Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing.

Published byLauren Smith Modified over 8 years ago

Similar presentations

Presentation on theme: "Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing."— Presentation transcript:

1 Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing

2 Main Problem! Civil Liberties and Freedom of Information, Big Brother Oppressive regimes view information as a huge threat to their corrupt ideals –Freedom of Information is “dangerous” Challenge: how to direct legitimate users to redirection proxies while preventing censors, who may pose as insiders, from discovering the proxy address and blocking them?

3 Main Culprit Primary censor of article is China –Blocks great amount of info (once blocked Gmail), Facebook, news sites, etc.

4 HELP ME!!!!

5 CensorSpoofer to the Rescue!! Modern Framework for censorship- resistant web browsing Tackles challenge by taking advantage the asymmetric nature of web browsing traffic and employing IP Spoofing –Separate the upstream (client to server) and downstream (server to client) channels -upstream: low bandwidth indirect channel messages (URLs), -downstream: high bandwidth direct channel for downloading content

6 About CensorSpoofer To get past proxy, users typically use a redirection proxy allowing users ability to access blocked sites. Key: use IP address spoofing (packets with forged IP address) to send data from proxy to user without revealing origin of proxy To avoid being identified by censor, CensorSpoofer impersonates an encrypted VoIP (Voice over IP) session to channel downstream data Authors explore additional steps to be taken to avoid detection (choosing a reasonable fake IP source address) Experiments show prototype can be successfully used for browsing while resisting blocking efforts by censors

7 Related Work To bypass Internet censorship, systems such as Dynaweb/freegate, Ultrasurf, and Psiphon created Others ways: Infranet, Tor, Triangle Boy Based on simple idea: let user connect to one of the proxies deployed outside the censor’s network, which can retrieve blocked web pages for the users However…still vulnerable to “Insider Attack” –censor pretends to be an ordinary user to locate the proxies and then block them

8 Threat Model State-level adversary (censor) who monitors the network under its jurisdiction Censor capable of IP filtering, deep packet inspection, and DNS hijacking, and able to monitor, block, alter, and inject traffic anywhere in network Censor allows citizens basic access: – IM, Email, and VoIP – blocking basics would lead to economic losses and political pressure Censor unwilling to interfere with internet connections of user, unless there is evidence the connection used to bypass censorship

9 System Goals CensorSpoofer goals: –Unblockability: censor unable to block CensorSpoofer without sustaining unacceptable costs –Perfect resistance to insider attacks: the censor should not be able to break unblockability or unobservability of CensorSpoofer even if almost all users are compromised –Low Latency (time delay): be able to fetch and deliver web pages for users with low latency (does not support javascript) –Deployability: be depoloyable by people with limited resources, without having support from network infrastructure

10 Overview CensorSpoofer Framework Overview: In censored countries, users cannot visit blocked websites and must connect to external proxies to access these websites Author’s Insights: For Web Browsing Upstream Traffic (ex. URLs), much lighter-weight than the downstream traffic Author’s design: Based on insights, author’s design a new circumvention framework for web browsing, uses asymmetric communication with separate upstream/downstream channels

11 CensorSpoofer Framework User pretends to communicate with an external dummy host legitimately, and sends URLs to spoofer via low bandwidth indirect channel. Spoofer fetches blocked webpages, and injects censored data into the downstream flow towards the user by spoofing the dummy host’s IP

12 Downstream (Server to Client) Channel To hide spoofer’s IP address, author’s apply IP spoofing in the downstream flow What kind of traffic (TCP or UDP) for IP Spoofing? Authors focus on UDP traffic for IP spoofing

13 Upstream (Client to Server) Channel To send upstream messages, each user uses a steganographic (hiding data) channel embedded in indirect communications such as IM and Email Important challenge to address, possibility that the censor will perform blocking based on the recipients IM identifier or Email address

14 Design of CensorSpoofer CensorSpoofer framework able to be instantiated using various protocol choices –Designed based on VoIP

15 Background of SIP-based VoIP VolP Internet service that transmits Voice over IP based networks SIP is one of most popular used VoIP signal protocols, lightweight Insert picture here SIP is an application layer protocol –3 main elements in SIP systems User agents Location Services Servers

16 Sketch of Prototype Implementation Spoofer prototype has 4 components: a SIP message handler, a RTP/ RTCP transmitter, an upstream message receiver, and a prefetching proxy Client: implemented client-side HTTP proxy to handle HTTP requests made by user’s browser and HTTP responses received from the RTP channel

17 Censorship Circumvention Outline of Circumvention: –1. Client initializes SIP (Session Initiation Protocol) session with Spoofer by sending out normal INVITE message –2. After receiving message, Spoofer randomly selects dummy host and replies with manipulated OK message that looks like its from dummy host –3. When OK message comes, clients starts to send enctypted RTP/RTCP packets to client by spoofing dummy hosts IP address –4. Meanwhile clients sends URLs through a steganographic IM/Email channel to the spoofer –5. Spoofer fetches web pages and puts them into RTP packet payloads and sends them to client –6. To terminate session, client sends termination signal to the spoofer over the upstream channel, spoofer then sends a BYE message (with IP spoofing) to client to close the call Summarized: –Invitation based BootStrapping –Manipulating the OK Message –Selection of Dummy Hosts –Traffic Pattern and Bandwidth –Packet Loss

18 Security Analysis of CensorSpoofer: Geolocation Analysis User Agent && Operating Systems (OS) Fingerprinting Traffic Manipulation SIP Message Manipulation

19 Geolocation Analysis –Sophisticated censor could record all IP addresses that have been bound to particular SIP ID over time, suspicious if 2 closely conducted SIP sessions are geographically far from each other To deal with this, instead of picking dummy hosts randomly, spoofer can choose set of dummy hosts close to each other ( IP - Geolocation DB)

20 User Agent && Operating Systems (OS) Fingerprinting SIP Messages have some random identifiers (Ex. “To tag”, “From tag”) creating fingerprint –Also contain codecs (data encoding/decoding device) supported by user agent Censor may detect users communicating with spoofer based on user-agent fingerprint Spoofer can create many user-agent profiles based on user-agent fingerprint of spoofer

21 Traffic Manipulation Censor can manipulate traffic flows in order to find users accessing circumvention system Censor can block all RTP/RTCP packets sent to callee, and check if callee still sends messages after certain time period (VoIP phones drop call after 30 sec. automatically) Price of mounting attack is very high –Censor unable to tell which flow carries censored data, must drop all VoIP flows randomly (normal VoIP conversations interrupted

22 SIP Message Manipulation Censor attempts to manipulate SIP messages –Can manipulate IP of callee in OK message, and check if any RTP/RTCP packets sent to user Spoofer can compute short keyed hash of dummy host’s IP using SRTP session key, and put hash value into some random identifiers(“To tag”) in the OK message –User who knows session key can use embedded hash to verify integrity of dummy host’s IP –If user detects OK message manipulated, abandon SIP session by not sending ACK respons

23 Dummy Host Selection To asses ease of finding dummy hosts, used port scanning algorithm using nmap –Randomly selected 10000 IPs (outside China) from entire IP space, according ton an IP geolocation database. Found 1213 IPs (12.1%) meet author’s requirements; indicating large number of usable dummy hosts Measured stability of dummy hosts over short period of time, and longer period of time (See graphs)

24

25 Performance Evaluation Improved performance by fixing some limitations of current implementation –Current prototype does not start sending any packet to client until receives entire response Removing limitations reduces download time –Primary performance bottleneck of CensorSpoofer is RTP (Real-Time Transport Protocol) channel that carries the voice data Answer: use higher-bandwidth downstream channel

26 Conclusion Suggest new circumvention framework, CensorSpoofer, by exploiting asymmetric nature of web browsing Implemented a proof-of-concept prototype for CensorSpoofer, and the experimental results showed that CensorSpoofer has reasonable performance for real-world deployment

Download ppt "Jeremiah O’Connor CS 683 Fall 2012 CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing."

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao

EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.

Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Similar presentations

Ads by Google