censor free publishing
play

Censor-free Publishing Topics in Computer Security - PowerPoint PPT Presentation

May 31, 2023 •469 likes •814 views

Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012 Introduction to Censorship Freedom of Opinion and Expression The Universal Declaration of Human Rights states in Article 19 : Everyone has the right to

  1. Censor-free Publishing Topics in Computer Security philipp.winter@kau.se Apr 26, 2012

  2. Introduction to Censorship

  3. Freedom of Opinion and Expression The Universal Declaration of Human Rights states in Article 19 : Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

  4. The Internet and Censorship John Gilmore, one of the founders of the EFF and the cypherpunks mailing list: The Net interprets censorship as damage and routes around it.

  5. State of the Art Many countries conduct pervasive political and social Internet censorship: http://map.opennet.net/

  6. Different Forms of Censorship ◮ Technical ◮ IP blacklisting ◮ DNS blacklisting ◮ Deep packet inspection ◮ Search engine manipulation ◮ Social ◮ Threatening ◮ Self-censorship (Panopticon effect) ◮ Censorship by law

  7. Technical Forms of Censorship ◮ IP blocks/Port blocks ◮ E.g.: Tor directory authorities in China ◮ Usually unflexible and easy to circumvent ◮ DNS blacklisting ◮ Effective for majority of users ◮ For more knowledgeable users trivial to circumvent ◮ Deep packet inspection (DPI) & dynamic blocking ◮ Flexible and precise but expensive ◮ Circumvention becomes harder ◮ State of the art ◮ Search engine manipulation ◮ Search engines in China conduct self-censorship ◮ Aggressive filtering for pornography ◮ Cf. “An Analysis of Chinese Search Engine Filtering” by Zhu et al.

  8. Tor Bridges

  9. From Anonymity to Censorship ◮ Tor was originally designed as an anonymity network only ◮ However, it is frequently used as a censorship circumvention tool ◮ “I don’t care about anonymity as long as I can access facebook!” ◮ Problem: Tor is very easy to block for censors

  10. Presentations on Tor and Censorship 28C3 : How governments have tried to block Tor 26C3 : Tor and censorship: lessons learned

  11. The Birth of Bridges ◮ Back in 2006 : Design for a blocking-resistant anonymity system: The birth of bridges ◮ Bridges are simply relays which are not listed in the public consensus ◮ Censored users can use them as an “undocumented entrance” to the Tor network ◮ At the moment: ∼ 60.000 daily bridge users (almost 10.000 only from Syria)

  12. How it Works ◮ Volunteers configure bridges which report their existance to the central BridgeDB ◮ From there, bridges are distributed to censored users ◮ Via HTTP: https://bridges.torproject.org ◮ Via E-mail: bridges@torproject.org ◮ Via (physical) social networks ◮ Fundamental problem : Bridges can not be distributed to users without the censor learning about them, too ◮ “Solution”: Make it easy to get a few bridges but hard to get many of them

  14. Strategies to Block Bridges ◮ Obtain bridges over the official distribution channels and block them ◮ Dynamically identify Tor usage in network traffic and block suspected bridge ◮ Both attacks quite feasible for country-level adversary

  15. Obtaining Bridge Addresses and Blocking Them ◮ Demonstrated by Ling et al. ◮ Getting bridges via e-mail ◮ Semi-automatically create hundreds of e-mail accounts at Gmail and/or Yahoo ◮ Getting bridges via HTTPS ◮ Use Tor exit nodes and PlanetLab to have enough unique IP addresses ◮ Getting bridges via Tor middle relays ◮ Bridges connect to middle relays as their first hop (bridge → middle relay → exit relay)

  16. China: Dynamically Blocking Tor ◮ Chinese DPI boxes look for the unique TLS cipher list sent inside the TLS client hello ◮ If detected: active scan of (i.e. speak Tor to) suspected bridge is triggered ◮ If suspected bridge answers in Torish: blocked ◮ Highly effective because bridges can be blocked dynamically

