chinese keyword censorship of instant messaging programs
play

Chinese Keyword Censorship of Instant Messaging Programs (and Work - PowerPoint PPT Presentation

Apr 06, 2023 •343 likes •965 views

Chinese Keyword Censorship of Instant Messaging Programs (and Work in Progress) Jeffrey Knockel Computer Science Department University of New Mexico Who Determines What's Censored in Chinese IM Programs? IM Usage in China In 2010, 77.2%

  1. Chinese Keyword Censorship of Instant Messaging Programs (and Work in Progress) Jeffrey Knockel Computer Science Department University of New Mexico

  2. Who Determines What's Censored in Chinese IM Programs?

  3. IM Usage in China ● In 2010, 77.2% of Internet users in China used instant messaging ● 350 million users ● Growth rate of 30% from 2009 ● Popular IM programs include Tencent QQ, Alitalk, TOM-Skype, Sina UC... Source: http://www.iresearchchina.com/view.aspx?id=9205

  4. Popular IM Programs in China Program Millions of daily users September 2009* Tencent QQ/TM 139.85 Alitalk 22.87 MSN 20.11 Fetion 18.51 Caihong 16.94 (TOM-)Skype 2.67 Sina UC 2.53 Baidu Hi 2.08 *Source: http://satellite.tmcnet.com/news/2009/11/06/4467291.htm

  5. Questions ● Which IM programs perform keyword censorship? Surveillance? ● Is there a “master” keyword list? ● What keywords are censored by which programs? ● Do programs tend to censor the same keywords?

  6. Which Censor? Program Millions of daily Censors Example keyword Client- users Sept. 2009* keywords? side? Tencent QQ/TM 139.85 Yes No 法轮 (falun) Alitalk 22.87 Yes No 吾尔开希 (Wu'er Kaixi) MSN 20.11 No - - Fetion 18.51 Yes falundafa No Caihong 16.94 Yes No 法轮 (falun) (TOM-)Skype 2.67 Yes fuck Yes Sina UC 2.53 Yes Yes 六四 (six four) Baidu Hi 2.08 Yes No 六四 (six four) *Source: http://satellite.tmcnet.com/news/2009/11/06/4467291.htm

  7. Client-side Censorship? ● TOM-Skype and Sina UC do censorship “client- side” ● When the censorship happens inside of the program ● Not by remote server ● Not somewhere on the network ● Encrypted keyword lists are hidden in program and/or downloaded

  8. TOM-Skype ● TOM-Skype ● Modified version of Skype by TOM Group Limited, a China- based media company ● Uses Skype's network ● In China, http://www.skype.com HTTP redirects to http://skype.tom.com

  9. Empirical Analysis of TOM-Skype ● TOM-Skype uses “keyfiles” ● List of encrypted keywords triggering censorship and surveillance of text chat ● One built-in ● At least one other downloaded ● Lists vary by version of TOM-Skype

  10. 3.6-4.2 Keyfiles ● TOM-Skype 3.6-3.8 downloads from http://skypetools.tom.com/agent/newkeyfile/keyfile ● TOM-Skype 4.0-4.2 downloads from http://a[1-8].skype.tom.com/installer/agent/keyfile ● Encrypted with naïve procedure DECRYPT (C 0..n , P 1..n ) for i ← 1,n do xor algorithm... P i = (C i ⊕ 0x68) - C i-1 (mod 0xff) end for end procedure

  11. 3.6-4.2 Keyfiles ● To crack: point . . . skypetools.tom.com DNS 1EB412B019 queries to our server 77B543CE52 # fuck ● TOM-Skype downloads our 98068426842599 keyfile . . . ● Binary search to find “fuck” Perform chosen ciphertext attack See what gets censored

  12. 3.6-4.2 Keyfiles ● To crack: point 77B543CE52 # fuck skypetools.tom.com DNS 77B543CE53 # fucl queries to our server 77B543CE54 # fucm ● TOM-Skype downloads our . . . keyfile 77B341CC50 # duck ● Binary search to find “fuck” . . . ● Perform chosen ciphertext attack ● See what gets censored

