StegoTorus: A camouflage proxy for the Tor anonymity system

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2012, Pages 109-120

  Weinberg, Zachary ^a,b   Wang, Jeffrey ^c   Yegneswaran, Vinod ^b   Briesemeister, Linda ^b   Cheung, Steven ^b   Wang, Frank ^c   Boneh, Dan ^c  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b SRI INTERNATIONAL   (United States)

^c STANFORD UNIVERSITY   (United States)

Author keywords

Anticensorship; Circumvention tools; Cryptosystems; Steganography

Indexed keywords

ANTICENSORSHIP; INTERNET CENSORSHIP; INTERNET USERS; NETWORK TRAFFIC; PACKET CONTENTS; PROTOCOL ANALYSIS;

CRYPTOGRAPHY; HTTP; HYPERTEXT SYSTEMS; INTERNET; INTERNET PROTOCOLS; STEGANOGRAPHY;

NETWORK SECURITY;

EID: 84869462325     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2382196.2382211     Document Type: Conference Paper

References (73)

1. Adobe Systems Incorporated. SWF File Format Specification (version 10), 2008. https://www.adobe.com/devnet/swf.html.
2. Albrecht, M. R., Paterson, K. G., and Watson, G. J. Plaintext Recovery Attacks against SSH. In IEEE Symposium on Security and Privacy (2009), pp. 16-26. doi:10.1109/SP.2009.5.
3. Alexa. Top Sites by Category. Data set, 2011. http://www.alexa.com/ topsites/category.
4. Bar-Yanai, R., Langberg, M., Peleg, D., and Roditty, L. Realtime Classification for Encrypted Traffic. In Experimental Algorithms (2010), vol. 6049 of Lecture Notes in Computer Science, pp. 373-385. doi:10.1007/978-3-642- 13193-6-32.
5. Bard, G. V. The Vulnerability of SSL to Chosen Plaintext Attack. Cryptology ePrint Archive, Report 2004/111, 2004. http://eprint.iacr.org/2004/ 111.
6. Bard, G. V. A Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL. Cryptology ePrint Archive, Report 2006/136, 2006. http://eprint.iacr.org/2006/136.
7. Bellare, M., and Namprempre, C. Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. J. Cryptology 21, 4 (2008), 469-491. doi:10.1007/s00145-008-9026-x.
8. Bissias, G. D., Liberatore, M., Jensen, D., and Levine, B. N. Privacy vulnerabilities in encrypted HTTP streams. In Privacy Enhancing Technologies (2006), vol. 3856 of Lecture Notes in Computer Science, pp. 1-11. doi:10.1007/11767831-1.
9. Black, J., and Urtubia, H. Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption. In Proceedings of the 11th USENIX Security Symposium (2002), pp. 327-338. http://www.usenix.org/event/ sec02/full-papers/black/black-html/.
10. Böhme, R. Advanced Statistical Steganalysis. Springer, 2010. http://www.springer.com/book/978-3-642-14312-0.
11. Burnett, S., Feamster, N., and Vempala, S. Chipping Away at Censorship Firewalls with User-Generated Content. In Proceedings of the 19th USENIX Security Symposium (2010), pp. 453-468. http://www.usenix.org/events/sec10/tech/ full-papers/Burnett.pdf.
12. Caballero, J., Yin, H., Liang, Z., and Song, D. Polyglot: Automatic extraction of protocol format using dynamic binary analysis. In 14th ACM Conference on Computer and Communications Security (2007), pp. 317-329. doi:10.1145/1315245.1315286.
13. Celine, H. Quoted in Leviathan, Robert Shea and Robert Anton Wilson, Dell Publishing, 1975.
14. claffy, k., Andersen, D., and Hick, P. The CAIDA Anonymized Internet Traces - Equinix, Chicago, 17 Feb 2011. Data set, 2011. http://www.caida.org/ data/passive/passive-2011-dataset.xml.
15. Cui, W., Kannan, J., and Wang, H. J. Discoverer: Automatic protocol reverse engineering from network traces. In Proceedings of the 16th USENIX Security Symposium (2007), pp. 199-212. http://www.usenix.org/events/sec07/tech/ cui.html.
16. Deibert, R. J., Palfrey, J., Rohozinski, R., and Zittrain, J. Global Internet Filtering Map and Regional Summaries, 2011. http://map.opennet.net/.
