an an isp scale deployme ment of ta tapdance
play

An An ISP-Scale Deployme ment of Ta TapDance Presented by Nikita - PowerPoint PPT Presentation

Aug 26, 2022 •236 likes •481 views

An An ISP-Scale Deployme ment of Ta TapDance Presented by Nikita Borisov (@nikitab) https://refraction.network/ Internet Filtering Applies at many layers DNS manipulation BGP manipulation DPI / content inspection Packet

  1. An An ISP-Scale Deployme ment of Ta TapDance Presented by Nikita Borisov (@nikitab) https://refraction.network/

  3. Internet Filtering • Applies at many layers • DNS manipulation • BGP manipulation • DPI / content inspection • Packet filtering: IP/port

  7. Cat-and-mouse game • Censors identify and block proxies • Circumventors deploy and distribute new proxies • Advantage if proxies are: • Harder to find • Faster to deploy • Harder to block • Easier to distribute

  8. TapDance : End-to-Middle Anticensorship without Flow Blocking Friendly ISP Client Reachable server NotBlocked.com TapDance Proxy 8

  9. TapDance Protocol Overview TapDance Proxy Client Censor Reachable Server (TLS Handshake) K K 9

  10. Incomplete HTTP request example GET / HTTP/1.1\r\n Host: www.site.com\r\n X-Ignore: u]DhsYGxVxEvuZEhESta…\r\n Encrypt \x1e\x91\xb2\xce\x94\x8a\x6b\x3c\x78\x8c\x6f\x03 \x5e\xef\x97\x34\xf1\x2e\xc6\xe6\x7f\x10\xc8\x46 \xf9\x25\x6a\x0c\xff\x6d\x38 … \x70\xd7\x2c\x63 … 10

  11. Incomplete HTTP request example \x1e\x91\xb2\xce\x94\x8a\x6b\x3c\x78\x8c\x6f\x03 \x5e\xef\x97\x34\xf1\x2e\xc6\xe6\x7f\x10\xc8\x46 \xf9\x25\x6a\x0c\xff\x6d\x38 … \x70\xd7\x2c\x63 … TapDance Station station Decrypt private key Shared Secret: ; Client random: … 11

  12. Client ¡ Decoy ¡ Server ¡ TLS ¡ 1 ¡ Handshake ¡ K ¡ K ¡ Enc K (incomplete ¡HTTP ¡request): ¡ ¡ 2 ¡ “\x95\x1f\x6b\x27\xe2 ¡… ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡\xc8\x3f\x22 ¡…” ¡ Tag ¡ TapDance ¡Sta2on ¡ Sta<on ¡extracts ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡, ¡recovers ¡ K ¡ ¡ 3 ¡ Tag ¡ 4 ¡ ACK ¡[seq=Y, ¡ack=X] ¡ ¡Server ¡ sends ¡ACK ¡ Sta<on ¡sends ¡confirma<on ¡ 5 ¡ and ¡waits ¡ Enc K (“Sta<on ¡here”), ¡[seq=Y, ¡ack=X, ¡len=M] ¡ ACK ¡[seq=X, ¡ack=Y+M] ¡ 6 ¡ Enc K (“GET ¡hSp://blocked.com/ ¡…”), ¡[seq=X, ¡ack=Y+M] ¡ Sta<on ¡sends ¡blocked.com ¡ 7 ¡ Enc K (“HTTP/1.1 ¡200 ¡OK ¡ ¡… ¡ ¡<html> ¡ ¡….”) ¡ EncryptedAlert, ¡FIN+ACK ¡[seq=X’, ¡ack=Y’, ¡len=N] ¡ Connec<on ¡ teardown ¡ 8 ¡ EncryptedAlert, ¡FIN+ACK ¡[seq=Y’, ¡ack=X’+N+1, ¡len=N] ¡ ¡ ACK ¡[seq=X’+N, ¡ack=Y’+N] ¡ Sta<on ¡sends ¡TCP ¡RST ¡ 9 ¡ RST ¡[seq=X, ¡ack=Y] ¡

  13. TapDance Trial Deployment • Worked with two mid-size ISPs: 10 (or 40)-Gbps Management Mirror interface TapDance 1U server w/ station 4x10Gbps Intel X710 NIC

