Abstract
Censorship circumvention systems such as Tor are highly vulnerable to network-level filtering. Because the traffic generated by these systems is disjoint from normal network traffic, it is easy to recognize and block, and once the censors identify network servers (e.g., Tor bridges) assisting in circumvention, they can locate all of their users.
CloudTransport is a new censorship-resistant communication system that hides users’ network traffic by tunneling it through a cloud storage service such as Amazon S3. The goal of CloudTransport is to increase the censors’ economic and social costs by forcing them to use more expensive forms of network filtering, such as large-scale traffic analysis, or else risk disrupting normal cloud-based services and thus causing collateral damage even to the users who are not engaging in circumvention. Cloud- Transport’s novel passive-rendezvous protocol ensures that there are no direct connections between a CloudTransport client and a CloudTransport bridge. Therefore, even if the censors identify a CloudTransport connection or the IP address of a CloudTransport bridge, this does not help them block the bridge or identify other connections.
CloudTransport can be used as a standalone service, a gateway to an anonymity network like Tor, or a pluggable transport for Tor. It does not require any modifications to the existing cloud storage, is compatible with multiple cloud providers, and hides the user’s Internet destinations even if the provider is compromised.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amazon: Conditions of Use, http://www.amazon.com/gp/help/customer/display.html?ie=UTF8&nodeId=508088
Anonymizer, https://www.anonymizer.com/
Joining China and Iran, Australia to Filter Internet, http://www.foxnews.com/scitech/2009/12/15/like-china-iran-australia-filter-internet
Burnett, S., Feamster, N., Vempala, S.: Chipping Away at Censorship Firewalls with User-Generated Content. In: USENIX Security (2010)
Cai, X., Zhang, X., Joshi, B., Johnson, R.: Touching from a Distance: Website Fingerprinting Attacks and Defenses. In: CCS (2012)
Dingledine, R., Mathewson, N.: Design of a Blocking-Resistant Anonymity System, https://svn.torproject.org/svn/projects/design-paper/blocking.html
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-generation Onion Router. In: USENIX Security (2004)
Donoho, D.L., Flesia, A.G., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 17–35. Springer, Heidelberg (2002)
Dropbox: Acceptable Use Policy, https://www.dropbox.com/terms#acceptable_use
Dusi, M., Crotti, M., Gringoli, F., Salgarelli, L.: Tunnel Hunter: Detecting Application-layer Tunnels with Statistical Fingerprinting. Computer Networks 53(1), 81–97 (2009)
Dyer, K., Coull, S., Ristenpart, T., Shrimpton, T.: Protocol Misidentification Made Easy with Format-transforming Encryption. In: CCS (2013)
Egypt Leaves the Internet, http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml
Ethiopia Bans Skype, Other VoIP Services, http://www.sudantribune.com/spip.php?article42946
Ethiopia: Govt Denies Banning Skype and Other Internet Communication Services, http://allafrica.com/stories/201206250202.html
Feamster, N., Balazinska, M., Harfst, G., Balakrishnan, H., Karger, D.: Infranet: Circumventing Web Censorship and Surveillance. In: USENIX Security (2002)
Google App Engine, https://developers.google.com/appengine/
China’s GitHub Censorship Dilemma, http://mobile.informationweek.com/80269/show/72e30386728f45f56b343ddfd0fdb119/
GoAgent proxy, https://code.google.com/p/goagent/
Google Transparency Report, http://www.google.com/transparencyreport/traffic/
Activists Say They Have Found Way Round Chinese Internet Censorship, http://www.theguardian.com/world/2013/nov/18/activists-chinese-internet-censorship-mirror-sites
Houmansadr, A., Brubaker, C., Shmatikov, V.: The Parrot Is Dead: Observing Unobservable Network Communications. In: S&P (2013)
Houmansadr, A., Kiyavash, N., Borisov, N.: RAINBOW: A Robust and Invisible Non-Blind Watermark for Network Flows. In: NDSS (2009)
Houmansadr, A., Nguyen, G., Caesar, M., Borisov, N.: Cirripede: Circumvention Infrastructure Using Router Redirection with Plausible Deniability. In: CCS (2011)
Houmansadr, A., Riedl, T., Borisov, N., Singer, A.: I Want My Voice to Be Heard: IP over Voice-over-IP for Unobservable Censorship Circumvention. In: NDSS (2013)
