deltashaper
play

DeltaShaper Enabling Unobservable Censorship- resistant TCP - PowerPoint PPT Presentation

Oct 20, 2022 •165 likes •468 views

DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing Streams Diogo Barradas Nuno Santos Lus Rodrigues INESC-ID, Instituto Superior Tcnico, Universidade de Lisboa

  1. DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing Streams Diogo Barradas Nuno Santos Luís Rodrigues INESC-ID, Instituto Superior Técnico, Universidade de Lisboa

  2. Censors monitor / control Internet access Censored Region Uncensored Region 2/29

  3. Censors monitor / control Internet access Censored Region Uncensored Region 3/29

  4. Censors attempt to block covert channels Censored Region Uncensored Region 4/29

  5. DeltaShaper • Goals • Establish a covert TCP/IP channel • Maintain unobservability • Resist against network perturbations Censored Region Uncensored Region 5/29

  6. Multimedia protocol tunneling Security Coverage System / Properties Active/Passive Arbitrary Data Interactive Attack Resistance Transmission Communication ✔ ✔ FreeWave - (Houmansadr et al.) Audio Modulation ✔ Facet - - (Li et al.) Video Embedding ✔ ✔ CovertCast - (McPherson et al.) Video Modulation ✔ ✔ ✔ DeltaShaper 6/30 Video Modulation

  7. Threat model • Assumptions: • Packets carrying multimedia data are encrypted • Censor’s Capabilities: • Deep Packet Inspection • Observe, store and analyze traffic flows • Apply artificial constraints on the network • Censor’s Limitations: • Unable to decipher the content of Skype packets • Not in collusion with the video-conferencing provider • Attempts to minimize collateral damage 7/29

  8. A naïve approach at data modulation • Replace chat video frames • Encode data in all available pixels 480 px 1px = 24b R = 8b G = 8b B = 8b ~922 kB / frame 640 px 8/29

  9. Drawbacks of naïve data modulation • Data loss • Lossy compression (downsampling + quantization) • Abnormal traffic patterns • Poor compression (spatial & inter-frame redundancy) 1px = 24b 480 px R = 8b G = 8b B = 8b ~922 kB / frame 640 px 9/29

  10. C1: Can we distinguish regular from irregular Skype streams? • Traffic signatures appear to be different • Packet lengths frequency distribution Frames change extensively Frames do not change 10/29

  11. C2: How much throughput can we achieve while preserving unobservability? Poor Unobservability High Throughput Good Unobservability Low Throughput Censored Region Uncensored Region 11/29

  12. C3: How to maintain unobservability in adverse network conditions? Ideal conditions Good unobservability Perturbed conditions Poor unobservability Censored Region Censored Region Uncensored Region Uncensored Region 12/29

  13. Contributions • DeltaShaper : A censorship-resistant system • Tunnel TCP/IP data over Skype videocalls • Distinguish regular / irregular Skype call streams • Packet frequency distribution / EMD • Maximize throughput and maintain unobservability • Explore the space encoding parameters • Adaptation to network conditions • Dynamic calibration of encoding parameters 13/29

  14. How to characterize Skype streams? • Characteristic Function - Create a stream signature • Frequency distribution of packet lengths • Similarity Function - Quantify streams’ differences • Earth Mover’s Distance (EMD) 14/29

  15. Different videos generate distinct traffic • Differences between signatures can be quantified • Earth Movers ’ Distance EMD > 0.50 EMD = 0.05 EMD > 0.50 15/29

  16. Different videos generate distinct traffic • Censors can identify streams with unusual traffic EMD > Δ Flagged EMD < Δ Regular Call EMD > Δ Flagged Δ = 0.06 16/29

  17. Can we encode data and maintain unobservability? • Strawman: Embed a small payload in each frame • Generated traffic does not reflect this embedding EMD < Δ Regular Call EMD < Δ Regular Call EMD < Δ Regular Call 17/29

  18. A better approach for data modulation • Strive for unobservability • Accommodate for lossy compression + = (b) Payload Frame (a) Carrier Frame (c) Covert Frame Parameter Description a p payload frame area (pixel×pixel) a c cell size (pixel×pixel) b c color encoding (bits) r p payload frame rate (frames/s) 18/29

  19. Adapt to network conditions • Calibrate encoding parameters • Maintain unobservability • Modulate max. amount of data 19/29

  20. DeltaShaper adaptation mechanism • Periodically: • Estimate network conditions from recorded baselines • Select adequate parameters from pre-computed table Cond. 2 Cond. n Cond.1 Which set … is closest? … Carrier signature … … a p 1 a p 2 a p n Encoding a c 1 a c 2 a c n parameters b c 1 b c n b c 2 r p 1 r p n r p 2 20/29

  21. Implementation challenges • Network interaction • Allow transparent TCP/IP communication • Video processing • Combine carrier / payload frames • Video-conferencing software as a black-box • Send covert frames without modifying Skype 21/29

  22. DeltaShaper client module Client Endpoint Payload Carrier Network Encoder Frame Queue Frame Covert Namespace Adapter Stream Client Application Payload Payload Carrier Streamer Encoder Streamer VETH1 Virtual Camera IP Packet 10.10.10.10 /dev/video0 Queue Stream Blender (Snowmix) Kernel Module VETH0 10.10.10.11 Linux Kernel FFMPEG 22/29

  23. DeltaShaper server module Server Endpoint Covert Stream Receiver Payload Fragment Server Process Pool Application Worker Photo Worker Thread Decoder Display Localhost Thread Thread Framebuffer Thread interface Linux Kernel XWD 23/29

  24. Evaluation Steps 1. Can we distinguish Skype streams? 2. Can we balance throughput and unobservability? 3. How well does DeltaShaper perform? 24/29

  25. Can we distinguish Skype streams? These streams seem to be strange... I’ll block them. • 83% accuracy in distinguishing Skype streams • DeltaShaper streams must remain under Δ I 25/29

  26. Can we balance throughput and unobservability? Parameter Description Configuration a p payload frame area (pixel×pixel) 320 x 240 a c cell size (pixel×pixel) 8 x 8 b c color encoding (bits) 6 r p payload frame rate (frames/s) 1 26/29

  27. How well does DeltaShaper perform? • Achieved configuration: Parameter Description Configuration a p payload frame area (pixel×pixel) 320 x 240 a c cell size (pixel×pixel) 8 x 8 b c color encoding (bits) 6 r p payload frame rate (frames/s) 1 • Performance • Raw throughput: 7.2 Kbps • Round-Trip-Time: 2s 973ms 27/29

  28. How well does DeltaShaper perform? Use Case Protocol Session W/ DS Protocol Session W/o DS Overhead (mm:ss) (mm:ss) Wget (4kB file) 0:22 < 0:01 3,142.9 x FTP (4kB file) 1:43 0:09 11.4 x SSH + SMTP 2:41 0:38 4.2 x SSH 1:29 0:06 14.8 x Telnet 1:13 0:06 12.2 x Netcat chat 0:01 < 0:01 166.7 x SSH Tunnel 2:19 0:22 6.3 x Non-interactive session Interactive session • DeltaShaper allows for the execution of traditional TCP/IP applications which cover different users ’ needs 28/29

  29. Conclusions • DeltaShaper: A censorship-resistant system • Supports high-latency / low-throughput TCP applications • Maximize throughput and preserve unobservability • Greedy exploration of encoding configurations • Adaptation in multimedia protocol tunneling • Provides improved unobservability • Could also enhance similar systems http://web.ist.utl.pt/diogo.barradas 29/29

Recommend

More recommend