an an isp scale deployme ment of ta tapdance
play

An An ISP-Scale Deployme ment of Ta TapDance Presented by Nikita - PowerPoint PPT Presentation

Aug 26, 2022 •236 likes •481 views

An An ISP-Scale Deployme ment of Ta TapDance Presented by Nikita Borisov (@nikitab) https://refraction.network/ Internet Filtering Applies at many layers DNS manipulation BGP manipulation DPI / content inspection Packet

  1. An An ISP-Scale Deployme ment of Ta TapDance Presented by Nikita Borisov (@nikitab) https://refraction.network/

  3. Internet Filtering • Applies at many layers • DNS manipulation • BGP manipulation • DPI / content inspection • Packet filtering: IP/port

  7. Cat-and-mouse game • Censors identify and block proxies • Circumventors deploy and distribute new proxies • Advantage if proxies are: • Harder to find • Faster to deploy • Harder to block • Easier to distribute

  8. TapDance : End-to-Middle Anticensorship without Flow Blocking Friendly ISP Client Reachable server NotBlocked.com TapDance Proxy 8

  9. TapDance Protocol Overview TapDance Proxy Client Censor Reachable Server (TLS Handshake) K K 9

  10. Incomplete HTTP request example GET / HTTP/1.1\r\n Host: www.site.com\r\n X-Ignore: u]DhsYGxVxEvuZEhESta…\r\n Encrypt \x1e\x91\xb2\xce\x94\x8a\x6b\x3c\x78\x8c\x6f\x03 \x5e\xef\x97\x34\xf1\x2e\xc6\xe6\x7f\x10\xc8\x46 \xf9\x25\x6a\x0c\xff\x6d\x38 … \x70\xd7\x2c\x63 … 10

  11. Incomplete HTTP request example \x1e\x91\xb2\xce\x94\x8a\x6b\x3c\x78\x8c\x6f\x03 \x5e\xef\x97\x34\xf1\x2e\xc6\xe6\x7f\x10\xc8\x46 \xf9\x25\x6a\x0c\xff\x6d\x38 … \x70\xd7\x2c\x63 … TapDance Station station Decrypt private key Shared Secret: ; Client random: … 11

  12. Client ¡ Decoy ¡ Server ¡ TLS ¡ 1 ¡ Handshake ¡ K ¡ K ¡ Enc K (incomplete ¡HTTP ¡request): ¡ ¡ 2 ¡ “\x95\x1f\x6b\x27\xe2 ¡… ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡\xc8\x3f\x22 ¡…” ¡ Tag ¡ TapDance ¡Sta2on ¡ Sta<on ¡extracts ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡, ¡recovers ¡ K ¡ ¡ 3 ¡ Tag ¡ 4 ¡ ACK ¡[seq=Y, ¡ack=X] ¡ ¡Server ¡ sends ¡ACK ¡ Sta<on ¡sends ¡confirma<on ¡ 5 ¡ and ¡waits ¡ Enc K (“Sta<on ¡here”), ¡[seq=Y, ¡ack=X, ¡len=M] ¡ ACK ¡[seq=X, ¡ack=Y+M] ¡ 6 ¡ Enc K (“GET ¡hSp://blocked.com/ ¡…”), ¡[seq=X, ¡ack=Y+M] ¡ Sta<on ¡sends ¡blocked.com ¡ 7 ¡ Enc K (“HTTP/1.1 ¡200 ¡OK ¡ ¡… ¡ ¡<html> ¡ ¡….”) ¡ EncryptedAlert, ¡FIN+ACK ¡[seq=X’, ¡ack=Y’, ¡len=N] ¡ Connec<on ¡ teardown ¡ 8 ¡ EncryptedAlert, ¡FIN+ACK ¡[seq=Y’, ¡ack=X’+N+1, ¡len=N] ¡ ¡ ACK ¡[seq=X’+N, ¡ack=Y’+N] ¡ Sta<on ¡sends ¡TCP ¡RST ¡ 9 ¡ RST ¡[seq=X, ¡ack=Y] ¡

  13. TapDance Trial Deployment • Worked with two mid-size ISPs: 10 (or 40)-Gbps Management Mirror interface TapDance 1U server w/ station 4x10Gbps Intel X710 NIC

  14. 10 Gbps 40 Gbps 40 Gbps

  15. University of Colorado Network Science network Upstream Campus network 10 Gbps Management Mirror interface Bro Cluster TapDance station