17. Dierks, T., and Allen, C. The TLS Protocol, Version 1.0. RFC 2246, 1999. http://tools.ietf.org/html/rfc2246.
18. Diffie, W., Oorschot, P. C., and Wiener, M. J. Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2 (1992), 107-125. http://sites.google.com/site/michaeljameswiener/STS.pdf.
19. Dingledine, R. Behavior for bridge users, bridge relays, and bridge authorities. Tor Proposal #125, 2007. https://gitweb.torproject.org/torspec.git/ blob/HEAD:/proposals/125-bridges.txt.
20. Dingledine, R. Iran blocks Tor; Tor releases same-day fix. Tor Project official blog, 2011. https://blog.torproject.org/blog/iranblocks-tor-tor- releases-same-day-fix.
21. Dingledine, R. Obfsproxy: the next step in the censorship arms race. Tor Project official blog, 2012. https://blog.torproject.org/blog/obfsproxy-next- step-censorship-arms-race.
22. Dingledine, R., and Mathewson, N. Tor Protocol Specification. The Tor Project, 2003-2011. https://gitweb.torproject.org/torspec.git/blob/ 84ec5aca5f5735f445840f6f574842b71365bbde:/torspec.txt.
23. Dingledine, R., and Mathewson, N. Design of a blocking-resistant anonymity system. Tech. rep., The Tor Project, 2006. https://svn.torproject.org/ svn/projects/designpaper/blocking.pdf.
24. Dingledine, R., Mathewson, N., and Syverson, P. Tor: The Second-Generation Onion Router. In Proceedings of the 13th USENIX Security Symposium (2004), pp. 303-320. http://www.usenix.org/events/sec04/tech/ dingledine.html.
25. Dworkin, M. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D, 2007. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf.
26. Dynamic Internet Technology Inc. DynaWeb. Proxy service, 2002. http://www.dit-inc.us/dynaweb.
27. Feamster, N., Balazinska, M., Harfst, G., Balakrishnan, H., and Karger, D. Infranet: Circumventing Web Censorship and Surveillance. In Proceedings of the 11th USENIX Security Symposium (2002), pp. 247-262. http://www.usenix.org/ events/sec02/feamster.html.
28. Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and Berners-Lee, T. Hypertext Transfer Protocol - HTTP/1.1. RFC 2616, 1999. http://tools.ietf.org/html/rfc2616.
29. Fifield, D., Hardison, N., Ellithorpe, J., Stark, E., Dingledine, R., Porras, P., and Boneh, D. Evading Censorship with Browser-Based Proxies. In Privacy Enhancing Technologies (2012), vol. 7384 of Lecture Notes on Computer Science, pp. 239-258. https://crypto.stanford.edu/flashproxy/flashproxy.pdf.
30. Fisk, G., Fisk, M., Papadopoulos, C., and Neil, J. Eliminating Steganography in Internet Traffic with Active Wardens. In Information Hiding (2003), vol. 2578 of Lecture Notes in Computer Science, pp. 18-35. http://www.woozle.org/~mfisk/papers/ih02.pdf.
31. Gilmore, J. Quoted in "First Nation in Cyberspace" by Philip Elmer-Dewitt. TIME Magazine, December 1993.
32. Guan, Y., Fu, X., Xuan, D., Shenoy, P. U., Bettati, R., and Zhao, W. NetCamo: Camouflaging Network Traffic for QoS-Guaranteed Mission Critical Applications. IEEE Transactions on Systems, Man, and Cybernetics 31, 4 (2001), 253-265. doi:10.1109/3468.935042.
33. Haselton, B., et al. Peacefire: Open Access for the Net Generation. Web site, 1995-2012. http://www.peacefire.org/info/about-peacefire.shtml.
34. Hemminger, S. Network Emulation with NetEm. In linux.conf.au (2005). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.67.1687&rep= rep1&type=pdf.
35. Herrmann, D., Wendolsky, R., and Federrath, H. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier. In Proceedings of the 2009 ACM workshop on Cloud computing security (2009), pp. 31-42. doi:10.1145/1655008.1655013.