  13. 3.6-4.2 Keyfiles ● To crack: point 77B543CE52 # fuck skypetools.tom.com DNS 77B543CE53 # fucl queries to our server 77B543CE54 # fucm ● TOM-Skype downloads our . . . keyfile 77B341CC50 # duck ● Binary search to find “fuck” . . . ● Perform chosen ciphertext procedure DECRYPT (C 0..n , P 1..n ) attack for i ← 1,n do ● See what gets censored P i = (C i ⊕ 0x68) - C i-1 (mod 0xff) ● Pattern emerges end for end procedure

  14. 5.0-5.1 Keyfiles ● TOM-Skype 5.0-5.1 downloads keyfiles from http://skypetools.tom.com/agent/keyfile ● TOM-Skype 5.1 downloads surveillance-only keyfile from http://skypetools.tom.com/agent/keyfile_u ● Keywords AES encrypted in ECB mode ● Key reused from TOM-Skype 2.x ● When encoded in UTF16-LE, 32 bytes: 0sr TM#RWFD,a43 ● Half of bytes printable ASCII, other half null (weak)

  15. TOM-Skype Surveillance ● TOM-Skype 3.6-3.8 encrypts surveillance traffic with DES key in ECB mode: 32bnx23l ● TOM-Skype 5.0: no surveillance ● TOM-Skype 4.0-4.2, 5.1 encrypts using different DES key: X7sRUjL\0 0045BDBC FF FF FF FF 07 00 00 00 0045BDC4 58 37 73 52 55 6A 4C 00

  16. TOM-Skype Surveillance ● Example surveillance message: jdoe falungong 4/24/2011 2:25:53 AM 0 ● Message author followed by triggering message followed by the date and time ● 0 or 1 indicates message is outgoing or incoming, respectively ● Sent in query string to a[1-8].skype.tom.com/installer/tomad/ContentFilterMsg.php

  17. TOM-Skype 3.6-3.8 Surveillance ● Recall TOM-Skype 3.6-3.8 encrypts surveillance traffic with a different DES key ● Reverse engineering it required circumventing Skype's built-in anti-debugging measures ● Why not before? TOM-Skype 5.1 sends surveillance messages from an outside process called ContentFilter.exe ● Our strategy: DLL injection, a way to execute our own code inside of TOM-Skype's process...

  18. TOM-Skype 3.6-3.8 Surveillance ● Hook our code into timer function ADD DH,AH CMP EAX,33B200ED called before encryption JMP SHORT Skype.00ED3DE8 ● Our code sleeps for 20 seconds MOV DL,32 JMP SHORT Skype.00ED3DE8 ● Attach with debugger MOV DL,62 ● Suspend all other threads JMP SHORT Skype.00ED3DE8 MOV DL,6E ● Resume sleeping thread JMP SHORT Skype.00ED3DE8 ● In switch statement, we observed MOV DL,78 JMP SHORT Skype.00ED3DE8 the following DES key used: MOV DL,32 32bnx23l JMP SHORT Skype.00ED3DE8 MOV DL,33 JMP SHORT Skype.00ED3DE8 MOV DL,6C JMP SHORT Skype.00ED3DE8 MOV DL,24 JE SHORT Skype.00ED3DF0 JNZ SHORT Skype.00ED3DF0

  19. 5.0-5.1 Downloaded Keyfile

  20. 5.1 Surveillance-only Keyfile

  21. Censored Keywords ● Keyfile contained political words (35.2%) ● 六四 (“64,” in reference to the June 4th Incident) ● 拿着麦克风表示自由 (Hold a microphone to indicate liberty) ● Prurient interests (15.2%) ● 操烂 (Fuck rotten) ● 两女一杯 (Two girls one cup)

  22. Censored Keywords ● News/info sources (10.1%) ● 中文维基百科 (Chinese language Wikipedia) ● BBC 中文网 (BBC Chinese language) ● Political dissidents (7%) ● 刘晓波 (Liu Xiaobo) ● 江天勇 (Jiang Tianyong) ● Locations (7%) ● 成都 春熙路麦当劳门前 (McDonald's in front of Chunxi Road in Chengdu)

  23. Surveillance-only ● Mostly political and locations ● Almost all related to demolitions of homes in Beijing for future construction ● A few related to illegal churches ● A couple company names

  24. Latest Updates ● TOM-Skype 5.5, 5.8 released ● DES key for keyfiles: \x7a\xdd\xe7\xdc\x23\x25\x53\x75 ● All but one keyword is now surveillance-only ● 薄熙来 (Bo Xilai) ● 周永康兵变和警变 (Zhou Yongkang, mutiny and police change) ● 3 月 17 日重庆人民大礼堂 (Chongqing People's Auditorium March 17)

