Towards Illuminating a Censorship Monitor's Model to Facilitate Evasion

TitleTowards Illuminating a Censorship Monitor's Model to Facilitate Evasion
Publication TypeConference Paper
Year of Publication2013
AuthorsKhattak, S., Javed M., Anderson P. D., & Paxson V.
Other Numbers3721

Censorship systems that make dynamic blocking decisions must inspect network activity on-the-fly to identify content to filter. By inferring the analysis models of such monitors we can identify their vulnerabilities to different forms of evasions that we can then exploit for circumvention. We leverage the observation that censorship monitors essentially work on the same principles as Network Intrusion Detection Systems (NIDS) and therefore inherit the same evasion vulnerabilities already discussed in the NIDS context for years. Using this past work as a guide, we illustrate the power of illuminating a monitor’s analysis model by conducting extensive probing to test for vulnerabilities in the Great Firewall of China. We find exploitable flaws in its TCB creation and destruction, fragment and segment reassembly, packet validation, (in)completeness of HTTP analysis, and state management.


This work was partially supported by funding provided to ICSI through National Science Foundation grants CNS : 1223717 (“Censorship Counterstrike via Measurement, Filtering, Evasion, and Protocol Enhancement”) and CNS : 1237265 ("Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives"). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation.

Bibliographic Notes

Proceedings of the Third USENIX Workshop on Free and Open Communications on the Internet, Washington, D.C.

Abbreviated Authors

S. Khattak, M. Javed, P. D. Anderson, and V. Paxson

ICSI Publication Type

Article in conference proceedings