In this course, we will discuss and read papers on a wide range of censorship and circumvention techniques, systems, and measurements, including: anonymity, web filtering, censorship across the world (including the "Great Firewall of China"), circumvention proxies, online privacy, private communication, and more.
|Time:||Mon/Wed/Fri 10:00 AM - 10:50 AM|
|Professor:||Eric Wustrow <firstname.lastname@example.org> ECOT 352|
|Office Hours:||Wed 1-2pm or by appointment|
This course will include reading 3-4 papers per week, with written reviews and in-class discussion on the topics. Each student must complete an open-ended final project related to Internet censorship, with the goal of submitting it to a computer security conference or workshop.
- 50% - Final project
- 25% - In-class topic presentation
- 20% - Paper reviews
- 5% - Participation
For each paper we read, please submit a short (~150-300 word) summary that describes the paper, and some of your comments about the paper; for example, insights, questions, future directions, or what lessons are learned, etc. Please send these to email@example.com with the subject "5003 reading", and include your review as inline text in the email. It's ok to include multiple reviews in the same email, just make the separation clear.
Working with a partner, pick a topic (or propose a new one!) and present it to the class. Presentations should be 10 minutes, and we will have a short Q&A session. Send an email to me (firstname.lastname@example.org) with your top 2 choices and who your partner will be by class on Friday, September 8th.
- Tor Demonstrate the details of Tor, including hidden services, guard relays, and bridge nodes. Build a classifier that tells if a particular user is connected to Tor by observing their packets. Bonus: extend the classifier to detect bridge nodes.
- Censorship probing Send network probes to a deployed Internet censor (e.g. China or Iran are good candidates). Find at least 2 seperate network locations, and describe the behavior of these boxes. Do they poison DNS, block certain TCP/IP hosts, send TCP RSTs? We'll read papers that answer these questions, but in this presetation, do these probes yourself and verify! Measure where these firewalls exist in the network (i.e. TTL hop). Bonus: provide an entire map of where firewalls for an entire country exist.
- Website Fingerprinting Build a classifier that takes a packet capture from a user browsing websites over HTTPS, and outputs the exact pages that the user visited. You are allowed to limit this to a "closed world" model of at least 50 web pages. Bonus: extend this to observing what website a Tor user is browsing.
- Dining Cryptographers network Develop an anonymous messaging program for n>2 users using a dining cryptographers network. Demonstrate how keys are established, messages are sent, and show why this is anonymous.
- Takedown notices Collect content takedown notice reports from a large content provider, such as Google, Facebook, or Twitter. Describe trends of countries/regions, trends over time, or over different services. How often are these requests complied with? What are the types of requests not complied with? Contrast this to copyright takedowns in specific countries.
- Freenet Demonstrate the details of Freenet, including location swapping, and "darknet" mode. Describe how Freenet is both anonymous and censorship resistant. Discuss attacks on each of these. Can a censor tell if users are connected to one another using Freenet? Bonus: implement one of these attacks and demonstrate it.
- Signal Describe in detail the Signal protocol that implements OTR. Include the Axolotol/Double Ratchet algorithm, the X3DH protocol, how Signal desktop trades key information with the phone to allow additional devices to read Signal messages, and how Signal's anticensorship feature works. Note: This is going to involve reading code! Some of this detail does not exist anywhere else, but you can start here. Bonus: implement a way to block Signal's anticensorship method.
- Obfuscation attacks Implement an attack on an obfuscation protocol we talk about in class (e.g. Skypemorph, Stegotorus, Scramblesuit, FTE). Describe how to defend against it.
Each group will give a 10-15 minute presentation in class (TBD), describing what problem they are solving, how they solved it, and anything they plan to do by the due date of the final project. There will be a couple minutes for Q&A for each group. Final papers will be due TBD 11:59PM MDT. Please submit papers in USENIX format as a single PDF, 5-8 pages in length, including references.
Final Project written proposals
Each group will send an email containing the name(s) of the group members, the title of a proposed topic final project, and a ~300 word abstract describing the problem and solution of the proposed research. Be sure to describe why the problem is important, and what you specifically plan to do. For example, what tool will you build, and how does it help? How will it work? What data will you collect, and how will you collect it?
Final Project in-class proposal
Each group will present a short overview (~5 minutes) of their proposed project. This should include what you described in the written abstract, in some more detail, and also touch on related work (keep in mind this may include papers we don't read in class).
Final project written checkpoint
About 6 weeks in, each group will send a brief email update on the progress of their project. Of the proposed work, what has been done so far, and what remains to be done? Have you run into any snags or problems, or had to change direction? It's ok to realize an initial approach isn't going to work (this is research!), but have a plan or effort toward what you will do to change directions or fix the problem.
Final project presentations
In the last week of class, each group will be given 10 minutes to present the results of their final project. This should include the motivation (what they problem is, why it's important), previous related work (and why it was insufficient), your solution, and results. We'll have 2-3 minutes for Q & A from the class for each group.
Final project papers
Each group will submit a 5-8 page paper (in USENIX format), due Sat, Dec 16, 11:59pm This should look similar to some of the papers we read: in the Introdction, set up the problem and briefly describe your solution. Describe your system or study, and evaluate it or the results in depth. Describe related work, and also potential future work that might build off your work.