  25. Sina UC ● By SINA Corporation ● China-based company ● Owns weibo.com, popular Chinese microblogging site ● Uses Jabber protocol

  26. Empirical Analysis of Sina UC ● Has five lists ● One set of five built-in ● Another set of five downloaded from http://im.sina.com.cn/fetch_keyword.php?ver=... ● All five lists JSON-encoded ● Then Blowfish encrypted in ECB mode with the following 16-byte ASCII-encoded key: H177UC09VI67KASI

  27. List #4 ● Used to censor text chat ● Large number of neologisms for the June 4th incident: ● 5 月三十五 (May 35th), 四月六十五号 (April 65th), 三月 九十六号 (March 96th) ● 61 过后三天 (three days after June 1st), 儿童节过后三天 (three days after Children's day) ● ⑥④ , VIIV, 8|9|6|4, six.4 ● 6.2+2 ● 八的二次方 (8^2), 2 的 6 次方 (2^6)

  28. List #4 ● Even Russian: ● Четыре (four) ● Шесть (six) ● Девять (nine) ● Восемь (eight) ● Восемь-Девять-Шесть-Четыре (eight-nine-six- four) ● And French: ● six-quatre (six-four)

  29. List #2 ● Used to censor usernames (username replaced with id#) ● Found prurient words like 婊子 (whore), 妓 (prostitute) ● Political: 法輪 (falun), falun, six four ● Phishing: ● webmaster, root, admin, hostmaster, sysadmin, sinaUC, 新浪 (Sina), 系统通知 (system notice)

  30. Other Lists ● List #1 is a shorter list used to censor both text chat and usernames ● List #3 contains a lot of domains; has unknown purpose ● List #5 contains prurient and political keywords; has unknown purpose (later removed)

  31. Comparative Analysis ● TOM-Skype and Sina UC have lists for different purposes ● For each, let's union their sets of keywords ● TOM-Skype has 515 unique keywords ● Sina UC has 997 unique keywords ● Overall, 1446 keywords are seen in only TOM- Skype xor Sina UC ● Only 33 are common to both ● Conjecture: any “master” list must be short

  32. Conjectures 1.Effectiveness Conjecture : Censorship is effective, despite attempts to evade it. ● Inspired by phrases in keyfiles taken from documents that did not get as widely distributed as the authors had probably intended

  33. Conjectures 2.Spread Skew Conjecture : Censored memes spread differently than uncensored memes. ● Inspired by Google trends data for “two girls one cup” in English (left) vs. Chinese (right)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chinese Keyword Censorship of Instant Messaging Programs Jeffrey Knockel Computer Science

Chinese Keyword Censorship of Instant Messaging Programs Jeffrey Knockel Computer Science

Chinese Keyword Censorship of Instant Messaging Programs Jeffrey Knockel Computer Science Department University of New Mexico Who Determines What's Censored in Chinese IM Programs? IM Usage in China In 2010, 77.2% of Internet users in

517 views • 27 slides
What companies unabridged keyword blacklists say about Chinese censorship of realtime chat

What companies unabridged keyword blacklists say about Chinese censorship of realtime chat

What companies unabridged keyword blacklists say about Chinese censorship of realtime chat Jeffrey Knockel, Dissertation Defense, December 2017 Committee Jedidiah Crandall (chair) Ronald Deibert Stephanie Forrest Jared Saia 1989

635 views • 45 slides
Measuring Decentralization of Chinese Keyword Censorship via Mobile Games Jeffrey Knockel, Lotus

Measuring Decentralization of Chinese Keyword Censorship via Mobile Games Jeffrey Knockel, Lotus

Measuring Decentralization of Chinese Keyword Censorship via Mobile Games Jeffrey Knockel, Lotus Ruan, and Masashi Crete-Nishihata Citizen Lab, Munk School of Global Affairs, University of Toronto Dept. of Computer Science, University of New

595 views • 37 slides
Instant Message Delivery Notification (IMDN) for Common Presence and Instant Messaging (CPIM)

Instant Message Delivery Notification (IMDN) for Common Presence and Instant Messaging (CPIM)

