ABSTRACT
Researchers and censoring regimes have long engaged in a cat-and-mouse game, leading to increasingly sophisticated Internet-scale censorship techniques and methods to evade them. In this paper, we take a drastic departure from the previously manual evade-detect cycle by developing techniques to automate the discovery of censorship evasion strategies. We present Geneva, a novel genetic algorithm that evolves packet-manipulation-based censorship evasion strategies against nation-state level censors. Geneva composes, mutates, and evolves sophisticated strategies out of four basic packet manipulation primitives (drop, tamper headers, duplicate, and fragment). With experiments performed both in-lab and against several real censors (in China, India, and Kazakhstan), we demonstrate that Geneva is able to quickly and independently re-derive most strategies from prior work, and derive novel subspecies and altogether new species of packet manipulation strategies. Moreover, Geneva discovers successful strategies that prior work posited were not effective, and evolves extinct strategies into newly working variants. We analyze the novel strategies Geneva creates to infer previously unknown behavior in censors. Geneva is a first step towards automating censorship evasion; to this end, we have made our code and data publicly available.
Supplemental Material
- Claudio Agosti and Giovanni Pellerano. 2011. SniffJoke: transparent TCP connection scrambler. https://github.com/vecna/sniffjoke. (2011).Google Scholar
- Simurgh Aryan, Homa Aryan, and J. Alex Halderman. 2013. Internet Censorship in Iran: A First Look. In USENIX Workshop on Free and Open Communications on the Internet (FOCI).Google Scholar
- Sam Burnett and Nick Feamster. 2015. Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests. In ACM SIGCOMM.Google Scholar
- Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson. 2006. Ignoring the Great Firewall of China. In Privacy Enhancing Technologies Symposium (PETS).Google Scholar
- Lawrence Davis. 1991. Handbook of genetic algorithms .CUMINCAD.Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. In USENIX Security Symposium.Google ScholarDigital Library
- Daniel Ellard, Christine Jones, Victoria Manfredi, W. Timothy Strayer, Bishal Thapa, Megan Van Welie, and Alden Jackson. 2015. Rebound: Decoy routing on asymmetric routes via error messages. In IEEE Conference on Local Computer Networks (LCN).Google ScholarDigital Library
- Roya Ensafi, David Fifield, Philipp Winter, Nick Feamster, Nicholas Weaver, and Vern Paxson. 2015. Examining How the Great Firewall Discovers Hidden Circumvention Servers. In ACM Internet Measurement Conference (IMC).Google Scholar
- David Fifield. 2017. Threat modeling and circumvention of Internet censorship. In PhD thesis.Google Scholar
- David Fifield, Nate Hardison, Jonathan Ellithorpe, Emily Stark, Dan Boneh, Roger Dingledine, and Phil Porras. 2012. Evading Censorship with Browser-Based Proxies. Privacy Enhancing Technologies Symposium (PETS).Google Scholar
- David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. 2015. Blocking-resistant communication through domain fronting. In Privacy Enhancing Technologies Symposium (PETS).Google ScholarCross Ref
- Félix-Antoine Fortin, Franccois-Michel De Rainville, Marc-André Gardner, Marc Parizeau, and Christian Gagné. 2012. DEAP: Evolutionary Algorithms Made Easy. Journal of Machine Learning Research, Vol. 13 (July 2012), 2171--2175.Google Scholar
- Li Haifeng, Wang Shaolei, Zhang Bin, Shuai Bo, and Tang Chaojing. 2015. Network protocol security testing based on fuzz. International Conference on Computer Science and Network Technology (ICCSNT).Google ScholarCross Ref
