can censorship measurements be safe(r)? ben jones and nick feamster princeton university
TRANSCRIPT
![Page 1: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/1.jpg)
Can Censorship Measurements Be Safe(r)?
Ben Jones and Nick FeamsterPrinceton University
![Page 2: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/2.jpg)
2
Alice wants to measure censorship
AliceFacebook
![Page 3: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/3.jpg)
3
What if someone is watching?
AliceFacebook
Governments have the ability and motive to retaliate against users
![Page 4: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/4.jpg)
4
Defining censorship and surveillance
• Censorship– Practice of restricting access to content– Triggering censorship means automated response
• Surveillance– Practice of capturing and storing traffic to identify
users who measure censorship– Triggering surveillance means manual response– Surveillance system must discard traffic
![Page 5: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/5.jpg)
5
Can we evade surveillance?
• This is hard:– Lives are at stake– Risk is difficult to define– We do not know what surveillance systems can do
• Existing solutions do not address this
• Our solution: maybe we can reduce risk
![Page 6: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/6.jpg)
6
Can we evade surveillance?
-+
++ +
++
+
-
-
-
-
-
-
UninterestingTraffic
-
CensorshipMeasurements
SurveillanceClassifier
+
+ + +
--
-
-
We could mimic uninteresting traffic
++
![Page 7: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/7.jpg)
7
Can we evade surveillance?
-+
++ +
++
+
-
-
-
---
UninterestingTraffic
-
CensorshipMeasurements
SurveillanceClassifier
+
+ + +
--
-
-
We could manipulate uninteresting traffic
++
-
-
![Page 8: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/8.jpg)
8
Outline
• Mimicking uninteresting traffic• Manipulating uninteresting traffic
![Page 9: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/9.jpg)
9
Mimicking uninteresting traffic
• Goal: can we get our traffic discarded?
• Crazy idea: can we measure censorship by mimicking malware?
• Why mimic malware?– Presence of malware will not differentiate users– Surveillance will not care about malware traffic – Surveillance will want to discard malware– Cheap for surveillance to discard malware
![Page 10: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/10.jpg)
SYN scanning mimicry
10
MeasurementClient
1: <SYN, port 22>
Scanning target A
Scanning target B
3: <SYN, port 22>
4: <SYN/ACK, port 22>
2: <SYN/ACK, port 22>
![Page 11: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/11.jpg)
SYN scanning censorship measurement
11
MeasurementClient
<SYN, port 80>Scanning target
BBC.com
<SYN, port 80>Censorship
System
<SYN/ACK, port 80>
![Page 12: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/12.jpg)
12
How can we evaluate this?
• Goal: boost confidence in our measurements
• We create and test against reference systems– Why is this a faithful representation?
• We can get close to what surveillance systems would use to detect malware– Assume the use of COTS malware detection– We use a similar engine (Snort/Cisco)– We use similar rules (most rules are not user generated)
![Page 13: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/13.jpg)
13
Outline
• Mimicking uninteresting traffic• Manipulating uninteresting traffic
![Page 14: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/14.jpg)
14
Measuring DNS censorship
Client X
SurveillanceSystem
CensorshipSystem
<SRC=X, DNS Query>
<DST=X, DNS Response>
What if everyone measured censorship?
![Page 15: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/15.jpg)
15
Measuring DNS censorship
Client X
Client AS SurveillanceSystem
Censorship
<SRC=X, DNS Query>
<DST=X, DNS Response>Client Y
Client Z
<SRC=Y, DNS Query><SRC=Z, DNS Query>
<DST=Y, DNS Response>
<DST=Z, DNS Response>
![Page 16: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/16.jpg)
16
Evaluating manipulation
• Can we detect censorship?– Yes; we get to conduct a direct measurement
• Can we actually spoof?– Good news: difficult to detect spoofing at the edge– CAIDA Spoofer project showed that 77% of users
can spoof within their own /24
![Page 17: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/17.jpg)
17
Summary
• Our contributions– Modeled censorship and surveillance– Showed that we may be able to reduce risk
• This is hard, but important– Plenty of room for future work– Feedback appreciated
• Questions?: [email protected]
![Page 18: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/18.jpg)
18
Ethics
• Autonomy– Do not condone spoofing from other home users– How to accurately educate users?
• Beneficence– Reduce legal and physical risk– May interrupt user Internet service– Load equivalent to open resolver measurement
• Justice• Respect for law and public interest
– Spoofing is a violation of AUPs– Censorship measurement may be illegal
![Page 19: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/19.jpg)
19
DifferencesDifference Surveillance Cost Censorship CostLong term storage Store as much as
possibleNo persistent storage needed
Triggering Human intervention Automatic intervention
False positive People get hurt No cat videosUser attribution Try to discard
automated trafficDo not care about traffic source
![Page 20: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/20.jpg)
20
Evaluating mimicry
![Page 21: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/21.jpg)
21
Assumptions
• Surveillance systems must discard traffic– 2009: NSA/GCHQ tapped 5920 Gbps, but only had
690 Gbps backhaul• Surveillance systems will use COTS
components when possible• If a large number of users measure censorship,
the surveillance system cannot arrest anyone
![Page 22: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/22.jpg)
SYN scanning mimicry
22
MeasurementClient
<SYN, port 22>
Scanning target A
Scanning target B
<SYN, port 22>
<SYN/ACK, port 22>
![Page 23: Can Censorship Measurements Be Safe(r)? Ben Jones and Nick Feamster Princeton University](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0221a28abf838cd34ab/html5/thumbnails/23.jpg)
SYN scanning mimicry
23
MeasurementClient
<SYN, port 80>
Scanning target
BBC.com
<SYN, port 80>
CensorshipSystem
<RST, port 80>