censorship resistant architectures
play

Censorship-Resistant Architectures Henry Tan Micah Sherr - PowerPoint PPT Presentation

Sep 19, 2023 •102 likes •260 views

Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown University Censorship-Resistant Architectures 1 The Censorship Problem Internet censorship is a problem in certain areas of the world. In some cases,

  1. Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown University Censorship-Resistant Architectures 1

  2. The Censorship Problem Internet censorship is a problem in certain areas of the world. In some cases, censorship may be ubiquitous, e.g. government imposed censorship. Users in these areas are unable to access restricted services are punished if they are observed accessing restricted services Most existing services do not work against these powerful adversaries. Georgetown University Censorship-Resistant Architectures 2

  3. Existing Methods Anonymity Services Tor - Relay traffic through a series of anonymizing routers. VPNs Anonymizing proxy websites etc. Very effective for their designed purposes Less so against censorship Georgetown University Censorship-Resistant Architectures 3

  4. Attack Model Powerful Adversary known to control large portion of ‘nearby’ network. performs traffic analysis participates in any communication system controls some peers outside of censored region Georgetown University Censorship-Resistant Architectures 4

  5. Adversary’s Goals The adversary wins if it discovers that Alice has been communicating with Bob is able to prevent Alice from communicating with Bob Georgetown University Censorship-Resistant Architectures 5

  6. 1) Blocking off entire communication network/service If a service: is dedicated to providing anonymity and can be identified by the adversary (e.g. entry IP addresses are published, differentiable traffic) then the adversary can shutdown the entire network without repercussions Solution Build a general purpose communication system primary purpose is not censorship resistance provides cover traffic and encourages usage, e.g. in business. Georgetown University Censorship-Resistant Architectures 6

  7. 2) Traffic Analysis SkypeMorph: shape traffic as Skype traffic FreeWave: encodes data stream as audio stream Recent work shows that this may not be enough due to VBR encoding. Solution Avoid VBR encoding. Ensure encoding schemes and traffic patterns are sufficiently similar among communication types May imply inefficient traffic for data stream Georgetown University Censorship-Resistant Architectures 7

  8. 3) Public Addresses Service’s IP Addresses must be published for clients to access them. Censor can also obtain and block these IP addresses. Solution Use trusted third parties to relay traffic to published destination. Same basic idea is used in Skype for reachability. Georgetown University Censorship-Resistant Architectures 8

  9. Approach #1 - Fully Centralized Based on standard client/server model. B roker controls network, users register with B roker Georgetown University Censorship-Resistant Architectures 9

  10. Approach #1 - Fully Centralized Users are identified by usernames and broker does not reveal IP addresses. Broker disseminates public keys and binds keys to usernames. Georgetown University Censorship-Resistant Architectures 10

  11. Requirements and assumptions Broker Does not collude with Adversary Is outside of Adversary’s influence Does not necessarily reveal Alice’s identity to Bob Use Cases More useful for multi-party communication, e.g. Google hangouts Georgetown University Censorship-Resistant Architectures 11

  12. Approach # 2 - Distributed Users create certificates - < username, public key, timestamp > signed by a known and trusted root certificate authority. Georgetown University Censorship-Resistant Architectures 12

  13. Approach # 2 - Distributed Alice contacts Charlie, a known and trusted friend. Charlie acts as a relay between Alice and Bob Georgetown University Censorship-Resistant Architectures 13

  14. Requirements and assumptions Intermediary (Charlie) Does not collude with Adversary Is outside of Adversary’s influence Does not reveal Alice’s identity to Bob Communication Network Allows for one way authentication (protect Alice’s identity) Has indirection capabilities built in and available on demand Georgetown University Censorship-Resistant Architectures 14

  15. In Conclusion ... Most existing systems are ineffective against a country level adversary. Use described architectures and techniques to build a general purpose censorship resistant network. Georgetown University Censorship-Resistant Architectures 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing

DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing

DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing Streams Diogo Barradas Nuno Santos Lus Rodrigues INESC-ID, Instituto Superior Tcnico, Universidade de Lisboa

468 views • 29 slides
On the Feasibility of a Censorship Resistant Decentralized Name System Matthias Wachs Martin

On the Feasibility of a Censorship Resistant Decentralized Name System Matthias Wachs Martin

On the Feasibility of a Censorship Resistant Decentralized Name System Matthias Wachs Martin Schanzenbach Christian Grothoff Technische Universit at M unchen The Sixth International Symposium on Foundations &amp; Practice of Security

293 views • 12 slides
Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin

Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin

Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin and L Cranor Ranjit Randhawa Department of Computer Science Virginia Tech Outline Overview of Publius Anonymity tools Publius in

414 views • 13 slides
A Censorship Resistant and Fully Decentralized Name System The GNU Alternative Domain System

A Censorship Resistant and Fully Decentralized Name System The GNU Alternative Domain System

A Censorship Resistant and Fully Decentralized Name System The GNU Alternative Domain System Martin Schanzenbach Masters Thesis October 5, 2012 Martin Schanzenbach (TUM) GNU Alternative Domain System 1 Secure, Memorable, Global:

387 views • 19 slides
Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship? History of Censorship Arguments for censorship Arguments against censorship What do we mean by media? AUSTRALIA Statutory Regulation Recent

566 views • 37 slides
Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of

Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of

Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of Economics Royal Holloway, University of London Presentation given at the International Studies Association 57 th annual convention, Atlanta, GA, March

504 views • 24 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

654 views • 44 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

517 views • 23 slides
Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture Damage 1 Balanced Mix Design: ETG Definition Asphalt mix design using performance tests on appropriately conditioned specimens that address

480 views • 46 slides
Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005

Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005

Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005 Tools for Censorship Resistance p.1/36 Overview Approaches to Censorship Circumvention methods Case study: China Censorship in a free

628 views • 36 slides
Censorship and surveillance in France Nicola Spanti 2015 Liberty - Equality Fraternity

Censorship and surveillance in France Nicola Spanti 2015 Liberty - Equality Fraternity

Censorship and surveillance in France Nicola Spanti 2015 Liberty - Equality Fraternity Censorship - Surveillance - Money Censorship Lets help our friends! There is nothing to see I have nothing to hide Panopticon Human rights?

