Abstract:
The free flow of information on the Internet is crucial for billions of people. The flow of information is restricted by network censors. One well-known network censor is the Great Firewall of China, which applies sophisticated network censorship measures. To circumvent its censorship, we consider TCP and TLS fragmentation as useful circumvention techniques. Extending an existing research tool, we show the Great Firewall to be incapable of handling any kind of TLS fragmentation. TCP segmentation, while shown to be an effective technique in the past, is not sufficient anymore to circumvent the Great Firewall. While not sufficient on its own anymore, we discover the addition of small time delays to revive this technique. Some techniques based on overlapping TCP segments can also circumvent the censor, while showing its changed reassembly behavior. Finally, we implement TCP and TLS fragmentation reassembly in an existing research censor. This allows in-lab analysis and gives insights into the potential decision making of censors. While fragmentation reassembly is possible, it seems difficult and costly for censors. Due to its difficulty and costliness, we consider fragmentation of TCP, TLS, and other fragmentable protocols a promising technique for censorship circumvention.