research-article

CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing

Authors:

Giang T.K. Nguyen,

Amir Houmansadr,

Nikita BorisovAuthors Info & Claims

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Pages 121 - 132

https://doi.org/10.1145/2382196.2382212

Published: 16 October 2012 Publication History

Abstract

A key challenge in censorship-resistant web browsing is being able to direct legitimate users to redirection proxies while preventing censors, posing as insiders, from discovering their addresses and blocking them. We propose a new framework for censorship-resistant web browsing called CensorSpoofer that addresses this challenge by exploiting the asymmetric nature of web browsing traffic and making use of IP spoofing. CensorSpoofer de-couples the upstream and downstream channels, using a low-bandwidth indirect channel for delivering outbound requests (URLs) and a high-bandwidth direct channel for downloading web content. The upstream channel hides the request contents using steganographic encoding within Email or instant messages, whereas the downstream channel uses IP address spoofing so that the real address of the proxies is not revealed either to legitimate users or censors. We built a proof-of-concept prototype that uses encrypted VoIP for this downstream channel and demonstrated the feasibility of using the CensorSpoofer framework in a realistic environment.

References

[1]

Dynaweb. http://www.dongtaiwang.com/home_en.php.

[2]

Ultrasurf. http://www.ultrareach.com.

[3]

Ten ways to discover Tor bridges. https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges.

[4]

TriangleBoy Whitepaper. http://www.webrant.com/ safeweb_site/html/www/tboy_whitepaper.html.

[5]

MailMyWeb. http://www.mailmyweb.com/.

[6]

Feed Over Email (F.O.E). http://code.google.com/p/foe-project/.

[7]

WASTE. http://waste.sourceforge.net/.

[8]

Blink. http://icanblink.com/.

[9]

SFLphone. http://sflphone.org/.

[10]

Zfone. http://zfoneproject.com/.

[11]

pjsua. http://www.pjsip.org/.

[12]

PhonerLite. http://www.phonerlite.de/index_en.htm.

[13]

Microsoft Lync. http://technet.microsoft.com/en-us/library/gg195673.aspx.

[14]

CounterPath. http://www.counterpath.com/softphone-products.html.

[15]

Cisco IP phones. http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/4_0_1/secuview.html.

[16]

Grandstream. http://www.grandstream.com/products/ip-voice-telephony/enterprise-ip-phones/gxp1100.

[17]

nmap. http://nmap.org/.

[18]

The MIT ANA Spoofer project. http://spoofer.csail.mit.edu/.

[19]

netfilter-queue. http://www.netfilter.org/projects/libnetfilter_queue/.

[20]

IP geolocation database. http://ipinfodb.com/.

[21]

XMPPPY. http://xmpppy.sourceforge.net/.

[22]

QtWebKit. http://trac.webkit.org/wiki/QtWebKit.

[23]

OpenSSL. www.openssl.org.

[24]

How censorship works in china: A brief overview. http://www.hrw.org/reports/2006/china0806/3.htm#_Toc142395821.

[25]

Mikey: Multimedia internet keying. http://www.ietf.org/rfc/rfc3830.txt.

[26]

Reed-solomon forward error correction (fec) schemes. http://www.ietf.org/rfc/rfc5510.txt.

[27]

Sdp: Session description protocol. http://www.ietf.org/rfc/rfc4566.txt.

[28]

The secure real-time transport protocol (srtp). http://www.ietf.org/rfc/rfc3711.txt.

[29]

Sip: Session initiation protocol. http://www.ietf.org/rfc/rfc3261.txt.

[30]

Top 50 autonomous systems. http://cyber.law.harvard.edu/netmaps/country_detail.php/?cc=CN.

[31]

Zrtp: Media path key agreement for unicast secure rtp. http://www.ietf.org/rfc/rfc6189.txt.

[32]

Defeat Internet Censorship: Overview of Advanced Technologies and Products, Nov. 2007. http://www.internetfreedom.org/archive/Defeat_Internet_Censorship_White_Paper.pdf.

[33]

Iran reportedly blocking encrypted internet traffic, 2012. http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet traffic.ars.

[34]

New blocking activity from iran, June, 16, 2011. https://blog.torproject.org/blog/new-blocking-activity-iran.

[35]

D. Barboza and C. C. Miller. Google accuses chinese of blocking gmail service. http://www.nytimes.com/2011/03/21/technology/21google.html?_r=2.

[36]

S. Burnett, N. Feamster, and S. Vempal. Chipping away at censorship with user-generated content. In USENIX Security, 2010.

