DeltaShaper: Enabling Unobservable Censorship-resistant TCP Tunneling over Videoconferencing Streams

Open access

Abstract

This paper studies the possibility of using the encrypted video channel of widely used videoconferencing applications, such as Skype, as a carrier for unobservable covert TCP/IP communications. We propose and evaluate different alternatives to encode information in the video stream in order to increase available throughput while preserving the packet-level characteristics of the video stream. We have built a censorship-resistant system, named DeltaShaper, which offers a data-link interface and supports TCP/IP applications that tolerate low throughput / high latency links. Our results show that it is possible to run standard protocols such as FTP, SMTP, or HTTP over Skype video streams.

[1] C. Bocovich and I. Goldberg, “Slitheen: Perfectly imitated decoy routing through traffic replacement,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 2016, pp. 1702–1714.

[2] C. Brubaker, A. Houmansadr, and V. Shmatikov, “Cloudtransport: Using cloud storage for censorship-resistant networking,” in Privacy Enhancing Technologies, ser. Lecture Notes in Computer Science, E. De Cristofaro and S. Murdoch, Eds. Springer International Publishing, 2014, vol. 8555, pp. 1–20.

[3] A. Chaabane, T. Chen, M. Cunche, E. De Cristofaro, A. Friedman, and M. A. Kaafar, “Censorship in the wild: Analyzing Internet filtering in Syria,” in Proceedings of the 2014 Conference on Internet Measurement Conference, Vancouver, BC, Canada, 2014, pp. 285–298.

[4] R. Dingledine, “Obfsproxy: the next step in the censorship arms race,” https://blog.torproject.org/blog/obfsproxy-next-step-censorship-arms-race, 2012, accessed: 2017-06-12.

[5] R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The second-generation onion router,” in Proceedings of the 13th Conference on USENIX Security Symposium, San Diego, CA, USA, 2004.

[6] K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton, “Protocol misidentification made easy with format-transforming encryption,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013, pp. 61–72.

[7] K. P. Dyer, S. E. Coull, and T. Shrimpton, “Marionette: A programmable network-traffic obfuscation system,” in Proceedings of the 24th USENIX Conference on Security Symposium, Washington, D.C., USA, 2015, pp. 367–382.

[8] T. Elahi, C. M. Swanson, and I. Goldberg, “Slipping past the cordon: A systematization of Internet censorship resistance,” in CACR Tech Report 2015-10, 2015.

[9] R. Ensafi, D. Fifield, P. Winter, N. Feamster, N. Weaver, and V. Paxson, “Examining how the great firewall discovers hidden circumvention servers,” in Proceedings of the 2015 ACM Conference on Internet Measurement Conference, Tokyo, Japan, 2015, pp. 445–458.

[10] FFmpeg, https://ffmpeg.org, 2000, accessed: 2017-06-12.

[11] D. Fifield, C. Lan, R. Hynes, P. Wegmann, and V. Paxson, “Blocking-resistant communication through domain fronting,” in Proceedings on Privacy Enhancing Technologies 2015.2, Philadelphia, PA, USA, 2015, pp. 46–64.

[12] J. Geddes, M. Schuchard, and N. Hopper, “Cover your acks: Pitfalls of covert channel censorship circumvention,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, Berlin, Germany, 2013, pp. 361–372.

[13] GStreamer, https://gstreamer.freedesktop.org/, 2001, accessed: 2017-06-12.

[14] B. Hahn, R. Nithyanand, P. Gill, and R. Johnson, “Games without frontiers: Investigating video games as a covert channel,” in 2016 IEEE European Symposium on Security and Privacy (EuroS&P). Saarbrucken, Germany: IEEE, 2016, pp. 63–77.

[15] A. Houmansadr, C. Brubaker, and V. Shmatikov, “The parrot is dead: Observing unobservable network communications,” in Proceedings of the 2013 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2013, pp. 65–79.

[16] A. Houmansadr, G. T. Nguyen, M. Caesar, and N. Borisov, “Cirripede: Circumvention infrastructure using router redirection with plausible deniability,” in Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA, 2011, pp. 187–200.

[17] A. Houmansadr, T. J. Riedl, N. Borisov, and A. C. Singer, “I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention.” in Proceedings of the 20th Annual Network & Distributed System Security Symposium, San Diego, CA, USA, 2013.