- Mark Handley, Vern Paxson, and Christian Kreibich. 2001. Network Intrusion Detection: Evasion, Traffic Normalization, and End-To-End Protocol Semantics. In USENIX Security Symposium.Google Scholar
- Amirr Houmansadr, Chad Brubaker, and Vitaly Shmatikov. 2013. The Parrot is Dead: Observing Unobservable Network Communications. In IEEE Symposium on Security and Privacy.Google ScholarDigital Library
- Amir Houmansadr, Thomas Riedl, Nikita Borisov, and Andrew Singer. 2012. IP over Voice-over-IP for censorship circumvention. In arXiv preprint arXiv:1207.2683.Google Scholar
- Amir Housmandr, Giang T. K. Ngyuen, Matthew Caesar, and Nikita Borisov. 2011. Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability. In ACM Conference on Computer and Communications Security (CCS).Google Scholar
- Sheharbano Khattak, Mobin Javed, Philip D. Anderson, and Vern Paxson. 2013. Towards Illuminating a Censorship Monitor's Model to Facilitate Evasion. In USENIX Workshop on Free and Open Communications on the Internet (FOCI).Google Scholar
- George T. Klees, Andrew Ruef, Benjamin Cooper, Shiyi Wei, and Michael Hicks. 2018. Evaluating Fuzz Testing. In ACM Conference on Computer and Communications Security (CCS).Google Scholar
- Eddie Kohler, Robert Morris, Benjie Chen, John Jannotti, and M Frans Kaashoek. 2000. The Click modular router. ACM Transactions on Computer Systems, Vol. 18, 3 (2000), 263--297.Google ScholarDigital Library
- Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumenzanu, Neil Spring, and Bobby Bhattacharjee. 2015. Alibi Routing. In ACM SIGCOMM.Google Scholar
- Zhihao Li, Stephen Herwig, and Dave Levin. 2017. DeTor: Provably Avoiding Geographic Regions in Tor. In USENIX Security Symposium.Google Scholar
- Moxie Marlinspike. 2017. Doodles, stickers, and censorship circumvention for Signal Android. https://signal.org/blog/doodles-stickers-censorship/. (2017).Google Scholar
- Dirk Merkel. 2014. Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux Journal, Vol. 239, 2 (2014).Google Scholar
- Hooman Mohajeri Moghaddam, Baiyu Li, Mohammad Derakhshani, and Ian Goldberg. 2012. SkypeMorph: Protocol Obfuscation for Tor Bridges. In ACM Conference on Computer and Communications Security (CCS).Google ScholarDigital Library
- Zubair Nabi. 2013. The Anatomy of Web Censorship in Pakistan. In USENIX Workshop on Free and Open Communications on the Internet (FOCI).Google Scholar
- Thomas H. Ptacek and Timothy N. Newsham. 1998. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. In Secure Networks, Inc.Google Scholar
- Ram Sundara Raman, Leonid Evdokimov, Eric Wustrow, Alex Halderman, and Roya Ensafi. 2019. Kazakhstan's HTTPS Interception. https://censoredplanet.org/kazakhstan. (2019).Google Scholar
- Fangfan Liand Abbas Razaghpanah, Arash Molavi Kakhki, Arian Akhavan Niaki, David Choffnes, Phillipa Gill, and Alan Mislove. 2017. lib$cdot$erate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently. In ACM Internet Measurement Conference (IMC).Google Scholar
- Reporters Without Borders. 2013. Enemies of the Internet 2013 Report. https://surveillance.rsf.org/en/wp-content/uploads/sites/2/2013/03/enemies-of-the-internet_2013.pdf. (March 2013).Google Scholar
- Scott Michael Seal. 2016. Optimizing Web Application Fuzzing with Genetic Algorithms and Language Theory. In Master of Science Thesis.Google Scholar
- Signal. 2017. Egypt keeps trying to block Signal, inadvertently blocking all of Google, and having to stop as a result. We'll also expand domain fronts. https://twitter.com/signalapp/status/817062093094604800. (2017).Google Scholar
