A Churn for the Better Localizing Censorship using Networklevel Path - - PowerPoint PPT Presentation

a churn for the better
SMART_READER_LITE
LIVE PREVIEW

A Churn for the Better Localizing Censorship using Networklevel Path - - PowerPoint PPT Presentation

Aug 15, 2023 48 likes •289 views

A Churn for the Better Localizing Censorship using Networklevel Path Churn and Network Tomography Shinyoung Cho , Rishab Nithyanand, Abbas Razaghpanah, Phillipa Gill Citizen relying on the Internet for dissemination of information and

slide-1
SLIDE 1

A Churn for the Better

Localizing Censorship using Network‐level Path Churn and Network Tomography

Shinyoung Cho, Rishab Nithyanand, Abbas Razaghpanah, Phillipa Gill

slide-2
SLIDE 2
  • Citizen relying on the Internet for dissemination of information and organizing political actions

2

GFW

China

Facebook

slide-3
SLIDE 3

In 2010, China censorship leaked outside Great Firewall via root server

  • Citizen relying on the Internet for dissemination of information and organizing political actions

3

GFW

China Chile

Facebook

Root server

slide-4
SLIDE 4

In 2010, China censorship leaked outside Great Firewall via root server

  • Citizen relying on the Internet for dissemination of information and organizing political actions

4

GFW

China

Root server

Chile

Facebook

Root server

slide-5
SLIDE 5

In 2010, China censorship leaked outside Great Firewall via root server

  • Citizen relying on the Internet for dissemination of information and organizing political actions

5

GFW

China

Root server

Chile

Facebook

Root server

slide-6
SLIDE 6

In 2010, China censorship leaked outside Great Firewall via root server

  • Citizen relying on the Internet for dissemination of information and organizing political actions

6

GFW

China

Root server

Chile

Facebook

Root server

Fake address

slide-7
SLIDE 7

In 2010, China censorship leaked outside Great Firewall via root server

Chile

GFW

China

Root server Root server

Facebook

Fake address

  • Citizen relying on the Internet for dissemination of information and organizing political actions

7

  • Many anecdotes of *censorship leakage have been reported
  • (*censorship leakage: unintended international impact; cases where censoring Autonomous Systems (ASes) block access

to content even for users outside their country of operation unintentionally)

slide-8
SLIDE 8

8

Country Specific Measurement

slide-9
SLIDE 9

9

“Global Measurement: ICLAB”

Global Scale! Longitudinal!

“Network Tomography”

Monitor Monitor Monitor Monitor Monitor

It works! Path churn is useful!

slide-10
SLIDE 10

10

Network-level path instability Network tomography

Source Monitor

Q) Is there enough path churn?

25% 30% 38% 67%

Monitor Monitor Monitor Monitor Destination Source Source Source

slide-11
SLIDE 11

ICLAB Server VPN Walker

11

(1) Send a scheduler + web test lists based on country

Vantage Points

Over 1K VPNs + 5 Raspberry Pis

2016‐05 ∼ 2017‐05 Test Web Servers

(2) Perform measurements to web servers

Given web test lists

(3) Send collected data to server HTTP Request/Response, DNS, TLS, Pcap, Traceroute

Detecting Censorship

Block pages Injected packets

(Detected using TTL)

Not RST RST

slide-12
SLIDE 12

12

How do we Identify which ASes perform censorship?

slide-13
SLIDE 13

Formulate a Boolean network tomography problem solvable by off‐the‐shelf SAT solvers

13

True

Injected packet (No RST)?

False

4766 48684

youporn.com (2017-02-01 ~ 2017-02-08)

4766 3257 48684

[CNF]

(~4766) ꓥ (~48684) ꓥ (4766 V 3257 V 48684) = T Off‐the‐shelf SAT solver No solution One solution Multiple solutions Generating CNFs

slide-14
SLIDE 14

Formulate a Boolean network tomography problem solvable by off‐the‐shelf SAT solvers

14

True

Injected packet (No RST)?