  14. 10 Gbps 40 Gbps 40 Gbps

  15. University of Colorado Network Science network Upstream Campus network 10 Gbps Management Mirror interface Bro Cluster TapDance station

  16. Reachable site discovery AS 237 AS 104 <List of trusted TLS sites> Timeout TCP window <List of sites that meet timeout/window thresholds> TapDance Client ~900 reachable sites <List of TapDance-compatible reachable sites>

  17. TapDance client • 100% in Go • Partnered with Psiphon – Integrated TapDance in Psiphon’s Android app – Deployed to ~70K users in censored countries via remote update

  18. Total traffic 60 Gbps 50 40 30 20 10

  19. User traffic 800 Mbps 700 600 500 400 300 200 100

  20. Detectability • A TapDance connection looks different from regular web browsing – DNS request – Connection scheduling – TLS negotiation (ClientHello, SNI) – HTTP request sizes

  21. Detectability • A TapDance connection looks different from regular web browsing – DNS request • DoH/DoT – Connection scheduling • QUIC / ORIGIN Frame – TLS negotiation (ClientHello, SNI) • Encrypted SNI – HTTP request/response sizes • HTTP/2 PUSH

  22. Detectability • A TapDance connection looks different from regular web browsing – DNS request • DoH/DoT Privacy from network observers – Connection scheduling makes censorship harder! • QUIC / ORIGIN Frame – TLS negotiation (ClientHello, SNI) • Encrypted SNI – HTTP request/response sizes • HTTP/2 PUSH

  23. Looking for new ISP partners! An ISP-Scale Deployment of TapDance https://refraction.network/ 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CON - TENT - MENT CON TENT MENT WHAT DO YOU THINK CONTENTMENT IS? CONTENTMENT a state of

CON - TENT - MENT CON TENT MENT WHAT DO YOU THINK CONTENTMENT IS? CONTENTMENT a state of

CON - TENT - MENT CON TENT MENT WHAT DO YOU THINK CONTENTMENT IS? CONTENTMENT a state of happiness and satisfaction LIFE APP Contentment is deciding to be happy with what youve got! PASTOR PABLOS WORD OF THE DAY WORD OF THE DAY

275 views • 25 slides
Qu Quart rter er 3 In Inte teri rim m ma mana nageme ment nt Sta tate teme ment nt

Qu Quart rter er 3 In Inte teri rim m ma mana nageme ment nt Sta tate teme ment nt

Qu Quart rter er 3 In Inte teri rim m ma mana nageme ment nt Sta tate teme ment nt 3 months to 30 th June 2012 25 th July 2012 1 1 Strong Q3 performance - in a difficult market Reve venue ue growth th in line e with expec

631 views • 15 slides
SSI : Overview of Simulation Sof tware I nf rastructure f or Large Scale Scientif ic Applications

SSI : Overview of Simulation Sof tware I nf rastructure f or Large Scale Scientif ic Applications

SSI : Overview of Simulation Sof tware I nf rastructure f or Large Scale Scientif ic Applications Akira Nishida Depart ment of Comput er Science, Universit y of Tokyo J ST CREST 98 t h I PSJ SI GHPC Meet ing Motivation Emergence of large

346 views • 23 slides
#4 #2 Offshore under 4,811 develop 71 ment MW 418 MW MW Offshore 388 under develop

#4 #2 Offshore under 4,811 develop 71 ment MW 418 MW MW Offshore 388 under develop

30 MW #4 #2 Offshore under 4,811 develop 71 ment MW 418 MW MW Offshore 388 under develop 200 MW ment #3 MW 521 #1 MW 1,251 144 #3 MW MW 204 2,371 MW MW 2 ( 1) December 2016: Installed capacity includes EDPRs

969 views • 64 slides
Scale Economies in European Trade Laura Bonacorsi FEEM &amp; CMCC July 6 th , 2017

Scale Economies in European Trade Laura Bonacorsi FEEM &amp; CMCC July 6 th , 2017

Scale Economies in European Trade Laura Bonacorsi FEEM &amp; CMCC July 6 th , 2017 Acknowledgement: This project has received funding from the European Unions Horizon 2020 research and innovation programme under grant agree- ment No 730403.

