new conjure · 2020. 2. 25. · conjure sergey frolov1, jack wampler1, sze chuen tan3, nikita...

Conjure

Sergey Frolov1, Jack Wampler1, Sze Chuen Tan3,Nikita Borisov3, J. Alex Halderman2, Eric Wustrow1

1 University of Colorado Boulder, 2 University of Michigan, 3 University of Illinois Urbana-Champaign

Summoning Proxies from Unused Address Space

2

Internet Censorship

Conjure: Summoning Proxies from Unused Address SpaceSource: censoredplanet.org

Censorship is a global problem

3

Proxy

Proxies

Conjure: Summoning Proxies from Unused Address Space

BlockedCovert Hosts

4

Blocking Proxies


BlockedCovert HostsCensors try to discover proxies

by connecting to them as clients

Proxy

5

Blocking Proxies


BlockedCovert HostsCensors try to discover

proxies by inspecting traffic

Proxy

6

Proxy

Refraction Networking


BlockedCovert Hosts

Not BlockedDecoy Host

7


Not BlockedDecoy HostProxy


BlockedCovert Hosts

8


Proxy


BlockedCovert Hosts

Not BlockedDecoy Host

9

Refraction NetworkingRefraction networking● Station listens network router at an ISP


10

TapDanceInline Blocking● Drops connections to decoy sites● Redirects traffic to covert destination


11


Telex: Anticensorship in the Network InfrastructureEric Wustrow, Scott Wolchok, Ian Goldberg, J. Alex Halderman [USENIX 2011]

Decoy Routing: Toward Unblockable Internet CommunicationJosh Karlin, Daniel Ellard, Alden W. Jackson, Christine E. Jones, Greg Lauer, David P. Mankins, W. Timothy Strayer [FOCI 2011]

Cirripede: Circumvention Infrastructure using Router Redirection with Plausible DeniabilityAmir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, Nikita Borisov [CCS 2011]

TapDance: End-to-Middle Anticensorship without Flow Blocking Eric Wustrow, Colleen M. Swanson, J. Alex Halderman [USENIX 2014]

Rebound: Decoy Routing on Asymmetric Routes Via Error MessagesDaniel Ellard, Alden Jackson, Christine Jones, Victoria Manfredi, W. Timothy Strayer, Bishal Thapa, Megan Van Welie [IEEE LCM 2015]

Slitheen: Perfectly Imitated Decoy Routing through Traffic ReplacementCecylia Bocovich, Ian Goldberg [CCS 2016]

The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing AttacksMilad Nasr, Hadi Zolfaghari, Amir Housmansadr [ACM 2017]

MultiFlow: Cross-Connection Decoy Routing using {TLS} 1.3 Session ResumptionVictoria Manfredi, and Pi Songkuntham [FOCI 2018]

FORMERLY DECOY ROUTING


12


Telex: Anticensorship in the Network InfrastructureEric Wustrow, Scott Wolchok, Ian Goldberg, J. Alex Halderman [USENIX 2011]

Decoy Routing: Toward Unblockable Internet CommunicationJosh Karlin, Daniel Ellard, Alden W. Jackson, Christine E. Jones, Greg Lauer, David P. Mankins, W. Timothy Strayer [FOCI 2011]

Cirripede: Circumvention Infrastructure using Router Redirection with Plausible DeniabilityAmir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, Nikita Borisov [CCS 2011]

TapDance: End-to-Middle Anticensorship without Flow BlockingEric Wustrow, Colleen M. Swanson, J. Alex Halderman [USENIX 2014]

Rebound: Decoy Routing on Asymmetric Routes Via Error MessagesDaniel Ellard, Alden Jackson, Christine Jones, Victoria Manfredi, W. Timothy Strayer, Bishal Thapa, Megan Van Welie [IEEE LCM 2015]

Slitheen: Perfectly Imitated Decoy Routing through Traffic ReplacementCecylia Bocovich, Ian Goldberg [CCS 2016]

The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing AttacksMilad Nasr, Hadi Zolfaghari, Amir Housmansadr [ACM 2017]

MultiFlow: Cross-Connection Decoy Routing using {TLS} 1.3 Session ResumptionVictoria Manfredi, and Pi Songkuntham [FOCI 2018]

FORMERLY DECOY ROUTING


13

TapDance

Passive Tap


TapDance● Station listens on passive tap at an ISP

14

TapDance

Passive Tap


TapDance● Station listens on passive tap at an ISP ● Client connects to the decoy

15

TapDance

Passive Tap

x


TapDance● Station listens on passive tap at an ISP ● Client connects to the decoy● Client sends something to silence the decoy

16

TapDance

Spoofedresponses

Passive Tap

TapDance● Station listens on passive tap at an ISP ● Client connects to the decoy● Client sends something to silence the decoy● Station pretends to be the decoy while the connection stays open

x


17

TapDance Issues

● Performance:– Connection upload limit – Connection duration limit

● Observability: – Station must mimic the decoy to avoid blocking

● Timing, packet size, etc.

Issues are a result of its deployability first design


18

Conjure


19

● Improve Performance– Minimize reliance on TLS and live decoy hosts

● Reduce Observability– Reinforce protection from censorship– Create proxies from unused address space

● Maintain deployability– Build off of passive tap architecture

Conjure


20




Conjure


21




Conjure


22




Conjure


23

Conjure Protocol1. Register– Select a phantom IP from a set of unused addresses that

route past the station – Share selection with the station out of band


24

Conjure Protocol1. Register– Select a phantom IP from a set of unused addresses that



25

Liveness Testing● Avoid connection interference ● Prevent unnecessary load on endpoints


26

Conjure Protocol✓ Register– Select a phantom IP from a set of unused addresses that


2. Connect– Connect to phantom IP address – The station will pick up the

connection and proxy traffic


27






28






29

Connection Process

Now that we are connected what protocol will we use?


30

Connection Process



31

Connection Process



32

Transports


33

Station ProtocolConjure transport protocols should be:● Difficult for censor to block

– Passive analysis– Active probing

● Performant


34

Station ProtocolConjure transport protocols should be:● Difficult for censor to block

– Passive analysis– Active probing

● Performant

Protocols to do this already exist


35

– Obfs4● a look-like nothing obfuscation protocol that requires clients to

demonstrate knowledge of secret shared out of band.

Transports


36

● Randomizing:– Obfs4– Obfuscated SSH

● Popular: – Peer-to-Peer – e.g. WebRTC– TLS

Transports


37

TLS Proxy1. What TLS certificate should be provided?

2. How do we resist active probing?

3. Does the domain map to the IP?


38

Mask Site1. What TLS certificate should be provided?● Invalid● Self Signed● CA Signed


39

Mask Site1. What TLS certificate should be provided?✗ Invalid

✗ Self Signed

✓ CA Signed - Choose a “Mask Site” to mimic and specify it to the station in the registration


40

Mask Site2. How do we resist active probing?● Clients must show knowledge of secrets

– If not traffic is routed to the mask site– Otherwise traffic is routed to covert site


41

Mask Site2. Censors can use TLS as well. ● Clients must show knowledge of secrets

– If not traffic is routed to the mask site– Otherwise traffic is routed to covert site


42

Mask site3. Does the domain map to the IP?● Nearby (in IP space)● Popular Sites● Passively collect at tap and advise client


43

Implementation


44

1. Generate a seed

2. Select the phantom IP address.● Avoid Live Hosts ● Choose realistic addresses


Preparation

KClient

192.122.190.120

Seed

2001:48a8:59e7:d7f0:4762:3a75:8f51:2b13

2001:48a8::/32

45

1. Generate a seed



Preparation

KClient

192.122.190.120

Seed

2001:48a8:59e7:d7f0:4762:3a75:8f51:2b13

2001:48a8::/32

46

1. Generate a seed



Preparation

KClient

192.122.190.120

Seed

2001:48a8:59e7:d7f0:4762:3a75:8f51:2b13

2001:48a8::/32

47

Conjure Protocol✔ Preparation

Register


48

Conjure Protocol✔ Preparation

Register using HTTPS


49

Registration Using HTTPS


Steganographic tagging scheme borrowed from TapDance

✔ Generate a seed ✔ Select the phantom IP address. 1. Create a registration message

containing the seed.

Seed

50



2. Connect to a Registration Decoy


ConjureProxy

K

KClient Registration

DecoyCensor


51



2. Connect to a Registration Decoy 3. Send a request containing the

steganographically-encoded registration message


ConjureProxy

K


DecoyCensor

< ‘GET /’ >Registration Msg


52 Conjure: Summoning Proxies from Unused Address Space

ConjureProxy

K


DecoyCensor

< ‘GET /’ >Registration Msg



2. Connect to a Registration Decoy 3. Send a request containing the

steganographically-encoded registration message


53

Conjure Protocol✔ Preparation ✔ Registration

Connect


54

Conjure Protocol✔ Preparation ✔ Registration

Connect


55

Connection Process


ConjureProxy

KK

Client Phantom Host (Unused address)

Censor Blocked Website

56

Connection Process


ConjureProxy

KK



57

Connection Process


ConjureProxy

KK



58

Connection Process


ConjureProxy

KK



….

