DeltaShaper Enabling Unobservable Censorship- resistant TCP - - PowerPoint PPT Presentation

deltashaper
SMART_READER_LITE
LIVE PREVIEW

DeltaShaper Enabling Unobservable Censorship- resistant TCP - - PowerPoint PPT Presentation

Oct 20, 2022 165 likes •468 views

DeltaShaper Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing Streams Diogo Barradas Nuno Santos Lus Rodrigues INESC-ID, Instituto Superior Tcnico, Universidade de Lisboa

slide-1
SLIDE 1

DeltaShaper

Enabling Unobservable Censorship- resistant TCP Tunneling over Videoconferencing Streams

Diogo Barradas Nuno Santos Luís Rodrigues INESC-ID, Instituto Superior Técnico, Universidade de Lisboa

slide-2
SLIDE 2

2/29

Censors monitor / control Internet access

Censored Region Uncensored Region

slide-3
SLIDE 3

3/29

Censors monitor / control Internet access

Censored Region Uncensored Region

slide-4
SLIDE 4

4/29

Censors attempt to block covert channels

Censored Region Uncensored Region

slide-5
SLIDE 5

DeltaShaper

5/29

Censored Region Uncensored Region

  • Goals
  • Establish a covert TCP/IP channel
  • Maintain unobservability
  • Resist against network perturbations
slide-6
SLIDE 6

Multimedia protocol tunneling

6/30

System / Properties Active/Passive Attack Resistance Arbitrary Data Transmission Interactive Communication FreeWave

(Houmansadr et al.)

Audio Modulation

Facet

(Li et al.)

Video Embedding

  • CovertCast

(McPherson et al.)

Video Modulation

✔ ✔

  • DeltaShaper

Video Modulation

✔ ✔ ✔

Coverage Security

slide-7
SLIDE 7

Threat model

  • Assumptions:
  • Packets carrying multimedia data are encrypted
  • Censor’s Capabilities:
  • Deep Packet Inspection
  • Observe, store and analyze traffic flows
  • Apply artificial constraints on the network
  • Censor’s Limitations:
  • Unable to decipher the content of Skype packets
  • Not in collusion with the video-conferencing provider
  • Attempts to minimize collateral damage

7/29

slide-8
SLIDE 8

A naïve approach at data modulation

8/29

640 px 480 px

  • Replace chat video frames
  • Encode data in all available pixels

1px = 24b R = 8b G = 8b B = 8b

~922 kB / frame

slide-9
SLIDE 9

Drawbacks of naïve data modulation

9/29

640 px 480 px

  • Data loss
  • Lossy compression (downsampling + quantization)
  • Abnormal traffic patterns
  • Poor compression (spatial & inter-frame redundancy)

1px = 24b R = 8b G = 8b B = 8b

~922 kB / frame

slide-10
SLIDE 10

C1: Can we distinguish regular from irregular Skype streams?

  • Traffic signatures appear to be different
  • Packet lengths frequency distribution

10/29

Frames change extensively Frames do not change

slide-11
SLIDE 11

C2: How much throughput can we achieve while preserving unobservability?

11/29

Censored Region Uncensored Region

Good Unobservability Low Throughput Poor Unobservability High Throughput

slide-12
SLIDE 12

C3: How to maintain unobservability in adverse network conditions?

12/29

Censored Region Uncensored Region Censored Region Uncensored Region

Ideal conditions Good unobservability Perturbed conditions Poor unobservability

slide-13
SLIDE 13

Contributions

  • DeltaShaper : A censorship-resistant system
  • Tunnel TCP/IP data over Skype videocalls
  • Distinguish regular / irregular Skype call streams
  • Packet frequency distribution / EMD
  • Maximize throughput and maintain unobservability
  • Explore the space encoding parameters
  • Adaptation to network conditions
  • Dynamic calibration of encoding parameters

13/29

slide-14
SLIDE 14

How to characterize Skype streams?

  • Characteristic Function - Create a stream signature
  • Frequency distribution of packet lengths
  • Similarity Function - Quantify streams’ differences
  • Earth Mover’s Distance (EMD)

14/29

slide-15
SLIDE 15

Different videos generate distinct traffic

  • Differences between signatures can be quantified
  • Earth Movers’ Distance

15/29

EMD > 0.50 EMD > 0.50 EMD = 0.05

slide-16
SLIDE 16

Different videos generate distinct traffic

  • Censors can identify streams with unusual traffic

16/29

EMD > Δ EMD > Δ EMD < Δ

Flagged Flagged Regular Call

Δ = 0.06

slide-17
SLIDE 17

Can we encode data and maintain unobservability?