Instant Message Delivery Notification (IMDN) for Common Presence and Instant Messaging (CPIM) Messages draft-burger-sipping-imdn-02 Open Issues Issue 1: Requiring IMDNs to be end-to- end encrypted. Issue 2: Sender keeping state

338 views • 10 slides
A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital

A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital

Secure Public Instant Messaging Financial Cryptography - Feb 27, 2006 A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital Security Group Carleton University, Canada Mohammad Mannan Feb 27, 2006 1

399 views • 15 slides
Designing an Ontology-based Intelligent Tutoring Agent with Instant Messaging Min-Yuh Day 1,2 ,

Designing an Ontology-based Intelligent Tutoring Agent with Instant Messaging Min-Yuh Day 1,2 ,

Designing an Ontology-based Intelligent Tutoring Agent with Instant Messaging Min-Yuh Day 1,2 , Chun-Hung Lu 1,3 , Jin-Tan David Yang 4 , Guey-Fa Chiou 3 ,Chorng-Shyong Ong 2 ,Wen-Lian Hsu 1 1 Institute of Information Science, Academia Sinica,

300 views • 19 slides
Innovative Instant Messaging Technology HIC 2019 - Melbourne 14.Aug.2019 James Tan, Health

Innovative Instant Messaging Technology HIC 2019 - Melbourne 14.Aug.2019 James Tan, Health

Secure Clinical Communication with Innovative Instant Messaging Technology HIC 2019 - Melbourne 14.Aug.2019 James Tan, Health Informatician Hong Kong Hospital Authority 7,416km from Mel 1,108km 2 7.5M population 2 S omething about HKH

537 views • 32 slides
Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM,

Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM,

Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM, and attacks against it How IM is being used today, and why these uses make strong security essential Current problems and examples To-do

258 views • 23 slides
in an Instant Messaging Server John Hughes Chalmers University/Quviq AB "We know there is a

in an Instant Messaging Server John Hughes Chalmers University/Quviq AB "We know there is a

Testing Asynchronous Behaviour in an Instant Messaging Server John Hughes Chalmers University/Quviq AB "We know there is a lurking bug somewhere in the dets code. We have got 'bad object' and 'premature eof' every other month the last

711 views • 37 slides
On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer

On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer

COMP 4108 Presentation - Sept 20, 2005 On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer Science Carleton University, Canada Goals of this talk Discuss a few IM worms Analyze well-known

402 views • 26 slides
Using Instant Messaging to Provide an Intelligent Learning Environment Chun-Hung Lu 1 , Guey-Fa

Using Instant Messaging to Provide an Intelligent Learning Environment Chun-Hung Lu 1 , Guey-Fa

Using Instant Messaging to Provide an Intelligent Learning Environment Chun-Hung Lu 1 , Guey-Fa Chiou 2 , Min-Yuh Day 1,3 , Chorng-Shyong Ong 3 , Wen-Lian Hsu 1 1 Institute of Information Science, Academia Sinica, Taiwan 2 Dept. of Information and

241 views • 23 slides
Implementing Reliable Instant Messaging at Your Library Karen McCoy Adult Services Librarian

Implementing Reliable Instant Messaging at Your Library Karen McCoy Adult Services Librarian

Implementing Reliable Instant Messaging at Your Library Karen McCoy Adult Services Librarian Farmington Public Library, NM Some background More libraries are communicating with patrons in real time over the internet Online

449 views • 29 slides
Facing Facebook The power of social media and how to harness it Face book, Instant Messaging,

Facing Facebook The power of social media and how to harness it Face book, Instant Messaging,

Facing Facebook The power of social media and how to harness it Face book, Instant Messaging, Texts, Twitter, Sykpe It used to be so easy. Or was it.........?? Social media gives us the power to reach so many with our message in just a few

341 views • 23 slides
USER PERCEPTION OF DELETING INSTANT MESSAGES EuroUSEC18, London, UK, 23 April 2018 Theodor

USER PERCEPTION OF DELETING INSTANT MESSAGES EuroUSEC18, London, UK, 23 April 2018 Theodor

USER PERCEPTION OF DELETING INSTANT MESSAGES EuroUSEC18, London, UK, 23 April 2018 Theodor Schnitzler, Christine Utz, Florian M. Farke, Christina Ppper, Markus Drmuth OVERVIEW Instant Messaging New WhatsApp feature introduced October

