skip to main content
10.1145/2046707.2046730acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Cirripede: circumvention infrastructure using router redirection with plausible deniability

Published: 17 October 2011 Publication History

Abstract

Many users face surveillance of their Internet communications and a significant fraction suffer from outright blocking of certain destinations. Anonymous communication systems allow users to conceal the destinations they communicate with, but do not hide the fact that the users are using them. The mere use of such systems may invite suspicion, or access to them may be blocked. We therefore propose Cirripede, a system that can be used for unobservable communication with Internet destinations. Cirripede is designed to be deployed by ISPs; it intercepts connections from clients to innocent-looking destinations and redirects them to the true destination requested by the client. The communication is encoded in a way that is indistinguishable from normal communications to anyone without the master secret key, while public-key cryptography is used to eliminate the need for any secret information that must be shared with Cirripede users.
Cirripede is designed to work scalably with routers that handle large volumes of traffic while imposing minimal overhead on ISPs and not disrupting existing traffic. This allows Cirripede proxies to be strategically deployed at central locations, making access to Cirripede very difficult to block. We built a proof-of-concept implementation of Cirripede and performed a testbed evaluation of its performance properties.

References

[1]
DynaWeb. http://www.dongtaiwang.com/home_en.php.
[2]
Ultrasurf. http://www.ultrareach.com.
[3]
Defeat internet censorship: Overview of advanced technologies and products. White paper, Global Internet Freedom Consortium (GIFC), November 2007.
[4]
Tor partially blocked in China, September 2007. https://blog.torproject.org/blog/tor-partially-blocked-china.
[5]
M. Bauer. New covert channels in HTTP: adding unwitting Web browsers to anonymity sets. Workshop On Privacy In The Electronic Society, page 72, 2003.
[6]
S. M. Bellovin. Security problems in the TCP/IP protocol suite. ACM SIGCOMM Computer Communication Review, 19(2):32--48, Apr. 1989.
[7]
V. Berk, A. Giani, and G. Cybenko. Detection of covert channel encoding in network packet delays. Technical Report TR2005--536, Dartmouth College, Computer Science, Hanover, NH, Aug. 2005.
[8]
D. Bernstein. Curve25519: New Diffie-Hellman Speed Records. In M. Yung, Y. Dodis, A. Kiayias, and T. Malkin, editors, Public Key Cryptography - PKC 2006, volume 3958 of Lecture Notes in Computer Science, pages 207--228. Springer Berlin / Heidelberg, 2006.
[9]
J. Boyan. The anonymizer: Protecting user privacy on the web. Computer-Mediated Communication Magazine, 4(9), September 1997.
[10]
Cabuk, Brodley, and Shields. IP covert timing channels: Design and detection. In SIGSAC: 11th ACM Conference on Computer and Communications Security. ACM SIGSAC, 2004.
[11]
S. Cabuk. Network covert channels: Design, analysis, detection, and elimination, Jan. 2006.
[12]
D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 4(2), February 1981.
[13]
I. Clarke, O. Sandberg, B. Wiley, and T. W. Hong. Freenet: A distributed anonymous information storage and retrieval system. In International Workshop on Design Issues in Anonymity and Unobservability, pages 311--320, 2000.
[14]
I. Clarke, O. Sandberg, B. Wiley, and T. W. Hong. Freenet: A distributed anonymous information storage and retrieval system. International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability, page 46, 2001.
[15]
R. Clayton, S. J. Murdoch, and R. N. M. Watson. Ignoring the great firewall of china. In G. Danezis and P. Golle, editors, Privacy Enhancing Technologies, volume 4258 of Lecture Notes in Computer Science, pages 20--35. Springer, 2006.
[16]
R. Dingledine and N. Mathewson. Design of a blocking-resistant anonymity system. Technical report, The Tor Project.
[17]
