DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier...
Transcript of DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier...
![Page 1: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/1.jpg)
DeltaShaperEnabling Unobservable Censorship-
resistant TCP Tunneling overVideoconferencing Streams
Diogo Barradas Nuno Santos Luís Rodrigues
INESC-ID, Instituto Superior Técnico, Universidade de Lisboa
![Page 2: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/2.jpg)
2/29
Censors monitor / control Internet access
Censored Region Uncensored Region
![Page 3: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/3.jpg)
3/29
Censors monitor / control Internet access
Censored Region Uncensored Region
![Page 4: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/4.jpg)
4/29
Censors attempt to block covert channels
Censored Region Uncensored Region
![Page 5: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/5.jpg)
DeltaShaper
5/29
Censored Region Uncensored Region
• Goals• Establish a covert TCP/IP channel
• Maintain unobservability
• Resist against network perturbations
![Page 6: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/6.jpg)
Multimedia protocol tunneling
6/30
System / Properties Active/Passive Attack Resistance
Arbitrary Data Transmission
InteractiveCommunication
FreeWave(Houmansadr et al.)
Audio Modulation
- ✔ ✔
Facet(Li et al.)
Video Embedding
✔ - -
CovertCast(McPherson et al.)
Video Modulation
✔ ✔ -
DeltaShaperVideo Modulation
✔ ✔ ✔
CoverageSecurity
![Page 7: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/7.jpg)
Threat model
• Assumptions:• Packets carrying multimedia data are encrypted
• Censor’s Capabilities:• Deep Packet Inspection
• Observe, store and analyze traffic flows
• Apply artificial constraints on the network
• Censor’s Limitations:• Unable to decipher the content of Skype packets
• Not in collusion with the video-conferencing provider
• Attempts to minimize collateral damage7/29
![Page 8: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/8.jpg)
A naïve approach at data modulation
8/29
640 px
480 px
• Replace chat video frames• Encode data in all available pixels
1px = 24bR = 8bG = 8bB = 8b
~922 kB / frame
![Page 9: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/9.jpg)
Drawbacks of naïve data modulation
9/29640 px
480 px
• Data loss• Lossy compression (downsampling + quantization)
• Abnormal traffic patterns• Poor compression (spatial & inter-frame redundancy)
1px = 24bR = 8bG = 8bB = 8b
~922 kB / frame
![Page 10: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/10.jpg)
C1: Can we distinguish regular from irregular Skype streams?
• Traffic signatures appear to be different• Packet lengths frequency distribution
10/29
Frames change extensively
Frames do not change
![Page 11: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/11.jpg)
C2: How much throughput can weachieve while preserving unobservability?
11/29
Censored Region Uncensored Region
Good UnobservabilityLow Throughput
Poor UnobservabilityHigh Throughput
![Page 12: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/12.jpg)
C3: How to maintain unobservability in adverse network conditions?
12/29
Censored Region Uncensored RegionCensored Region Uncensored Region
Ideal conditionsGood unobservability
Perturbed conditionsPoor unobservability
![Page 13: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/13.jpg)
Contributions
• DeltaShaper : A censorship-resistant system• Tunnel TCP/IP data over Skype videocalls
• Distinguish regular / irregular Skype call streams• Packet frequency distribution / EMD
• Maximize throughput and maintain unobservability• Explore the space encoding parameters
• Adaptation to network conditions• Dynamic calibration of encoding parameters
13/29
![Page 14: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/14.jpg)
How to characterize Skype streams?
• Characteristic Function - Create a stream signature• Frequency distribution of packet lengths
• Similarity Function - Quantify streams’ differences • Earth Mover’s Distance (EMD)
14/29
![Page 15: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/15.jpg)
Different videos generate distinct traffic
• Differences between signatures can be quantified
• Earth Movers’ Distance
15/29
EMD > 0.50
EMD > 0.50
EMD = 0.05
![Page 16: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/16.jpg)
Different videos generate distinct traffic
• Censors can identify streams with unusual traffic
16/29
EMD > Δ
EMD > Δ
EMD < Δ
Flagged
Flagged
Regular Call
Δ = 0.06
![Page 17: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/17.jpg)
Can we encode data and maintain unobservability?