298 views • 9 slides
Tamper-resistant creation of integrity tokens for trustworthy communication in cyber-physical

Tamper-resistant creation of integrity tokens for trustworthy communication in cyber-physical

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Tamper-resistant creation of integrity tokens for trustworthy communication in cyber-physical systems Intermediate talk for the Masters

740 views • 25 slides
Towards a Censorship Analyser for Tor Philipp Winter The Tor Project &amp; Karlstad University

Towards a Censorship Analyser for Tor Philipp Winter The Tor Project &amp; Karlstad University

Towards a Censorship Analyser for Tor Philipp Winter The Tor Project &amp; Karlstad University 2013-08-13 Tor and censorship Some countries, corporate firewalls, captive portals and ISPs block Tor. Blocks become known through users and

534 views • 16 slides
Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely Internet Measurement Village 2020 Ram Sundara Raman June 26, 2020 Measuring Censorship is a Complex Problem! Internet censorship practices are

644 views • 52 slides
Active Probing and Deep Packet Inspection detection resistant tunneling through HTTPS connections

Active Probing and Deep Packet Inspection detection resistant tunneling through HTTPS connections

Chair for Network Architectures and Services Technical University of Munich (TUM) Active Probing and Deep Packet Inspection detection resistant tunneling through HTTPS connections Intermediate Talk Julien Schmidt May 30, 2016 Chair for

384 views • 16 slides
Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue

Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue

Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside 1 Internet Censorship Key technology: Deep Packet

528 views • 33 slides
CACert Tanner Lovelace Triangle Linux Users Group 11/May/2006 Outline What is SSL and why do

CACert Tanner Lovelace Triangle Linux Users Group 11/May/2006 Outline What is SSL and why do

CACert Tanner Lovelace Triangle Linux Users Group 11/May/2006 Outline What is SSL and why do we need it? What is a Certificate Authority? What is CACert? How does CACert verify identity? How do I use CACert? Conclusion and Mass Assurance

462 views • 18 slides
Final 2020 Plan Certification Standards with Public Comment John-Pierre Cardenas, Director of

Final 2020 Plan Certification Standards with Public Comment John-Pierre Cardenas, Director of

Final 2020 Plan Certification Standards with Public Comment John-Pierre Cardenas, Director of Policy and Plan Management January 22, 2019 A service of Maryland Health Benefit Exchange Public Comment Public Comment Received MHBE received

454 views • 41 slides
Remediation Certificates 101 Outline What are they? Regulatory basis for issuing

Remediation Certificates 101 Outline What are they? Regulatory basis for issuing

Remediation Certificates 101 Outline What are they? Regulatory basis for issuing remediation certificates Definitions and brief history of the program Why should I want one? Benefits for the site owner Benefits for the

325 views • 19 slides
OVERVIEW OF CPARS ACQUISITION HOUR WEBINAR February 21, 2018 1 WEBINAR ETIQUETTE Please

OVERVIEW OF CPARS ACQUISITION HOUR WEBINAR February 21, 2018 1 WEBINAR ETIQUETTE Please

A Procurement Technical Assistance Center (PTAC) OVERVIEW OF CPARS ACQUISITION HOUR WEBINAR February 21, 2018 1 WEBINAR ETIQUETTE Please When logging into go-to-meeting, enter the name that you have registered with Put your phone

900 views • 74 slides
SINDES Secure INformation DElivery System Poulhis Marc marc.poulhies@cern.ch CERN/EPFL

SINDES Secure INformation DElivery System Poulhis Marc marc.poulhies@cern.ch CERN/EPFL

SINDES Secure INformation DElivery System Poulhis Marc marc.poulhies@cern.ch CERN/EPFL CERN-IT-FIO group meeting p. 1/17 Outline Motivations Previous system New system General overview Getting a certificate

596 views • 31 slides
Public Key Infrastructures Using PKC to solve network security problems Distributing public

Public Key Infrastructures Using PKC to solve network security problems Distributing public

Public Key Infrastructures Using PKC to solve network security problems Distributing public keys P keys allow parties to share secrets over unprotected channels Extremely useful in an open network: Parties are not under a single

420 views • 21 slides
Public Key Infrastructure e-government, e-commerce, e-mail, etc.) Ideally consists of a

Public Key Infrastructure e-government, e-commerce, e-mail, etc.) Ideally consists of a

Public Key Infrastructure A system to securely distribute &amp; manage public keys. Important for wide-area trust management (for Public Key Infrastructure e-government, e-commerce, e-mail, etc.) Ideally consists of a

402 views • 3 slides
An Experience in Developing Common Certificate Policy 9 April 2008, Academia Sinica, Taipei,

An Experience in Developing Common Certificate Policy 9 April 2008, Academia Sinica, Taipei,

International Symposium on Grid Computing 2008 An Experience in Developing Common Certificate Policy 9 April 2008, Academia Sinica, Taipei, Taiwan Shinichi Mineo (RIKEN) Outline MOTIVATION FEATURES OF RFC3647 A CASE IN NAREGI

193 views • 17 slides

More recommend