Exploits

Prior research and real attacks on circumvention tools looked for features that distinguish the tool's traffic from non-circumventing traffic. We call such features vulnerabilities. We refer to the effective leveraging of a vulnerability by the censor for detection and taking action against circumvention as an exploit. These tables compare exploits. However, in some cases the cited sources only identified a vulnerability. In these cases, we attempted to infer an exploit from the vulnerability. When the intended exploit is unclear, we list more than one possibility leading to the use of OR in some columns. Below, underblocking* denotes underblocking that a censor can easily recover from by retransmitting its own probe.

Used by Real Censors
Description and where seenPhaseNatureMeasurement lossNetwork loss
Detect attempts to get instructions for using Tor
Check DNS requests for whether they are for Tor's website [ref, ref]idmpassiveunderblockingneither
Check GET requests for Tor (`/tor/') [ref, ref]idmpassiveunderblockingneither
Check requests for Tor (`.torproject.org') [ref]idmpassiveunderblockingneither
Search for `Tor' as a keyword, e.g., as a search term [ref]idmpassiveunderblockingneither
Detect identifiers needed to setup a Tor channel
Find IP addresses of Tor directory authorities [ref]idmproactive??
Get Tor relays' IP addresses from public list [ref, ref]idmproactiveunderblocking*underblocking*
Get Tor bridges' IP addresses from webpage [ref, ref]idmproactiveunderblocking*underblocking*
Get Tor bridges' IP addresses from email [ref, ref]idmproactiveunderblocking*underblocking*
Detect the Tor protocol
Identify SSL for Tor (method unknown) [ref, ref]link setuppassive??
DPI for Tor's DH parameter in SSL [ref, ref]link setuppassiveunderblockingneither
DPI for Tor's SSL and TLS certificate lifetime [ref, ref, ref]link setuppassiveunderblockingneither
DPI for Tor's TLS renegotiation [ref, ref]link setuppassiveunderblockingneither
DPI for TLS `Server Hello' for cipher 0x0039 sent by the Tor relay or bridge [ref, ref, ref, ref, ref]link setuppassiveunderblockingneither
DPI for Tor's TLS `Client Hello' for cipherlist [ref, ref, ref, ref, ref, ref, ref]link setuppassiveunderblockingneither
DPI for TLS `Client Hello' for SNI that resolves to Tor relay/bridge [ref]link setuppassiveunderblockingneither
DPI on TLS for client key exchange [ref]link setuppassiveunderblockingneither
Probe server for circumvention handshake (looking for what?) [ref, ref]link setupproactive??
Probe server for circumvention handshake looking for version cell [ref, ref, ref, ref, ref, ref]link setupproactiveunderblocking*underblocking*
Observe suspected circumvention flow (method unknown) [ref, ref]link?passive??
Detect the destination of packets
Check whether server IP is in blacklist [ref, ref, ref, ref, ref, ref]link setuppassiveunderblockingneither
Check whether server IP-port pair is in blacklist [ref, ref, ref, ref, ref, ref, ref, ref, ref]link setuppassiveunderblockingneither
Detect encryption
Identify SSL (method unknown) [ref, ref]link setuppassive??
Identify SSL handshake [ref, ref]link setuppassive??
Check for encryption (method unknown) [ref]link setup?passive??
Detect anything beyond basic web usage
Check whether port is not 80 or 443 [ref]link setuppassiveunderblockingneither
Check whether port is not 80 (and client IP is on a graylist?) [ref]link setuppassiveunderblockingneither
Check for port 80 and whether protocol is non-HTTP (method unknown) [ref]link setup?passive??
