cse 592 internet censorship (fall 2015) lecture 23 phillipa gill - stony brook u
TRANSCRIPT
![Page 1: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/1.jpg)
CSE 592INTERNET CENSORSHIP
(FALL 2015)
LECTURE 23
PHILLIPA GILL - STONY BROOK U.
![Page 2: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/2.jpg)
WHERE WE ARE
Last time:
• Parrot is dead + Cover Your Acks
Today
• Quick hands on activity
• Decoy routing overview
• Telex
• Tap Dance (video)
![Page 3: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/3.jpg)
REVIEW QUESTIONS
1. What type of censor adversary does decoy routing assume?
2. How does it try to evade this type of censor?
3. Describe how decoy routing works.
4. What is a sentinel? What is its purpose? Give an example.
5. Why would operators be reluctant to deploy Telex/Cirripede?
6. What property of Tap Dance is meant to reduce operator reluctance?
7. What key observation does Tap Dance use to suppress a response from the legitimate server? Why does this type of packet not get a response from the server?
![Page 4: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/4.jpg)
TODAY: DECOY ROUTING
Defending against decoy routing!
- Routing around decoys
- No way home.
ACKS: Slides courtesy Amir Houmansadr @ UMass.
![Page 5: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/5.jpg)
Routing Around Decoys
Schuchard et al., ACM CCS 2012
![Page 6: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/6.jpg)
The Non-Democratic Republic of Repressistan
Gateway
6
Blocked
Routing Around Decoys (RAD)
Decoy ASNon-blocked
CS660 - Advanced Information Assurance - UMassAmherst
![Page 7: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/7.jpg)
The Costs of Routing Around Decoys
Houmansadr et al., NDSS 2014
![Page 8: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/8.jpg)
This paper
• Concrete analysis based on real inter-domain routing data– As opposed to relying on the AS graph only
• While technically feasible, RAD imposes significant costs to censors
8CS660 - Advanced Information Assurance - UMassAmherst
![Page 9: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/9.jpg)
• Main intuition: Internet paths are not equal!– Standard decision making in BGP aims to maximize
QoS and minimize costs
9CS660 - Advanced Information Assurance - UMassAmherst
![Page 10: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/10.jpg)
The Non-Democratic Republic of Repressistan
Gateway
10
Blocked
1. Degraded Internet reachability
Decoy ASNon-blocked
Decoy AS
CS660 - Advanced Information Assurance - UMassAmherst
![Page 11: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/11.jpg)
Path preference in BGP
• ASes are inter-connected based on business relationships– Customer-to-provider– Peer-to-peer– Sibling-to-sibling
• Standard path preference:1. Customer2. Peer/Sibling3. Provider
11CS660 - Advanced Information Assurance - UMassAmherst
![Page 12: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/12.jpg)
Valley-free routing
• A valley-free Internet path: each transit AS is paid by at least one neighbor AS in the path
• ISPs widely practice valley-free routing
12CS660 - Advanced Information Assurance - UMassAmherst
![Page 13: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/13.jpg)
The Non-Democratic Republic of Repressistan
Gateway
13
Blocked
2. Non-valley-free routes
Decoy ASNon-blocked
Provider
Customer Provider
CS660 - Advanced Information Assurance - UMassAmherst
![Page 14: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/14.jpg)
The Non-Democratic Republic of Repressistan
Gateway
14
Blocked
3. More expensive paths
Decoy ASNon-blocked
Customer
Provider
CS660 - Advanced Information Assurance - UMassAmherst
![Page 15: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/15.jpg)
The Non-Democratic Republic of Repressistan
Gateway
15
Blocked
4. Longer paths
Decoy ASNon-blocked
CS660 - Advanced Information Assurance - UMassAmherst
![Page 16: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/16.jpg)
The Non-Democratic Republic of Repressistan
Gateway
16
Blocked
5. Higher path latencies
Decoy ASNon-blocked
CS660 - Advanced Information Assurance - UMassAmherst
![Page 17: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/17.jpg)
The Non-Democratic Republic of Repressistan
Gateway
17
Blocked
6. New transit ASes
Decoy ASNon-blocked
Edge AS
CS660 - Advanced Information Assurance - UMassAmherst
![Page 18: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/18.jpg)
The Non-Democratic Republic of Repressistan
Gateway
18
Blocked
7. Massive changes in transit load
Decoy ASNon-blocked
Transit AS
Transit AS
Loses transit traffic
Over-loadsCS660 - Advanced Information Assurance -
UMassAmherst
![Page 19: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/19.jpg)
Simulations
• Use CBGP simulator for BGP– Python wrapper
• Datasets:– Geographic location (GeoLite dataset)– AS relations (CAIDA’s inferred AS relations)– AS ranking (CAIDA’s AS rank dataset)– Latency (iPlane’s Inter-PoP links dataset)– Network origin (iPlane’s Origin AS mapping dataset)
• Analyze RAD for– Various placement strategies– Various placement percentages– Various target/deploying Internet regions
19CS660 - Advanced Information Assurance - UMassAmherst
![Page 20: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/20.jpg)
Costs for the Great Firewall of China
• A 2% random decoy placement disconnects China from 4% of the Internet
• Additionally:– 16% of routes become more expensive– 39% of Internet routes become longer– Latency increases by a factor of 8– The number of transit ASes increases by 150%– Transit loads change drastically (one AS increases
by a factor of 2800, the other decreases by 32%)
20CS660 - Advanced Information Assurance - UMassAmherst
![Page 21: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/21.jpg)
Strategic placement
• RAD considers random selection for decoy ASes– This mostly selects edge ASes – Decoys should be deployed in transit ASes instead• For better unobservability• For better resistance to blocking
21
86% are edge ASes
CS660 - Advanced Information Assurance - UMassAmherst
![Page 22: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/22.jpg)
Strategic placement
224% unreachability
20% unreachability
43% unreachability
CS660 - Advanced Information Assurance - UMassAmherst
![Page 23: CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 23 PHILLIPA GILL - STONY BROOK U](https://reader034.vdocuments.site/reader034/viewer/2022051116/5697c0231a28abf838cd432b/html5/thumbnails/23.jpg)
Lessons
1. RAD is prohibitively costly to the censors– Monetary costs, as well as collateral damage
2. Strategic placement of decoys significantly increases the costs to the censors
3. The RAD attack is more costly to less-connected state-level censors
4. Even a regional placement is effective 5. Analysis of inter-domain routing requires a
fine-grained data-driven approach23CS660 - Advanced Information Assurance -
UMassAmherst