False

4766 48684

youporn.com (2017-02-01 ~ 2017-02-08)

4766 3257 48684

[CNF]

(~4766) ꓥ (~48684) ꓥ (4766 V 3257 V 48684) = T Off‐the‐shelf SAT solver No solution One solution Multiple solutions Generating CNFs

3257

slide-15
SLIDE 15

15

High solvability! 97.9%

(on average)

0.7%

(on average)

Time granularity Anomaly types

slide-16
SLIDE 16

16

1,103 ASes

  • bserved in ICLAB

(219 countries)

108 censoring ASes

(49 countries) 32 ASes leak censorship (18 countries)

slide-17
SLIDE 17

17

1,103 ASes

  • bserved in ICLAB

(219 countries)

108 censoring ASes

(49 countries) 32 ASes leak censorship (18 countries) Server-side filtering --------------------------- 16.6%

C1 C1 C2 C2

VP Censor DST

slide-18
SLIDE 18

18

1,103 ASes

  • bserved in ICLAB

(219 countries)

108 censoring ASes

(49 countries) 32 ASes leak censorship (18 countries) Server-side filtering --------------------------- 16.6% Transit filtering ---------------------------------- 18.5%

VP Censor DST

C1 C1 C2 C2 C3 C3

slide-19
SLIDE 19

19

1,103 ASes

  • bserved in ICLAB

(219 countries)

108 censoring ASes

(49 countries) 32 ASes leak censorship (18 countries) Server-side filtering --------------------------- 16.6% Transit filtering ---------------------------------- 18.5%

VP Censor DST

C1 C1 C2 C2 C3 C3

slide-20
SLIDE 20

20

1,103 ASes

  • bserved in ICLAB

(219 countries)

108 censoring ASes

(49 countries) 32 ASes leak censorship (18 countries) Server-side filtering --------------------------- 16.6% Transit filtering ---------------------------------- 18.5% Censorship foreign content ------------------ 75.9%

VP Censor DST

C1 C1 C2 C2

slide-21
SLIDE 21

21

1,103 ASes

  • bserved in ICLAB

(219 countries)

108 censoring ASes

(49 countries) 32 ASes leak censorship (18 countries) Server-side filtering --------------------------- 16.6% Transit filtering ---------------------------------- 18.5% Censorship foreign content ------------------ 75.9% Censorship domestic content -------------- 12.0%

VP Censor DST

C1 C1

slide-22
SLIDE 22

22

True

Injected packet (No RST)?

False

4766 48684

youporn.com (2017-02-01 ~ 2017-02-08)

4766 3257 48684 3257

slide-23
SLIDE 23

23

True

Injected packet (No RST)?

False

4766 48684

youporn.com (2017-02-01 ~ 2017-02-08)

4766 3257 48684 3257 {'IPID': 0, 'TCP flags': 18, 'TTL': 48} {'IPID': 0, 'TCP flags': 18, 'TTL': 48} {'IPID': 0, 'TCP flags': 18, 'TTL': 48} {'IPID': 54762, 'TCP flags': 25, 'TTL': 118} {'IPID': 27998, 'TCP flags': 16, 'TTL': 48} {'IPID': 54763, 'TCP flags': 25, 'TTL': 109} {'IPID': 20155, 'TCP flags': 4, 'TTL': 48} {'IPID': 20180, 'TCP flags': 4, 'TTL': 48} {'IPID': 20181, 'TCP flags': 4, 'TTL': 48} {'IPID': 20241, 'TCP flags': 4, 'TTL': 48} {'IPID': 20266, 'TCP flags': 4, 'TTL': 48} Pcap

slide-24
SLIDE 24

1) Combine ICLab measurements with Boolean network tomography to identify censors and censorship leakages at a global scale 2) Measure and exploit network-level churn 3) Identify 108 censoring ASes located in 49 different countries 4) Find 32 censoring Ases that leak censorship outside their jurisdiction

24

Localizing Censorship using Network‐level Path Churn and Network Tomography

Shinyoung Cho shicho@cs.stonybrook.edu