  16. Reachable site discovery AS 237 AS 104 <List of trusted TLS sites> Timeout TCP window <List of sites that meet timeout/window thresholds> TapDance Client ~900 reachable sites <List of TapDance-compatible reachable sites>

  17. TapDance client • 100% in Go • Partnered with Psiphon – Integrated TapDance in Psiphon’s Android app – Deployed to ~70K users in censored countries via remote update

  18. Total traffic 60 Gbps 50 40 30 20 10

  19. User traffic 800 Mbps 700 600 500 400 300 200 100

  20. Detectability • A TapDance connection looks different from regular web browsing – DNS request – Connection scheduling – TLS negotiation (ClientHello, SNI) – HTTP request sizes

  21. Detectability • A TapDance connection looks different from regular web browsing – DNS request • DoH/DoT – Connection scheduling • QUIC / ORIGIN Frame – TLS negotiation (ClientHello, SNI) • Encrypted SNI – HTTP request/response sizes • HTTP/2 PUSH

  22. Detectability • A TapDance connection looks different from regular web browsing – DNS request • DoH/DoT Privacy from network observers – Connection scheduling makes censorship harder! • QUIC / ORIGIN Frame – TLS negotiation (ClientHello, SNI) • Encrypted SNI – HTTP request/response sizes • HTTP/2 PUSH

  23. Looking for new ISP partners! An ISP-Scale Deployment of TapDance https://refraction.network/ 23

Recommend

CON - TENT - MENT CON TENT MENT WHAT DO YOU THINK CONTENTMENT IS? CONTENTMENT a state of

CON - TENT - MENT CON TENT MENT WHAT DO YOU THINK CONTENTMENT IS? CONTENTMENT a state of

CON - TENT - MENT CON TENT MENT WHAT DO YOU THINK CONTENTMENT IS? CONTENTMENT a state of happiness and satisfaction LIFE APP Contentment is deciding to be happy with what youve got! PASTOR PABLOS WORD OF THE DAY WORD OF THE DAY

275 views • 25 slides
Qu Quart rter er 3 In Inte teri rim m ma mana nageme ment nt Sta tate teme ment nt

Qu Quart rter er 3 In Inte teri rim m ma mana nageme ment nt Sta tate teme ment nt

Qu Quart rter er 3 In Inte teri rim m ma mana nageme ment nt Sta tate teme ment nt 3 months to 30 th June 2012 25 th July 2012 1 1 Strong Q3 performance - in a difficult market Reve venue ue growth th in line e with expec

631 views • 15 slides
SSI : Overview of Simulation Sof tware I nf rastructure f or Large Scale Scientif ic Applications

SSI : Overview of Simulation Sof tware I nf rastructure f or Large Scale Scientif ic Applications

SSI : Overview of Simulation Sof tware I nf rastructure f or Large Scale Scientif ic Applications Akira Nishida Depart ment of Comput er Science, Universit y of Tokyo J ST CREST 98 t h I PSJ SI GHPC Meet ing Motivation Emergence of large

346 views • 23 slides
#4 #2 Offshore under 4,811 develop 71 ment MW 418 MW MW Offshore 388 under develop

#4 #2 Offshore under 4,811 develop 71 ment MW 418 MW MW Offshore 388 under develop

30 MW #4 #2 Offshore under 4,811 develop 71 ment MW 418 MW MW Offshore 388 under develop 200 MW ment #3 MW 521 #1 MW 1,251 144 #3 MW MW 204 2,371 MW MW 2 ( 1) December 2016: Installed capacity includes EDPRs

969 views • 64 slides
Scale Economies in European Trade Laura Bonacorsi FEEM &amp; CMCC July 6 th , 2017

Scale Economies in European Trade Laura Bonacorsi FEEM &amp; CMCC July 6 th , 2017

Scale Economies in European Trade Laura Bonacorsi FEEM &amp; CMCC July 6 th , 2017 Acknowledgement: This project has received funding from the European Unions Horizon 2020 research and innovation programme under grant agree- ment No 730403.

