Qiyan Wang
Nikita Borisov
ABSTRACT
A key challenge in censorship-resistant web browsing is being able to direct legitimate users to redirection proxies while preventing censors, posing as insiders, from discovering their addresses and blocking them. We propose a new framework for censorship-resistant web browsing called CensorSpoofer that addresses this challenge by exploiting the asymmetric nature of web browsing traffic and making use of IP spoofing. CensorSpoofer de-couples the upstream and downstream channels, using a low-bandwidth indirect channel for delivering outbound requests (URLs) and a high-bandwidth direct channel for downloading web content. The upstream channel hides the request contents using steganographic encoding within Email or instant messages, whereas the downstream channel uses IP address spoofing so that the real address of the proxies is not revealed either to legitimate users or censors. We built a proof-of-concept prototype that uses encrypted VoIP for this downstream channel and demonstrated the feasibility of using the CensorSpoofer framework in a realistic environment.
- Dynaweb. http://www.dongtaiwang.com/home_en.php.Google Scholar
- Ultrasurf. http://www.ultrareach.com.Google Scholar
- Ten ways to discover Tor bridges. https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges.Google Scholar
- TriangleBoy Whitepaper. http://www.webrant.com/ safeweb_site/html/www/tboy_whitepaper.html.Google Scholar
- MailMyWeb. http://www.mailmyweb.com/.Google Scholar
- Feed Over Email (F.O.E). http://code.google.com/p/foe-project/.Google Scholar
- WASTE. http://waste.sourceforge.net/.Google Scholar
- Blink. http://icanblink.com/.Google Scholar
- SFLphone. http://sflphone.org/.Google Scholar
- Zfone. http://zfoneproject.com/.Google Scholar
- pjsua. http://www.pjsip.org/.Google Scholar
- PhonerLite. http://www.phonerlite.de/index_en.htm.Google Scholar
- Microsoft Lync. http://technet.microsoft.com/en-us/library/gg195673.aspx.Google Scholar
- CounterPath. http://www.counterpath.com/softphone-products.html.Google Scholar
- Cisco IP phones. http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/4_0_1/secuview.html.Google Scholar
- Grandstream. http://www.grandstream.com/products/ip-voice-telephony/enterprise-ip-phones/gxp1100.Google Scholar
- nmap. http://nmap.org/.Google Scholar
- The MIT ANA Spoofer project. http://spoofer.csail.mit.edu/.Google Scholar
- netfilter-queue. http://www.netfilter.org/projects/libnetfilter_queue/.Google Scholar
- IP geolocation database. http://ipinfodb.com/.Google Scholar
- XMPPPY. http://xmpppy.sourceforge.net/.Google Scholar
- QtWebKit. http://trac.webkit.org/wiki/QtWebKit.Google Scholar
- OpenSSL. www.openssl.org.Google Scholar
- How censorship works in china: A brief overview. http://www.hrw.org/reports/2006/china0806/3.htm#_Toc142395821.Google Scholar
- Mikey: Multimedia internet keying. http://www.ietf.org/rfc/rfc3830.txt.Google Scholar
- Reed-solomon forward error correction (fec) schemes. http://www.ietf.org/rfc/rfc5510.txt.Google Scholar
- Sdp: Session description protocol. http://www.ietf.org/rfc/rfc4566.txt.Google Scholar
- The secure real-time transport protocol (srtp). http://www.ietf.org/rfc/rfc3711.txt.Google Scholar
- Sip: Session initiation protocol. http://www.ietf.org/rfc/rfc3261.txt.Google Scholar
- Top 50 autonomous systems. http://cyber.law.harvard.edu/netmaps/country_detail.php/?cc=CN.Google Scholar
- Zrtp: Media path key agreement for unicast secure rtp. http://www.ietf.org/rfc/rfc6189.txt.Google Scholar
- Defeat Internet Censorship: Overview of Advanced Technologies and Products, Nov. 2007. http://www.internetfreedom.org/archive/Defeat_Internet_Censorship_White_Paper.pdf.Google Scholar
- Iran reportedly blocking encrypted internet traffic, 2012. http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet traffic.ars.Google Scholar
- New blocking activity from iran, June, 16, 2011. https://blog.torproject.org/blog/new-blocking-activity-iran.Google Scholar
- D. Barboza and C. C. Miller. Google accuses chinese of blocking gmail service. http://www.nytimes.com/2011/03/21/technology/21google.html?_r=2.Google Scholar
- S. Burnett, N. Feamster, and S. Vempal. Chipping away at censorship with user-generated content. In USENIX Security, 2010. Google ScholarDigital Library
- Cisco. Voice over ip -- per call bandwidth consumption. http://www.cisco.com/application/pdf/paws/7934/bwidth_consume.pdf. Google ScholarDigital Library
- I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley. Protecting Free Expression Online with fFreenetg. IEEE Internet Computing, 6(1):40--49, 2002. Google ScholarDigital Library