553 views • 43 slides
Welc elcome Pre resented b by: y: The O Oklah ahoma D ma Depar artme ment o of Transpo

Welc elcome Pre resented b by: y: The O Oklah ahoma D ma Depar artme ment o of Transpo

STATE HIGH HIGHWAY 29 ODOT Pu Public ic I Involveme ment M Meetin ing April 29, Ap 29, 201 014 6: 6:00 P 00 PM F Welc elcome Pre resented b by: y: The O Oklah ahoma D ma Depar artme ment o of Transpo sportat atio ion

413 views • 26 slides
Corporate Presentation Advancing a District Scale Project in a Forgotten Abitibi Gold Camp MAR

Corporate Presentation Advancing a District Scale Project in a Forgotten Abitibi Gold Camp MAR

Corporate Presentation Advancing a District Scale Project in a Forgotten Abitibi Gold Camp MAR ARCH CH 2020 PT PTX X CSE CSE FORWARD LOOKIN FORWARD ING INFORM INFORMATIO TION This docume ment has been prepared by Platinex Inc.

312 views • 16 slides
Emplo y ment and the Labor Force AN ALYZIN G U S C E N SU S DATA IN P YTH ON Lee Hachadoorian

Emplo y ment and the Labor Force AN ALYZIN G U S C E N SU S DATA IN P YTH ON Lee Hachadoorian

Emplo y ment and the Labor Force AN ALYZIN G U S C E N SU S DATA IN P YTH ON Lee Hachadoorian Asst . Professor of Instr u ction , Temple Uni v ersit y Emplo y ment Concepts Labor Force : People w ho are w orking or looking for w ork Unemplo y

786 views • 45 slides
RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC

RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC

RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC UCTION TION AND ITS S EFFECT CT ON ON THE CHEMI MICAL CAL PROPER OPERTIES TIES OF OF CEME MENT NT Agus Maryoto ( ) Gathot Heri

180 views • 14 slides
B u ilding tf - idf doc u ment v ectors FE ATU R E E N G IN E E R IN G FOR N L P IN P YTH ON

B u ilding tf - idf doc u ment v ectors FE ATU R E E N G IN E E R IN G FOR N L P IN P YTH ON

B u ilding tf - idf doc u ment v ectors FE ATU R E E N G IN E E R IN G FOR N L P IN P YTH ON Ro u nak Banik Data Scientist n - gram modeling Weight of dimension dependent on the freq u enc y of the w ord corresponding to the dimension . Doc u

525 views • 41 slides
GAME PLAN Cons nsume mer s segme ment ntation a n ana nalys lysis Int Introduce o

GAME PLAN Cons nsume mer s segme ment ntation a n ana nalys lysis Int Introduce o

GAME PLAN Cons nsume mer s segme ment ntation a n ana nalys lysis Int Introduce o our t target Provide c cons nsume mer i ins nsight ht Creative s strategy y Brand nd p positioni ning ng s stateme ment

492 views • 21 slides
Scale and level (approach) are different! Approach determines criteria for observation: scale

Scale and level (approach) are different! Approach determines criteria for observation: scale

Scale Phenomena occur at multiple scales Space and Time related Scale of measurement influences what we learn from observation Scale-dependence Levels of Organization criteria for observation Biosphere Community Region Interactions

135 views • 11 slides
Fl Flagler r County Mi Mission Stateme ment Creation Flagler County Board of County

Fl Flagler r County Mi Mission Stateme ment Creation Flagler County Board of County

Fl Flagler r County Mi Mission Stateme ment Creation Flagler County Board of County Commission Workshop January 13, 2020 Submitted by: The Mission Statement Team Mi Mission Stateme ment Th The Beginning (Fo Forming) q In October,

309 views • 16 slides
IN INDUC NG NG A DOM DOMA N INDEPENDENT DEPENDENT SENT SENT ME MENT NT LEX LEX CO

IN INDUC NG NG A DOM DOMA N INDEPENDENT DEPENDENT SENT SENT ME MENT NT LEX LEX CO

IN INDUC NG NG A DOM DOMA N INDEPENDENT DEPENDENT SENT SENT ME MENT NT LEX LEX CO CON N M ALA ALAY Mohammad Darwich, Shahrul Azman Mohd Noah, Nazlia Omar Center fo Artificial Intelligence Technology (CAIT), Faculty of

