Evaluating Snowflake as an Indistinguishable Censorship Circumvention Tool

07/23/2020
by   Kyle MacMillan, et al.
0

Tor is the most well-known tool for circumventing censorship. Unfortunately, Tor traffic has been shown to be detectable using deep-packet inspection. WebRTC is a popular web frame-work that enables browser-to-browser connections. Snowflake is a novel pluggable transport that leverages WebRTC to connect Tor clients to the Tor network. In theory, Snowflake was created to be indistinguishable from other WebRTC services. In this paper, we evaluate the indistinguishability of Snowflake. We collect over 6,500 DTLS handshakes from Snowflake, Facebook Messenger, Google Hangouts, and Discord WebRTC connections and show that Snowflake is identifiable among these applications with 100 accuracy. We show that several features, including the extensions offered and the number of packets in the handshake, distinguish Snowflake among these services. Finally, we suggest recommendations for improving identification resistance in Snowflake. We have made the dataset publicly available.

READ FULL TEXT
research
08/19/2020

Early Identification of Services in HTTPS Traffic

Traffic monitoring is essential for network management tasks that ensure...
research
04/20/2020

Tracemax: A Novel Single Packet IP Traceback Strategy for Data-Flow Analysis

The identification of the exact path that packets are routed on in the n...
research
11/03/2020

You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning

As Deep Packet Inspection (DPI) middleboxes become increasingly popular,...
research
05/01/2020

Practical Traffic Analysis Attacks on Secure Messaging Applications

Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp ...
research
04/25/2019

DTLS Performance - How Expensive is Security?

Secure communication is an integral feature of many Internet services. T...
research
01/24/2018

Mitigating CSRF attacks on OAuth 2.0 and OpenID Connect

Many millions of users routinely use their Google, Facebook and Microsof...
research
12/09/2020

Interconnection between darknets

Tor and i2p networks are two of the most popular darknets. Both darknets...

Please sign up or login with your details

Forgot password? Click here to reset