DNS-sly: Avoiding Censorship through Network Complexity
نویسندگان
چکیده
We design DNS-sly, a counter-censorship system which enables a covert channel between a DNS client and server. To achieve covertness and deniability in the upstream direction, DNS-sly applies user personalization, adapting to individual behaviors. In the downstream direction, it utilizes CDN-related DNS responses to embed data, while retaining statistical covertness. We show DNS-sly achieves downstream throughput of up to 600 Bytes of raw hidden data per click on a regular Web page, making it a practical system in the context of a covert Web proxy service. We implement DNS-sly and evaluate it in a known censorship environment, demonstrating its real-world usability.
منابع مشابه
Internet Censorship in Iran: A First Look
The Iranian government operates one of the largest and most sophisticated Internet censorship regimes in the world, but the mechanisms it employs have received little research attention, primarily due to lack of access to network connections within the country and personal risks to Iranian citizens who take part. In this paper, we examine the status of Internet censorship in Iran based on netwo...
متن کاملDetecting DNS Censorship without an internal vantage point
One challenge in detecting online censorship is the need for vantage points within the censoring domains. We focus on the specific subproblem of DNS blacklisting, where servers in a particular administrative domain are instructed not to resolve requests for specific sites. We find that for this problem internal vantage points are not needed, since public DNS servers in a given domain can be dir...
متن کاملTowards a Comprehensive Picture of the Great Firewall's DNS Censorship
China’s Great Firewall passively inspects network traffic and disrupts unwanted communication by injecting forged DNS replies or TCP resets. We attempted to comprehensively examine the structure of the DNS injector, using queries from both within and outside China. Using these probes, we were able to localize the DNS monitors’ locations, extract the firewall’s DNS blacklist of approximately 15,...
متن کاملGlobal-Scale Measurement of DNS Manipulation
Roya Ensafi is a Research Assistant Professor in Computer Science and Engineering at the University of Michigan, where her research focuses on computer networking and security. She pioneered the use of side-channels to remotely measure network interference and censorship of Internet traffic. Prior to joining Michigan, she was a postdoc at Princeton University. [email protected] Despite the perva...
متن کاملA Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients
Commercial Virtual Private Network (VPN) services have become a popular and convenient technology for users seeking privacy and anonymity. They have been applied to a wide range of use cases, with commercial providers often making bold claims regarding their ability to fulfil each of these needs, e.g., censorship circumvention, anonymity and protection from monitoring and tracking. However, as ...
متن کامل