Various countries employ Internet censorship to restrict the network access of their residents. A common tactic for filtering web traffic is to block access to specific websites based on their domain names. For example, the Great Firewall of China (GFW), arguably the most sophisticated censor, filters widely used websites like wikipedia.org and specific websites like freetibet.org. Censoring websites can be applied in various ways and across different protocols, even if the website is delivered encrypted over Transport Layer Security (TLS). Blocking TLS is possible because the very first TLS protocol message, ClientHello, provides unencrypted information about the requested domain name. Censorship restricts residents from accessing a free and open internet, effectively violating fundamental human rights. This prompted researchers to develop various circumvention techniques. A common goal of many of these techniques is to prevent censors from identifying blocked domain names. For example, for TLS, circumvention techniques exist that split the ClientHello message into multiple packets, making it difficult for censors to detect the domain name. Despite extensive research on circumvention techniques, two significant cryptographic protocols - QUIC and Datagram Transport Layer Security (DTLS) - remain largely unanalyzed. QUIC is a new cryptographic protocol designed to speed up connections and ease deployment. It is already in an advanced deployment state, which is mainly driven by large providers. According to the Cloudflare statistics website, more than 25% of connections in China are served using QUIC. The importance of QUIC is also confirmed by the censors in Russia, which have already started blocking QUIC traffic. As the name suggests, DTLS is based on the TLS protocol. Unlike TLS, it runs on top of UDP. It is typically used in the Internet of Things (IoT) and media streaming. From the perspective of censorship (circumvention) techniques, the most important usage of DTLS is in Snowflake. Snowflake is a censorship circumvention protocol that uses DTLS to deliver unrestricted internet access to users in censoring countries. Given the importance of Snowflake, the protocol became a censorship target in Russia. The main objective of this project is to close the research gap in the area of censorship circumvention and perform in-depth analyses of circumvention techniques for QUIC and DTLS. We aim to fill this gap with our TLS-Attacker suite and our know-how from the large-scale analyses of cryptographic protocols. Our censorship circumvention analyses will specifically target QUIC and DTLS: their protocol flows, message formats, and cryptographic properties. We will analyze the success of our circumvention techniques by performing large-scale scans. Finally, we will contribute to developing censorship circumvention tools to support users accessing the free internet.

DFG Programme Research Grants