R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In M. Blaze, editor, Proceedings of the 13th USENIX Security Symposium, pages 303--320, San Diego, CA, 2004. USENIX Association.
[18]
M. Faloutsos, S. Krishnamurthy, and B. Huffaker. On routing asymmetry in the internet. In GLOBECOM '05. IEEE Global Telecommunications Conference, 2005., 2005, 2005. IEEE.
[19]
N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, and D. Karger. Infranet: Circumventing web censorship and surveillance. In Proceedings of the 11th USENIX Security Symposium (SECURITY-02), pages 247--262, Berkeley, CA, USA, Aug. 5--9 2002. USENIX Association.
[20]
N. Feamster, M. Balazinska, W. Wang, H. Balakrishnan, and D. Karger. Thwarting Web Censorship with Untrusted Messenger Discovery. In Privacy Enhancing Technologies 2003, Dresden, Germany, March 2003.
[21]
J. Frankel. http://waste.sourceforge.net.
[22]
A. Galatenko, A. Grusho, A. Kniazev, and E. Timonina. Statistical covert channels through PROXY server. In V. Gorodetsky, I. V. Kotenko, and V. A. Skormin, editors, MMM-ACNS, volume 3685 of Lecture Notes in Computer Science, pages 424--429. Springer, 2005.
[23]
S. Gianvecchio and H. Wang. Detecting covert timing channels: an entropy-based approach. In P. Ning, S. D. C. di Vimercati, and P. F. Syverson, editors, ACM Conference on Computer and Communications Security, pages 307--316. ACM, 2007.
[24]
S. Gianvecchio, H. Wang, D. Wijesekera, and S. Jajodia. Model-based covert timing channels: Automated modeling and evasion. In Recent Advances in Intrusion Detection, pages 211--230. Springer, 2008.
[25]
J. Giffin, R. Greenstadt, P. Litwack, and R. Tibbetts. Covert messaging through TCP timestamps. In International Workshop on Privacy Enhancing Technologies (PET), LNCS, pages 194--208, 2002.
[26]
C. G. Girling. Covert channels in LAN's. IEEE Transactions on Software Engineering, SE-13(2):292--296, Feb. 1987.
[27]
T. G. Handel and M. T. Sandford. Hiding data in the OSI network model. In International Workshop on Information Hiding, 1996.
[28]
T. S. Heydt-Benjamin, A. Serjantov, and B. Defend. Nonesuch. In Proceedings of the 5th ACM workshop on Privacy in electronic society - WPES '06, page 1, New York, New York, USA, Oct. 2006. ACM Press.
[29]
A. Houmansadr and N. Borisov. CoCo: coding-based covert timing channels for network flows. In the 13-th Information Hiding Conference. Springer, 2011.
[30]
J. Jia and P. Smith. Psiphon: Analysis and estimation, 2004. http://www.cdf.toronto.edu/ csc494h/reports/2004-fall/psiphon_ae.html.
[31]
J. Karlin, D. Ellard, A. W. Jackson, C. E. Jones, G. Lauer, D. P. Mankins, and W. T. Strayer. Decoy routing: Toward unblockable internet communication. In USENIX Workshop on Free and Open Communications on the Internet, Aug. 2011.
[32]
kc claffy, D. Andersen, and P. Hick. The CAIDA anonymized 2011 internet traces - August 2011. http://www.caida.org/data/passive/passive_2011_dataset.xml.
[33]
C. S. Leberknight, M. Chiang, H. V. Poor, and F. Wong. A taxonomy of Internet censorship and anti-censorship, 2010. http://www.princeton.edu/ chiangm/anticensorship.pdf.
[34]
C. Lim and P. Lee. A key recovery attack on discrete log-based schemes using a prime order subgroup. In B. S. Kaliski, editor, Advances in Cryptology -- CRYPTO '97, volume 1294 of Lecture Notes in Computer Science, pages 249--263, Berlin, Heidelberg, 1997. Springer.
[35]
Y. Liu, D. Ghosal, F. Armknecht, A.-R. Sadeghi, S. Schulz, and S. Katzenbeisser. Hide and seek in time - robust covert timing channels. In M. Backes and P. Ning, editors, ESORICS, volume 5789 of Lecture Notes in Computer Science, pages 120--135. Springer, 2009.
[36]
N. B. Lucena, G. Lewandowski, and S. J. Chapin. Covert channels in ipv6. In G. Danezis and D. Martin, editors, Privacy Enhancing Technologies, volume 3856 of Lecture Notes in Computer Science, pages 147--166. Springer, 2005.
[37]
G. F. Lyon. Nmap Network Scanning. Nmap project, 1999.
[38]
M. Mahdian. Fighting Censorship with Algorithms. In P. Boldi and L. Gargano, editors, Fun with Algorithms, volume 6099 of Lecture Notes in Computer Science, pages 296--306. Springer Berlin / Heidelberg, 2010.
