对Telex互联网反监管系统的攻击

doi:10.3969/j.issn.1000-436x.2014.09.005

摘要/Abstract

摘要：

Telex 作为典型的路由器重定向型反监管系统给互联网监管者带来了新的挑战。为帮助用户逃避监管，Telex利用路由器而非终端主机将用户的网络通信重定向到被屏蔽的目标站点。从审查者角度分析了Telex系统的安全性，提出了2类利用主动攻击破坏用户隐私的新方法。第一类为DoS攻击，利用了Telex握手协议的安全漏洞，在破坏系统可用性的同时还可能检出用户是否在使用Telex代理。同时给出了弥补该漏洞的改进协议。第二类称为TCP分组旁路攻击，利用非对称路由或IP隧道技术令客户端的部分TCP分组绕过路由器直达掩护站点，然后通过观察上行数据流的重传反应判断用户是否在使用Telex代理。通过一系列原型系统实验验证了旁路攻击的可行性。TCP分组旁路攻击也适用于其他路由器重定向型反监管系统。

关键词: 互联网监管, 路由器重定向, 用户隐私, DoS攻击

Abstract:

As a typical router-redirecting based anticensorship system,Telex poses new challenges for Internet censors.To help common users evade Internet censorship,Telex employs network routers,rather than end-hosts,to relay network traffics to blocked destinations.The security of Telex from the censors' perspective is analyzed,and two kinds of active attacks aiming to break users' privacy are presented.The first is a kind of DoS attack,which exploits a security flaw of Telex handshake protocol.It can probabilistically identify the users who are using Telex,as well as break the availability of Telex.An improved handshake protocol to remedy the flaw is also proposed.The second is called TCP packets by-passing attack.Under that attacking scenario,censors make a small fraction of TCP packets from clients bypass the router and reach the cover site directly through asymmetric routing paths or IP tunnels,then determine whether a user is utiliz-ing Telex by observing the reaction of upstream traffic.The feasibility of bypassing attack has been testified by a series of experiments in a prototype environment.The bypassing attack is also applicable to other router-redirecting based anti-censorship systems.

Key words: Internet censorship, router-redirecting, user privacy, DoS attack

李龙海,黄城强,王万兴,慕建君. 对Telex互联网反监管系统的攻击[J]. 通信学报, 2014, 35(9): 40-56.

Long-hai LI,Cheng-qiang HUANG,Wan-xing WANG,Jian-jun MU. Attacks on Telex Internet anticensorship system[J]. Journal on Communications, 2014, 35(9): 40-56.

图/表 13

图1

图2

图3

图4

图5

图6

表1

图7

图8

图9

图10

图11

表2

参考文献 20

[1]	ERIC W , SCOTT W , IAN G , et al. Telex: anticensorship in the net-work infrastructure[A]. Proceedings of the 20th USENIX Security Symposium[C]. San Francisco,USA, 2011.
[2]	AMIR H , GIANG T K N , CAESAR M , NIKITA B . Cirripede: cir-cumvention infrastructure using router redirection with plausible de-niability[A]. Proceedings of the 18th ACM conference on Computer and Communications Security (CCS 2011)[C]. Chicago,IL,USA, 2011.187-200.
[3]	JOSH K , DANIEL E , ALDEN W , et al. Decoy routing: toward un-blockable Internet communication[A]. Proceedings of the USENIX Workshop on Free and Open Communications on the Internet (FOCI 2011)[C]. 2011.
[4]	RICHARD C , STEVEN J M , ROBERT N M W , et al. Ignoring the great firewall of China[A]. Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)[C]. Cambridge,UK, 2006.20-35.
[5]	TARIQ E , IAN G . CORDON — A Taxonomy of Internet Censorship Resistance Strategies[R]. CACR Tech Report 2012-33, 2012.
[6]	PHILIPP W , STEFAN L . How the great firewall of China is blocking[A]. Proceedings of the USENIX Workshop on Free and Open Communications on the Internet (FOCI 2012)[C]. 2012.
[7]	QIYAN W , XUN G , GIANG T K , et al. CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing[A]. Proceedings of the 19th ACM conference on Computer and Communications Security (CCS 2012)[C]. 2012.
[8]	MAX S , JOHN G , CHRISTOPHER T , et al. Routing around decoys[A]. Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012)[C]. Raleigh,USA, 2012.85-96.
[9]	HOUMANSADR A , EDMUND L W , VITALY S . No direction home:the true cost of routing around decoys[A]. Proceedings of the Network and Distributed Security Symposium (NDSS 2014)[C]. 2014.
[10]	ANDREW H . Fingerprinting websites using traffic analysis[A]. Pro-ceedings of Privacy Enhancing Technologies workshop (PET 2002)[C]. 2002.
[11]	Cooperative association for Internet data analysis (CAIDA)[EB/OL]. .
[12]	Telex[EB/OL]. .
[13]	Netfilter/Iptables[EB/OL]. .
[14]	Squid[EB/OL]. .
[15]	TOBY E , LI J . On the state of IP spoofing defense[J]. ACM Transac-tions on Internet Technology, 2009,9(2):1-29.
[16]	The MIT ANA Spoofer project[EB/OL]. .
[17]	Internet Traffic Report[EB/OL]. .
[18]	Netem/TC[EB/OL]. .
[19]	HomeIP[EB/OL]. .
[20]	WITS[EB/OL]. .

站点		HOST错误			页面缺失		CONNECT请求
站点	响应码		分组长度	响应码		分组长度	响应码	分组长度
bing.com	400		403	301		306*	400	426
google.com	400		462	404		1 172*	405	1 141
amazon.com	忽略		—	404		15 298	400	176
walmart.com	400		403	404		57 892*	400	426
wikipedia.org	400		200*	404		3 314*	400	3 256*
usatoday.com	400		403	301		226	400	426
msn.com	301		295*	404		41 195*	400	472
yahoo.com	302		545	404		1 021	302	545
aol.com	忽略		—	404		23 141*	503	188
apple.com	400		403	404		10 201*	400	426
hotmail.com	忽略		—	302		137*	400	503
bbc.co.uk	301		688	404		18 053	301	632
lycos.com	301		485	404		2 190	400	415
flickr.com	404		210	404		17 287*	400	66
imdb.com	301		1 018*	404		478	400	176

数据集	P_Loss=0%		P_Loss=1%		P_Loss=5%
数据集	Telex客户	普通客户	Telex客户	普通客户	Telex客户	普通客户
HomeIP	1	0	1	0.009	1	0.054
WAND	1	0	1	0.013	1	0.063
Random	1	0	1	0.011	1	0.052