Breaking the Internet for Fun and Censorship Resistance
Nikita Borisov
University of Illinois, USA
CISPA Distinguished Lecture Series
Nikita Borisov is an associate professor at the University of Illinois at Urbana-Champaign. His research interests are security and privacy in networked systems. He is the co-designer of the Off-the-Record (OTR) instant messaging protocol and was responsible for the first public analysis of 802.11 security. He received the National Science Foundation CAREER award in 2010. Prof. Borisov received his Ph.D. from the University of California, Berkeley in 2005 and a B.Math from the University of Waterloo in 1998.
Censorship of the Internet is widespread, and there is a continuous cat and mouse game between censors and those who want to get around censorship: whenever a circumvention technology becomes popular, the censors' systems are updated to block it. I will discuss two circumvention systems that exploit security holes in the Internet protocol in order to make themselves very difficult to block.
The first system, Cirripede, can be deployed by ISPs to surreptitiously hijack TLS-encrypted web sessions and redirect them to a covert destination. We show that a small number of strategically placed Cirripede systems can provide service to a large fraction of all Internet users, while blocking Cirripede would making significant parts of the Internet unreachable. Our second system, CensorSpoofer, can be deployed at the edge of the network; it uses spoofed IP source addresses to create a unidirectional high-bandwidth channel to a user that masquerades as an encrypted VoIP call. Together with a low-bandwidth covert uplink channel, CensorSpoofer can be used to support typical web browsing activities.