-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The Parrot is Dead: Observing Unobservable Network Communications (S&P 2013) #244
Comments
The Parrot is Dead: Observing Unobservable Network Communications This paper identifies distinguishability vulnerabilities in three contemporary (proposed) circumvention systems: SkypeMorph, StegoTorus, and CensorSpoofer. These are examples of what the authors call "parrot" circumvention systems, which means that they attempt to blend in with some other application or protocol by imitating its external characteristics. SkypeMorph imitates Skype, StegoTorus imitates Skype or HTTP, and CensorSpoofer imitates standards-based VoIP. The study uncovers subtle and not-so-subtle ways in which the circumvention systems fail to be perfect imitations; for example, by omitting the ancillary connections that accompany genuine Skype calls, or not responding properly to probes that originate from outside the system. The paper's central claim is that circumvention by imitation is fundamentally flawed: there are too many details, quirks, and error conditions to address them all, and any one left unaddressed is fatal. As an alternative to imitation, the authors suggest tunneling; that is, embedding circumvention traffic into an existing third-party implementation of the cover protocol. The paper features a fairly granular model of censorship. Attacks are categorized as passive, active, or proactive. ("Proactive" means the attack involves making new network connections, not just manipulating existing ones.) Censors are distinguished by how many of devices they manage, how much state they can maintain, and how much processing they can afford to do. The local adversary (LO) manages a small number of devices and few connections; the state-level oblivious adversary (OB) manages many devices and possibly many egress points, but can only do a small amount of processing per connection and only for short times; and the state-level omniscient adversary (OM) manages a network the size of OB's and can afford as much storage and computation as needed. The authors give a list of 12 requirements that they say every parrot circumvention protocol must satisfy if it is to resist blocking. Every attack is labeled with its attack category and the class of censors it is available to, as well as what failed requirements it takes advantage of. Thanks to Amir Houmansadr for reviewing a draft of this summary. |
The reading group for "The Parrot is Dead" will start 20 hours from now at Sunday, 2023-04-30 13:00. https://meet.jit.si/moderated/e4ebc46881e93ce1bf50c8937c184102c8b5ac3c02c95ea68356144e748c3665 I'll try to get the meeting started about 20 minute early, to give time to debug any connection issues. You can join with any pseudonym. |
Here is the video of the discussion. Links to references that came up during the discussion:
|
The third installment of our series of group discussions about significant past censorship research will be:
"The Parrot is Dead: Observing Unobservable Network Communications"
PDF
Sunday, 2023-04-30 13:00–14:00
This paper is a real classic and has been highly influential. If you want to participate in the discussion, just read the paper and show up to the online meeting when it happens. I'll post a video afterward as usual.
The text was updated successfully, but these errors were encountered: