AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
Infranet requesters compose secret messages using sequences of requests that are hard for a censor to detect, and Infranet responders covertly embed data in the openly returned content

Infranet: Circumventing Web Censorship and Surveillance

USENIX Security Symposium, pp.247-262, (2002)

Cited by: 217|Views113
EI
Full Text
Bibtex
Weibo

Abstract

An increasing number of countries and companies rou- tinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a sys- tem that enables clients to surreptitiously retrieve sensitive content via cooperating Web servers distributed across the global Internet. These Infranet servers provide cl...More

Code:

Data:

Introduction
  • The World Wide Web is a prime facilitator of free speech; many people rely on it to voice their views and to gain access to information that traditional publishing venues may be loath to publish.
  • Over the past few years, many countries, political regimes, and corporations have attempted to monitor and often restrict access to portions of the Web by clients who use networks they control.
  • Many of these attempts have been successful, and the use of the Web as a free-flowing medium for information exchange is being severely compromised.
Highlights
  • The World Wide Web is a prime facilitator of free speech; many people rely on it to voice their views and to gain access to information that traditional publishing venues may be loath to publish
  • This paper focuses on the challenging technical problems of circumventing Web censorship and largely ignores the many related political, legal, and policy issues
  • For two typical Web sites running Infranet responders, we find that a requester using range-mapping can modulate 50% of all requests for hidden content in 6 visible HTTP requests or fewer and 90% of all hidden requests in 10 visible HTTP requests or fewer
  • The architecture we presented in Section 3 does not protect against an impersonation attack whereby a censor establishes an Infranet responder and discovers requesters by identifying the Web clients that send meaningful Infranet requests
  • Infranet requesters compose secret messages using sequences of requests that are hard for a censor to detect, and Infranet responders covertly embed data in the openly returned content
  • The resulting traffic resembles the traffic generated by normal browsing. Infranet provides both access to sensitive content and plausible deniability for users
Methods
  • The authors designed Infranet to meet a number of goals.
  • Deniability for any Infranet requester.
  • It should be computationally intractable to confirm that any individual is intentionally downloading information via Infranet, or to determine what that information might be.
  • 2. Statistical deniability for the requester.
  • Even if it is impossible to confirm that a client is using Infranet, an adversary might notice statistical anomalies in browsing patterns that suggest a client is using Infranet.
  • An Infranet user’s browsing patterns should be statistically indistinguishable from those of normal Web users
Conclusion
  • Infranet enables users to circumvent Web censorship and surveillance by establishing covert channels with accessible Web servers.
  • Infranet requesters compose secret messages using sequences of requests that are hard for a censor to detect, and Infranet responders covertly embed data in the openly returned content.
  • Infranet uses a tunnel protocol that provides a covert communication channel between requesters and responders, modulated over standard HTTP transactions.
  • Infranet requesters send covert messages to Infranet responders by associating additional semantics to the HTTP requests being made.
  • Infranet responders return content by hiding censored data in uncensored images using steganographic techniques.
  • While downstream confidentiality is achieved using a session key, upstream confidentiality is achieved by confidentially exchanging a modulation function
Tables
  • Table1: A taxonomy of passive attacks on Infranet. If the censor has the ability to target suspected users, attacks involve more sophisticated analysis of visible HTTP traffic
Download tables as Excel
Related work
  • Many existing systems seek to circumvent censorship and surveillance of Internet traffic. Anonymizer.com provides anonymous Web sessions by requiring users to make Web requests through a proxy that anonymizes userspecific information, such as the user’s IP address [2]. The company also provides a product that encrypts HTTP requests to protect user privacy; Zero Knowledge provides a similar product [24]. Squid is a caching Web proxy that can be used as an anonymizing proxy [21]. The primary shortcoming of these schemes is that a well-known proxy is subject to being blocked by a censor. Additionally, the use of an encrypted tunnel between a user and the anonymizing proxy (e.g., port forwarding over ssh) engenders suspicion.