• Strawman: Embed a small payload in each frame
• Generated traffic does not reflect this embedding
17/29
EMD < Δ
Regular Call
EMD < ΔRegular Call
EMD < Δ
Regular Call
![Page 18: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/18.jpg)
A better approach for data modulation
18/29
(b) Payload Frame(a) Carrier Frame
+
(c) Covert Frame
=
Parameter Description
ap payload frame area (pixel×pixel)
ac cell size (pixel×pixel)
bc color encoding (bits)
rp payload frame rate (frames/s)
• Strive for unobservability
• Accommodate for lossy compression
![Page 19: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/19.jpg)
Adapt to network conditions
• Calibrate encoding parameters• Maintain unobservability
• Modulate max. amount of data
19/29
![Page 20: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/20.jpg)
DeltaShaper adaptation mechanism
• Periodically:• Estimate network conditions from recorded baselines
• Select adequate parameters from pre-computed table
20/29
Which set is closest?
Cond.1 Cond. 2 Cond. n
…
Carrier signature
… … …
ap 1
ac 1
bc 1
rp 1
ap 2
ac 2
bc 2
rp 2
ap n
ac n
bc n
rp n
Encodingparameters
![Page 21: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/21.jpg)
Implementation challenges
21/29
• Network interaction• Allow transparent TCP/IP communication
• Video processing• Combine carrier / payload frames
• Video-conferencing software as a black-box• Send covert frames without modifying Skype
![Page 22: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/22.jpg)
DeltaShaper client module
22/29
VETH0
10.10.10.11
Client
Application
Linux Kernel
Kernel
Module
Payload
Encoder
IP Packet
Queue
Payload
Frame Queue
Payload
Streamer
Stream Blender
(Snowmix)
FFMPEG
Virtual Camera
/dev/video0
Carrier
Streamer
Carrier
Frame
Client Endpoint
Network
Namespace Encoder
AdapterCovert
Stream
VETH1
10.10.10.10
![Page 23: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/23.jpg)
DeltaShaper server module
23/29
Worker
ThreadWorker
ThreadDecoder
Thread
Linux Kernel
Display
FramebufferLocalhost
interface
Photo
Thread
XWD
Server
Application
Server Endpoint
Payload Fragment
Pool
Receiver
Process
Covert
Stream
![Page 24: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/24.jpg)
Evaluation Steps
1. Can we distinguish Skype streams?
2. Can we balance throughput and unobservability?
3. How well does DeltaShaper perform?
24/29
![Page 25: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/25.jpg)
Can we distinguish Skype streams?
• 83% accuracy in distinguishing Skype streams
• DeltaShaper streams must remain under ΔI
25/29
These streams seemto be strange...I’ll block them.
![Page 26: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/26.jpg)
Can we balance throughput and unobservability?
26/29
Parameter Description Configuration
ap payload frame area (pixel×pixel) 320 x 240
ac cell size (pixel×pixel) 8 x 8
bc color encoding (bits) 6
rp payload frame rate (frames/s) 1
![Page 27: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/27.jpg)
How well does DeltaShaper perform?
• Achieved configuration:
• Performance• Raw throughput: 7.2 Kbps
• Round-Trip-Time: 2s 973ms
27/29
Parameter Description Configuration
ap payload frame area (pixel×pixel) 320 x 240
ac cell size (pixel×pixel) 8 x 8
bc color encoding (bits) 6
rp payload frame rate (frames/s) 1
![Page 28: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/28.jpg)
How well does DeltaShaper perform?
Use Case Protocol Session W/ DS (mm:ss)
Protocol Session W/o DS (mm:ss)
Overhead
Wget (4kB file) 0:22 < 0:01 3,142.9 x
FTP (4kB file) 1:43 0:09 11.4 x
SSH + SMTP 2:41 0:38 4.2 x
SSH 1:29 0:06 14.8 x
Telnet 1:13 0:06 12.2 x
Netcat chat 0:01 < 0:01 166.7 x
SSH Tunnel 2:19 0:22 6.3 x
28/29
• DeltaShaper allows for the execution of traditional TCP/IP applications which cover different users’ needs
Non-interactive session
Interactive session
![Page 29: DeltaShaper: Enabling Unobservable Censorship-resistant ... · /dev/video0 Carrier Streamer Carrier Frame Client Endpoint Network Namespace Encoder Adapter Covert Stream VETH1 10.10.10.10.](https://reader035.fdocuments.in/reader035/viewer/2022070920/5fb9235fabfcf03c3666a658/html5/thumbnails/29.jpg)
Conclusions
• DeltaShaper: A censorship-resistant system• Supports high-latency / low-throughput TCP applications
• Maximize throughput and preserve unobservability• Greedy exploration of encoding configurations
• Adaptation in multimedia protocol tunneling• Provides improved unobservability
• Could also enhance similar systems
29/29http://web.ist.utl.pt/diogo.barradas