Scalable Remote Measurement of Application-Layer Disruption
Quack uses echo servers to detect DPI blocking of traffic based on request headers. The advantage of using echo servers is that identifying responses that have been interfered with is trivial and arbitrary TCP based protocols (in addition to HTTP) can be tested. By making use of echo's sibling discard protocol, we are able to determine the directionality of interference.
Hyperquack is a powerful extension to Quack that measures keyword blocking at the application layer using infrastructural web servers as vantage points. Hyperquack detects DPI interference with HTTP and HTTPS traffic by making use of publicly accessible web-servers with consistent behavior. We send requests with the HTTP "Host" header or TLS SNI extension set to a domain we are interested in. If there is a DPI blocking the domain on the path between our measurement machine and the public web-server, we will receive a TCP reset or block page that does not match the web-server's typically response. By making retries and control measurements, we are able to distinguish between mismatches caused by normal network/server flakiness versus DPI interference.
To ensure the safety of our technique, we limit ourselves to ~30,000 infrastructural web-servers. These servers are owned by ISPs or governments rather than an individuals. Even with stringent standards for web-server selection, we still maintain broad coverage with ~103 countries having ≥15 vantage points.
All the data collected from the Observatory is publicly available, including metadata.
Quack was presented at the 2018 USENIX Security Symposium.
August 2018 USENIX Security Symposium
@inproceedings{Ben2018Quack:,
title={Quack: Scalable Remote Measurement of Application-Layer Censorship},
author={Ben VanderSloot and Allison McDonald and Will Scott and J. Alex Halderman and Roya Ensafi},
booktitle={USENIX Security Symposium},
year={2018}
}
Hyperquack was presented at NDSS 2020.
February 2020 Network and Distributed System Security Symposium (NDSS)
@inproceedings{sundararaman2020measuring,
title={Measuring the Deployment of Network Censorship Filters at Global Scale},
author={Sundara Raman, Ram and Stoll, Adrian and Dalek, Jakub and Ramesh, Reethika and Scott, Will and Ensafi, Roya},
booktitle={Proceedings of the Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA},
year={2020}
}
Quack for Censored Planet is developed and maintained by Ram Sundara Raman and Roya Ensafi.