- J. Cowie. Egypt leaves the internet, Jan. 2011. http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml.Google Scholar
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In USENIX Security Symposium, August 2004. Google ScholarDigital Library
- N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, and D. Karger. Infranet: Circumventing Web Censorship and Surveillance. In USENIX Security, Aug. 2002. Google ScholarDigital Library
- N. Feamster, M. Balazinska, W. Wang, H. Balakrishnan, and D. Karger. Thwarting web censorship with untrusted messenger discovery. In Privacy Enhancing Technologies (PETS), 2003.Google ScholarCross Ref
- L. Gao. On inferring autonomous system relationships in the internet. IEEE/ACM Trans. Netw., 9:733--745, December 2001. Google ScholarDigital Library
- A. Houmansadr, G. T. K. Nguyen, M. Caesar, and N. Borisov. Cirripede : Circumvention infrastructure using router redirection with plausible deniability categories and subject descriptors. In ACM CCS'11, 2011. Google ScholarDigital Library
- J. Jacob. How internet censorship works in china, 2011. http://www.ibtimes.com/articles/113590/20110217/.Google Scholar
- R. Jain, S. Member, Shawn, and A. Routhier. Packet trains measurements and a new model for computer network traffic. IEEE Journal on Selected Areas in Communications, 4:986--995, 1986. Google ScholarDigital Library
- J. Jarvis. Facebook, twitter, and the egyptian revolution, Feb. 13. 2011. http://thefastertimes.com/mediaandtech/2011/02/13/facebook-twitter-and-the-egyptian-revolution/.Google Scholar
- J. Jia and P. Smith. Psiphon: Analysis and Estimation, 2004. http://www.cdf.toronto.edu/~csc494h/reports/2004-fall/psiphon_ae.html.Google Scholar
- J. Karlin, D. Ellard, A. W. Jackson, C. E. Jones, G. Lauer, D. P. Mankins, and W. T. Strayer. Decoy Routing : Toward Unblockable Internet Communication. In USENIX FOCI, 2011.Google Scholar
- C. S. Leberknight, M. Chiang, H. V. Poor, and F. Wong. A taxonomy of Internet censorship and anti-censorship. http://www.princeton.edu/~chiangm/anticensorship.pdf.Google Scholar
- M. Mahdian. Fighting censorship with algorithms. In Proceedings of FUN 2010, 2010. Google ScholarDigital Library
- D. McCoy, J. A. Morales, and K. Levchenko. Proximax: A measurement based system for proxies dissemination. In Financial Cryptography and Data Security (FC'11), 2011.Google Scholar
- J. McLachlan and N. Hopper. On the risks of serving whenever you surf: Vulnerability of tor's blocking resistance design. In WPES'09, 2009. Google ScholarDigital Library
- B. Popescu, B. Crispo, and A. S. Tanenbaum. Safe and private data sharing with turtle: Friends team-up and beat the system. In The 12th Cambridge International Workshop on Security Protocols, April 2004. Google ScholarDigital Library
- J. Qiu and L. Gao. Cam04-4: As path inference by exploiting known as paths. In GLOBECOM '06, 2006.Google ScholarCross Ref
- Y. Sovran, A. Libonati, and J. Li. Pass it on: Social networks stymie censors. In IPTPS'08, Feb 2008. Google ScholarDigital Library
- E. Y. Vasserman, R. Jansen, J. Tyra, N. Hopper, and Y. Kim. Membership-concealing overlay networks. In ACM CCS'09, Nov. 2009. Google ScholarDigital Library
- X. Wang, S. Chen, and S. Jajodia. Network flow watermarking attack on low-latency anonymous communication systems. In IEEE Oakland, 2007. Google ScholarDigital Library
- E. Wustrow, S. Wolchok, I. Goldberg, and J. A. Halderman. Telex: Anticensorship in the Network Infrastructure. In 20th USENIX Security Symposium, Aug. 2011. Google ScholarDigital Library
- J. Zittrain and B. Edelman. Internet Filtering in China. IEEE Internet Computing, 7(2):70--77, 2003. Google ScholarDigital Library
Index Terms
- CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing
Recommendations
Defense against spoofed IP traffic using hop-count filtering
IP spoofing has often been exploited by Distributed Denial of Service (DDoS) attacks to: 1) conceal flooding sources and dilute localities in flooding traffic, and 2) coax legitimate hosts into becoming reflectors, redirecting and amplifying flooding ...
Review: TCP/IP security threats and attack methods
The TCP/IP protocol suite is vulnerable to a variety of attacks ranging from password sniffing to denial of service. Software to carry out most of these attacks is freely available on the Internet. These vulnerabilities-unless carefully controlled-can ...
Throttling spoofed SYN flooding traffic at the source
TCP-based flooding attacks are a common form of Distributed Denial-of-Service (DDoS) attacks which abuse network resources and can bring about serious threats to the Internet. Incorporating IP spoofing makes it even more difficult to defend against such ...
Comments