Threat modeling and circumvention of Internet censorship

David Fifield

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2017-225
December 15, 2017

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-225.pdf

Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities—such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations.

My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements. Rather, let us state the assumptions about censor behavior atop which we build circumvention designs, and let those assumptions be based on an informed understanding of censor behavior.

Advisor: Doug Tygar


BibTeX citation:

@phdthesis{Fifield:EECS-2017-225,
    Author = {Fifield, David},
    Title = {Threat modeling and circumvention of Internet censorship},
    School = {EECS Department, University of California, Berkeley},
    Year = {2017},
    Month = {Dec},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-225.html},
    Number = {UCB/EECS-2017-225},
    Abstract = {Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities—such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations.

My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements. Rather, let us state the assumptions about censor behavior atop which we build circumvention designs, and let those assumptions be based on an informed understanding of censor behavior.}
}

EndNote citation:

%0 Thesis
%A Fifield, David
%T Threat modeling and circumvention of Internet censorship
%I EECS Department, University of California, Berkeley
%D 2017
%8 December 15
%@ UCB/EECS-2017-225
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-225.html
%F Fifield:EECS-2017-225