Eric Wustrow, Colleen Swanson, Alex Halderman
Citation
Eric Wustrow, Colleen Swanson, Alex Halderman. "TapDance: End-to-Middle Anticensorship without Flow Blocking". Usenix Security 2014, 20, August, 2014.
Abstract
In response to increasingly sophisticated state-sponsored
Internet censorship, recent research has proposed a new
approach to censorship resistance: end-to-middle proxying.
This concept, developed in systems such as Telex,
Decoy Routing, and Cirripede, moves anticensorship technology
into the core of the network, at large ISPs outside
the censoring country. In this paper, we focus on two technical
barriers to the deployment of end-to-middle proxy
designs-- the need to selectively block flows, and the
need to observe both directions of a connection-- and we
propose a new construction, TapDance, that avoids these
shortcomings. To accomplish this, we employ a novel
TCP-level technique that allows the anticensorship station
at an ISP to function as a passive network tap, without
an inline blocking component. We also apply a novel
steganographic encoding to embed control messages in
TLS ciphertext, allowing us to operate on HTTPS connections
even with asymmetric flows. We implement and
evaluate a proof-of-concept prototype of TapDance with
the goal of functioning with minimal impact on normal
ISP operations.
Electronic downloads
- Wustrow_TapDance_Usenix.pdf · application/pdf · 1525 kbytes
- https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/wustrow
- https://jhalderm.com/pub/papers/tapdance-sec14.pdf
| Citation formats |
- HTML
Eric Wustrow, Colleen Swanson, Alex Halderman. <a href="http://www.terraswarm.org/pubs/324.html" >TapDance: End-to-Middle Anticensorship without Flow Blocking</a>, Usenix Security 2014, 20, August, 2014.
- Plain text
Eric Wustrow, Colleen Swanson, Alex Halderman. "TapDance: End-to-Middle Anticensorship without Flow Blocking". Usenix Security 2014, 20, August, 2014.
- BibTeX
@inproceedings{WustrowSwansonHalderman14_TapDanceEndtoMiddleAnticensorshipWithoutFlowBlocking, author = {Eric Wustrow and Colleen Swanson and Alex Halderman}, title = {TapDance: End-to-Middle Anticensorship without Flow Blocking}, booktitle = {Usenix Security 2014}, day = {20}, month = {August}, year = {2014}, abstract = {In response to increasingly sophisticated state-sponsored Internet censorship, recent research has proposed a new approach to censorship resistance: end-to-middle proxying. This concept, developed in systems such as Telex, Decoy Routing, and Cirripede, moves anticensorship technology into the core of the network, at large ISPs outside the censoring country. In this paper, we focus on two technical barriers to the deployment of end-to-middle proxy designs-- the need to selectively block flows, and the need to observe both directions of a connection-- and we propose a new construction, TapDance, that avoids these shortcomings. To accomplish this, we employ a novel TCP-level technique that allows the anticensorship station at an ISP to function as a passive network tap, without an inline blocking component. We also apply a novel steganographic encoding to embed control messages in TLS ciphertext, allowing us to operate on HTTPS connections even with asymmetric flows. We implement and evaluate a proof-of-concept prototype of TapDance with the goal of functioning with minimal impact on normal ISP operations.}, URL = {http://terraswarm.org/pubs/324.html} }
Posted by Barb Hoversten on 12 Jun 2014.
Groups: services
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.