Papers are available for download below to registered attendees now and to everyone beginning Tuesday, August 11, 2020. Paper abstracts are available to everyone now. Copyright to the individual works is retained by the author[s].
All the times listed below are in Pacific Daylight Time (PDT).
Downloads for Registered Attendees
(Sign in to your USENIX account to download these files.)
Tuesday, August 11
7:00 am–7:15 am
Opening Remarks
Program Co-Chairs: Roya Ensafi, University of Michigan, and Hans Klein, Georgia Institute of Technology
7:15 am–8:00 am
Censorship Detection
Session Chairs: Roya Ensafi and Reethika Ramesh, University of Michigan
Opening Digital Borders Cautiously yet Decisively: Digital Filtering in Saudi Arabia
Fatemah Alharbi, Taibah University, Yanbu; Michalis Faloutsos and Nael Abu-Ghazaleh, University of California, Riverside
Our study makes a rare positive observation: Saudi Arabia has been opening its digital borders since 2017 in a deliberate new era towards openness. In this paper, we present a comprehensive longitudinal study of digital filtering, which we define to include both mobile apps and website access, in Saudi Arabia over a period of three years. Our results show that Saudi Arabia has indeed made significant progress towards opening its digital borders: (a) the use of mobile applications has been significantly permitted; and (2) web access is becoming more open. We use: (a) 18 social media and communications mobile apps such as WhatsApp, Facetime, and Skype; and (b) Alexa’s top 500 websites in 18 different categories. For mobile app access, our mobile app group was completely blocked in 2017, but access was permitted to 67% in 2018, 93% in 2019, and all, except WeChat, in 2020. For web access, we find that Internet filtering decreased by 3.4% and 2.2% in Adult and Shopping, respectively, which are the most two blocked categories. Finally, we examine how digital filtering reflects the wider geopolitical events, such as the blocking of ISIS-friendly sites in 2020 and news sites from Qatar, Iran, and Turkey in 2017, 2018, and 2020, respectively, due to diplomatic tensions.
Detecting and Evading Censorship-in-Depth: A Case Study of Iran’s Protocol Whitelister
Kevin Bock, Yair Fax, Kyle Reese, Jasraj Singh, and Dave Levin, University of Maryland
As the censorship arms race advances, some nation-states are deploying “censorship-in depth,” composing multiple orthogonal censorship mechanisms. This can make it more difficult to both measure and evade censorship. Earlier this year, Iran deployed their protocol filter that permits only a small set of protocols (DNS, HTTP, and HTTPS) and censors connections using any other protocol. Iran composes their protocol filter with their standard censorship, threatening the success of existing evasion tools and measurement efforts. In this paper, we present the first detailed analysis of Iran’s protocol filter: how it works, its limitations, and how it can be defeated. We reverse engineer the fingerprints used by the protocol filter, enabling tool developers to bypass the filter, and report on multiple packet-manipulation strategies that defeat the filter. Despite acting concurrently with and on the same traffic as Iran’s standard DPI-based censorship, we demonstrate that it is possible to engage with (and defeat) each censorship system in isolation. Our code is publicly available at https://geneva.cs.umd.edu.
Triplet Censors: Demystifying Great Firewall’s DNS Censorship Behavior
Anonymous; Arian Akhavan Niaki, University of Massachusetts Amherst; Nguyen Phong Hoang, Stony Brook University; Phillipa Gill and Amir Houmansadr, University of Massachusetts Amherst
The Great Firewall of China (GFW) has long used DNS packet injection to censor Internet access. In this work, we analyze the DNS injection behavior of the GFW over a period of nine months using the Alexa top 1M domains as a test list. We first focus on understanding the publicly routable IPs used by the GFW and observe groups of IPs used to filter specific sets of domains. We also see a sharp decline in public IPs injected by the GFW in November 2019. We then fingerprint three different injectors that we observe in our measurements. Notably, one of these injectors mirrors the IP TTL value from probe packets in its injected packets which has implications for the use of TTL-limited probes for localizing censors. Finally, we confirm that our observations generally hold across IP prefixes registered in China.
8:00 am–8:15 am
Break
8:15 am–9:15 am
New Directions in Evasion
Session Chairs: Roya Ensafi and Reethika Ramesh, University of Michigan
Slitheen++: Stealth TLS-based Decoy Routing
Benedikt Birtel and Christian Rossow, CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH
We present Slitheen++, a decoy routing system that---in contrast to its predecessor Slitheen---is not susceptible to traffic analysis in the upstream channel. Slitheen++ overcomes key challenges such as scheduling for covert connections and technologies to more realistically emulate a real user's behavior, such as crawling or delaying overt communication. We measure Slitheen++ according to metrics that not only show the maximum theoretical throughput of the system, but for the first time, also assess the actual user experience by measuring loading times of websites from ten covert targets. We show that emulating a user increases loading times, yet raises the difficulty for an advanced censor to expose decoy routing as such. For example, crawling raises the median of the loading time for covert setups by 1 second from 7s to 8s.
