CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing

1. CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing Qiyan Wang Xun Gong Giang T. K. Nguyen Amir Houmansadr Nikita Borisov Presented by: Alejandro Moncada

2. Overview Motivation What is a Censor? Censor Assumptions CensorSpoofer, How it works Implementation on VoIP Security Threats Results

3. Motivation Strong government monitoring for any information leak Blocked Internet services and sites Censorship deployment Users want to access these sites Use of proxies are not enough

4. What is Censor? Entity that controls the network infrastructure High tech capabilities - IP filtering - Packet inspection - DNS Hijacking Monitor the entire network

5. Censor Assumptions Benefit of the doubt - Until evidence tell the contrary Allow use of encrypted data - Gives the citizens security for personal/business Internet usage Control over local ISPs providers Block any outside Internet site Can deploy insider attacks

6. CensorSpoofer, How it works? System goals: - Unblockability - Unobservability - Perfect resistance to insider attacks - Low latency - Deployability

7. CensorSpoofer, How it works? Client starts a legitimate communication with the Spoofer. Spoofer chooses a dummy host and uses its IP address to send censored data back to the client. Client then uses a low-bandwidth indirect channel as upstream and sends URL requests to the Spoofer - Using steganographics Email Spoofer replies back to the client using a high-bandwidth direct downstream channel

8. CensorSpoofer, How it works? Downstream Channel - Uses UDP Connectionless, easier to hijack - Uses a UDP application To maintain a “normal” UDP session - Dummy host selection Must meet UDP requirements Must be able for IP spoofing

9. CensorSpoofer, How it works? Upstream Channel Use of Steganographic to hide URL information on a set of messages

10. Implementation on VoIP Client initiates SIP session with an INVITE message to the Spoofer Spoofer Chooses a dummy host and replies back with a OK messsage Client sends RTP/RTCP to dummy host and steganographic emails to Spoofer Spoofer sends webpages inside RTP payload

11. Implementation on VoIP Problems with SIP IDs Censor cal learn SIP ID of Spoofer as well as Email address Solution? Use Invitation-based Bootstrapping Client needs to trust a previous CensorSPoofer user Client needs two pairs of SIP IDs and Emails One for client, the other for Spoofer Client encrypts information to deliver to Spoofer

12. Implementation on VoIP OK Message IP address of dummy host is inserted in OK message SDP messages are not checked Dummy host Scan ports open, filtered, unfiltered, open|filtered, closed|filtered

13. Implementation on VoIP Traffic Pattern RTP/RTCP packets of same size Packet Loss Forward error correction codes inside downstream channel

14. Security Threats Geolocation Analysis With IP address, Censor can detect anomalies if SIP IDs are closed, but IP addresses are not. Spoofer keeps track of of assigned dummy hosts to SIP IDs. For further connections, it choses the appropriate dummy host User Agent & OS fingerprint SIP have ramdom identifiers that can be used by Censor to fingerprint the Spoofer To avoid, Spoofer creates different user agents profiles according to popular SIP phones, and assign them to SIP IDs Traffic Manipulation Censor can block RTP/RTCP packets High cost SIP Message Manipulation Censor can alter SIP messages Spoofer computes hash value and put it in a ramdom identifier

15. Results Performance Comparison with Tor Dummy Host Selection

16. CensorSpoofer Thank you!