36. Hintz, A. Fingerprinting websites using traffic analysis. In Privacy Enhancing Technologies (2003), vol. 2482 of Lecture Notes in Computer Science, pp. 229-233. doi:10.1007/3-540-36467-6-13.
37. Hopper, N. J., Langford, J., and von Ahn, L. Provably Secure Steganography. In Advances in Cryptology - CRYPTO (2002), vol. 2442 of Lecture Notes in Computer Science, pp. 119-123. doi:10.1007/3-540-45708-9-6.
38. Houmansadr, A., Nguyen, G. T., Caesar, M., and Borisov, N. Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability. In Proceedings of the 18th ACM conference on Computer and communications security (2011), pp. 187-200. doi:10.1145/2046707.2046730.
39. Josefsson, S. The Base16, Base32, and Base64 Data Encodings. RFC 4648, 2006. http://tools.ietf.org/html/rfc4648.
40. Karlin, J., Ellard, D., Jackson, A., Jones, C. E., Lauer, G., Makins, D. P., and Strayer, W. T. Decoy Routing: Toward Unblockable Internet Communication. In USENIX Workshop on Free and Open Communications on the Internet (2011). https://db.usenix.org/events/foci11/tech/final-files/Karlin.pdf.
41. Köpsell, S., and Hillig, U. How to Achieve Blocking Resistance for Existing Systems Enabling Anonymous Web Surfing. In Proceedings of the 2004 ACM workshop on Privacy in the electronic society (2004), pp. 47-58. https://gnunet.org/sites/default/files/koepsell-wpes2004-0.pdf.
42. Krawczyk, H. Cryptographic Extraction and Key Derivation: The HKDF Scheme. Cryptology ePrint Archive, Report 2010/264, 2010. http://eprint.iacr. org/2010/264.
43. Leech, M., Ganis, M., Lee, Y.-D., Kuris, R., Koblas, D., and Jones, L. SOCKS Protocol Version 5. RFC 1928, 1996. http://tools.ietf.org/html/rfc1928.
44. Lin, Z., Jiang, X., Xu, D., and Zhang, X. Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. In 15th Symposium on Network and Distributed System Security (2008). http://www.isoc.org/isoc/ conferences/ndss/08/papers/14-automatic-protocol-format.pdf.
45. Lincoln, P., Mason, I., Porras, P., Yegneswaran, V., Weinberg, Z., Massar, J., Simpson, W. A., Vixie, P., and Boneh, D. Bootstrapping Communications into an Anti-Censorship System. In 2nd USENIX Workshop on Free and Open Communications on the Internet (2012). https://www.usenix.org/ conference/foci12/bootstrapping-communications-anti-censorship-system.
46. Maier, G., Feldmann, A., Paxson, V., and Allman, M. On Dominant Characteristics of Residential Broadband Internet Traffic. In Proceedings of the Ninth Internet Measurement Conference (2009), pp. 90-102. http://www.icir.org/ vern/papers/imc102-maier.pdf.
47. Mathewson, N. Pluggable Transports for Circumvention. Tor Proposal #180, 2010-2011. https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180- pluggable-transport.txt.
48. Mathewson, N. Tor and Circumvention: Lessons Learned. Invited talk at the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2011. http://www.usenix.org/event/leet11/tech/slides/mathewson.pdf.
49. McGill, R., Tukey, J. W., and Larsen, W. A. Variations of Box Plots. The American Statistician 32, 1 (1978), 12-16. http://www.jstor.org/pss/2683468.
50. McLachlan, J., and Hopper, N. On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design. In Proceedings of the 8th ACM workshop on Privacy in the electronic society (2009), pp. 31-40. doi:10.1145/1655188.1655193.
51. Moghaddam, H. M., Li, B., Derakhshani, M., and Goldberg, I. SkypeMorph: Protocol Obfuscation for Tor Bridges. Tech. rep., University of Waterloo, 2012. http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf.
52. Möller, B. A Public-Key Encryption Scheme with Pseudo-random Ciphertexts. In Computer Security - ESORICS (2004), vol. 3193 of Lecture Notes in Computer Science, pp. 335-351. http://www.bmoeller.de/pdf/pke-pseudo- esorics2004.pdf.