  17. Scanners 3 2 1 Tor user DPI box Tor bridge

  18. Details about Chinese Tor Block ◮ Apparently only egress traffic subject to Tor DPI ◮ Great Firewall of China does not seem to conduct TCP stream reassembly ◮ → packet fragmentation successfully evades DPI boxes for now

  19. Server-side fragmentation

  20. Evading DPI: Obfsproxy & Pluggable Transport

  21. Tor client Tor bridge ? obfsproxy obfsproxy

  22. What it does ◮ Implements pluggable transport ◮ Allows the creation of modules to obfuscate traffic between obfsproxy client and server ◮ Deployed shortly before Iranian elections ◮ Can be used with other software as well

  23. The Current Situation ◮ Main purpose : Evading DPI boxes ◮ Arms race might shift back to discovering bridges over the official distribution channels ◮ In China : The few hard-coded obfsproxy bridges are already blocked, private bridges work

  24. Telex: Circumvention in the Backbone

  25. How it Works ◮ Main idea : Let backbone routers “hijack” marked network connections ◮ Censored users install Telex on their machines ◮ They seemingly surf to https://www.notcensored.org and embed a steganographic token inside their connection ◮ Backbone routers recognize token, decrypt HTTPS session and hijack connection ◮ Censor-boxes inside the country don’t know that the traffic is being hijacked ◮ URL with illustrations and research paper: https://telex.cc/

  26. How it Works ◮ Very messy (breaks with end-to-end principle), yet effective concept ◮ Requires cooperation with backbone network providers :-( ◮ So far : In early alpha state ◮ Very similar concepts proposed at the same time: Cirripede (CCS’11) and decoy routing (FOCI’11)

  27. AS-Level Structure and Censorship

  28. Censorship on the AS-Level ◮ Every country manages a set of Autonomous Systems (ASes) ◮ Internet basically: Connected ASes + BGP for routing ◮ Also: ASes choke point for censorship ◮ “Mapping Local Internet Control” by Roberts et al. ◮ Observation : Countries with centralized AS structure have more censorship than countries with rather decentralized AS-level structure

  29. The Data Set http://cyber.law.harvard.edu/netmaps/geo map home.php

  30. Censorship Circumvention in Practice

  31. Many Unsafe Tools Used ◮ Activists and journalists mostly don’t have expertise and/or time to “get it right” ◮ Most people can’t tell whether a tool is designed sanely and safe to use ◮ They end up using tools which work but are unsafe ◮ Result : People get tracked down, jailed, ...

  32. What is Actually Used? According to the circumvention tool usage report 2010 written by the Berkman Center: ◮ Simple web proxies much more popular than sophisticated circumvention tools ◮ Most popular tools are Freegate, UltraSurf, Tor, Hotspot Shield and web proxies ◮ Most users mereley search for “proxy” to find tools

  33. How to Advertise Evasion Tools Important for programmers : ◮ Don’t advertise snake oil → users will believe it! ◮ No pretentious claims and misleading information ◮ Clear and precise documentation of what the tool offers and what not

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Three Challenges in Distributed Optimization Keren Censor-Hillel Technion Workshop on Local

Three Challenges in Distributed Optimization Keren Censor-Hillel Technion Workshop on Local

Three Challenges in Distributed Optimization Keren Censor-Hillel Technion Workshop on Local Algorithms WOLA 2019 This project has received funding from the European Unions Horizon 2020 Research and Innovation Programme under grant agreement

966 views • 68 slides
Web Technologies and Publishing On the Web Applications Publishing information on the WWW is an

Web Technologies and Publishing On the Web Applications Publishing information on the WWW is an

Web Technologies and Publishing On the Web Applications Publishing information on the WWW is an activity that involves three major steps: Winter 2001 1. Create a document CMPUT 499: HTML and Beyond HTML with any text editor Dr. Osmar

436 views • 17 slides
publishing your research Mischa Richter, The New Yorker publishing your research WHY? the

publishing your research Mischa Richter, The New Yorker publishing your research WHY? the

publishing your research Mischa Richter, The New Yorker publishing your research WHY? the audiences WHERE? the venue HOW? the review WHAT? the writing publishing your research WHY? professionals to put knowledge into practice

