DeepAI AI Chat
Log In Sign Up

Evaluating Snowflake as an Indistinguishable Censorship Circumvention Tool

by   Kyle MacMillan, et al.

Tor is the most well-known tool for circumventing censorship. Unfortunately, Tor traffic has been shown to be detectable using deep-packet inspection. WebRTC is a popular web frame-work that enables browser-to-browser connections. Snowflake is a novel pluggable transport that leverages WebRTC to connect Tor clients to the Tor network. In theory, Snowflake was created to be indistinguishable from other WebRTC services. In this paper, we evaluate the indistinguishability of Snowflake. We collect over 6,500 DTLS handshakes from Snowflake, Facebook Messenger, Google Hangouts, and Discord WebRTC connections and show that Snowflake is identifiable among these applications with 100 accuracy. We show that several features, including the extensions offered and the number of packets in the handshake, distinguish Snowflake among these services. Finally, we suggest recommendations for improving identification resistance in Snowflake. We have made the dataset publicly available.


Early Identification of Services in HTTPS Traffic

Traffic monitoring is essential for network management tasks that ensure...

Tracemax: A Novel Single Packet IP Traceback Strategy for Data-Flow Analysis

The identification of the exact path that packets are routed on in the n...

You Do (Not) Belong Here: Detecting DPI Evasion Attacks with Context Learning

As Deep Packet Inspection (DPI) middleboxes become increasingly popular,...

Practical Traffic Analysis Attacks on Secure Messaging Applications

Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp ...

DTLS Performance - How Expensive is Security?

Secure communication is an integral feature of many Internet services. T...

Mitigating CSRF attacks on OAuth 2.0 and OpenID Connect

Many millions of users routinely use their Google, Facebook and Microsof...

Interconnection between darknets

Tor and i2p networks are two of the most popular darknets. Both darknets...