Attacks on Telex Internet anticensorship system
As a typical router-redirecting based anticensorship system,Telex poses new challenges for Internet censors.To help common users evade Internet censorship,Telex employs network routers,rather than end-hosts,to relay network traffics to blocked destinations.The security of Telex from the censors'...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2014-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.09.005/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | As a typical router-redirecting based anticensorship system,Telex poses new challenges for Internet censors.To help common users evade Internet censorship,Telex employs network routers,rather than end-hosts,to relay network traffics to blocked destinations.The security of Telex from the censors' perspective is analyzed,and two kinds of active attacks aiming to break users' privacy are presented.The first is a kind of DoS attack,which exploits a security flaw of Telex handshake protocol.It can probabilistically identify the users who are using Telex,as well as break the availability of Telex.An improved handshake protocol to remedy the flaw is also proposed.The second is called TCP packets by-passing attack.Under that attacking scenario,censors make a small fraction of TCP packets from clients bypass the router and reach the cover site directly through asymmetric routing paths or IP tunnels,then determine whether a user is utiliz-ing Telex by observing the reaction of upstream traffic.The feasibility of bypassing attack has been testified by a series of experiments in a prototype environment.The bypassing attack is also applicable to other router-redirecting based anti-censorship systems. |
|---|---|
| ISSN: | 1000-436X |