Diogo Miguel Barrinha Barradas

Co-advisor: N. Santos

Unobservable Multimedia-based Covert Channels for Internet Censorship Circumvention

Tese submetida para provas de doutoramento em Engenharia Informática e de Computadores Instituto Superior Técnico, Universidade de Lisboa.


Totalitarian states are known to deploy large-scale surveillance and censorship mechanisms in order to deter citizens from accessing or publishing information on the Internet. Still, even the most oppressive regimes cannot afford to always block all channels with the outside world, and usually allow the operation of widely used services such as video-conferencing applications. This has given rise to the development of censorship-resistant communication tools that rely on the establishment of covert channels in the Internet by encoding covert data within popular multimedia protocols that use encrypted communication, e.g., Skype.

A recent approach for the design of such tools, named multimedia protocol tunneling, mod- ulates covert data into the audio and/or video feeds provided to multimedia applications. How- ever, depending on the techniques used to embed covert data, and on the amount of information to embed, multimedia protocol tunneling tools may generate network flows that differ subtly from legitimate flows that do not carry covert channels. Notably, such differences can be uncov- ered using strictly passive methods (e.g., by observing the length or inter-arrival time of network packets). Incidentally, one of the major challenges faced by the above tools is that of achieving a proper balance between traffic analysis resistance and performance (e.g., achieve sufficient throughput for enabling web browsing activities).

This thesis focuses on the study of the efficacy of multimedia protocol tunneling tools to evade the censorship apparatus deployed by network adversaries, while providing sufficient per- formance for enabling common Internet activities (e.g., web browsing). First, we show that the covert channels generated by existing tools are prone to detection. Specifically, we developed a new machine learning (ML)-based traffic analysis framework which has broken the security assumptions of recent multimedia protocol tunneling tools. Second, we show that network adver- saries currently possess the means to perform sophisticated ML-based network flow classification tasks at line-speed. To this end, we worked towards the efficient deployment of multiple ML- based traffic analysis frameworks (including our own) in programmable switches. Third, we devised a new technique for creating traffic analysis resistant covert channels over multimedia streams. Our approach, based on the careful modification of the video encoding pipeline of the WebRTC framework, allows for the creation of high-speed covert channels over multimedia flows whose traffic patterns closely resemble those of legitimate flows.

Selected Publications

Unobservable Multimedia-based Covert Channels for Internet Censorship Circumvention
Diogo Miguel Barrinha Barradas
PhD Thesis. Instituto Superior Técnico, Universidade de Lisboa.
March, 2021.
Available BibTeX and PhD Thesis
Effective Detection of Multimedia Protocol Tunneling using Machine Learning
D. Barradas, N. Santos, L. Rodrigues.
In Proceedings of the 27th USENIX Security Symposium (USENIX Security '18), Baltimore (MD), USA, August 2018.
Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC.
D. Barradas, N. Santos, L. Rodrigues, V. Nunes.
Proceedings of the 2020 ACM Conference on Computer and Communications Security (CCS), Online, November 2020.
Presentation video
FlowLens: Enabling Efficient Flow Classification for ML-based Network Security xApplications.
D. Barradas, N. Santos, L. Rodrigues, S. Signorello, F. Ramos, A. Madeira.
Proceedings of the 2021 Usenix Network and Distributed System Security Symposium (NDSS), Online, February, 2021.
The Nuts and Bolts of Building FlowLens.
D. Barradas, N. Santos, L. Rodrigues, S. Signorello, F. Ramos, and A. Madeira
Proceedings of The Learning from Authoritative Security Experiment Results workshop (LASER), Online, Feb. 2021

Luís Rodrigues