59

Connection Process


ConjureProxy

KK



60

Implementation

Conjure is:● Running right now


61

Implementation


Conjure is:● Running right now● High Performance

62

Implementation


Conjure is:● Running right now● High Performance● Multi-core

63

Implementation


Conjure is:● Running right now● High Performance● Multi-core● Modular

64

Performance


65

Download Throughput


TapDance~87.0 Mbps

Conjure~99.1 Mbps

Socks5~96.0 Mbps

100

10

1

100

10

1

100

10

1

66

Upload Throughput


TapDance~0.057 Mbps

Conjure~83.4 Mbps

1400x improvement

Socks5~75.6 Mbps

100

1

0.01

100

1

0.01

100

1

0.01

67

Advantages


68

Conjure Advantages● High Performance

– Removes TapDance artificial limits on upload and connection duration

● Flexible Transports– Obviates mimicry challenges – Adaptable to censor blocking

● Individualized proxy addresses– Minimizes blocking effectiveness.

● Deployment Friendly – Only requires passive tap


69

Upcoming Work● Alpha Deployment:

– Conjure has been tested on our ISP test-bed demonstrating that it is viable– We are working with a proxy development platform to get Conjure into the hands

of real users as soon as possible

● Distributed Architecture– Host numerous stations resilient to failures and incremental upgrades.

● Realistic Address Selection– Incorporate structure in selected IPv6 addresses

● Transport Support– Add implementation for more transports!


70

Conclusion

Conjure is: Modular Performant Hard to block Deployable

DeployingDeployed


Conjure

Sergey Frolov1, Jack Wampler1, Sze Chuen Tan2,Nikita Borisov2, J. Alex Halderman3, Eric Wustrow1

1 University of Colorado Boulder, 2 University of Michigan, 3 University of Illinois Urbana-Champaign

Summoning Proxies from Unused Address Space

https://refraction.network

72

Questions?

github.com/refraction-networking/gotapdance

Client Censor

Unusedaddresses

YOUR ISP HERE

Phantomproxy


73

Bonus Slides


74

ChallengesCan a censor tell if an Ipv6 address is unused

just by looking at the address?

It would be riskyConjure: Summoning Proxies from Unused Address Space

75

Attacks

● Why can’t a censor just probe to tell if a host is live and block it?● Why can’t a censor just block all the unused addresses of the

internet?● Why can’t a censor just whitelist good subnets?


76

Station Protocol● New Connection

– Benign– Conjure Registration– Conjure Connection

– REMOVE??


77

Active Probing

Censors try to discover proxies by connecting to them as clients


78

Active Probing

Proxies must carefully reveal themselves to users by providing shared secrets out of band for users to identify themselves with


79

Connection

ConjureProxy

K

KClient Phantom Host

(Unused address)


….


80

Registration à la TapDance

Registration over TLS:1. Generate a seed 2. Select the phantom IP address. 3. Create a registration packet containing the seed.4. Connect to a Registration Decoy 5. Send a request containing the registration packet


81

ConjureProxy

Generation 3How do we leverage the empty background addresses

of the internet to pretend to host proxies?

(TLS Handshake)

K

KClient Reachable site

Tag

CensorPhantom Host

(Unused address)


82

Connection ProcessConnect:1. Connect to the chosen phantom host 2. The refraction station will respond as

though it resides at the phantom IP address and forward traffic to the covert destination.


ConjureProxy

KK



….

83

High Throughput

One week of tap traffic monitored by the Conjure station.Conjure: Summoning Proxies from Unused Address Space

84

1. Generate a seed



KClient

192.122.190.120

Preparation

Seed

2001:48a8:59e7:d7f0:4762:3a75:8f51:2b13

2001:48a8::/32

85

Challenges

Can a censor tell if an Ipv6 address is probably unused just by looking at the address?


Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50Slide 51Slide 52Slide 53Slide 54Slide 55Slide 56Slide 57Slide 58Slide 59Slide 60Slide 61Slide 62Slide 63Slide 64Slide 65Slide 66Slide 67Slide 68Slide 69Slide 70Slide 71Slide 72Slide 73Slide 74Slide 75Slide 76Slide 77Slide 78Slide 79Slide 80Slide 81Slide 82Slide 83Slide 84Slide 85

new conjure · 2020. 2. 25. · conjure sergey frolov1, jack wampler1, sze chuen tan3, nikita...

Documents