[39]
D. McCoy, J. A. Morales, and K. Levchenko. Proximax: A Measurement Based System for Proxies Dissemination. In Financial Cryptography and Data Security, 2011.
[40]
J. McLachlan and N. Hopper. On the risks of serving whenever you surf. 8th ACM workshop on Privacy in the electronic society, page 31, 2009.
[41]
S. J. Murdoch and S. Lewis. Embedding covert channels into TCP/IP. In M. Barni, J. Herrera-Joancomartí, S. Katzenbeisser, and F. Pérez-González, editors, Information Hiding, 7th International Workshop, IH 2005, Barcelona, Spain, June 6--8, 2005, Revised Selected Papers, volume 3727 of Lecture Notes in Computer Science, pages 247--261. Springer, 2005.
[42]
J. A. OSullivan, P. Moulin, and J. M. Ettinger. Information theoretic analysis of steganography. In IEEE Int. Symp. Information Theory, page 297, 1998.
[43]
B. Popescu, B. Crispo, and A. S. Tanenbaum. Safe and Private Data Sharing with \Turtle\: Friends Team-Up and Beat the System. In 12th Cambridge International Workshop on Security Protocols, Apr. 2004.
[44]
J. Postel. Transmission control protocol. Technical Report RFC 793, DARPA, Sept. 1980.
[45]
E. Rescorla. HTTP Over TLS. RFC 2818. May 2000.
[46]
C. H. Rowland. Covert channels in the TCP/IP protocol suite. First Monday, 2(5), 1997.
[47]
N. Schear. Preventing Encrypted Traffic Analysis. Ph.D., University of Illinois at Urbana-Champaign, 2011.
[48]
S. H. Sellke, C.-C. Wang, S. Bagchi, and N. B. Shroff. Tcp/ip timing channels: Theory to implementation. In INFOCOM, pages 2204--2212. IEEE, 2009.
[49]
G. Shah, A. Molina, and M. Blaze. Keyboards and covert channels. In In Proceedings of the 2006 USENIX Security Symposium, pages 59--75, 2006.
[50]
M. Smeets and M. Koot. Research report: Covert channels. http://gray-world.net/papers/rr_cc_univAmsterdam.pdf, feb 2006.
[51]
Y. Sovran, A. Libonati, and J. Li. Pass it on: social networks stymie censors. In International Conference on Peer-to-peer Systems, Feb. 2008.
[52]
M. Steiner, G. Tsudik, and M. Waidner. Diffie-Hellman key distribution extended to groups. In C. Neuman, editor, Proceedings of the 3rd ACM Conference on Computer and Communications Security, pages 31--37, New Delhi, India, Mar. 1996. ACM Press.
[53]
P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an analysis of onion routing security. In H. Federrath, editor, Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pages 96--114. Springer-Verlag, LNCS 2009, July 2000.
[54]
E. Y. Vasserman, R. Jansen, J. Tyra, N. Hopper, and Y. Kim. Membership-concealing overlay networks. In E. Al-Shaer, S. Jha, and A. D. Keromytis, editors, Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9--13, 2009, pages 390--399. ACM, 2009.
[55]
B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar. An integrated experimental environment for distributed systems and networks. In Proc. of the Fifth Symposium on Operating Systems Design and Implementation, pages 255--270, Boston, MA, Dec. 2002. USENIX Association.
[56]
C. V. Wright, S. E. Coull, and F. Monrose. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis. In NDSS, 2009.
[57]
E. Wustrow, S. Wolchok, I. Goldberg, and J. A. Halderman. Telex: Anticensorship in the network infrastructure. In Proceedings of the 20th USENIX Security Symposium, Aug. 2011.
[58]
Y. Xie, F. Yu, K. Achan, E. Gillum, M. Goldszmidt, and T. Wobber. How dynamic are IP addresses? In J. Murai and K. Cho, editors, Proceedings of the ACM SIGCOMM 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Kyoto, Japan, August 27--31, 2007, pages 301--312. ACM, 2007.
[59]
S. Zander, G. J. Armitage, and P. Branch. An empirical evaluation of ip time to live covert channels. In ICON, pages 42--47. IEEE, 2007.
[60]
S. Zander, G. J. Armitage, and P. Branch. Stealthier inter-packet timing covert channels. In J. Domingo-Pascual, P. Manzoni, S. Palazzo, A. Pont, and C. M. Scoglio, editors, Networking (1), volume 6640 of Lecture Notes in Computer Science, pages 458--470. Springer, 2011.
[61]
J. Zittrain and B. Edelman. Empirical Analysis of Internet Filtering in China. pages 70--77, 2003.

