Diogo Miguel Barrinha Barradas
Unobservable Multimedia-based Covert Channels for Internet Censorship Circumvention
Tese submetida para provas de doutoramento em Engenharia Informática e de Computadores
Instituto Superior Técnico, Universidade de Lisboa.
Abstract
Totalitarian states are known to deploy large-scale surveillance and
censorship mechanisms in order to deter citizens from accessing or
publishing information on the Internet. Still, even the most
oppressive regimes cannot afford to always block all channels with the
outside world, and usually allow the operation of widely used services
such as video-conferencing applications. This has given rise to the
development of censorship-resistant communication tools that rely on
the establishment of covert channels in the Internet by encoding
covert data within popular multimedia protocols that use encrypted
communication, e.g., Skype.
A recent approach for the design of such tools, named multimedia
protocol tunneling, mod- ulates covert data into the audio and/or
video feeds provided to multimedia applications. How- ever, depending
on the techniques used to embed covert data, and on the amount of
information to embed, multimedia protocol tunneling tools may generate
network flows that differ subtly from legitimate flows that do not
carry covert channels. Notably, such differences can be uncov- ered
using strictly passive methods (e.g., by observing the length or
inter-arrival time of network packets). Incidentally, one of the major
challenges faced by the above tools is that of achieving a proper
balance between traffic analysis resistance and performance (e.g.,
achieve sufficient throughput for enabling web browsing activities).
This thesis focuses on the study of the efficacy of multimedia
protocol tunneling tools to evade the censorship apparatus deployed by
network adversaries, while providing sufficient per- formance for
enabling common Internet activities (e.g., web browsing). First, we
show that the covert channels generated by existing tools are prone to
detection. Specifically, we developed a new machine learning
(ML)-based traffic analysis framework which has broken the security
assumptions of recent multimedia protocol tunneling tools. Second, we
show that network adver- saries currently possess the means to perform
sophisticated ML-based network flow classification tasks at
line-speed. To this end, we worked towards the efficient deployment of
multiple ML- based traffic analysis frameworks (including our own) in
programmable switches. Third, we devised a new technique for creating
traffic analysis resistant covert channels over multimedia
streams. Our approach, based on the careful modification of the video
encoding pipeline of the WebRTC framework, allows for the creation of
high-speed covert channels over multimedia flows whose traffic
patterns closely resemble those of legitimate flows.
Selected Publications
- Unobservable Multimedia-based Covert Channels for Internet Censorship Circumvention
- Diogo Miguel Barrinha Barradas
- PhD Thesis. Instituto Superior Técnico,
Universidade de Lisboa.
- March, 2021.
- Available BibTeX and PhD Thesis
- Effective Detection of Multimedia Protocol Tunneling
using Machine Learning
- D. Barradas, N. Santos,
L. Rodrigues.
- In Proceedings of the 27th USENIX Security
Symposium (USENIX Security '18), Baltimore (MD), USA, August
2018.
- Poking a Hole in the Wall: Efficient
Censorship-Resistant Internet Communications by Parasitizing on
WebRTC.
- D. Barradas, N. Santos, L. Rodrigues,
V. Nunes.
- Proceedings of the 2020 ACM Conference on Computer and
Communications Security (CCS), Online, November 2020.
-
Presentation
video
- FlowLens: Enabling Efficient Flow Classification for
ML-based Network Security xApplications.
-
D. Barradas, N. Santos, L. Rodrigues, S. Signorello, F. Ramos,
A. Madeira.
- Proceedings of the 2021 Usenix Network and
Distributed System Security Symposium (NDSS), Online, February,
2021.
-
- The Nuts and Bolts of Building
FlowLens.
- D. Barradas, N. Santos, L. Rodrigues,
S. Signorello, F. Ramos, and A. Madeira
- Proceedings of The
Learning from Authoritative Security Experiment Results workshop
(LASER), Online, Feb. 2021
Luís Rodrigues