TOWARDS RELIABLE CIRCUMVENTION OF INTERNET CENSORSHIP

The Internet plays a crucial role in today\u27s social and political movements by facilitating the free circulation of speech, information, and ideas; democracy and human rights throughout the world critically depend on preserving and bolstering the Internet\u27s openness. Consequently, repressive regimes, totalitarian governments, and corrupt corporations regulate, monitor, and restrict the access to the Internet, which is broadly known as Internet \emph{censorship}. Most countries are improving the internet infrastructures, as a result they can implement more advanced censoring techniques. Also with the advancements in the application of machine learning techniques for network traffic analysis have enabled the more sophisticated Internet censorship. In this thesis, We take a close look at the main pillars of internet censorship, we will introduce new defense and attacks in the internet censorship literature. Internet censorship techniques investigate users’ communications and they can decide to interrupt a connection to prevent a user from communicating with a specific entity. Traffic analysis is one of the main techniques used to infer information from internet communications. One of the major challenges to traffic analysis mechanisms is scaling the techniques to today\u27s exploding volumes of network traffic, i.e., they impose high storage, communications, and computation overheads. We aim at addressing this scalability issue by introducing a new direction for traffic analysis, which we call \emph{compressive traffic analysis}. Moreover, we show that, unfortunately, traffic analysis attacks can be conducted on Anonymity systems with drastically higher accuracies than before by leveraging emerging learning mechanisms. We particularly design a system, called \deepcorr, that outperforms the state-of-the-art by significant margins in correlating network connections. \deepcorr leverages an advanced deep learning architecture to \emph{learn} a flow correlation function tailored to complex networks. Also to be able to analyze the weakness of such approaches we show that an adversary can defeat deep neural network based traffic analysis techniques by applying statistically undetectable \emph{adversarial perturbations} on the patterns of live network traffic. We also design techniques to circumvent internet censorship. Decoy routing is an emerging approach for censorship circumvention in which circumvention is implemented with help from a number of volunteer Internet autonomous systems, called decoy ASes. We propose a new architecture for decoy routing that, by design, is significantly stronger to rerouting attacks compared to \emph{all} previous designs. Unlike previous designs, our new architecture operates decoy routers only on the downstream traffic of the censored users; therefore we call it \emph{downstream-only} decoy routing. As we demonstrate through Internet-scale BGP simulations, downstream-only decoy routing offers significantly stronger resistance to rerouting attacks, which is intuitively because a (censoring) ISP has much less control on the downstream BGP routes of its traffic. Then, we propose to use game theoretic approaches to model the arms races between the censors and the censorship circumvention tools. This will allow us to analyze the effect of different parameters or censoring behaviors on the performance of censorship circumvention tools. We apply our methods on two fundamental problems in internet censorship. Finally, to bring our ideas to practice, we designed a new censorship circumvention tool called \name. \name aims at increasing the collateral damage of censorship by employing a ``mass\u27\u27 of normal Internet users, from both censored and uncensored areas, to serve as circumvention proxies

A New covert channel over RTP

In this thesis, we designed and implemented a new covert channel over the RTP protocol. The covert channel modifies the timestamp value in the RTP header to send its secret messages. The high frequency of RTP packets allows for a high bitrate covert channel, theoretically up to 350 bps. The broad use of RTP for multimedia applications, including VoIP, provides plentiful opportunities to use this channel. By using the RTP header, many of the challenges present for covert channels using the RTP payload are avoided. Using the reference implementation of this covert channel, bitrates of up to 325 bps were observed. Speed decreases on less reliable networks, though message delivery was flawless with up to 1% RTP packet loss. The channel is very difficult to detect due to expected variations in the timestamp field and the flexible nature of RTP

A New Covert Channel Over Cellular Network Voice Channel

Smartphone security has become increasingly more significant as smartphones become a more important part of many individuals\u27 daily lives. Smartphones undergo all computer security issues; however, they also introduce a new set of security issues as various capabilities are added. Smartphone security researchers pay more attention to security issues inherited from the traditional computer security field than smartphone-related security issues. The primary network that smartphones are connected to is the cellular network, but little effort has been directed at investigating the potential security issues that could threaten this network and its end users. A new possible threat that could occur in the cellular network is introduced in this paper. This research proves the ability to use the cellular network voice channel as a covert channel that can convey covert information as speech, thus breaking the network policies. The study involves designing and implementing multiple subsystems in order to prove the theory. First, a software audio modem that is able to convert digital data into audio waves and inject the audio waves to the GSM voice channel was developed. Moreover, a user-mode rootkit was implemented in order to open the voice channels by stealthily answering the incoming voice call, thus breaking the security mechanisms of the smartphone. Multiple scenarios also were tested in order to verify the effectiveness of the proposed covert channel. The first scenario is a covert communication between two parties that intends to hide their communications by using a network that is unknown to the adversary and not protected by network security guards. The two parties communicate through the cellular network voice channel to send and receive text messages. The second scenario is a side channel that is able to leak data such as SMS or the contact of a hacked smartphone through the cellular network voice channel. The third scenario is a botnet system that uses the voice channel as command and control channel (C2). This study identifies a new potential smartphone covert channel, so the outcome should be setting countermeasures against this kind of breach