Various state actors around the world deploy some degree of censorship. To prevent users from accessing specific websites, they alter, drop, and redirect connection attempts to websites and services they deem malicious. Countries facilitate censorship by inspecting protocols like IP, TPC, HTTP, DNS, TLS, and VPNs. The sophistication of censors varies as much as the techniques they use. Overall, this leads to a diverse landscape of censorship around the world. In recent years, the analysis of censorship has increased greatly. Automated tools for global censorship analysis and circumvention have been introduced together with country-specific in-depth analyses.
To aid in this acquisition of knowledge, we want to ascertain censorship techniques and the circumventability of censorship around the globe. This includes both country-specific analyses and new circumvention or analysis techniques. Below, we gather potential thesis topics:
Thorough Censorship Analysis in Iran [BA/MA]. Two students wrote excellent Master's theses about HTTP and DNS censorship. Both had inconsistent / weird findings in Iran-one of the countries they analyzed. For example, on DNS level they inject two different block page IPs, or use different HTTP censorship methods (null-routing, TCP RSTs, block page) depending on the given hostname. If a block page is delivered, it contains one of the IPs also used for DNS censorship. Additionally, some domains are resolved correctly to a fixed IP that also belongs to the same company, including websites of secret services like the MI5. Overall, we still have a lot of questions of what actually happens there. As the HTTP and DNS analyses were conducted independently, it makes it hard to compare and align the results correctly. Your goal in this thesis is to analyze the censorship in Iran from a VPS that we own while taking a look at HTTP, DNS, and TLS at the same time - you do not have to implement from scratch as we have preliminary work existing for all. With this, we hope to find some more explanation of what happens there. Is there a correlation between censorship of the three protocols? Can you gather a more extensive list of weird resolving to fixed IPs for other secret services? The exact scope depends on whether you want to work on this as a Bachelor's or Master's thesis.
DTLS Censorship [BA]. One protocol we have not extensively analyzed so far is DTLS. DTLS is so far mainly known to be censored based on fingerprinting. One well-known case was Snowflake, where a DTLS fingerprint was used to block connections. Your goal in this thesis is to integrate DTLS into our Censor Scanner. Then, you should implement some probes that check for known DTLS censorship (fingerprints). You should also research and see if you find any other evidence of DTLS censorship (and implement probes accordingly). These probes can then be tested on VPSes that we own in different countries like China, Russia, and Iran. Depending on the results, you could either run a full-fledged evaluation in different countries or implement a small mock censor yourself to if fingerprinting efforts are detectable with your probes. The exact scope can be further discussed within a meeting.
Censorship in Marginally Analyzed Countries [BA]. In recent years, some countries have been analyzed more thoroughly than others. Prime examples are the censors of Russia, China, and India. However, censorship occurs in many countries around the globe. In this thesis, you will focus censorship analysis on one or a few countries that have not been analyzed thoroughly up until now. You will also compare the censorship techniques you encounter with those of more thoroughly analyzed censors.
SMTP Censorship in China [BA]. The Simple Mail Transfer Protocol (SMTP) has been censored in the past by the censorship infrastructure in China. The censor in China analyzed SMTP messages on port 25, after a successful TCP handshake, and performs TCP RST packet injections when observing a mail address that should be censored. Our group has thus far not looked at SMTP censorship, and your task is to perform a first analysis of it. You should present the current state of research about SMTP censorship and how it is being used by censors. Your task is it then to write SMTP probes with our Censor Scanner framework that allows detecting SMTP censorship in China. We will provide you with a server there. Your goals could involve: Identify a list of mails that is being censored? Can you identify blocking patterns that the censor uses? What is the exact triggering condition? Can you find censorship circumventions through for example TCP fragmentation? We can discuss the details in a meeting.
QUIC Client Censorship Robustness [BA/MA]. Many censors perform censorship by injecting additional packets (like TCP Reset packets), rather than dropping packets. Because TCP Reset packets are not authenticated, censors can forge them and tear down connections. For QUIC, this method is not applicable: Instead of using TCP, QUIC uses UDP, where there is no TCP Reset packet, and QUIC's mechanism of closing connections (sending a Connection Close frame) is authenticated after the handshake—so, once the handshake is complete, it cannot be forged by a censor. Prior work conjectures that this makes QUIC more robust against injection-based censorship. This assumption has, however, not yet been validated in depth. In particular, censors are not limited to injecting authenticated Connection Close frames. Instead, they may attempt to inject Connection Close frames early in the handshake, early Server Hello messages impersonating the server, malformed packets, or other packets that may cause clients to give up on a connection. Your goal would be to evaluate different QUIC clients (and possibly servers) for robustness against packet injection, and to determine whether such attacks pose a practical threat.
Testing New Circumvention Methods [BA]. There are many circumvention tools available to people in censored regions, but censors continually attempt to block successful tools. Therefore, when popular circumvention tools are blocked, additional methods are necessary to keep people in censored regions connected. One candidate protocol for censorship circumvention is TURN, which is normally used for NAT traversal in video conferencing applications. In normal use, TURN acts as a proxy for conference participants behind restrictive NATs (unrelated to censorship), and allows them to directly connect to other participants. When used for censorship circumvention, the proxy it provides could be used to circumvent IP blocking and other forms of censorship. Your goal would be to analyze the TURN servers provided by conferencing systems, integrate STUN+TURN as a circumvention strategy into our tool DPYProxy, and to test its applicability in censored regions.
None of these topics interest you, but you still want to analyze censorship in your thesis? Feel free to contact us with your own ideas. We can try to find a topic together!
Requirements (usually):
- Programming: Java, Kotlin, Python
- Knowledge of protocols: TLS, QUIC, DNS, HTTP, Network Stack (TCP/IP), depending on the topic
- Interest in censorship (circumvention)