  • Strawman: Embed a small payload in each frame
  • Generated traffic does not reflect this embedding

17/29

EMD < Δ

Regular Call

EMD < Δ

Regular Call

EMD < Δ

Regular Call

slide-18
SLIDE 18

A better approach for data modulation

18/29

(b) Payload Frame (a) Carrier Frame

+

(c) Covert Frame

=

Parameter Description ap payload frame area (pixel×pixel) ac cell size (pixel×pixel) bc color encoding (bits) rp payload frame rate (frames/s)

  • Strive for unobservability
  • Accommodate for lossy compression
slide-19
SLIDE 19

Adapt to network conditions

  • Calibrate encoding parameters
  • Maintain unobservability
  • Modulate max. amount of data

19/29

slide-20
SLIDE 20

DeltaShaper adaptation mechanism

  • Periodically:
  • Estimate network conditions from recorded baselines
  • Select adequate parameters from pre-computed table

20/29

Which set is closest?

Cond.1

  • Cond. 2
  • Cond. n

Carrier signature

… … …

ap 1 ac 1 bc 1 rp 1 ap 2 ac 2 bc 2 rp 2 ap n ac n bc n rp n

Encoding parameters

slide-21
SLIDE 21

Implementation challenges

21/29

  • Network interaction
  • Allow transparent TCP/IP communication
  • Video processing
  • Combine carrier / payload frames
  • Video-conferencing software as a black-box
  • Send covert frames without modifying Skype
slide-22
SLIDE 22

DeltaShaper client module

22/29

VETH0 10.10.10.11

Client Application Linux Kernel Kernel Module Payload Encoder

IP Packet Queue

Payload Frame Queue Payload Streamer Stream Blender (Snowmix) FFMPEG

Virtual Camera /dev/video0

Carrier Streamer Carrier Frame

Client Endpoint

Network Namespace Encoder Adapter Covert Stream

VETH1 10.10.10.10

slide-23
SLIDE 23

DeltaShaper server module

23/29

Worker Thread Worker Thread

Decoder Thread Linux Kernel

Display Framebuffer Localhost interface

Photo Thread XWD Server Application

Server Endpoint

Payload Fragment Pool Receiver Process Covert Stream

slide-24
SLIDE 24

Evaluation Steps

  • 1. Can we distinguish Skype streams?
  • 2. Can we balance throughput and unobservability?

3. How well does DeltaShaper perform?

24/29

slide-25
SLIDE 25

Can we distinguish Skype streams?

  • 83% accuracy in distinguishing Skype streams
  • DeltaShaper streams must remain under ΔI

25/29

These streams seem to be strange... I’ll block them.

slide-26
SLIDE 26

Can we balance throughput and unobservability?

26/29

Parameter Description Configuration ap payload frame area (pixel×pixel) 320 x 240 ac cell size (pixel×pixel) 8 x 8 bc color encoding (bits) 6 rp payload frame rate (frames/s) 1

slide-27
SLIDE 27

How well does DeltaShaper perform?

  • Achieved configuration:
  • Performance
  • Raw throughput: 7.2 Kbps
  • Round-Trip-Time: 2s 973ms

27/29

Parameter Description Configuration ap payload frame area (pixel×pixel) 320 x 240 ac cell size (pixel×pixel) 8 x 8 bc color encoding (bits) 6 rp payload frame rate (frames/s) 1

slide-28
SLIDE 28

How well does DeltaShaper perform?

Use Case Protocol Session W/ DS (mm:ss) Protocol Session W/o DS (mm:ss) Overhead Wget (4kB file)

0:22 < 0:01 3,142.9 x

FTP (4kB file)

1:43 0:09 11.4 x

SSH + SMTP

2:41 0:38 4.2 x

SSH

1:29 0:06 14.8 x

Telnet

1:13 0:06 12.2 x

Netcat chat

0:01 < 0:01 166.7 x

SSH Tunnel

2:19 0:22 6.3 x

28/29

  • DeltaShaper allows for the execution of traditional TCP/IP

applications which cover different users’ needs

Non-interactive session Interactive session

slide-29
SLIDE 29

Conclusions

  • DeltaShaper: A censorship-resistant system
  • Supports high-latency / low-throughput TCP applications
  • Maximize throughput and preserve unobservability
  • Greedy exploration of encoding configurations
  • Adaptation in multimedia protocol tunneling
  • Provides improved unobservability
  • Could also enhance similar systems

29/29

http://web.ist.utl.pt/diogo.barradas