anticensorship in the network infrastructure n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Anticensorship in the Network Infrastructure PowerPoint Presentation
Download Presentation
Anticensorship in the Network Infrastructure

Loading in 2 Seconds...

play fullscreen
1 / 15

Anticensorship in the Network Infrastructure - PowerPoint PPT Presentation


  • 224 Views
  • Uploaded on

Anticensorship in the Network Infrastructure. Eric Wustrow University of Michigan. Background | Internet Censorship. Pervasive censorship. Substantial censorship. Selective censorship. Changing situation. Little or no censorship. Threat Model.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Anticensorship in the Network Infrastructure' - kimama


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
anticensorship in the network infrastructure

Anticensorshipin the Network Infrastructure

Eric Wustrow

University of Michigan

background internet censorship
Background | Internet Censorship

Pervasive censorship

Substantial censorship

Selective censorship

Changing situation

Little or no censorship

threat model
Threat Model

Censor … controls client’s network, but not external network

… blocks according to a blacklist

… allows HTTPS connections to non-blocked sites

prototype test deployment
Prototype | Test Deployment

Single Telex Station on lab-scale “ISP” at Michigan

Hosted sites

Blocked.telex.ccSimulated censored siteonly reachable via Telex

NotBlocked.telex.ccUnobjectionable content*

Inline Blocking

Asymmetric flows

new architecture passive isp tap
New architecture -- passive ISP tap

Client

ISP Proxy

Server

TLS Handshake

Plaintext:

“GET / HTTP/1.1\r\nX-Ignore: \x81\x28\x66 …”

Ciphertext:

“\x95\x1f\x6b\x27\xe2 … \xc8\x3f\x22 …”

ACK [seq=Y, ack=X]

“PROXY OK” [seq=Y, ack=X, len=M]

Plaintext:

ack != Y?

ACK [seq=X, ack=Y+M]

Plaintext:

“GET http://blocked.com/ …” [seq=X, ack=Y+M]

Tag:

“HTTP/1.1 200 OK … <html> ….”

Plaintext:

new architecture passive isp tap1
New architecture -- passive ISP tap
  • Pros
    • No inline blocking required, only passive tap
    • Works with asymmetric flows (client -> server)
  • Cons
    • Censor can use active attacks
      • (though we can use “active defenses”)
anticensorship in the network infrastructure1
Anticensorship in the Network Infrastructure
  • Future work
    • Looking for ISPs willing to help
      • Technical feedback
      • Prototype deployment
    • Strategies for optimal deployment
    • Improving traffic analysis defense
slide15

Anticensorshipin the Network Infrastructure

https://telex.cc

Eric Wustrow

Colleen M. Swanson

Scott Wolchok

Ian Goldberg

J. Alex Halderman