Turbo Tunnel, a good way to design censorship circumvention protocols
David Fifield
This paper advocates for the use of an interior session and reliability layer in censorship circumvention systems—some protocol that provides a reliable stream interface over a possibly unreliable or transient carrier protocol, with sequence numbers, acknowledgements, and retransmission of lost data. The inner session layer enables persistent end-to-end session state that is largely independent of, and survives disruptions in, the outer obfuscation layer by which it is transported.
The idea—which I call Turbo Tunnel—is simple, but has many benefits. Decoupling an abstract session from the specific means of censorship circumvention provides more design flexibility, and in some cases may increase blocking resistance and performance. This work motivates the concept by exploring specific problems that a Turbo Tunnel design can solve, describes the essential components of such a design, and reflects on the experience of implementation in the obfs4, meek, and Snowflake circumvention systems, as well as a new DNS over HTTPS tunnel.
HTTPT: A Probe-Resistant Proxy
Sergey Frolov and Eric Wustrow, University of Colorado Boulder
Recently, censors have been observed using increasingly sophisticated active probing attacks to reliably identify and block proxies. In this paper, we introduce HTTPT, a proxy designed to hide behind HTTPS servers to resist these active probing attacks. HTTPT leverages the ubiquity of the HTTPS protocol to effectively blend in with Internet traffic, making it more difficult for censors to block. We describe the challenges that HTTPT must overcome, and the benefits it has over previous probe resistant designs.
MIMIQ: Masking IPs with Migration in QUIC
Yashodhar Govil, Liang Wang, and Jennifer Rexford, Princeton University
The emerging QUIC transport protocol offers new opportunities to protect user privacy. We present MIMIQ, a privacy-enhancing system that leverages QUIC to protect user identity and thwart traffic-analysis attacks. MIMIQ leverages QUIC's connection migration capability to change a client's IP address frequently---even \emph{within} individual connections---without disrupting ongoing transfers or changing the client's physical location. MIMIQ is readily deployable, requiring no cooperation from networks other than the trusted network where it runs. The trusted network facilitates routing of return traffic by running an address allocation server that assigns IP addresses to clients and forwarding rules to switches. By strategically choosing migration times, MIMIQ can defeat certain traffic-analysis attacks while incurring low performance overhead.
9:15 am–9:30 am
Break
9:30 am–10:30 am
Traffic Analysis and Privacy
Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS
Jonas Bushart and Christian Rossow, CISPA Helmholtz Center for Information Security
DNS over TLS (DoT) and DNS over HTTPS (DoH) encrypt DNS to guard user privacy by hiding DNS resolutions from passive adversaries. Yet, past attacks have shown that encrypted DNS is still sensitive to traffic analysis. As a consequence, RFC 8467 proposes to pad messages prior to encryption, which heavily reduces the characteristics of encrypted traffic. In this paper, we show that padding alone is insufficient to counter DNS traffic analysis. We propose a novel traffic analysis method that combines size and timing information to infer the websites a user visits purely based on encrypted and padded DNS traces. To this end, we model DNS Sequences that capture the complexity of websites that usually trigger dozens of DNS resolutions instead of just a single DNS transaction. A closed world evaluation based on the Tranco top-10k websites reveals that attackers can deanonymize test traces for 86.1 % of all websites, and even correctly label all traces for 65.9 % of the websites. Our findings undermine the privacy goals of state-of-the-art message padding strategies in DoT/DoH. We conclude by showing that successful mitigations to such attacks have to remove the entropy of inter-arrival timings between query responses.
A Comprehensive Study of DNS-over-HTTPS Downgrade Attack
Qing Huang, University of California, Irvine; Deliang Chang, Tsinghua University; Zhou Li, University of California, Irvine
DNS-over-HTTPS (DoH) is one major effort to protect DNS confidentiality and integrity, which has been deployed by most of the popular browsers. However, we found this effort could be tainted by the downgrade attack, which exposes the content of DNS communications to attackers like censors. Specifically, we examined 6 browsers with 4 attack vectors that are relevant to our attack model and found all combinations that lead to successful attacks. The fundamental reason is that all browsers enable Opportunistic Privacy profile by default, which allows DoH fall backs to DNS when DoH is not usable. However, it is still concerning that none of the browsers attempt to notify users when such a change happens and some browsers take a long time to recover to DoH. At the end of the paper, we propose some countermeasures and we call for discussions from the Internet community to revisit the standards and implementations about DoH and usage profiles.