553 views • 43 slides
Welc elcome Pre resented b by: y: The O Oklah ahoma D ma Depar artme ment o of Transpo

Welc elcome Pre resented b by: y: The O Oklah ahoma D ma Depar artme ment o of Transpo

STATE HIGH HIGHWAY 29 ODOT Pu Public ic I Involveme ment M Meetin ing April 29, Ap 29, 201 014 6: 6:00 P 00 PM F Welc elcome Pre resented b by: y: The O Oklah ahoma D ma Depar artme ment o of Transpo sportat atio ion

413 views • 26 slides
Corporate Presentation Advancing a District Scale Project in a Forgotten Abitibi Gold Camp MAR

Corporate Presentation Advancing a District Scale Project in a Forgotten Abitibi Gold Camp MAR

Corporate Presentation Advancing a District Scale Project in a Forgotten Abitibi Gold Camp MAR ARCH CH 2020 PT PTX X CSE CSE FORWARD LOOKIN FORWARD ING INFORM INFORMATIO TION This docume ment has been prepared by Platinex Inc.

312 views • 16 slides
Emplo y ment and the Labor Force AN ALYZIN G U S C E N SU S DATA IN P YTH ON Lee Hachadoorian

Emplo y ment and the Labor Force AN ALYZIN G U S C E N SU S DATA IN P YTH ON Lee Hachadoorian

Emplo y ment and the Labor Force AN ALYZIN G U S C E N SU S DATA IN P YTH ON Lee Hachadoorian Asst . Professor of Instr u ction , Temple Uni v ersit y Emplo y ment Concepts Labor Force : People w ho are w orking or looking for w ork Unemplo y

786 views • 45 slides
RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC

RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC

RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC UCTION TION AND ITS S EFFECT CT ON ON THE CHEMI MICAL CAL PROPER OPERTIES TIES OF OF CEME MENT NT Agus Maryoto ( ) Gathot Heri

180 views • 14 slides
B u ilding tf - idf doc u ment v ectors FE ATU R E E N G IN E E R IN G FOR N L P IN P YTH ON

B u ilding tf - idf doc u ment v ectors FE ATU R E E N G IN E E R IN G FOR N L P IN P YTH ON

B u ilding tf - idf doc u ment v ectors FE ATU R E E N G IN E E R IN G FOR N L P IN P YTH ON Ro u nak Banik Data Scientist n - gram modeling Weight of dimension dependent on the freq u enc y of the w ord corresponding to the dimension . Doc u

525 views • 41 slides
GAME PLAN Cons nsume mer s segme ment ntation a n ana nalys lysis Int Introduce o

GAME PLAN Cons nsume mer s segme ment ntation a n ana nalys lysis Int Introduce o

GAME PLAN Cons nsume mer s segme ment ntation a n ana nalys lysis Int Introduce o our t target Provide c cons nsume mer i ins nsight ht Creative s strategy y Brand nd p positioni ning ng s stateme ment

492 views • 21 slides
Scale and level (approach) are different! Approach determines criteria for observation: scale

Scale and level (approach) are different! Approach determines criteria for observation: scale

Scale Phenomena occur at multiple scales Space and Time related Scale of measurement influences what we learn from observation Scale-dependence Levels of Organization criteria for observation Biosphere Community Region Interactions

135 views • 11 slides
Fl Flagler r County Mi Mission Stateme ment Creation Flagler County Board of County

Fl Flagler r County Mi Mission Stateme ment Creation Flagler County Board of County

Fl Flagler r County Mi Mission Stateme ment Creation Flagler County Board of County Commission Workshop January 13, 2020 Submitted by: The Mission Statement Team Mi Mission Stateme ment Th The Beginning (Fo Forming) q In October,

309 views • 16 slides
IN INDUC NG NG A DOM DOMA N INDEPENDENT DEPENDENT SENT SENT ME MENT NT LEX LEX CO

IN INDUC NG NG A DOM DOMA N INDEPENDENT DEPENDENT SENT SENT ME MENT NT LEX LEX CO

IN INDUC NG NG A DOM DOMA N INDEPENDENT DEPENDENT SENT SENT ME MENT NT LEX LEX CO CON N M ALA ALAY Mohammad Darwich, Shahrul Azman Mohd Noah, Nazlia Omar Center fo Artificial Intelligence Technology (CAIT), Faculty of

452 views • 17 slides
Was it Frag-Ment to be? Luke Sleeman - Freelance Android developer http://lukesleeman.com

Was it Frag-Ment to be? Luke Sleeman - Freelance Android developer http://lukesleeman.com

Was it Frag-Ment to be? Luke Sleeman - Freelance Android developer http://lukesleeman.com luke.sleeman@gmail.com @LukeSleeman Was it Frag-Ment to be? Intro - What are fragments? History Problems with fragments - Lifecycle, Bugs, Hard

919 views • 88 slides
New Physics at the TeV Scale? New Physics at the TeV Scale? A Supersymmetric and

New Physics at the TeV Scale? New Physics at the TeV Scale? A Supersymmetric and

FFD SEMINAR 2003 New Physics at the TeV Scale? New Physics at the TeV Scale? A Supersymmetric and Extra-dimensional talk Peter Skands Theoretical High Energy Physics New Physics at the TeV Scale, P . Skands p.1/47 Overview New

830 views • 72 slides
Au Audit on on Cu Curren ent S State of e of Developme ment

Au Audit on on Cu Curren ent S State of e of Developme ment

Au Audit on on Cu Curren ent S State of e of Developme ment and Prac6ce and the R and the Role o le of T f TVNI By James W. Smyle and Richard G.

411 views • 14 slides
FD FDF W F Webi ebinar nar: : Ri Risk sk Man Manage agemen ment t an and C d Cov

FD FDF W F Webi ebinar nar: : Ri Risk sk Man Manage agemen ment t an and C d Cov

Wel elco come me, FD FDF W F Webi ebinar nar: : Ri Risk sk Man Manage agemen ment t an and C d Cov ovid-19 19 - Presented by Global Counsel Wednesday 10 June 2020, 11:00am 12:00pm Se Sessi ssion on On One - Preparing

413 views • 25 slides
Mini nima mal s l studies i in US n US Treatme ment nt o of A Ano norexia N

Mini nima mal s l studies i in US n US Treatme ment nt o of A Ano norexia N

Eating Disorder Treatment Cost Effectiveness Analyses Mini nima mal s l studies i in US n US Treatme ment nt o of A Ano norexia N Nervosa mo most e expens nsive, , driven b n by i y inpatient nt/resident ntial c l costs

345 views • 6 slides
QA/QC QC of of Air ir Qualit Quality as asses essment ment in in the he Net Nether

QA/QC QC of of Air ir Qualit Quality as asses essment ment in in the he Net Nether

QA/QC QC of of Air ir Qualit Quality as asses essment ment in in the he Net Nether herlands lands Joos oost Wes esseling eling The he Law Law Most formal rules concerning environmental issues are dealt in the Dutch law on

412 views • 8 slides
Ru Rule les o s of E f Eng ngage gemen ment t wit ith September 17, 2019 | 3:30 5:00

Ru Rule les o s of E f Eng ngage gemen ment t wit ith September 17, 2019 | 3:30 5:00

Ru Rule les o s of E f Eng ngage gemen ment t wit ith September 17, 2019 | 3:30 5:00 pm Eastern jack@tamarackcommunity.ca Online : tions: pport or Questions Tech Suppor the webinar We will post the poll results onscreen live

833 views • 50 slides
re reinfor inforce ceme ment nt lea learn rning ing: A A co conjec njectu ture re

re reinfor inforce ceme ment nt lea learn rning ing: A A co conjec njectu ture re

Faculty of Informatics Etvs Lornd University Hippo Hippoca campa mpal l forma formation tion br brea eaks ks co combina mbinato torial rial ex explos plosion ion for for re reinfor inforce ceme ment nt lea learn

772 views • 17 slides
J ava/ DSM A Plat f orm f or Het erogeneous Comput ing W. Yu, A. Cox Depar t ment of Comput

J ava/ DSM A Plat f orm f or Het erogeneous Comput ing W. Yu, A. Cox Depar t ment of Comput

CPSC-662 Distributed Computing Java/DSM DSM Case St udy I : J ava/ DSM A Plat f orm f or Het erogeneous Comput ing W. Yu, A. Cox Depar t ment of Comput er Science Rice Univer sit y J uly, 1997 J ava/ DSM: I nt r oduct ion DSM (as

437 views • 6 slides
Emplo loyee E Eng ngageme ment nt: : Wha hat Is Is It It R Really W lly Worth? h?

Emplo loyee E Eng ngageme ment nt: : Wha hat Is Is It It R Really W lly Worth? h?

Emplo loyee E Eng ngageme ment nt: : Wha hat Is Is It It R Really W lly Worth? h? Andrew Chamberlain, Ph.D. Chief Economist #Glassdoor What do these 5 companies have in common? #Glassdoor 3 Management is focused on consumers

785 views • 40 slides

More recommend