SeminarsView all Seminars | Download ICal for this event
Network Anonymity, Privacy, (Anti-) Censorship and the Whole Nine Yards.
Series: Department Seminar
Speaker: Dr. Sambuddho Chakravarty Assistant Professor Department of Computer Science and Engineering Indraprastha Institute of Information Technology (IIIT Delhi)
Date/Time: Jul 30 14:00:00
Location: Microsoft teams - ON-LINE
In the second decade of the century (circa the Arab Springs of 2011), the Internet is the new battlefield where wars between politicians, media, (h)activists, lawyers and the military, shape the destiny of millions of people. Historically incepted as the ARPANET, it was engineered to serve as means of communication, even in the face of calamities and wars. Political will often plays antithetical to this very attribute. For instance, countries like China, Iran and UAE use (homebrewed) firewalling infrastructure to censor web traffic -- sometimes with the pretext of preserving cultural and religious values, at other times to prevent political dissent. No wonder a large body of network censorship measurements focuses on these two countries. While such countries are inherently (constitutionally) undemocratic, free speech over the Internet is, in recent years, being regularly suppressed even in democracies like India. Such evolutions are positioned on concerns otherwise paramount to the preservation of human rights -- e.g., policing child pornography. But state control of communication channels has been abuse to silence dissent, even in India where the supreme court deems freedom of speech on the Internet a fundamental right.
In this context, it is natural to ask how free and open is the Internet and how robust it is to censorship by countries like India, that in the recent years has evolved a sophisticated censorship infrastructure.
In this talk I present an overview our work over the years that has focussed on evolution of Indians Internet censorship infrastructure, how it censors traffic (and now apps.), how various ISPs implement it. Further, I also present some research efforts to evade censorship (and also Internet shutdowns/blackouts).
To begin with we consider the question of whether India might potentially follow the Chinese model and institute a single, government-controlled filter. Our research shows that would not be difficult, as the Indian Internet is quite centralized already. A few key ASes (~ 1% of Indian ASes, i.e. less than 4) and routers (<5000) collectively intercept approximately 95% of paths to the censored sites and to all publicly-visible DNS resolvers. Thereafter we conducted an extensive study (first of its kind) involving nine major ISPs of the country in terms of what kind of censorship techniques they use, what triggers them, their consistency and coverage, and how to evade them. Our results indicate a clear disparity among the ISPs, on how widely they install censorship infrastructure. As of 2021, we have extensively explored the evolution of web censorship (HTTPS) along with exactly how Chinese apps are being filtered in the country. While existing solutions to evade censorship include proxies, VPNs, Tor have been designed primarily for web, while other applications like VoIP (real-time voice) are mostly ignored. As a part of our research we have extensively explored the feasibility of transporting real-time voice (mostly UDP) over Tor (that primarily supports TCP). Prior research deemed Tor to be unsuitable for such purposes. In our research we tried to identify how the interplay of network attributes (delay, jitter, bandwidth etc.) impact performance of VoIP. To our surprise the belief established from prior research seems unfounded.
However, all such solutions that rely on proxies are prone to being filtered by the ISPs, as these end-points are easily discoverable. Futuristic solutions like Decoy Routing, that rely on routers that could double as â€œsmart proxiesâ€, are resilient to such filtering. They have hitherto relied mostly on commodity servers, and involve wide scale traffic observation, inadvertently posing a threat to the privacy of users who do not require such services. To that end, we devised a SDN based DR solution, SiegeBreaker, that not only performs at line rates (comparable to native TCP) but also does not require inspection of all network flows, thus preserving the privacy of oblivious users. However, the deployability of such solutions remains a challenge, as it requires support from major top-tier ISPs.
A third alternative, combining the best of both the above solutions, involves tunnelling Internet traffic over that of various (semi-)real time applications, e.g. Instant Messaging (IM). To that end, we designed and tested a scheme, Camoufler, that utilizes IM channels as-is for transporting traffic. The scheme provides unobservability and good QoS, due to its inherent properties, such as low-latency message transports. Moreover, unlike Decoy Routing, it does not pose new deployment challenges. Performance evaluation of Camoufler, implemented on five popular IM apps indicate that it provides sufficient QoS for web browsing. E.g., the median time to render the homepages of Alexa top-1k sites was recorded to be about 3.6s, when using Camoufler implemented over Signal.
Finally, I would like to conclude the talk with our new system Dolphin, that emulates old school dial-up modems, sans the ISP support, to relay Internet traffic especially in the face of Internet shutdowns. Dolphins protocol recovers from the losses and errors introduced by the cellular voice medium, while also assuring end-to-end confidentiality. At low data rates (<=64bps), the errors are under 5% and suitable for supporting delay-tolerant applications with acceptable latencies. E.g. a 280 character tweet can be posted in about a minute.
Sambuddho Chakravarty works as an Asst Prof. at the Department of Computer Science and Engineering Department of Indraprastha Institute of Information Technology (IIIT Delhi) since June 2014. He completed his PhD in Computer Science from Columbia University, New York, where he worked at the Network Security Lab (NSL) and was advised by Prof. Angelos D. Keromytis. His research is broadly related to network security and more specifically related to network anti-censorship, counter-surveillance, network anonymity and privacy (and all problems revolving around such systems e.g. network measurements, infrastructure etc.). He heads a small research lab at IIIT Delhi that involves ten students (mostly PhDs and B.tech students) and collaborates actively with other networks and systems security researchers in India and abroad.
Microsoft teams link
Host Faculty: Prof. Vinod Ganapathy