520 views • 28 slides
Top Trends in Trade Publishing Jane Tappuni, Publishing Technology Chris McCrudden, Midas PR

Top Trends in Trade Publishing Jane Tappuni, Publishing Technology Chris McCrudden, Midas PR

Top Trends in Trade Publishing Jane Tappuni, Publishing Technology Chris McCrudden, Midas PR Top Trends in Trade Publishing Each year, Publishing Technology tracks emerging trends in the publishing and content industries via its blog

475 views • 29 slides
Writing and Publishing Books with Free Software Nathan Haines nhaines@ubuntu.com Nathan Haines

Writing and Publishing Books with Free Software Nathan Haines nhaines@ubuntu.com Nathan Haines

Writing and Publishing Books with Free Software Nathan Haines nhaines@ubuntu.com Nathan Haines Computer enthusiast Programmer Gamer Computer technician 2 Nathan Haines Ubuntu member California Local Community Team

393 views • 28 slides
Web-Based Information Publishing On the Web Systems Publishing information on the WWW is an

Web-Based Information Publishing On the Web Systems Publishing information on the WWW is an

Web-Based Information Publishing On the Web Systems Publishing information on the WWW is an activity that involves three major steps: Winter 2006 1. Create a document CMPUT 410: HTML and Beyond HTML with any text editor Dr. Osmar R.

941 views • 17 slides
Onelight.com Publishing c 2010 World Population 2 Onelight.com Publishing c 2010 3

Onelight.com Publishing c 2010 World Population 2 Onelight.com Publishing c 2010 3

Onelight.com Publishing c 2010 World Population 2 Onelight.com Publishing c 2010 3 Onelight.com Publishing c 2010 GLACIERS Those who do not work with M other Earth will discover she has her methods for the removal of parasitical species 4

638 views • 27 slides
Learning about the Histories of Computerizing Publishing and Desktop Publishing, 20172019 See:

Learning about the Histories of Computerizing Publishing and Desktop Publishing, 20172019 See:

Learning about the Histories of Computerizing Publishing and Desktop Publishing, 20172019 See: history.computer.org/annals/dtp TUG Annual Conference, August 2019 David Walden dave@walden-family.com The written version of this will have

444 views • 27 slides
Who is BiblioBoard? Award-winning software Community engagement publishing tools

Who is BiblioBoard? Award-winning software Community engagement publishing tools

Who is BiblioBoard? Award-winning software Community engagement publishing tools DRM (Digital Rights Management) free ebooks modern library User eXperience (UX) A short history of our collaboration 2018 2016: Pilot - -

364 views • 13 slides
Social Media & Change Will Chanania and Emily Nowlin Is it moral to censor the use of

Social Media & Change Will Chanania and Emily Nowlin Is it moral to censor the use of

Social Media & Change Will Chanania and Emily Nowlin Is it moral to censor the use of social media? Twitter's Guidelines for Censorship History What has social media changed in our society? Source Risks of Social Media 1.

375 views • 15 slides
Funding historic publishing in times of austerity can crowdfunding fill the gap? Notes of

Funding historic publishing in times of austerity can crowdfunding fill the gap? Notes of

Funding historic publishing in times of austerity can crowdfunding fill the gap? Notes of presentation, County Societies Symposium, Sept 17 2016 John Hudson, Head of Publishing, Historic England 1) The traditional model of history publishing

191 views • 3 slides
Publishing For and By Researchers But why Library Publishing? Sofie Wennstrm Analyst,

Publishing For and By Researchers But why Library Publishing? Sofie Wennstrm Analyst,

Publishing For and By Researchers But why Library Publishing? Sofie Wennstrm Analyst, Dept. of Quality, Stockholm University Library @SofieWennstrom | @SthlmUniPress sofie.wennstrom@sub.su.se /Namn Namn, Institution eller liknande

249 views • 21 slides
Are you ready to Publish? Understanding the publishing process Presenter: Aisling Murphy May,

