Workshop Program

Social networking sites, such as Twitter and Facebook, have become an impressive force in the modern world with user bases larger than many individual countries. With such influence, they have become important in the process of worldwide politics. Those seeking to be elected often use social networking accounts to promote their agendas while those opposing them may seek to either counter those views or drown them in a sea of noise. Building on previous work that analyzed a Russian event where Twitter spam was used as a vehicle to suppress political speech, we inspect five political events from 2011 and 2012: two related to China and one each from Syria, Russia, and Mexico. Each of these events revolved around popular Twitter hashtags which were inundated with spam tweets intended to overwhelm the original content. 

We find that the nature of spam varies sufficiently across incidents such that generalizations are hard to draw. Also, spammers are evolving to mimic human activity closely. However, a common theme across all incidents was that the accounts used to send spam were registered in blocks and had automatically generated usernames. Our findings can be used to guide defense mechanisms to counter political spam on social networks.

The Iranian government operates one of the largest and most sophisticated Internet censorship regimes in the world, but the mechanisms it employs have received little research attention, primarily due to lack of access to network connections within the country and personal risks to Iranian citizens who take part. In this paper, we examine the status of Internet censorship in Iran based on network measurements conducted from a major Iranian ISP during the lead up to the June 2013 presidential election. We measure the scope of the censorship by probing Alexa’s top 500 websites in 18 different categories. We investigate the technical mechanisms used for HTTP Host–based blocking, keyword filtering, DNS hijacking, and protocol-based throttling. Finally, we map the network topology of the censorship infrastructure and find evidence that it relies heavily on centralized equipment, a property that might be fruitfully exploited by next generation approaches to censorship circumvention.

Censorship systems that make dynamic blocking decisions must inspect network activity on-the-fly to identify content to filter. By inferring the analysis models of such monitors we can identify their vulnerabilities to different forms of evasions that we can then exploit for circumvention. We leverage the observation that censorship monitors essentially work on the same principles as Network Intrusion Detection Systems (NIDS) and therefore inherit the same evasion vulnerabilities already discussed in the NIDS context for years. Using this past work as a guide, we illustrate the power of illuminating a monitor’s analysis model by conducting extensive probing to test for vulnerabilities in the Great Firewall of China. We find exploitable flaws in its TCB creation and destruction, fragment and segment reassembly, packet validation, (in)completeness of HTTP analysis, and state management.

Large-scale communications blackouts, such as those carried out by Egypt and Libya in 2011 and Syria in 2012 and 2013, have motivated a series of projects that aim to enable citizens to communicate even in the face of such heavy-handed censorship efforts. A common theme across these proposals has been the use of wireless mesh networks. We argue that such networks are poorly equipped to serve as a meaningful countermeasure against large-scale blackouts due to their intrinsically poor scaling properties. We further argue that projects in this space must consider user safety as first design priority and thus far have failed to preserve user anonymity and to rely only on innocuous hardware. From these two insights, we frame a definition of dissent networks to capture the essential requirements for blackout circumvention solutions.

We devise a scalable and provably-secure protocol for fully-anonymous broadcast in large-scale networks. Similar to the dining cryptographers networks (DCNETS), our algorithm uses secure multi-party computation (MPC) to ensure anonymity. However, we address the weaknesses of DC-NETS, which are poor scalability and vulnerability to jamming attacks. When compared to the state-of-the-art, our protocol reduces the total bit complexity from O(n²) to Õ(n) per anonymous message sent in a network of size n; total latency increases from O(1) to polylog(n). We assume up to a one third fraction of the parties is controlled by a static Byzantine adversary. We further assume that this adversary is computationally unbounded, and thus make no cryptographic hardness assumptions.

Tor, the popular anonymous relay tool, incurs significant latency costs—partly due to extra network hops, but also due to TCP’s strict in-order delivery. We examine the problem of TCP’s head-of-line blocking in Tor, although this problem affects any application multiplexing streams atop TCP. Using uTCP and uTLS, techniques for enabling unordered delivery in TCP and TLS, respectively, we eliminate head-of-line blocking between Tor circuits sharing a TCP connection, without sacrificing Tor’s security. The small code footprint of uTCP and uTLS, and the minimal changes required to Tor, suggest the feasability of our approach. A micro-benchmark indicates that the integration of uTCP and uTLS can noticeably lower application-perceived latency.