Identifying Disinformation Websites Using Infrastructure Features
Austin Hounsel, Jordan Holland, Ben Kaiser, and Kevin Borgolte, Princeton University; Nick Feamster, University of Chicago; Jonathan Mayer, Princeton University
Platforms have struggled to keep pace with the spread of disinformation. Current responses like user reports, manual analysis, and third-party fact checking are slow and difficult to scale, and as a result, disinformation can spread unchecked for some time after being created. Automation is essential for enabling platforms to respond rapidly to disinformation.
In this work, we explore a new direction for automated detection of disinformation websites: infrastructure features. Our hypothesis is that while disinformation websites may be perceptually similar to authentic news websites, there may also be significant non-perceptual differences in the domain registrations, TLS/SSL certificates, and web hosting configurations. Infrastructure features are particularly valuable for detecting disinformation websites because they are available before content goes live and reaches readers, enabling early detection.
We demonstrate the feasibility of our approach on a large corpus of labeled website snapshots. We also present results from a preliminary real-time deployment, successfully discovering disinformation websites while highlighting unexplored challenges for automated disinformation detection.
Bystanders’ Privacy: The Perspectives of Nannies on Smart Home Surveillance
Julia Bernd, International Computer Science Institute; University of California, Berkeley; Ruba Abu-Salma, Centre INRIA Sophia Antipolis-Méditerranée; Alisa Frik, International Computer Science Institute; University of California, Berkeley
The increasing use of smart home devices affects the privacy not only of device owners, but also of individuals who did not choose to deploy them, and may not even be aware of them. Some smart home devices and systems, especially those with cameras, can be used for remote surveillance of, for example, domestic employees. Domestic workers represent a special case of bystanders’ privacy, due to the blending of home, work, and care contexts, and employer–employee power differentials. To examine the experiences, perspectives, and privacy concerns of domestic workers, we begin with a case study of nannies and of parents who employ nannies. We conducted 26 interviews with nannies and 16 with parents. This paper describes the research agenda, motivation, and methodology for our study, along with preliminary findings.
10:30 am–11:15 am
Lunch Break
11:15 am–12:45 pm
Panel 1
Internet Freedom in the International Arena
Moderator: Roya Ensafi, Assistant Professor of Computer Science and Engineering, and Founder of Censored Planet, University of Michigan
Panelists: Irene Poetranto, Senior Researcher, Citizen Lab, Munk School, University of Toronto; Hans Klein, Associate Professor, School of Public Policy, Georgia Tech; Bill Marczak, Senior Researcher, Citizen Lab, and Post-doctoral Researcher, University of California, Berkeley
A new cold war has emerged, and Internet Freedom is at the heart of it. US policies have sought to influence politics in other countries, empowering citizens vis a vis their governments, but those governments have cried foul, claiming foreign interference and destabilization. The historical record gives grounds for concern, with conflict erupting in Egypt, Syria, Libya, and Ukraine. This panel will examine Internet Freedom in terms of geopolitics between states.
12:45 pm–1:00 pm
Break
1:00 pm–2:30 pm
Panel 2
Internet Freedom in the Domestic Arena
Moderator: Anita Nikolich, Research Professor of Computer Science and director of ACT Center, Illinois Institute of Technology
Panelists: Nadine Strossen, Former President, American Civil Liberties Union, and John Marshall Harlan II Professor of Law, Emerita at New York Law School; Milton Mueller, Professor, School of Public Policy, Georgia Tech, and Director of the Internet Governance Project; Alex Halderman, Professor of Computer Science and Engineering, and Director of the Center for Computer Security & Society, University of Michigan; Roger Dingledine, Co-founder, Tor Project
Does the Internet empower free speech—or is it a powerful tool to control speech? Internet publishing has allowed new voices and analyses to multiply, but online publishers increasingly complain of being de-ranked, de-monetized, and de-legitimated as fake news. Individual speech has also been empowered but has increasingly met with a social media-fueled "cancel culture" that renders dissenters fearful of online attacks. This panel will examine challenges to Internet Freedom in the context of the US and other Western societies.
2:30 pm–2:45 pm
Break
2:45 pm–4:15 pm
Panel 3
US Internet Freedom Policies: Past, Present, and Future
Panelists: Rebecca MacKinnon, Director, Ranking Digital Rights, New America; Max Hunter, Electronic Frontier Foundation; Hans Klein, Georgia Institute of Technology
Ten years ago the US Secretary of State announced an ambitious program in Internet Freedom, and ten years of programs have since followed, much of it centered in the Open Technology Fund (OTF). Two months ago the Trump administration made wholesale changes at OTF (and other information agencies, like Voice of America.) In this panel, we review the accomplishments—and some of the criticisms—of US Internet Freedom policies and institutions.
4:15 pm–4:30 pm
Closing Remarks
Program Co-Chairs: Roya Ensafi, University of Michigan, and Hans Klein, Georgia Institute of Technology