202 views • 17 slides
FOSDEM 2016 The State of XMPP and Instant Messaging The awakening www.erlang-solutions.com

FOSDEM 2016 The State of XMPP and Instant Messaging The awakening www.erlang-solutions.com

www.erlang-solutions.com FOSDEM 2016 The State of XMPP and Instant Messaging The awakening www.erlang-solutions.com Bonjour ! Nicolas Vrit //Nco nicolas.verite@erlang-solutions.com xmpp:nyco@movim.eu @nyconyco

563 views • 39 slides
Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship? History of Censorship Arguments for censorship Arguments against censorship What do we mean by media? AUSTRALIA Statutory Regulation Recent

566 views • 37 slides
2020 Research and Practice on Semantic Mining and Semantic Organization of Multi-source

2020 Research and Practice on Semantic Mining and Semantic Organization of Multi-source

2020 Research and Practice on Semantic Mining and Semantic Organization of Multi-source Heterogeneous Resources National Library of China Reporter: Xiaoying Zhou library resource construction 1 2 3

339 views • 19 slides
How the Great Firewall of China is Blocking Tor Philipp Winter and Stefan Lindskog Karlstad

How the Great Firewall of China is Blocking Tor Philipp Winter and Stefan Lindskog Karlstad

How the Great Firewall of China is Blocking Tor Philipp Winter and Stefan Lindskog Karlstad University Aug. 6, 2012 In a nutshell 1. Investigated how Tor is being blocked 2. Speculated about the blocking infrastructure 3. Looked at

454 views • 26 slides
Chinese Outward FDI Location Decision: Does Chinas Accession to WTO Make a Difference? Tao

Chinese Outward FDI Location Decision: Does Chinas Accession to WTO Make a Difference? Tao

Institutional Distance and Motivations of Chinese Outward FDI Location Decision: Does Chinas Accession to WTO Make a Difference? Tao Bai Zhirong Duan Research Background Despite the rich literature on the location choice of firms when

136 views • 12 slides
Chapter 9: The Politics of Communist Economic Reform: Soviet Union and China John F. Padgett

Chapter 9: The Politics of Communist Economic Reform: Soviet Union and China John F. Padgett

Chapter 9: The Politics of Communist Economic Reform: Soviet Union and China John F. Padgett Co-evolution Padgett/Powells Emergence of Organizations and Markets makes general argument that -- evolutionary novelty in organizations comes

422 views • 21 slides
Current Challenges to U.S. - China Educational Collaboration Additional Data International

Current Challenges to U.S. - China Educational Collaboration Additional Data International

Current Challenges to U.S. - China Educational Collaboration Additional Data International Students in US by Place of Origin Data: Institute of International Education. Calculation by Michael Law International Students in Heartland Region

245 views • 13 slides
exascale road in China Ruibo WANG National University of Defense Technology Contents NUDT

exascale road in China Ruibo WANG National University of Defense Technology Contents NUDT

Tianhe-3 and the exascale road in China Ruibo WANG National University of Defense Technology Contents NUDT & TianHe the Exascale Road in China Tianhe-3 Contents NUDT & TianHe the Exascale Road in China Tianhe-3

728 views • 52 slides
What's Really Going On in China? Sheldon Ray AAII Washington D.C. Metro Chapter May 18, 2019

What's Really Going On in China? Sheldon Ray AAII Washington D.C. Metro Chapter May 18, 2019

What's Really Going On in China? Sheldon Ray AAII Washington D.C. Metro Chapter May 18, 2019 Todays Agenda Provide an overview of China's economy, political landscape, US relations, markets, risks, security issues, Hong Kong relations,

520 views • 14 slides
EV Purchase Preferences Annual Passenger Cars Sold 2.58 Annual BEVs Sold among Chinese Buyers

EV Purchase Preferences Annual Passenger Cars Sold 2.58 Annual BEVs Sold among Chinese Buyers

35 3 EV Purchase Preferences Annual Passenger Cars Sold 2.58 Annual BEVs Sold among Chinese Buyers 30 2.5 Annual PHEVs Sold Annual Passenger Cars Sold (1 million vehicles) NEV Cumulative Sales 25 2 Annual NEV Sold (1 million vehicles)

240 views • 6 slides

More recommend