SkypeMorph: Protocol Obfuscation for Censorship Resistance

The Tor network is designed to provide users with low-latency anonymous communication. Tor clients build circuits with publicly listed relays to anonymously reach their destinations. Low-latency anonymous communication is also an essential property required by censorship circumvention tools and thus Tor has been widely used as a censorship resistance tool. However, since the Tor relays are publicly listed, they can be easily blocked by censoring adversaries. Consequently, the Tor project envisioned the possibility of unlisted entry points to the Tor network, commonly known as bridges. In recent years, there have been attempts to achieve fast and real-time methods to discover Tor, and specifically bridge, connections. In this thesis we address the issue of preventing censors from detecting a certain type of traffic, for instance Tor connections, by observing the communications between a remote node and nodes in their network. We propose a generic model in which the client obfuscates its messages to the bridge in a widely used protocol over the Internet. We investigate using Skype video calls as our target protocol and our goal is to make it difficult for the censoring adversary to distinguish between the obfuscated bridge connections and actual Skype calls using statistical comparisons. Although our method is generic and can be used by any censorship resistance application, we present it for Tor, which has well-studied anonymity properties. We have implemented our model as a proof-of-concept proxy that can be extended to a pluggable transport for Tor, and it is available under an open-source licence. Using this implementation we observed the obfuscated bridge communications and showed their characteristics match those of Skype calls. We also compared two methods for traffic shaping and concluded that they perform almost equally in terms of overhead; however, the simpler method makes fewer assumptions about the characteristics of the censorship resistance application’s network traffic, and so this is the one we recommend

Tracking and Behavioral Targeting on Connected TV Platforms

The number of Internet Connected TV (CTV) devices has grown significantly in recent years. However, CTV platforms and the application ecosystem they offer are operating with limited transparency and therefore introduce privacy risks. In this work, we present methods and tools to study the ecosystem of CTVs and shed light on the privacy practices of developers on these platforms. First, we study the data collection and sharing practices on CTVs by platforms, applications, and trackers. To this end, we developed a system to automatically download CTV apps (also known as channels), and interact with them while intercepting the network traffic and performing best-effort TLS interception. We used this smart crawler to visit more than 2,000 channels on two popular CTV platforms, namely Roku and Amazon Fire TV. Our results show that tracking is pervasive on both platforms, with traffic to known trackers present on 69% of Roku channels and 89% of Amazon Fire TV channels. We also discover a widespread practice of collecting and transmitting unique identifiers, at times over unencrypted connections. We also show that the countermeasures available on these devices, such as limiting ad-tracking options and adblocking, are inadequate. Second, we design a series of experiments to show how apps, third-party trackers and advertisers use the information they collect on users on CTV devices for behavioral targeting. To this end, we developed an end-to-end measurement system that utilizes controlled experiments to generate various user profiles, run concurrent crawls using these profiles, and measure and compare video commercials delivered to them. We also present a crowdsourcing system to assign labels to commercials observed during each experiment. The results from our preliminary analysis of behavioral targeting suggest certain channels may be targeting users based on past activity and in the case of one channel, it is potentially violating the privacy settings on the device. We believe our tool and results will assist CTV developers, users, and regulators to have a better understanding of how users' data is used for targeting, whether privacy options are effective on these platforms, and whether different parties comply with the privacy requirements