Systemization of Pluggable Transports for Censorship Resistance

An increasing number of countries implement Internet censorship at different scales and for a variety of reasons. In particular, the link between the censored client and entry point to the uncensored network is a frequent target of censorship due to the ease with which a nation-state censor can control it. A number of censorship resistance systems have been developed thus far to help circumvent blocking on this link, which we refer to as link circumvention systems (LCs). The variety and profusion of attack vectors available to a censor has led to an arms race, leading to a dramatic speed of evolution of LCs. Despite their inherent complexity and the breadth of work in this area, there is no systematic way to evaluate link circumvention systems and compare them against each other. In this paper, we (i) sketch an attack model to comprehensively explore a censor's capabilities, (ii) present an abstract model of a LC, a system that helps a censored client communicate with a server over the Internet while resisting censorship, (iii) describe an evaluation stack that underscores a layered approach to evaluate LCs, and (iv) systemize and evaluate existing censorship resistance systems that provide link circumvention. We highlight open challenges in the evaluation and development of LCs and discuss possible mitigations.Comment: Content from this paper was published in Proceedings on Privacy Enhancing Technologies (PoPETS), Volume 2016, Issue 4 (July 2016) as "SoK: Making Sense of Censorship Resistance Systems" by Sheharbano Khattak, Tariq Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch and Ian Goldberg (DOI 10.1515/popets-2016-0028

Mending Wall: On the Implementation of Censorship in India

This paper presents a study of the Internet infrastructure in India from the point of view of censorship. First, we show that the current state of affairs — where each ISP implements its own content filters (nominally as per a governmental blacklist) — results in dramatic differences in the censorship experienced by customers. In practice, a well-informed Indian citizen can escape censorship through a judicious choice of service provider. We then consider the question of whether India might potentially follow the Chinese model and institute a single, government-controlled filter. This would not be difficult, as the Indian Internet is quite centralized already. A few “key” ASes (≈ 1% of Indian ASes) collectively intercept ≈ 95% of paths to the censored sites we sample in our study, and also to all publicly-visible DNS servers. 5, 000 routers spanning these key ASes would suffice to carry out IP or DNS filtering for the entire country; ≈ 70% of these routers belong to only two private ISPs. If the government is willing to employ more powerful measures, such as an IP Prefix Hijacking attack, any one of several key ASes can censor traffic for nearly all Indian users. Finally, we demonstrate that such federated censorship by India would cause substantial collateral damage to non-Indian ASes whose traffic passes through Indian cyberspace (which do not legally come under Indian jurisdiction at all)

Emoji Company GmbH v Schedule A Defendants

Declaration of Dean Eric Goldma

Emoji Company GmbH v Schedule A Defendants

Declaration of Dean Eric Goldma

Nouvelles méthodes pour la publicité ciblée et le traçage des utilisateurs sur Internet

International audienceInternet usage is increasing every day. Nowadays, since the advent of smartphones, smart tablets and smart watches, people tend to be permanently online, even in mobility conditions. Free Wi-Fi connectivity is provided in public areas such as parks, coffee shops and airports, and is becoming the norm: people are expecting it.This trend led free Wi-Fi providers and other network agents to look for ways of monetizing their networks through targeted advertising and user tracking. However, this may be problematic because of the resulting privacy concerns.In this thesis, we identify the possible ways of carrying out such actions, as well as methods that have been designed by the research community to study their impact.We then present WALTER, a tool which focuses on detecting content injection in downstream HTTP traffic.L’utilisation d’Internet grandit de jour en jour. Aujourd’hui, depuis l’apparition des smartphones, tablettes et montres connectées, les internautes ont tendance à rester en ligne de façon permanente, même en mobilité. Les points d’accès Wi-Fi publics sont de plus en plus présents dans les parcs, les cafés et les aéroports : avoir un accès à Internet gratuitement dans les lieux publics devient la norme.Cette tendance incite les fournisseurs d’accès et intermédiaires réseau à élaborer des moyens de rentabiliser leurs infrastructures réseaux grâce à la publicité ciblée et le traçage des utilisateurs. Cependant, cela pose des problèmes de confidentialité et de vie privée.Dans ce rapport, nous identifions les moyens techniques permettant aux intermédiaires réseau de mettre en oeuvre de telles pratiques. Nous analysons également les méthodes qui ont été développées par la communauté scientifique pour étudier leur impact.Nous présentons ensuite WALTER, un outil dont le but est de détecter l’injection de contenu dans le trafic HTTP descendant

Robust, Resilient Networked Communication in Challenged Environments

In challenged environments, digital communication infrastructure may be difficult or even impossible to access. This is especially true in rural and developing regions, as well as in any region during a time of political or environmental crisis. We advance the state of the art in wireless networking and security to design networks and applications that rapidly assess changing networking conditions to restore communication and provide local situational awareness. This dissertation examines new systems for responding to current and emerging needs for wireless networks. This work looks across the wireless ecosystem of widely deployed standards. We develop new tools to improve network assessment and to provide robust and reliable network communication. By incorporating new technological breakthroughs, such as the wide commercial success of Unmanned Aircraft Systems (UAS), we introduce novel methods and systems for existing wireless standards for these challenged networks. We assess how existing technologies and standards function in difficult environments: lacking end-end Internet connectivity, experiencing overload or other resource constraints, and operating in three dimensional space. Through this lens, we demonstrate how to optimize networks to serve marginalized communities outside of first world urban cities and make our networks resilient to natural and political crisis that threaten communication

Report on the NSF Workshop on Formal Methods for Security

The NSF workshop on Security and Formal Methods, held 19--20 November 2015, brought together developers of formal methods, researchers exploring how to apply formal methods to various kinds of systems, and people familiar with the security problem space.Engineering and Applied Science