TapDance: End-to-Middle Anticensorship without Flow Blocking
Eric Wustrow, Colleen Swanson, Alex Halderman

Citation
Eric Wustrow, Colleen Swanson, Alex Halderman. "TapDance: End-to-Middle Anticensorship without Flow Blocking". Usenix Security 2014, 20, August, 2014.

Abstract
In response to increasingly sophisticated state-sponsored Internet censorship, recent research has proposed a new approach to censorship resistance: end-to-middle proxying. This concept, developed in systems such as Telex, Decoy Routing, and Cirripede, moves anticensorship technology into the core of the network, at large ISPs outside the censoring country. In this paper, we focus on two technical barriers to the deployment of end-to-middle proxy designs-- the need to selectively block flows, and the need to observe both directions of a connection-- and we propose a new construction, TapDance, that avoids these shortcomings. To accomplish this, we employ a novel TCP-level technique that allows the anticensorship station at an ISP to function as a passive network tap, without an inline blocking component. We also apply a novel steganographic encoding to embed control messages in TLS ciphertext, allowing us to operate on HTTPS connections even with asymmetric flows. We implement and evaluate a proof-of-concept prototype of TapDance with the goal of functioning with minimal impact on normal ISP operations.

Electronic downloads

Citation formats  
  • HTML
    Eric Wustrow, Colleen Swanson, Alex Halderman. <a
    href="http://www.terraswarm.org/pubs/324.html"
    >TapDance: End-to-Middle Anticensorship without Flow
    Blocking</a>, Usenix Security 2014, 20, August, 2014.
  • Plain text
    Eric Wustrow, Colleen Swanson, Alex Halderman.
    "TapDance: End-to-Middle Anticensorship without Flow
    Blocking". Usenix Security 2014, 20, August, 2014.
  • BibTeX
    @inproceedings{WustrowSwansonHalderman14_TapDanceEndtoMiddleAnticensorshipWithoutFlowBlocking,
        author = {Eric Wustrow and Colleen Swanson and Alex Halderman},
        title = {TapDance: End-to-Middle Anticensorship without
                  Flow Blocking},
        booktitle = {Usenix Security 2014},
        day = {20},
        month = {August},
        year = {2014},
        abstract = {In response to increasingly sophisticated
                  state-sponsored Internet censorship, recent
                  research has proposed a new approach to censorship
                  resistance: end-to-middle proxying. This concept,
                  developed in systems such as Telex, Decoy Routing,
                  and Cirripede, moves anticensorship technology
                  into the core of the network, at large ISPs
                  outside the censoring country. In this paper, we
                  focus on two technical barriers to the deployment
                  of end-to-middle proxy designs-- the need to
                  selectively block flows, and the need to observe
                  both directions of a connection-- and we propose a
                  new construction, TapDance, that avoids these
                  shortcomings. To accomplish this, we employ a
                  novel TCP-level technique that allows the
                  anticensorship station at an ISP to function as a
                  passive network tap, without an inline blocking
                  component. We also apply a novel steganographic
                  encoding to embed control messages in TLS
                  ciphertext, allowing us to operate on HTTPS
                  connections even with asymmetric flows. We
                  implement and evaluate a proof-of-concept
                  prototype of TapDance with the goal of functioning
                  with minimal impact on normal ISP operations.},
        URL = {http://terraswarm.org/pubs/324.html}
    }
    

Posted by Barb Hoversten on 12 Jun 2014.
Groups: services

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.