ECEN 5003/CSCI 7000 Censorship Circumvention

Fall 2017

Course info

In this course, we will discuss and read papers on a wide range of censorship and circumvention techniques, systems, and measurements, including: anonymity, web filtering, censorship across the world (including the "Great Firewall of China"), circumvention proxies, online privacy, private communication, and more.

Location: HLMS 211
Time: Mon/Wed/Fri 10:00 AM - 10:50 AM
Professor: Eric Wustrow <ewust@colorado.edu> ECOT 352
Office Hours: Wed 1-2pm or by appointment

Grading

This course will include reading 3-4 papers per week, with written reviews and in-class discussion on the topics. Each student must complete an open-ended final project related to Internet censorship, with the goal of submitting it to a computer security conference or workshop.

Paper reviews

For each paper we read, please submit a short (~150-300 word) summary that describes the paper, and some of your comments about the paper; for example, insights, questions, future directions, or what lessons are learned, etc. Please send these to ewust@colorado.edu with the subject "5003 reading", and include your review as inline text in the email. It's ok to include multiple reviews in the same email, just make the separation clear.

In-class presentations

Working with a partner, pick a topic (or propose a new one!) and present it to the class. Presentations should be 10 minutes, and we will have a short Q&A session. Send an email to me (ewust@colorado.edu) with your top 2 choices and who your partner will be by class on Friday, September 8th.

Final Project

Each group will give a 10-15 minute presentation in class (TBD), describing what problem they are solving, how they solved it, and anything they plan to do by the due date of the final project. There will be a couple minutes for Q&A for each group. Final papers will be due TBD 11:59PM MDT. Please submit papers in USENIX format as a single PDF, 5-8 pages in length, including references.

Readings

Date Topic Readings
Week 1
Mon, Aug 28 Introduction No reading

Introduction to Internet Censorship
Wed, Aug 30 Censorship overview Inferring Mechanics of Web Censorship Around the World
Fri, Sep 1 Circumvention overview SoK: Making Sense of Censorship Resistance Systems

Optional:
Slipping Past the Cordon: A Systematization of Internet Censorship Resistance
Week 2
Mon, Sep 4 Labor Day No class / No reading
Wed, Sep 6 China Internet Censorship in China: Where Does the Filtering Occur?

Optional
Measuring Decentralization of Chinese Keyword Censorship via Mobile Games
China's Internet: Topology mapping and geolocating
Fri, Sep 8 Syria Censorship in the Wild: Analyzing Internet Filtering in Syria
Week 3
Mon, Sep 11 Iran Internet Censorship in Iran: A First Look

Optional
Understanding Internet Censorship Policy: The Case of Greece
Wed, Sep 13 Pakistan The Anatomy of Web Censorship in Pakistan

Optional
Censorship and Co-option of the Internet Infrastructure (Egypt)
In and Out of Cuba
Fri, Sep 15 Anonymity Tor: The Second-Generation Onion Router Dingledine, Mathewson, and Syverson
Week 4
Mon, Sep 18 Anonymity Attacks Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries Johnson, Wacek, Jansen, Sherr, and Syverson
Wed, Sep 20 Distributed Anonymity Freenet: A Distributed Anonymous Information Storage and Retrieval System
Fri, Sep 22 Private communication Off-the-Record Communication, or, Why Not To Use PGP

Optional
SoK: Secure Messaging
Week 5
Mon, Sep 25 Metadata DP5: A Private Presence Service

Optional
Pond
Wed, Sep 27 DC nets DC Net topic presentation

Dissent in Numbers: Making Strong Anonymity Scale

Optional
Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis
Fri, Sep 29 Obfuscation Obfsproxy
obfs3 spec
Week 6
Mon, Oct 2 Obfuscation Tor topic presentation

SkypeMorph: Protocol Obfuscation for Tor Bridges
Wed, Oct 4 Obfuscation StegoTorus: A Camouflage Proxy for the Tor Anonymity System
Fri, Oct 6 Obfuscation Final project topic proposals due via email

Scramblesuit: A Polymorphic Network Protocol to Circumvent Censorship
Week 7
Mon, Oct 9 Attacking obfuscation Signal topic presentation

