Network measurement methods for locating and examining censorship devices

Ram Sundara Raman, Mona Wang, Jakub Dalek, Jonathan Mayer, Roya Ensafi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Advances in networking and firewall technology have led to the emergence of network censorship devices that can perform large-scale, highly-performant content blocking. While such devices have proliferated, techniques to locate, identify, and understand them are still limited, require cumbersome manual effort, and are developed on a case-by-case basis. In this paper, we build robust, general-purpose methods to understand various aspects of censorship devices, and study devices deployed in 4 countries (Azerbaijan, Belarus, Kazakhstan, and Russia). We develop a censorship traceroute method, CenTrace, that automatically identifies the network location of censorship devices. We use banner grabs to identify vendors from potential censorship devices. To collect more features about the devices themselves, we build a censorship fuzzer, CenFuzz, that uses various HTTP request and TLS Client Hello fuzzing strategies to examine the rules and triggers of censorship devices. Finally, we use features collected using these methods to cluster censorship devices and explore device characteristics across deployments. Using CenTrace measurements, we find that censorship devices are often deployed in ISPs upstream to clients, sometimes even in other countries. Using data from banner grabs and injected block-pages, we identify 23 commercial censorship device deployments in Azerbaijan, Belarus, Kazakhstan, and Russia. We observe that certain CenFuzz strategies such as using a different HTTP method succeed in evading a large portion of these censorship devices, and observe that devices manufactured by the same vendors have similar evasion behavior using clustering. The methods developed in this paper apply consistently and rapidly across a wide range of censorship devices and enable continued understanding and monitoring of censorship devices around the world.

Original languageEnglish (US)
Title of host publicationCoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies
PublisherAssociation for Computing Machinery, Inc
Pages1-17
Number of pages17
ISBN (Electronic)9781450395083
DOIs
StatePublished - Nov 30 2022
Event18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022 - Rome, Italy
Duration: Dec 6 2022Dec 9 2022

Publication series

NameCoNEXT 2022 - Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies

Conference

Conference18th ACM Conference on Emerging Networking Experiment and Technologies, CoNEXT 2022
Country/TerritoryItaly
CityRome
Period12/6/2212/9/22

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture

Keywords

  • censorship
  • measurement
  • network fingerprinting

Fingerprint

Dive into the research topics of 'Network measurement methods for locating and examining censorship devices'. Together they form a unique fingerprint.

Cite this