Are you ready to Publish? Understanding the publishing process Presenter: Aisling Murphy May,

Are you ready to Publish? Understanding the publishing process Presenter: Aisling Murphy May, 2016 | 2 Outline Before you begin Plagiarism - What not to do Publishing innovations | 3 Your personal reason for publishing

1.35k views • 41 slides
INFORMATION-PUBLISHING CENTER The information-publishing center Modern Building Constructions

INFORMATION-PUBLISHING CENTER The information-publishing center Modern Building Constructions

INFORMATION-PUBLISHING CENTER The information-publishing center Modern Building Constructions works in the market of information services in the field of construction, from 1997. For the first time in Russia, another 20 years ago, we began

268 views • 24 slides
MELCOM 2016 Market Situation - TURKEY Turkish Publishing Sector in 2015 The publishing

MELCOM 2016 Market Situation - TURKEY Turkish Publishing Sector in 2015 The publishing

MELCOM 2016 Market Situation - TURKEY Turkish Publishing Sector in 2015 The publishing industry grew by 11% in 2015 49.000 titles published, 384 million books printed (all- time high) There are currently about 2000 publishers 92%

204 views • 17 slides
How does scholarly publishing move towards digital/web-based publishing? A case study in the

How does scholarly publishing move towards digital/web-based publishing? A case study in the

How does scholarly publishing move towards digital/web-based publishing? A case study in the francophone social sciences & humanities Cairn.info 01/06/2018 1 Cairn.info? Cairn.info is an online platform founded in 2005 by a group of

87 views • 8 slides
Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx

INSTITUTO POLITCNICO NACIONAL CENTRO DE INVESTIGACION EN COMPUTACION Laboratorio de Ciberseguridad Cyber security A-15 Dr. Ponciano Jorge Escamilla Ambrosio pescamilla@cic.ipn.mx http://www.cic.ipn.mx/~pescamilla/ CIC Cyber Cyber Secur

471 views • 33 slides
UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op

UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op

UN NC CT TA AD D E EE EC C R Re eg gi io on na al l W Wo or rk ks sh ho op p U St tr re en ng gt th he en ni in ng g t th he e S St ta at ti is st ti ic ca al l C Ca ap pa ac ci it ty y o

902 views • 26 slides
Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2

Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2

Existing Legislations on Data Privacy: A Change to Data Sharing? National Statistics Conference 2 0 1 2 Professor Abu Bakar Munir Faculty of Law , University of Malaya 7 Novem ber 2 0 1 2 1 Some of my books on ICT Law In Print Privacy and

721 views • 24 slides
Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox Discovery ID Summary and Status Discussion of Middlebox Needs Other Common Middlebox Issues of Potential Interest to IETF References ID

474 views • 12 slides
Law and the software development life cycle November 25, 2017 Cesare Bartolini, Gabriele Lenzini

Law and the software development life cycle November 25, 2017 Cesare Bartolini, Gabriele Lenzini

Law and the software development life cycle November 25, 2017 Cesare Bartolini, Gabriele Lenzini Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg Outline 1 Legal requirements 2 The Software

701 views • 51 slides
Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA

Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA

Computing Research Association Snowbird 2004 The State of Computing Research The State of CRA Snowbird 2004 Jim Foley, CRA Chair Andy Bernat, CRA Executive Director Good News we Have a Great Story to Tell Computing maps directly

998 views • 58 slides
The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit

The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit

The Next Wave of Cyber Regulation Sponsored By: The Next Wave of Cyber Regulation Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays webinar Corresponding whitepaper

463 views • 18 slides
Monthly growth rates for the quantity bought in total retail sales 20% November December 18%

Monthly growth rates for the quantity bought in total retail sales 20% November December 18%

Monthly growth rates for the quantity bought in total retail sales 20% November December 18% 16% 14% 12% 10% 8% 6% 4% 2% 0% 2012 2013 2014 2015 2016 2017 Source: M&G, BBC, Office for National Statistics, 21 November 2018 B

212 views • 4 slides

More recommend