Cited By

View all
  • (2024)Measuring DNS-over-HTTPS Downgrades: Prevalence, Techniques, and Bypass StrategiesProceedings of the ACM on Networking10.1145/36963852:CoNEXT4(1-22)Online publication date: 25-Nov-2024
  • (2024)NetShuffle: Circumventing Censorship with Shuffle Proxies at the Edge2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00036(3497-3514)Online publication date: 19-May-2024
  • (2024)Metadata Privacy Beyond Tunneling for Instant Messaging2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00044(697-723)Online publication date: 8-Jul-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security
October 2011
742 pages
ISBN:9781450309486
DOI:10.1145/2046707
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. censorship-resistance
  2. unobservability

Qualifiers

  • Research-article

Conference

CCS'11
Sponsor:

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)25
  • Downloads (Last 6 weeks)4
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Measuring DNS-over-HTTPS Downgrades: Prevalence, Techniques, and Bypass StrategiesProceedings of the ACM on Networking10.1145/36963852:CoNEXT4(1-22)Online publication date: 25-Nov-2024
  • (2024)NetShuffle: Circumventing Censorship with Shuffle Proxies at the Edge2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00036(3497-3514)Online publication date: 19-May-2024
  • (2024)Metadata Privacy Beyond Tunneling for Instant Messaging2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00044(697-723)Online publication date: 8-Jul-2024
  • (2023)A Survey of Steganography Tools at Layers 2-4 and HTTPProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605058(1-9)Online publication date: 29-Aug-2023
  • (2023)Stealth Key Exchange and Confined Access to the Record Protocol Data in TLS 1.3Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623099(2901-2914)Online publication date: 15-Nov-2023
  • (2023)Smart Contract-Based Multi-Stage Service Auction for Refraction Networks2023 8th International Conference on Computer and Communication Systems (ICCCS)10.1109/ICCCS57501.2023.10151197(1193-1198)Online publication date: 21-Apr-2023
  • (2021)Too Close for Comfort: Morasses of (Anti-) Censorship in the Era of CDNsProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00232021:2(173-193)Online publication date: 29-Jan-2021
  • (2021)REDACTACM SIGCOMM Computer Communication Review10.1145/3503954.350395751:4(15-22)Online publication date: 3-Dec-2021
  • (2021)Understanding the Practices of Global Censorship through Accurate, End-to-End MeasurementsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/34910555:3(1-25)Online publication date: 15-Dec-2021
  • (2021)OUStralopithecusProceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society10.1145/3463676.3485604(137-150)Online publication date: 15-Nov-2021
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media