[18] J. Angwin, C. Savage, J. Larson, H. Moltke, L. Poitras and J. Risen, “AT&T Helped U.S. Spy on Internet on a Vast Scale,” https://www.nytimes.com/2015/08/16/us/politics/att-helped-nsa-spy-on-an-array-of-internet-traffic.html, 2015, accessed: 2017-06-12.

[19] J. Karlin, D. Ellard, A. Jackson, C. Jones, G. Lauer, D. Mankins, and T. Strayer, “Decoy routing: Toward unblockable Internet communication,” in Proceedings of the USENIX Workshop on Free and Open Communications on the Internet, San Francisco, CA, USA, 2011.

[20] S. Khattak, T. Elahi, L. Simon, C. M. Swanson, S. J. Murdoch, and I. Goldberg, “Sok: Making sense of censorship resistance systems,” in Proceedings on Privacy Enhancing Technologies, vol. 2016, no. 4, Darmstadt, Germany, 2016, pp. 37–61.

[21] K. Kohls, T. Holz, D. Kolossa, and C. Pöpper, “SkypeLine: Robust hidden data transmission for VoIP,” in Proceedings of the 2016 ASIA Computer and Communications Security, Xi’an, China, 2016.

[22] S. Li, M. Schliep, and N. Hopper, “Facet: Streaming over videoconferencing for censorship circumvention,” in Proceedings of the 13th Workshop on Privacy in the Electronic Society, Scottsdale, AZ, USA, 2014, pp. 163–172.

[23] P. Maersk-Moller, “Snowmix,” https://sourceforge.net/projects/snowmix/, 2012, accessed: 2017-06-12.

[24] R. McPherson, A. Houmansadr, and V. Shmatikov, “Covertcast: Using live streaming to evade internet censorship,” in Proceedings on Privacy Enhancing Technologies, vol. 2016, no. 3, Darmstadt, Germany, 2016, pp. 212–225.

[25] H. Moghaddam, B. Li, M. Derakhshani, and I. Goldberg, “Skypemorph: Protocol obfuscation for Tor bridges,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, NC, USA, 2012, pp. 97–108.

[26] Netfilter Framework, http://www.netfilter.org/, 1998, accessed: 2017-06-12.

[27] Y. Rubner, C. Tomasi, and L. J. Guibas, “The Earth Mover’s Distance As a Metric for Image Retrieval,” Int. J. Comput. Vision, vol. 40, no. 2, pp. 99–121, Nov. 2000.

[28] P. Vines and T. Kohno, “Rook: Using video games as a low-bandwidth censorship resistant communication platform,” in Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society. Denver, CO, USA: ACM, 2015, pp. 75–84.

[29] L. Wang, K. P. Dyer, A. Akella, T. Ristenpart, and T. Shrimpton, “Seeing through network-protocol obfuscation,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 2015, pp. 57–69.

[30] Q. Wang, X. Gong, G. T. Nguyen, A. Houmansadr, and N. Borisov, “Censorspoofer: Asymmetric communication using IP spoofing for censorship-resistant web browsing,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, NC, USA, 2012, pp. 121–132.

[31] Z. Weinberg, J. Wang, V. Yegneswaran, L. Briesemeister, S. Cheung, F. Wang, and D. Boneh, “Stegotorus: A camouflage proxy for the Tor anonymity system,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, NC, USA, 2012, pp. 109–120.

[32] S. B. Wicker, Reed-Solomon Codes and Their Applications. IEEE Press, 1994.

[33] P. Winter, T. Pulls, and J. Fuss, “Scramblesuit: A polymorphic network protocol to circumvent censorship,” in Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, Berlin, Germany, 2013, pp. 213–224.

[34] C. V. Wright, S. E. Coull, and F. Monrose, “Traffic morphing: An efficient defense against statistical traffic analysis,” in Proceedings of the 16th Network and Distributed Security Symposium, San Diego, CA, USA, 2009, pp. 237–250.

[35] E. Wustrow, S. Wolchok, I. Goldberg, and J. A. Halderman, “Telex: Anticensorship in the network infrastructure,” in Proceedings of the 20th USENIX Conference on Security, San Francisco, CA, USA, 2011.

[36] W. Zhou, A. Houmansadr, M. Caesar, and N. Borisov, “Sweet: Serving the web by exploiting email tunnels,” in Proceedings of the 6th Workshop on Hot Topics in Privacy Enhancing Technologies, Bloomington, IN, USA, 2013.

Journal Information

Metrics

All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 296 258 13
PDF Downloads 125 119 8