When: Tuesday, April 14, 2015 – 3:10 pm
Where: 1131 Kemper
Abstract: In response to increasingly sophisticated state-sponsored Internet censorship, recent work has proposed a new, state-level approach to censorship resistance: end-to-middle (E2M) proxying. This concept, developed in systems such as Telex, Decoy Routing, and Cirripede, moves anticensorship technology into the core of the network, at large ISPs outside the censoring country. E2M proxies work by disguising a client’s connection to a censored server as an innocuous HTTPS connection to an unblocked, decoy server. Unfortunately, the original E2M protocols require an inline blocking element at ISPs, which is a significant obstacle to deployment.
In this talk, I will present a new protocol, TapDance, that is designed to have minimal impact on the cooperating ISP’s network operations. TapDance employs a novel TCP-level technique that only requires the anticensorship proxy to function as a passive network tap, without an inline blocking component. Additionally, TapDance uses a novel steganographic encoding to embed control messages in TLS ciphertext, allowing the anticensorship proxy to operate on HTTPS connections even under asymmetric routing.
Joint work with Eric Wustrow and J. Alex Halderman Paper appeared at the USENIX Security Symposium, 2014
1131 Kemper Hall