53. Murdoch, S. J., and Danezis, G. Low-Cost Traffic Analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy (2005), pp. 183-195. doi:10.1109/SP.2005.12.
54. NIST. Digital Signature Standard. FIPS 186-2, 2000. http://csrc.nist.gov/ publications/fips/archive/fips186-2/fips186-2.pdf.
55. Nottingham, M. Making HTTP Pipelining Usable on the Open Web. Internet-Draft, 2011. http://tools.ietf.org/html/draftnottingham-http-pipeline.
56. Ohling, F., Schoen, S., adam or aco, et al. How to Bypass Internet Censorship. FLOSS Manuals, 2011. http://en.flossmanuals.net/bypassing- censorship/.
57. Panchenko, A., Niessen, L., Zinnen, A., and Engel, T. Website Fingerprinting in Onion Routing Based Anonymization Networks. In Proceedings of the 10th annual ACM workshop on Privacy in the electronic society (2011), pp. 103-114. doi:10.1145/2046556.2046570.
58. Perry, M. Experimental Defense for Website Traffic Fingerprinting. Tor Project official blog, 2011. https://blog.torproject.org/blog/ experimentaldefense-website-traffic-fingerprinting.
59. Pfitzmann, A., and Hansen, M. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, 2010. v0.34. http://dud.inf.tu-dresden. de/literatur/Anon-Terminology-v0.34.pdf.
60. Price, M., Enayat, M., et al. Persian cyberspace report: internet blackouts across Iran. Iran Media Program news bulletin, 2012. http://iranmediaresearch.com/en/blog/101/12/02/09/840.
61. R Development Core Team. R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria, 2011. http://www.R-project.org/.
62. Rogaway, P. Nonce-Based Symmetric Encryption. In Fast Software Encryption (2004), vol. 3017 of Lecture Notes in Computer Science, pp. 348-359. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.76.2964&rep= rep1&type=pdf.
63. Ross, A. Quoted in "Hillary Clinton adviser compares Internet to Che Guevara" by Josh Halliday. The Guardian, June 2011. http://www.guardian. co.uk/media/2011/jun/22/hillaryclinton-adviser-alec-ross.
64. Sun, Q., Simon, D. R., Wang, Y.-M., Russell, W., Padmanabhan, V. N., and Qiu, L. Statistical identification of encrypted Web browsing traffic. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (2002), pp. 19-30. doi:10.1109/SECPRI.2002.1004359.
65. UltraReach Internet Corp. Ultrasurf. Proxy service, 2001. http://www.ultrasurf.us/.
66. von Ahn, L., and Hopper, N. J. Public-Key Steganography. In Advances in Cryptology - EUROCRYPT (2004), vol. 3027 of Lecture Notes in Computer Science, pp. 323-341. doi:10.1007/978-3-540-24676-3-20.
67. Wang, X., Luo, J., Yang, M., and Ling, Z. A potential HTTP-based application-level attack against Tor. Future Generation Computer Systems 27 (2011), 67-77. doi:10.1016/j.future.2010.04.007.
68. White, A. M., Matthews, A. R., Snow, K. Z., and Monrose, F. Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks. In IEEE Symposium on Security and Privacy (2011), pp. 3-18. https://www.cs.unc.edu/~amw/ resources/hooktonfoniks.pdf.
69. Wickham, H. ggplot2: elegant graphics for data analysis. Springer New York, 2009. http://had.co.nz/ggplot2/book.
70. Wilde, T. Knock Knock Knockin' on Bridges' Doors. Tor Project official blog, 2012. https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors.
71. Wiley, B. Dust: A Blocking-Resistant Internet Transport Protocol, 2010. http://blanu.net/Dust.pdf.
72. Wustrow, E., Wolchok, S., Goldberg, I., and Halderman, J. A. Telex: Anticensorship in the Network Infrastructure. In Proceedings of the 20th USENIX Security Symposium (2011), pp. 459-473. http://www.usenix.org/events/sec11/tech/ full-papers/Wustrow.pdf.
73. Yeo, V. Green Dam enforcement watered down. ZDNet Asia (October 2009). http://www.zdnetasia.com/green-dam-enforcementwatered-down-62058509.htm.