Reference
  • M. Adler and B. Maggs. Protocols for asymmetric communication channels. In Proceedings of 39th IEEE Symposium on Foundations of Computer Science (FOCS), Palo Alto, CA, 1998.
    Google ScholarLocate open access versionFindings
  • Anonymizer. http://www.anonymizer.com/.
    Findings
  • I. Clarke, O. Sandbert, B. Wiley, and T. Hong. Freenet: A distributed anonymous information storage and retrieval system. In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, July 2000.
    Google ScholarLocate open access versionFindings
  • R. Dingledine, M. Freedman, and D. Molnar. The Free Haven Project: Distributed anonymous storage service. In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, July 2000.
    Google ScholarLocate open access versionFindings
  • gzip. http://www.gzip.org/.
    Findings
  • F. Hartung and B. Girod. Digital watermarking of raw and compressed video. In Proc. European EOS/SPIE Symposium on Advanced Imaging and Network Technologies, pages 205–213, Berlin, Germany, October 1996.
    Google ScholarLocate open access versionFindings
  • A. Hintz. Fingerprinting websites using traffic analysis. In Workshop on Privacy Enhancing Technologies, San Francisco, CA, April 2002.
    Google ScholarLocate open access versionFindings
  • IRCache. http://www.ircache.net/.
    Findings
  • B.W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613–615, October 1973.
    Google ScholarLocate open access versionFindings
  • J. Lee. Companies compete to provide Saudi Internet veil, November 19, 2001. http://www.nytimes.com/2001/11/19/technology/19SAUD.html.
    Findings
  • D. Martin and A. Schulman. Deanonymizing users of the SafeWeb anonymizing service. In Proc. 11th USENIX Security Symposium, San Francisco, CA, August 2002.
    Google ScholarLocate open access versionFindings
  • P. Meller. Europe moving toward ban on Internet hate speech, November 10, 2001. http://www.nytimes.com/2001/11/10/technology/10CYBE.html.
    Findings
  • A. J. Menezes. Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Boston, MA, 1993.
    Google ScholarFindings
  • Nielsen Netratings’ Top 25. http://pm.netratings.com/nnpm/owa/NRpublicreports.toppropertiesweek ly, November 25, 2001.
    Findings
  • OpenSSL. http://www.openssl.org/.
    Findings
  • Outguess. http://www.outguess.org/.
    Findings
  • N. Provos. Defending against statistical steganalysis. In Proc. 10th USENIX Security Symposium, Washington, D.C., August 2001.
    Google ScholarLocate open access versionFindings
  • M. Reiter and A. Rubin. Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security (TISSEC), 1:66–92, November 1998. http://www.research.att.com/projects/crowds/.
    Locate open access versionFindings
  • SafeWeb. http://www.safeweb.com/.
    Findings
  • L. J. Schulman and D. Zuckerman. Asymptotically good codes correcting insertions, deletions, and transpositions. In Symposium on Discrete Algorithms, pages 669–674, 1997.
    Google ScholarLocate open access versionFindings
  • Squid Web Proxy Cache. http://www.squid-cache.org/.
    Findings
  • L. Stein et al. Writing Apache Modules with Perl and C: The Apache API and mod perl. O’Reilly and Associates, Sebastopol, CA, March 1999.
    Google ScholarFindings
  • Stunnel—universal SSL wrapper. http://www.stunnel.org/.
    Findings
  • Zero-Knowledge Systems. Freedom WebSecure. http://www.freedom.net/products/websecure/.
    Findings
  • P. Syverson, M. Reed, and D. Goldschlag. Onion routing access configurations. In DARPA Information Survivability Conference and Exposition, pages 34–40, Hilton Head Island, SC, January 2000. http://www.onion-router.net.
    Locate open access versionFindings
  • The Cult of the Dead Cow (cDc). Peekabooty. http://www-peek-a-booty.org.
    Findings
  • Triangle Boy. http://fugu.safeweb.com/sjws/
    Findings
  • Voice of America. http://www.voa.gov/.
    Findings
  • M. Waldman and D. Mazieres. Tangler: A censorship-resistant publishing system based on document entanglements. In Proceedings of the 8th ACM Conference on Computer and Communications Security, Philadelphia, PA, November 2001.
    Google ScholarLocate open access versionFindings
  • M. Waldman, A. Rubin, and L. Cranor. Publius: A robust, tamperevident, censorship-resistant, web publishing system. In Proc. 9th USENIX Security Symposium, pages 59–72, Denver, CO, August 2000.
    Google ScholarLocate open access versionFindings
  • I. H. Witten, R. M. Neal, and J. G. Cleary. Arithmetic coding for data compression. Communications of the ACM, 30(6):520–540, February 1987.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科