Diogo Miguel Barrinha Barradas

Co-advisor: N. Santos

Unobservable Multimedia-based Covert Channels for Internet Censorship Circumvention

Abstract

A recent approach for the design of such tools, named multimedia protocol tunneling, mod- ulates covert data into the audio and/or video feeds provided to multimedia applications. How- ever, depending on the techniques used to embed covert data, and on the amount of information to embed, multimedia protocol tunneling tools may generate network flows that differ subtly from legitimate flows that do not carry covert channels. Notably, such differences can be uncov- ered using strictly passive methods (e.g., by observing the length or inter-arrival time of network packets). Incidentally, one of the major challenges faced by the above tools is that of achieving a proper balance between traffic analysis resistance and performance (e.g., achieve sufficient throughput for enabling web browsing activities).

This thesis focuses on the study of the efficacy of multimedia protocol tunneling tools to evade the censorship apparatus deployed by network adversaries, while providing sufficient per- formance for enabling common Internet activities (e.g., web browsing). First, we show that the covert channels generated by existing tools are prone to detection. Specifically, we developed a new machine learning (ML)-based traffic analysis framework which has broken the security assumptions of recent multimedia protocol tunneling tools. Second, we show that network adver- saries currently possess the means to perform sophisticated ML-based network flow classification tasks at line-speed. To this end, we worked towards the efficient deployment of multiple ML- based traffic analysis frameworks (including our own) in programmable switches. Third, we devised a new technique for creating traffic analysis resistant covert channels over multimedia streams. Our approach, based on the careful modification of the video encoding pipeline of the WebRTC framework, allows for the creation of high-speed covert channels over multimedia flows whose traffic patterns closely resemble those of legitimate flows.

Selected Publications

Unobservable Multimedia-based Covert Channels for Internet Censorship Circumvention

Diogo Miguel Barrinha Barradas

PhD Thesis. Instituto Superior Técnico, Universidade de Lisboa.

March, 2021.

Available BibTeX and PhD Thesis

Effective Detection of Multimedia Protocol Tunneling using Machine Learning

D. Barradas, N. Santos, L. Rodrigues.

In Proceedings of the 27th USENIX Security Symposium (USENIX Security '18), Baltimore (MD), USA, August 2018.

Poking a Hole in the Wall: Efficient Censorship-Resistant Internet Communications by Parasitizing on WebRTC.

D. Barradas, N. Santos, L. Rodrigues, V. Nunes.

Proceedings of the 2020 ACM Conference on Computer and Communications Security (CCS), Online, November 2020.

Presentation video

FlowLens: Enabling Efficient Flow Classification for ML-based Network Security xApplications.

D. Barradas, N. Santos, L. Rodrigues, S. Signorello, F. Ramos, A. Madeira.

Proceedings of the 2021 Usenix Network and Distributed System Security Symposium (NDSS), Online, February, 2021.

The Nuts and Bolts of Building FlowLens.

D. Barradas, N. Santos, L. Rodrigues, S. Signorello, F. Ramos, and A. Madeira

Proceedings of The Learning from Authoritative Security Experiment Results workshop (LASER), Online, Feb. 2021