TY - GEN
T1 - Detecting intentional packet drops on the internet via TCP/IP side channels
AU - Ensafi, Roya
AU - Knockel, Jeffrey
AU - Alexander, Geoffrey
AU - Crandall, Jedidiah R.
PY - 2014
Y1 - 2014
N2 - We describe a method for remotely detecting intentional packet drops on the Internet via side channel inferences. That is, given two arbitrary IP addresses on the Internet that meet some simple requirements, our proposed technique can discover packet drops (e.g., due to censorship) between the two remote machines, as well as infer in which direction the packet drops are occurring. The only major requirements for our approach are a client with a global IP Identifier (IPID) and a target server with an open port. We require no special access to the client or server. Our method is robust to noise because we apply intervention analysis based on an autoregressive-moving-average (ARMA) model. In a measurement study using our method featuring clients from multiple continents, we observed that, of all measured client connections to Tor directory servers that were censored, 98% of those were from China, and only 0.63% of measured client connections from China to Tor directory servers were not censored. This is congruent with current understandings about global Internet censorship, leading us to conclude that our method is effective.
AB - We describe a method for remotely detecting intentional packet drops on the Internet via side channel inferences. That is, given two arbitrary IP addresses on the Internet that meet some simple requirements, our proposed technique can discover packet drops (e.g., due to censorship) between the two remote machines, as well as infer in which direction the packet drops are occurring. The only major requirements for our approach are a client with a global IP Identifier (IPID) and a target server with an open port. We require no special access to the client or server. Our method is robust to noise because we apply intervention analysis based on an autoregressive-moving-average (ARMA) model. In a measurement study using our method featuring clients from multiple continents, we observed that, of all measured client connections to Tor directory servers that were censored, 98% of those were from China, and only 0.63% of measured client connections from China to Tor directory servers were not censored. This is congruent with current understandings about global Internet censorship, leading us to conclude that our method is effective.
UR - http://www.scopus.com/inward/record.url?scp=84958539098&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84958539098&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-04918-2_11
DO - 10.1007/978-3-319-04918-2_11
M3 - Conference contribution
AN - SCOPUS:84958539098
SN - 9783319049175
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 109
EP - 118
BT - Passive and Active Measurement - 15th International Conference, PAM 2014, Proceedings
PB - Springer Verlag
T2 - 15th International Conference on Passive and Active Measurement, PAM 2014
Y2 - 10 March 2014 through 11 March 2014
ER -