The Parrot is Dead: Observing Unobservable Network Communications
Wed, Oct 11 Attacking obfuscation Seeing through Network-Protocol Obfuscation
Fri, Oct 13 Arms race Censors' Delay in Blocking Circumvention Proxies
Week 8
Mon, Oct 16 Project proposals No reading

Groups present proposals, 4-5 minutes per project
Wed, Oct 18 Content censorship Chipping Away at Censorship Firewalls with User-Generated Content
Fri, Oct 20 No class
Week 9
Mon, Oct 23 Censorship-resistant storage Takedown notices topic presentation

Tangler: A Censorship-Resistant Publishing System Based On Document Entanglements
Wed, Oct 25 Clever protocols Blocking-resistant communication through domain fronting

Optional
Facade: High-Throughput, Deniable Censorship Circumvention Using Web Search
Fri, Oct 27 Clever protocols website fingerprinting topic presentation

Evading Censorship with Browser-Based Proxies

Optional
DNS-sly: Avoiding Censorship through Network Complexity
Week 10
Mon, Oct 30 Clever protocols Protocol Misidentification Made Easy with Format-Transforming Encryption
Wed, Nov 1 Clever protocols CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content
Fri, Nov 3 Measurement Global Measurement of DNS Manipulation
Week 11
Mon, Nov 6 Measurement Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels

Optional Global Network Interference Detection over the RIPE Atlas Network
Wed, Nov 8 Measurement Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests
Fri, Nov 10 Measurement Satellite: Joint Analysis of CDNs and Network-Level Interference
Week 12
Mon, Nov 13 Advancing censors An Analysis of China’s "Great Cannon"
Wed, Nov 15 Advancing censors Examining How the Great Firewall Discovers Hidden Circumvention Servers
Fri, Nov 17 Refraction Project checkpoint due via email

Telex: Anticensorship in the Network Infrastructure

Optional
Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability
Decoy Routing: Toward Unblockable Internet Communication
Week 13
Mon, Nov 20 Fall break No class
Wed, Nov 22 Fall break No class
Fri, Nov 24 Fall break No class
Week 14
Mon, Nov 27 Refraction TapDance: End-to-Middle Anticensorship without Flow Blocking

Optional
An ISP-Scale Deployment of TapDance
Wed, Nov 29 Refraction Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement
Fri, Dec 1 Refraction attacks Routing Around Decoys

Optional
No Direction Home: The True Cost of Routing Around Decoys
Week 15
Mon, Dec 4 Web fingerprinting Effective Attacks and Provable Defenses for Website Fingerprinting
Wed, Dec 6 Web fingerprinting Touching from a Distance: Website Fingerprinting Attacks and Defenses
Fri, Dec 8 Fingerprinting defenses Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail

Optional
S-BuFLO: A Congestion Sensitive Website Fingerprinting Defense
Final week
Mon, Dec 11 Final presentations Each group ~10 minutes
Wed, Dec 13 Final presentations Each group ~10 minutes

Final Project written proposals

Each group will send an email containing the name(s) of the group members, the title of a proposed topic final project, and a ~300 word abstract describing the problem and solution of the proposed research. Be sure to describe why the problem is important, and what you specifically plan to do. For example, what tool will you build, and how does it help? How will it work? What data will you collect, and how will you collect it?

Final Project in-class proposal

Each group will present a short overview (~5 minutes) of their proposed project. This should include what you described in the written abstract, in some more detail, and also touch on related work (keep in mind this may include papers we don't read in class).

Final project written checkpoint

About 6 weeks in, each group will send a brief email update on the progress of their project. Of the proposed work, what has been done so far, and what remains to be done? Have you run into any snags or problems, or had to change direction? It's ok to realize an initial approach isn't going to work (this is research!), but have a plan or effort toward what you will do to change directions or fix the problem.

Final project presentations

In the last week of class, each group will be given 10 minutes to present the results of their final project. This should include the motivation (what they problem is, why it's important), previous related work (and why it was insufficient), your solution, and results. We'll have 2-3 minutes for Q & A from the class for each group.

Final project papers

Each group will submit a 5-8 page paper (in USENIX format), due Sat, Dec 16, 11:59pm This should look similar to some of the papers we read: in the Introdction, set up the problem and briefly describe your solution. Describe your system or study, and evaluate it or the results in depth. Describe related work, and also potential future work that might build off your work.