452 views • 17 slides
Was it Frag-Ment to be? Luke Sleeman - Freelance Android developer http://lukesleeman.com

Was it Frag-Ment to be? Luke Sleeman - Freelance Android developer http://lukesleeman.com

Was it Frag-Ment to be? Luke Sleeman - Freelance Android developer http://lukesleeman.com luke.sleeman@gmail.com @LukeSleeman Was it Frag-Ment to be? Intro - What are fragments? History Problems with fragments - Lifecycle, Bugs, Hard

919 views • 88 slides
New Physics at the TeV Scale? New Physics at the TeV Scale? A Supersymmetric and

New Physics at the TeV Scale? New Physics at the TeV Scale? A Supersymmetric and

FFD SEMINAR 2003 New Physics at the TeV Scale? New Physics at the TeV Scale? A Supersymmetric and Extra-dimensional talk Peter Skands Theoretical High Energy Physics New Physics at the TeV Scale, P . Skands p.1/47 Overview New

830 views • 72 slides
Waves Waves - disturbance that propagates through space &amp; time - usually with transfer of

Waves Waves - disturbance that propagates through space &amp; time - usually with transfer of

Waves Waves - disturbance that propagates through space &amp; time - usually with transfer of energy - Mechanical requires a medium - Electromagnetic no medium required Mechanical waves: sound, water, seismic . the wave

824 views • 59 slides
Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental

Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental

Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental interactions are parity breaking maybe parity breaking is manifest in new cosmological physics (inflation, dark matter, dark energy, baryogenesis) as

551 views • 37 slides
Topic 1: Models in Optics Aim: Review the of models used in optics, and the range of validity of

Topic 1: Models in Optics Aim: Review the of models used in optics, and the range of validity of

I V N E U R S E I H T Modern Optics Y T O H F G R E U D B I N Topic 1: Models in Optics Aim: Review the of models used in optics, and the range of validity of each Contents: Ray Optics Ray Wave Theory Vector

382 views • 11 slides
Wireless Networks L ecture 5: Physical Layer Channel Properties Peter Steenkiste CS and ECE,

Wireless Networks L ecture 5: Physical Layer Channel Properties Peter Steenkiste CS and ECE,

Wireless Networks L ecture 5: Physical Layer Channel Properties Peter Steenkiste CS and ECE, Carnegie Mellon University Peking University, Summer 2016 1 Peter A. Steenkiste Outline RF introduction Modulation and multiplexing

352 views • 13 slides
COMP30019 Graphics and Interaction Ray Tracing Adrian Pearce Department of Computer Science and

COMP30019 Graphics and Interaction Ray Tracing Adrian Pearce Department of Computer Science and

Ray tracing Recursive Ray Tracing Binary Space Partition (BSP) Trees Refraction Transparency Shadow volumes &amp; the Stencil COMP30019 Graphics and Interaction Ray Tracing Adrian Pearce Department of Computer Science and Software

357 views • 23 slides
Background: Physics and Math of Shading by Naty Hoffman In this section of the course notes, we

Background: Physics and Math of Shading by Naty Hoffman In this section of the course notes, we

Background: Physics and Math of Shading by Naty Hoffman In this section of the course notes, we will go over the fundamentals behind physically based shading models, starting with a qualitative description of the underlying physics, followed by

742 views • 41 slides
Screen Space Fluid Rendering for Gam es Simon Green, NVIDIA Overview Introduction Fluid

Screen Space Fluid Rendering for Gam es Simon Green, NVIDIA Overview Introduction Fluid

Screen Space Fluid Rendering for Gam es Simon Green, NVIDIA Overview Introduction Fluid Simulation for Games Screen Space Fluid Rendering Demo I ntroduction DirectX 11 and DirectCompute enable physics effects to be computed

1.22k views • 75 slides
In-line purification of equilibrium mixtures Melissa Graewert June 25 th The odd one out

In-line purification of equilibrium mixtures Melissa Graewert June 25 th The odd one out

In-line purification of equilibrium mixtures Melissa Graewert June 25 th The odd one out Polydisperse samples Aggregates intrinsic property of the sample eg. monomer-dimer-oligomer equilibrium or incomplete formation of

628 views • 47 slides

More recommend