Digital Library

[37]

Cisco. Voice over ip -- per call bandwidth consumption. http://www.cisco.com/application/pdf/paws/7934/bwidth_consume.pdf.

Digital Library

[38]

I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley. Protecting Free Expression Online with fFreenetg. IEEE Internet Computing, 6(1):40--49, 2002.

Digital Library

[39]

J. Cowie. Egypt leaves the internet, Jan. 2011. http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml.

[40]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In USENIX Security Symposium, August 2004.

Digital Library

[41]

N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, and D. Karger. Infranet: Circumventing Web Censorship and Surveillance. In USENIX Security, Aug. 2002.

Digital Library

[42]

N. Feamster, M. Balazinska, W. Wang, H. Balakrishnan, and D. Karger. Thwarting web censorship with untrusted messenger discovery. In Privacy Enhancing Technologies (PETS), 2003.

[43]

L. Gao. On inferring autonomous system relationships in the internet. IEEE/ACM Trans. Netw., 9:733--745, December 2001.

Digital Library

[44]

A. Houmansadr, G. T. K. Nguyen, M. Caesar, and N. Borisov. Cirripede : Circumvention infrastructure using router redirection with plausible deniability categories and subject descriptors. In ACM CCS'11, 2011.

Digital Library

[45]

J. Jacob. How internet censorship works in china, 2011. http://www.ibtimes.com/articles/113590/20110217/.

[46]

R. Jain, S. Member, Shawn, and A. Routhier. Packet trains measurements and a new model for computer network traffic. IEEE Journal on Selected Areas in Communications, 4:986--995, 1986.

Digital Library

[47]

J. Jarvis. Facebook, twitter, and the egyptian revolution, Feb. 13. 2011. http://thefastertimes.com/mediaandtech/2011/02/13/facebook-twitter-and-the-egyptian-revolution/.

[48]

J. Jia and P. Smith. Psiphon: Analysis and Estimation, 2004. http://www.cdf.toronto.edu/~csc494h/reports/2004-fall/psiphon_ae.html.

[49]

J. Karlin, D. Ellard, A. W. Jackson, C. E. Jones, G. Lauer, D. P. Mankins, and W. T. Strayer. Decoy Routing : Toward Unblockable Internet Communication. In USENIX FOCI, 2011.

[50]

C. S. Leberknight, M. Chiang, H. V. Poor, and F. Wong. A taxonomy of Internet censorship and anti-censorship. http://www.princeton.edu/~chiangm/anticensorship.pdf.

[51]

M. Mahdian. Fighting censorship with algorithms. In Proceedings of FUN 2010, 2010.

Digital Library

[52]

D. McCoy, J. A. Morales, and K. Levchenko. Proximax: A measurement based system for proxies dissemination. In Financial Cryptography and Data Security (FC'11), 2011.

[53]

J. McLachlan and N. Hopper. On the risks of serving whenever you surf: Vulnerability of tor's blocking resistance design. In WPES'09, 2009.

Digital Library

[54]

B. Popescu, B. Crispo, and A. S. Tanenbaum. Safe and private data sharing with turtle: Friends team-up and beat the system. In The 12th Cambridge International Workshop on Security Protocols, April 2004.

Digital Library

[55]

J. Qiu and L. Gao. Cam04-4: As path inference by exploiting known as paths. In GLOBECOM '06, 2006.

[56]

Y. Sovran, A. Libonati, and J. Li. Pass it on: Social networks stymie censors. In IPTPS'08, Feb 2008.

Digital Library

[57]

E. Y. Vasserman, R. Jansen, J. Tyra, N. Hopper, and Y. Kim. Membership-concealing overlay networks. In ACM CCS'09, Nov. 2009.

Digital Library

[58]

X. Wang, S. Chen, and S. Jajodia. Network flow watermarking attack on low-latency anonymous communication systems. In IEEE Oakland, 2007.

Digital Library

[59]

E. Wustrow, S. Wolchok, I. Goldberg, and J. A. Halderman. Telex: Anticensorship in the Network Infrastructure. In 20th USENIX Security Symposium, Aug. 2011.

Digital Library

[60]

J. Zittrain and B. Edelman. Internet Filtering in China. IEEE Internet Computing, 7(2):70--77, 2003.

Digital Library

Cited By

Nelson BPagnin EAskarov A(2024)Metadata Privacy Beyond Tunneling for Instant Messaging2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00044(697-723)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00044
Semushin SSeytnazarov S(2023)HTTP Header Reordering-based Covert Channel Protocol2023 6th International Conference on Signal Processing and Information Security (ICSPIS)10.1109/ICSPIS60075.2023.10344020(145-150)Online publication date: 8-Nov-2023
https://doi.org/10.1109/ICSPIS60075.2023.10344020
Liu LYu HYu SYu X(2022)Network Traffic Obfuscation against Traffic ClassificationSecurity and Communication Networks10.1155/2022/31043922022(1-14)Online publication date: 31-Aug-2022
https://doi.org/10.1155/2022/3104392
Show More Cited By

Index Terms

CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing
1. Networks
  1. Network protocols

Recommendations

Defense against spoofed IP traffic using hop-count filtering

IP spoofing has often been exploited by Distributed Denial of Service (DDoS) attacks to: 1) conceal flooding sources and dilute localities in flooding traffic, and 2) coax legitimate hosts into becoming reflectors, redirecting and amplifying flooding ...
Review: TCP/IP security threats and attack methods

The TCP/IP protocol suite is vulnerable to a variety of attacks ranging from password sniffing to denial of service. Software to carry out most of these attacks is freely available on the Internet. These vulnerabilities-unless carefully controlled-can ...
Throttling spoofed SYN flooding traffic at the source

TCP-based flooding attacks are a common form of Distributed Denial-of-Service (DDoS) attacks which abuse network resources and can bring about serious threats to the Internet. Incorporating IP spoofing makes it even more difficult to defend against such ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

October 2012

1088 pages

ISBN:9781450316514

DOI:10.1145/2382196

General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Virgil Gligor
Carnegie Mellon University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'12

Sponsor:

SIGSAC

CCS'12: the ACM Conference on Computer and Communications Security

October 16 - 18, 2012

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

44
Total Citations
View Citations
686
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)6

Reflects downloads up to 14 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nelson BPagnin EAskarov A(2024)Metadata Privacy Beyond Tunneling for Instant Messaging2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00044(697-723)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00044
Semushin SSeytnazarov S(2023)HTTP Header Reordering-based Covert Channel Protocol2023 6th International Conference on Signal Processing and Information Security (ICSPIS)10.1109/ICSPIS60075.2023.10344020(145-150)Online publication date: 8-Nov-2023
https://doi.org/10.1109/ICSPIS60075.2023.10344020
Liu LYu HYu SYu X(2022)Network Traffic Obfuscation against Traffic ClassificationSecurity and Communication Networks10.1155/2022/31043922022(1-14)Online publication date: 31-Aug-2022
https://doi.org/10.1155/2022/3104392
Cheng XHu NZhao YWu KZou JChen Y(2022)A Covert-Aware Anonymous Communication Network for Social CommunicationSecurity and Communication Networks10.1155/2022/22550472022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2255047
Ding DJeong KXing SConti MFigueiredo RLiu F(2022)SEnD: A Social Network Friendship Enhanced Decentralized System to Circumvent CensorshipsIEEE Transactions on Services Computing10.1109/TSC.2019.294259815:1(346-360)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TSC.2019.2942598
Xu ZKhan HMuresan R(2022)TMorph: A Traffic Morphing Framework to Test Network Defenses Against Adversarial Attacks2022 International Conference on Information Networking (ICOIN)10.1109/ICOIN53446.2022.9687165(18-23)Online publication date: 12-Jan-2022
https://doi.org/10.1109/ICOIN53446.2022.9687165
Coutinho MMacedo EMoraes LMessner VDutra DAmorim CRoncero VJuinior NMaestrelli MAlbuquerque MSilva S(2022)A New Interest-Based Protocol to Hide and Protect Servers in IP Networks2022 International Conference on Information Networking (ICOIN)10.1109/ICOIN53446.2022.9687158(329-334)Online publication date: 12-Jan-2022
https://doi.org/10.1109/ICOIN53446.2022.9687158
Kaptchuk GJois TGreen MRubin AKim YKim JVigna GShi E(2021)Meteor: Cryptographically Secure Steganography for Realistic DistributionsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484550(1529-1548)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484550
Tian CZhang YYin T(2021)A Feature-Flux Traffic Camouflage Method based on Twin Gaussian Process2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom53373.2021.00134(959-966)Online publication date: Oct-2021
https://doi.org/10.1109/TrustCom53373.2021.00134
Tosun ADe Donno MDragoni NFafoutis X(2021)RESIP Host Detection: Identification of Malicious Residential IP Proxy Flows2021 IEEE International Conference on Consumer Electronics (ICCE)10.1109/ICCE50685.2021.9427688(1-6)Online publication date: 10-Jan-2021
https://doi.org/10.1109/ICCE50685.2021.9427688
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents