Examining how the great firewall discovers hidden circumvention servers

Roya Ensafi, David Fifield, Philipp Winter, Nick Feamster, Nicholas Weaver, Vern Paxson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

71 Scopus citations

Abstract

Recently, the operators of the national censorship infrastructure of China began to employ "active probing" to detect and block the use of privacy tools. This probing works by passively monitoring the network for suspicious traffic, then actively probing the corresponding servers, and blocking any that are determined to run circumvention servers such as Tor. We draw upon multiple forms of measurements, some spanning years, to illuminate the nature of this probing. We identify the different types of probing, develop fingerprinting techniques to infer the physical structure of the system, localize the sensors that trigger probing - showing that they differ from the "Great Firewall" infrastructure - and assess probing's efficacy in blocking different versions of Tor. We conclude with a discussion of the implications for designing circumvention servers that resist such probing mechanisms.

Original languageEnglish (US)
Title of host publicationIMC 2015 - Proceedings of the 2015 ACM Internet Measurement Conference
PublisherAssociation for Computing Machinery
Pages445-458
Number of pages14
ISBN (Electronic)9781450338486
DOIs
StatePublished - Oct 28 2015
EventACM Internet Measurement Conference, IMC 2015 - Tokyo, Japan
Duration: Oct 28 2015Oct 30 2015

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
Volume2015-October

Other

OtherACM Internet Measurement Conference, IMC 2015
Country/TerritoryJapan
CityTokyo
Period10/28/1510/30/15

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Keywords

  • Active probing
  • Censorship circumvention
  • Deep packet inspection
  • Great firewall of China
  • Tor

Fingerprint

Dive into the research topics of 'Examining how the great firewall discovers hidden circumvention servers'. Together they form a unique fingerprint.

Cite this