Various state actors around the world deploy some degree of censorship. To prevent users from accessing specific websites, they alter, drop, and redirect connection attempts to websites and services they deem malicious. Countries facilitate censorship by inspecting protocols like IP, TPC, HTTP, DNS, TLS, and VPNs. The sophistication of censors varies as much as the techniques they use. Overall, this leads to a diverse landscape of censorship around the world. In recent years, the analysis of censorship has increased greatly. Automated tools for global censorship analysis and circumvention have been introduced together with country-specific in-depth analyses.
To aid in this acquisition of knowledge, we want to ascertain censorship techniques and the circumventability of censorship around the globe. This includes both country-specific analyses and new circumvention or analysis techniques. Below, we gather potential thesis topics:
Thorough Censorship Analysis in Iran [BA/MA]. Two students wrote excellent Master's theses about HTTP and DNS censorship. Both had inconsistent / weird findings in Iran-one of the countries they analyzed. For example, on DNS level they inject two different block page IPs, or use different HTTP censorship methods (null-routing, TCP RSTs, block page) depending on the given hostname. If a block page is delivered, it contains one of the IPs also used for DNS censorship. Additionally, some domains are resolved correctly to a fixed IP that also belongs to the same company, including websites of secret services like the MI5. Overall, we still have a lot of questions of what actually happens there. As the HTTP and DNS analyses were conducted independently, it makes it hard to compare and align the results correctly. Your goal in this thesis is to analyze the censorship in Iran from a VPS that we own while taking a look at HTTP, DNS, and TLS at the same time - you do not have to implement from scratch as we have preliminary work existing for all. With this, we hope to find some more explanation of what happens there. Is there a correlation between censorship of the three protocols? Can you gather a more extensive list of weird resolving to fixed IPs for other secret services? The exact scope depends on whether you want to work on this as a Bachelor's or Master's thesis.
DTLS Censorship [BA]. One protocol we have not extensively analyzed so far is DTLS. DTLS is so far mainly known to be censored based on fingerprinting. One well-known case was Snowflake where a DTLS fingerprint was used to block connections. Your goal in this thesis is to integrate DTLS into our Censor Scanner. Then, you should implement some probes that check for known DTLS censorship (fingerprints). You should also research and see if you find any other evidence of DTLS censorship (and implement probes accordingly). These probes can then be testen on VPSes that we own in different countries like China, Russia, and Iran. Depending on the results, you could either run a full-fletched evaluation in different countries or implement a small mock censor yourself to if fingerprinting efforts are detectable with your probes. The exact scope can be further discussed within a meeting.
Censorship in Marginally Analyzed Countries [BA]. In recent years, some countries have been analyzed more thoroughly than others. Prime examples are the censors of Russia, China, and India. However, censorship occurs in many countries around the globe. In this thesis, you will focus censorship analysis on one or a few countries that have not been analyzed thoroughly up until now. You will also compare the censorship techniques you encounter with those of more thoroughly analyzed censors.
None of these topics interest you, but you still want to analyze censorship in your thesis? Feel free to contact us with your own ideas. We can try to find a topic together!
Requirements (usually):
- Programming: Java, Kotlin, Python
- Knowledge of protocols: TLS, QUIC, DNS, HTTP, Network Stack (TCP/IP), depending on the topic
- Interest in censorship (circumvention)
