Censorship-Resistant Architectures Henry Tan Micah Sherr - - PowerPoint PPT Presentation

censorship resistant architectures
SMART_READER_LITE
LIVE PREVIEW

Censorship-Resistant Architectures Henry Tan Micah Sherr - - PowerPoint PPT Presentation

Sep 19, 2023 102 likes •261 views

Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown University Censorship-Resistant Architectures 1 The Censorship Problem Internet censorship is a problem in certain areas of the world. In some cases,

slide-1
SLIDE 1

Censorship-Resistant Architectures

Henry Tan Micah Sherr

Georgetown University

Georgetown University Censorship-Resistant Architectures 1

slide-2
SLIDE 2

The Censorship Problem

Internet censorship is a problem in certain areas of the world. In some cases, censorship may be ubiquitous, e.g. government imposed censorship. Users in these areas are unable to access restricted services are punished if they are observed accessing restricted services Most existing services do not work against these powerful adversaries.

Georgetown University Censorship-Resistant Architectures 2

slide-3
SLIDE 3

Existing Methods

Anonymity Services

Tor - Relay traffic through a series of anonymizing routers. VPNs Anonymizing proxy websites etc. Very effective for their designed purposes Less so against censorship

Georgetown University Censorship-Resistant Architectures 3

slide-4
SLIDE 4

Attack Model

Powerful Adversary known to control large portion of ‘nearby’ network. performs traffic analysis participates in any communication system controls some peers outside of censored region

Georgetown University Censorship-Resistant Architectures 4

slide-5
SLIDE 5

Adversary’s Goals

The adversary wins if it discovers that Alice has been communicating with Bob is able to prevent Alice from communicating with Bob

Georgetown University Censorship-Resistant Architectures 5

slide-6
SLIDE 6

1) Blocking off entire communication network/service

If a service: is dedicated to providing anonymity and can be identified by the adversary (e.g. entry IP addresses are published, differentiable traffic) then the adversary can shutdown the entire network without repercussions

Solution

Build a general purpose communication system primary purpose is not censorship resistance provides cover traffic and encourages usage, e.g. in business.

Georgetown University Censorship-Resistant Architectures 6

slide-7
SLIDE 7

2) Traffic Analysis

SkypeMorph: shape traffic as Skype traffic FreeWave: encodes data stream as audio stream Recent work shows that this may not be enough due to VBR encoding.

Solution

Avoid VBR encoding. Ensure encoding schemes and traffic patterns are sufficiently similar among communication types May imply inefficient traffic for data stream

Georgetown University Censorship-Resistant Architectures 7

slide-8
SLIDE 8

3) Public Addresses

Service’s IP Addresses must be published for clients to access them. Censor can also obtain and block these IP addresses.

Solution

Use trusted third parties to relay traffic to published destination. Same basic idea is used in Skype for reachability.

Georgetown University Censorship-Resistant Architectures 8

slide-9
SLIDE 9

Approach #1 - Fully Centralized

Based on standard client/server model. Broker controls network, users register with Broker

Georgetown University Censorship-Resistant Architectures 9

slide-10
SLIDE 10

Approach #1 - Fully Centralized

Users are identified by usernames and broker does not reveal IP addresses. Broker disseminates public keys and binds keys to usernames.

Georgetown University Censorship-Resistant Architectures 10

slide-11
SLIDE 11

Requirements and assumptions

Broker

Does not collude with Adversary Is outside of Adversary’s influence Does not necessarily reveal Alice’s identity to Bob

Use Cases

More useful for multi-party communication, e.g. Google hangouts

Georgetown University Censorship-Resistant Architectures 11

slide-12
SLIDE 12

Approach # 2 - Distributed

Users create certificates - <username, public key, timestamp> signed by a known and trusted root certificate authority.

Georgetown University Censorship-Resistant Architectures 12

slide-13
SLIDE 13

Approach # 2 - Distributed

Alice contacts Charlie, a known and trusted friend. Charlie acts as a relay between Alice and Bob

Georgetown University Censorship-Resistant Architectures 13

slide-14
SLIDE 14

Requirements and assumptions

Intermediary (Charlie)

Does not collude with Adversary Is outside of Adversary’s influence Does not reveal Alice’s identity to Bob

Communication Network

Allows for one way authentication (protect Alice’s identity) Has indirection capabilities built in and available on demand

Georgetown University Censorship-Resistant Architectures 14

slide-15
SLIDE 15

In Conclusion ...

Most existing systems are ineffective against a country level adversary. Use described architectures and techniques to build a general purpose censorship resistant network.

Georgetown University Censorship-Resistant Architectures 15