- Spandan Veggalam, Sanjay Rawat, Istvan Haller, and Herbert Bos. 2016. IFuzzer: An Evolutionary Interpreter Fuzzer using Genetic Programming. In European Symposium on Research in Computer Security (ESORICS).Google ScholarCross Ref
- Paul Vines and Tadayoshi Kohno. 2015. Rook: Using Video Games as a Low-Bandwidth Censorship Resistant Communication Platform. In Workshop on Privacy in the Electronic Society (WPES).Google ScholarDigital Library
- Qiyan Wang, Xun Gong, Giang T. K. Nguyen, Amir Houmansadr, and Nikita Borisov. 2012. CensorSpoofer: Asymmetric Communication Using IP Spoofing for Censorship-Resistant Web Browsing. In ACM Conference on Computer and Communications Security (CCS).Google ScholarDigital Library
- Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy. 2017. Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship. In ACM Internet Measurement Conference (IMC).Google Scholar
- Zachary Weinberg, Jeffrey Wang, Vinod Yegneswaran, Linda Briesemeister, Steven Cheung, Frank Wang, and Dan Boneh. 2012. StegoTorus: A Camouflage Proxy for the Tor Anonymity System. In ACM Conference on Computer and Communications Security (CCS).Google ScholarDigital Library
- Brandon Wiley. [n. d.]. Dust: A Blocking-Resistant Internet Transport Protocol. http://blanu.net/Dust.pdf. ([n. d.]).Google Scholar
- Philipp Winter. 2012. brdgrd (Bridge Guard). https://github.com/NullHypothesis/brdgrd. (2012).Google Scholar
- Philipp Winter and Jedidiah R. Crandall. 2012. The Great Firewall of China: How It Blocks Tor and Why It Is Hard to Pinpoint. ;login:, Vol. 37, 6 (2012), 42--50.Google Scholar
- Eric Wustrow, Colleen M. Swanson, and J. Alex Halderman. 2014. TapDance: End-to-Middle Anticensorship without Flow Blocking. In USENIX Annual Technical Conference.Google Scholar
- Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman. 2011. Telex: Anticensorship in the Network Infrastructure. In USENIX Annual Technical Conference.Google Scholar
- Xueyang Xu, Morley Mao, and J. Alex Halderman. 2011. Internet Censorship in China: Where Does the Filtering Occur?. In Passive and Active Network Measurement Workshop (PAM).Google Scholar
- Tarun Kumar Yadav, Akshat Sinha, Devashish Gosain, Piyush Kumar Sharma, and Sambuddho Chakravarty. 2018. Where The Light Gets In: Analyzing Web Censorship Mechanisms in India. In ACM Internet Measurement Conference (IMC).Google ScholarDigital Library
- Wenxuan Zhou, Amir Houmansadr, Matthew Caesar, and Nikita Borisov. 2013. SWEET: Serving the Web by Exploiting Email Tunnels. In Privacy Enhancing Technologies Symposium (PETS).Google Scholar
Index Terms
- Geneva: Evolving Censorship Evasion Strategies
Recommendations
Come as You Are: Helping Unmodified Clients Bypass Censorship with Server-side Evasion
SIGCOMM '20: Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communicationDecades of work on censorship evasion have resulted in myriad ways to empower clients with the ability to access censored content, but to our knowledge all of them have required some degree of client-side participation. Having to download and run anti-...
Even Censors Have a Backup: Examining China's Double HTTPS Censorship Middleboxes
FOCI '21: Proceedings of the ACM SIGCOMM 2021 Workshop on Free and Open Communications on the InternetThe Great Firewall of China (GFW) has long censored HTTPS (via the Server Name Indication field, or SNI). Its mechanism for doing so has been studied, with various evasion strategies discovered in recent years. In this paper, we have evidence that ...
"Good" worms and human rights
The extent of Internet censorship in countries like China is regularly tested, but the testing methods used from within a censored country can entail risk for humans. A benevolent worm can be used for testing instead: the worm's self-replication, long ...
Comments