Houmansadr, A., Zhou, W., Caesar, M., Borisov, N.: SWEET: Serving the Web by Exploiting Email Tunnels. In: PETS (2013)
Iran Reportedly Blocking Encrypted Internet Traffic, http://arstechnica.com/tech-policy/2012/02/iran-reportedly-blocking-encrypted-internet-traffic
Jones, N., Arye, M., Cesareo, J., Freedman, M.: Hiding Amongst the Clouds: A Proposal for Cloud-based Onion Routing. In: FOCI (2011)
Kadianakis, G.: Packet Size Pluggable Transport and Traffic Morphing. Tor Tech Report 2012-03-004 (2012)
Karlin, J., Ellard, D., Jackson, A., Jones, C., Lauer, G., Mankins, D., Strayer, W.: Decoy Routing: Toward Unblockable Internet Communication. In: FOCI (2011)
Leberknight, C., Chiang, M., Poor, H., Wong, F.: A Taxonomy of Internet Censorship and Anti-censorship (2010), http://www.princeton.edu/~chiangm/anticensorship.pdf
Li, Z., Yi, T., Cao, Y., Rastogi, V., Chen, Y., Liu, B., Sbisa, C.: WebShield: Enabling Various Web Defense Techniques without Client Side Modifications. In: NDSS (2011)
Luo, X., Zhou, P., Chan, E., Lee, W., Chang, R., Perdisci, R.: HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows. In: NDSS (2011)
McCoy, D., Morales, J.A., Levchenko, K.: Proximax: Measurement-Driven Proxy Dissemination (Short Paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 260–267. Springer, Heidelberg (2012)
McLachlan, J., Hopper, N.: On the Risks of Serving Whenever You Surf: Vulnerabilities in Tor’s Blocking Resistance Design. In: WPES (2009)
Moghaddam, H., Li, B., Derakhshani, M., Goldberg, I.: SkypeMorph: Protocol Obfuscation for Tor Bridges. In: CCS (2012)
Mortier, R., Madhavapeddy, A., Hong, T., Murray, D., Schwarzkopf, M.: Using Dust Clouds to Enhance Anonymous Communication. In: IWSP (2010)
A Simple Obfuscating Proxy, https://www.torproject.org/projects/obfsproxy.html.en
Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website Fingerprinting in Onion Routing Based Anonymization Networks. In: WPES (2011)
Tor: Pluggable Transports, https://www.torproject.org/docs/pluggable-transports.html.en
Psiphon, http://psiphon.ca/
Reis, C., Dunagan, J., Wang, H., Dubrovsky, O., Esmeir, S.: BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML. TWEB 1(3), 11 (2007)
Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification (2004), http://www.ietf.org/rfc/rfc3851.txt
The Secure Shell (SSH) Transport Layer Encryption Modes (2006), http://www.ietf.org/rfc/rfc4344.txt
Sun, Q., Simon, D.R., Wang, Y., Russell, W., Padmanabhan, V., Qiu, L.: Statistical Identification of Encrypted Web Browsing Traffic. In: S&P (2002)
Syria Tightens Control over Internet, http://www.thenational.ae/news/world/middle-east/syria-tightens-control-over-internet
The Tor Cloud Project, https://cloud.torproject.org/
How Governments Have Tried to Block Tor, https://svn.torproject.org/svn/projects/presentations/slides-28c3.pdf
Tor Directory Servers and Their URLs, https://silvertunnel.org/doc/tor-directory-server-urls.html
Wang, Q., Gong, X., Nguyen, G., Houmansadr, A., Borisov, N.: CensorSpoofer: Asymmetric Communication Using IP Spoofing for Censorship-Resistant Web Browsing. In: CCS (2012)
Wang, Q., Lin, Z., Borisov, N., Hopper, N.: rBridge: User Reputation Based Tor Bridge Distribution with Privacy Preservation. In: NDSS (2013)
Weinberg, Z., Wang, J., Yegneswaran, V., Briesemeister, L., Cheung, S., Wang, F., Boneh, D.: StegoTorus: A Camouflage Proxy for the Tor Anonymity System. In: CCS (2012)
Wilde, T.: Knock Knock Knockin’ on Bridges’ Doors (2012), https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors
Winter, P., Lindskog, S.: How the Great Firewall of China Is Blocking Tor. In: FOCI (2012)
Wustrow, E., Wolchok, S., Goldberg, I., Halderman, J.: Telex: Anticensorship in the Network Infrastructure. In: USENIX Security (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Brubaker, C., Houmansadr, A., Shmatikov, V. (2014). CloudTransport: Using Cloud Storage for Censorship-Resistant Networking. In: De Cristofaro, E., Murdoch, S.J. (eds) Privacy Enhancing Technologies. PETS 2014. Lecture Notes in Computer Science, vol 8555. Springer, Cham. https://doi.org/10.1007/978-3-319-08506-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-08506-7_1
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08505-0
Online ISBN: 978-3-319-08506-7
eBook Packages: Computer ScienceComputer Science (R0)