguyen, G., Caesar, M., Borisov, N.: Cirripede: Circumvention Infrastructure Using Router Redirection with Plausible Deniability. In: CCS (2011)

    Google Scholar 

  24. Houmansadr, A., Riedl, T., Borisov, N., Singer, A.: I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention. In: NDSS (2013)

    Google Scholar 

  25. Houmansadr, A., Zhou, W., Caesar, M., Borisov, N.: SWEET: Serving the Web by Exploiting Email Tunnels. In: PETS (2013)

    Google Scholar 

  26. Iran Reportedly Blocking Encrypted Internet Traffic, http://arstechnica.com/tech-policy/2012/02/iran-reportedly-blocking-encrypted-internet-traffic

  27. Jones, N., Arye, M., Cesareo, J., Freedman, M.: Hiding Amongst the Clouds: A Proposal for Cloud-based Onion Routing. In: FOCI (2011)

    Google Scholar 

  28. Kadianakis, G.: Packet Size Pluggable Transport and Traffic Morphing. Tor Tech Report 2012-03-004 (2012)

    Google Scholar 

  29. Karlin, J., Ellard, D., Jackson, A., Jones, C., Lauer, G., Mankins, D., Strayer, W.: Decoy Routing: Toward Unblockable Internet Communication. In: FOCI (2011)

    Google Scholar 

  30. Leberknight, C., Chiang, M., Poor, H., Wong, F.: A Taxonomy of Internet Censorship and Anti-censorship (2010), http://www.princeton.edu/~chiangm/anticensorship.pdf

  31. Li, Z., Yi, T., Cao, Y., Rastogi, V., Chen, Y., Liu, B., Sbisa, C.: WebShield: Enabling Various Web Defense Techniques without Client Side Modifications. In: NDSS (2011)

    Google Scholar 

  32. Luo, X., Zhou, P., Chan, E., Lee, W., Chang, R., Perdisci, R.: HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows. In: NDSS (2011)

    Google Scholar 

  33. McCoy, D., Morales, J.A., Levchenko, K.: Proximax: Measurement-Driven Proxy Dissemination (Short Paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 260–267. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  34. McLachlan, J., Hopper, N.: On the Risks of Serving Whenever You Surf: Vulnerabilities in Tor’s Blocking Resistance Design. In: WPES (2009)

    Google Scholar 

  35. Moghaddam, H., Li, B., Derakhshani, M., Goldberg, I.: SkypeMorph: Protocol Obfuscation for Tor Bridges. In: CCS (2012)

    Google Scholar 

  36. Mortier, R., Madhavapeddy, A., Hong, T., Murray, D., Schwarzkopf, M.: Using Dust Clouds to Enhance Anonymous Communication. In: IWSP (2010)

    Google Scholar 

  37. A Simple Obfuscating Proxy, https://www.torproject.org/projects/obfsproxy.html.en

  38. Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website Fingerprinting in Onion Routing Based Anonymization Networks. In: WPES (2011)

    Google Scholar 

  39. Tor: Pluggable Transports, https://www.torproject.org/docs/pluggable-transports.html.en

  40. Psiphon, http://psiphon.ca/

  41. Reis, C., Dunagan, J., Wang, H., Dubrovsky, O., Esmeir, S.: BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML. TWEB 1(3), 11 (2007)

    Article  Google Scholar 

  42. Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification (2004), http://www.ietf.org/rfc/rfc3851.txt

  43. The Secure Shell (SSH) Transport Layer Encryption Modes (2006), http://www.ietf.org/rfc/rfc4344.txt

  44. Sun, Q., Simon, D.R., Wang, Y., Russell, W., Padmanabhan, V., Qiu, L.: Statistical Identification of Encrypted Web Browsing Traffic. In: S&P (2002)

    Google Scholar 

  45. Syria Tightens Control over Internet, http://www.thenational.ae/news/world/middle-east/syria-tightens-control-over-internet

  46. The Tor Cloud Project, https://cloud.torproject.org/

  47. How Governments Have Tried to Block Tor, https://svn.torproject.org/svn/projects/presentations/slides-28c3.pdf

  48. Tor Directory Servers and Their URLs, https://silvertunnel.org/doc/tor-directory-server-urls.html

  49. Wang, Q., Gong, X., Nguyen, G., Houmansadr, A., Borisov, N.: CensorSpoofer: Asymmetric Communication Using IP Spoofing for Censorship-Resistant Web Browsing. In: CCS (2012)

    Google Scholar 

  50. Wang, Q., Lin, Z., Borisov, N., Hopper, N.: rBridge: User Reputation Based Tor Bridge Distribution with Privacy Preservation. In: NDSS (2013)

    Google Scholar 

  51. Weinberg, Z., Wang, J., Yegneswaran, V., Briesemeister, L., Cheung, S., Wang, F., Boneh, D.: StegoTorus: A Camouflage Proxy for the Tor Anonymity System. In: CCS (2012)

    Google Scholar 

  52. Wilde, T.: Knock Knock Knockin’ on Bridges’ Doors (2012), https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors

  53. Winter, P., Lindskog, S.: How the Great Firewall of China Is Blocking Tor. In: FOCI (2012)

    Google Scholar 

  54. Wustrow, E., Wolchok, S., Goldberg, I., Halderman, J.: Telex: Anticensorship in the Network Infrastructure. In: USENIX Security (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Google, USA

    Chad Brubaker

  2. The University of Texas at Austin, USA

    Chad Brubaker, Amir Houmansadr & Vitaly Shmatikov

Authors
  1. Chad Brubaker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amir Houmansadr
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vitaly Shmatikov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University College London, Gower Street, WC1E 6BT, London, UK

    Emiliano De Cristofaro

  2. Computer Laboratory, University of Cambridge, 15 JJ Thomson Avenue, CB3 0FD, Cambridge, UK

    Steven J. Murdoch

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Brubaker, C., Houmansadr, A., Shmatikov, V. (2014). CloudTransport: Using Cloud Storage for Censorship-Resistant Networking. In: De Cristofaro, E., Murdoch, S.J. (eds) Privacy Enhancing Technologies. PETS 2014. Lecture Notes in Computer Science, vol 8555. Springer, Cham. https://doi.org/10.1007/978-3-319-08506-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08506-7_1

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08505-0

  • Online ISBN: 978-3-319-08506-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation