Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012
Introduction to Censorship
Freedom of Opinion and Expression The Universal Declaration of Human Rights states in Article 19 : Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
The Internet and Censorship John Gilmore, one of the founders of the EFF and the cypherpunks mailing list: The Net interprets censorship as damage and routes around it.
State of the Art Many countries conduct pervasive political and social Internet censorship: http://map.opennet.net/
Different Forms of Censorship ◮ Technical ◮ IP blacklisting ◮ DNS blacklisting ◮ Deep packet inspection ◮ Search engine manipulation ◮ Social ◮ Threatening ◮ Self-censorship (Panopticon effect) ◮ Censorship by law
Technical Forms of Censorship ◮ IP blocks/Port blocks ◮ E.g.: Tor directory authorities in China ◮ Usually unflexible and easy to circumvent ◮ DNS blacklisting ◮ Effective for majority of users ◮ For more knowledgeable users trivial to circumvent ◮ Deep packet inspection (DPI) & dynamic blocking ◮ Flexible and precise but expensive ◮ Circumvention becomes harder ◮ State of the art ◮ Search engine manipulation ◮ Search engines in China conduct self-censorship ◮ Aggressive filtering for pornography ◮ Cf. “An Analysis of Chinese Search Engine Filtering” by Zhu et al.
Tor Bridges
From Anonymity to Censorship ◮ Tor was originally designed as an anonymity network only ◮ However, it is frequently used as a censorship circumvention tool ◮ “I don’t care about anonymity as long as I can access facebook!” ◮ Problem: Tor is very easy to block for censors
Presentations on Tor and Censorship 28C3 : How governments have tried to block Tor 26C3 : Tor and censorship: lessons learned
The Birth of Bridges ◮ Back in 2006 : Design for a blocking-resistant anonymity system: The birth of bridges ◮ Bridges are simply relays which are not listed in the public consensus ◮ Censored users can use them as an “undocumented entrance” to the Tor network ◮ At the moment: ∼ 60.000 daily bridge users (almost 10.000 only from Syria)
How it Works ◮ Volunteers configure bridges which report their existance to the central BridgeDB ◮ From there, bridges are distributed to censored users ◮ Via HTTP: https://bridges.torproject.org ◮ Via E-mail: bridges@torproject.org ◮ Via (physical) social networks ◮ Fundamental problem : Bridges can not be distributed to users without the censor learning about them, too ◮ “Solution”: Make it easy to get a few bridges but hard to get many of them
Strategies to Block Bridges ◮ Obtain bridges over the official distribution channels and block them ◮ Dynamically identify Tor usage in network traffic and block suspected bridge ◮ Both attacks quite feasible for country-level adversary
Obtaining Bridge Addresses and Blocking Them ◮ Demonstrated by Ling et al. ◮ Getting bridges via e-mail ◮ Semi-automatically create hundreds of e-mail accounts at Gmail and/or Yahoo ◮ Getting bridges via HTTPS ◮ Use Tor exit nodes and PlanetLab to have enough unique IP addresses ◮ Getting bridges via Tor middle relays ◮ Bridges connect to middle relays as their first hop (bridge → middle relay → exit relay)
China: Dynamically Blocking Tor ◮ Chinese DPI boxes look for the unique TLS cipher list sent inside the TLS client hello ◮ If detected: active scan of (i.e. speak Tor to) suspected bridge is triggered ◮ If suspected bridge answers in Torish: blocked ◮ Highly effective because bridges can be blocked dynamically
Scanners 3 2 1 Tor user DPI box Tor bridge
Details about Chinese Tor Block ◮ Apparently only egress traffic subject to Tor DPI ◮ Great Firewall of China does not seem to conduct TCP stream reassembly ◮ → packet fragmentation successfully evades DPI boxes for now
Server-side fragmentation
Evading DPI: Obfsproxy & Pluggable Transport
Tor client Tor bridge ? obfsproxy obfsproxy
What it does ◮ Implements pluggable transport ◮ Allows the creation of modules to obfuscate traffic between obfsproxy client and server ◮ Deployed shortly before Iranian elections ◮ Can be used with other software as well
The Current Situation ◮ Main purpose : Evading DPI boxes ◮ Arms race might shift back to discovering bridges over the official distribution channels ◮ In China : The few hard-coded obfsproxy bridges are already blocked, private bridges work
Telex: Circumvention in the Backbone
How it Works ◮ Main idea : Let backbone routers “hijack” marked network connections ◮ Censored users install Telex on their machines ◮ They seemingly surf to https://www.notcensored.org and embed a steganographic token inside their connection ◮ Backbone routers recognize token, decrypt HTTPS session and hijack connection ◮ Censor-boxes inside the country don’t know that the traffic is being hijacked ◮ URL with illustrations and research paper: https://telex.cc/
How it Works ◮ Very messy (breaks with end-to-end principle), yet effective concept ◮ Requires cooperation with backbone network providers :-( ◮ So far : In early alpha state ◮ Very similar concepts proposed at the same time: Cirripede (CCS’11) and decoy routing (FOCI’11)
AS-Level Structure and Censorship
Censorship on the AS-Level ◮ Every country manages a set of Autonomous Systems (ASes) ◮ Internet basically: Connected ASes + BGP for routing ◮ Also: ASes choke point for censorship ◮ “Mapping Local Internet Control” by Roberts et al. ◮ Observation : Countries with centralized AS structure have more censorship than countries with rather decentralized AS-level structure
The Data Set http://cyber.law.harvard.edu/netmaps/geo map home.php
Censorship Circumvention in Practice
Many Unsafe Tools Used ◮ Activists and journalists mostly don’t have expertise and/or time to “get it right” ◮ Most people can’t tell whether a tool is designed sanely and safe to use ◮ They end up using tools which work but are unsafe ◮ Result : People get tracked down, jailed, ...
What is Actually Used? According to the circumvention tool usage report 2010 written by the Berkman Center: ◮ Simple web proxies much more popular than sophisticated circumvention tools ◮ Most popular tools are Freegate, UltraSurf, Tor, Hotspot Shield and web proxies ◮ Most users mereley search for “proxy” to find tools
How to Advertise Evasion Tools Important for programmers : ◮ Don’t advertise snake oil → users will believe it! ◮ No pretentious claims and misleading information ◮ Clear and precise documentation of what the tool offers and what not
Recommend
More recommend