Found in Papers
Description and where seenPhaseNatureMeasurement lossNetwork loss
Detect a feature of a packet that differs from the cover protocol
Different packet sizes for packets with fixed length from Skype [ref]link setuppassiveunderblockingunderblocking
Absence of start-of-message fields of Skype UDP packets [ref]link setuppassiveneitherneither
Different ciphersuite for TLS handshake than Chrome on Linux [ref]link setuppassiveneitherneither
Detect a feature of content that differs from the cover protocol
Different HTTP response length than Firefox downloading Amazon.com [ref]link usepassiveoverblocking and underblockingoverblocking and underblocking
Exploiting discrepancies in file format semantics [ref, ref]
  • PDF xref file-format semantics [ref]
  • PDF PyPDF2 file-format semantics [ref]
link usepassiveunderblockingunderblocking
The value of the content length field matches the actual length of the content [ref, ref]link usepassiveoverblockingoverblocking
Detect packets produced by a probe that differ from the cover protocol's
Manipulating the \texttt{tag} field in SIP OK to close a connection that normally would be kept open [ref]link setup+1reactiveunderblockingunderblocking
Verify standard supernode behavior by flushing supernode cache [ref]subsidiaryproactiveoverblockingoverblocking
Check for the correct response to HTTP GET request for an existing page [ref, ref]subsidiaryproactiveoverblockingoverblocking
Wrong response to HTTP GET request for non-existing page or wrong protocol [ref, ref]
subsidiaryproactiveneitherneither
Detect the presence of packets that the cover protocol would not produce
Detect the presence of packets from a TCP close or delay that Skype would not produce [ref]
  • Close TCP channel [ref]
  • Delay TCP packets [ref]
link setupreactiveneitherneither
Detect the absence of packets that the cover protocol would produce
Absence of standard Skype control traffic [ref]
  • NAT traversal [ref]
  • Update traffic [ref]
  • Control channel [ref]
  • Login traffic [ref]
  • NAT traversal STUN [ref]
link setuppassiveoverblockingoverblocking
Absence of standard Skype user traffic [ref]
  • Message exchanges [ref]
  • Client behavior [ref]
link usepassiveoverblockingoverblocking
Absence of normal server replies to client [ref]link setupproactiveoverblockingoverblocking
Absence of expected Skype setup packets in response to network inferference [ref]
  • Drop packets [ref]
  • Close TCP connection [ref]
  • Block TCP port [ref]
link setup+1reactiveoverblockingoverblocking
Absence of expected SIP setup packets in response to malformed requests [ref]
  • SIP INVITE [ref]
  • SIP INVALID [ref]
  • SIP BYE [ref]
link setupreactiveoverblockingoverblocking
Absence of call termination after dropping SIP RTP packets [ref]link usereactiveoverblockingoverblocking
Absence of response to odd HTTP requests [ref, ref]
subsidiaryproactiveoverblockingoverblocking
Detect making connections in a way that the cover protocol does not
Connecting to a tainted IP during setup even if the channel does not [ref]link setuppassiveunderblockingunderblocking
Many long-lived connections to one bridge node vs.\ few short-lived [ref]link usepassiveneither OR underblockingneither OR underblocking
Check for abnormal number of concurrent connections while downloading [ref]link usepassiveneither OR overblocking and underblockingneither OR overblocking and underblocking
Has an abnormally large number of outgoing connections per session [ref]link usepassiveunderblockingunderblocking
Many HTTP/Skype connections to a single server [ref]link setuppassiveunderblockingunderblocking
Different number of TCP connections per session than Firefox downloading Amazon.com [ref]link usepassiveneither OR overblocking and underblockingneither OR overblocking and underblocking
Having a non-standard connection duration [ref, ref, ref]
  • Different duration of TCP connection than normal TLS connections [ref]
  • Different duration than game [ref, ref]
link usepassiveneither OR overblocking and underblockingneither OR overblocking and underblocking
Detect abnormal feature of packet
Non-random-looking TLS handshake client nonce [ref]link setuppassiveneitherneither
Payload length of 149 bytes for first packet [ref]link setuppassiveneitherneither
The first packet looks random [ref]
  • The first 2048 bytes of the first packet has high entropy [ref]
  • The byte values of the payload appear uniformly random under Kolmogorov--Smirnov test [ref]
  • Truncated sequential probability ratio test (SPRT) suggests random payload byte values [ref]
link setuppassiveneitherneither
URI in the first GET request has length 239 bytes [ref]link setuppassiveneitherneither
High entropy for the URI in the first GET request [ref]link setuppassiveneitherneither
Detect abnormal traffic feature (e.g., timing or size) distributions
Check for dependencies between supposedly separate connections [ref]link setuppassive/reactiveoverblocking and underblockingoverblocking and underblocking
Non-random packet length distribution [ref]link usepassiveoverblocking and underblockingoverblocking and underblocking
Different number of HTTP request-response pairs per connection when downloading Amazon.com [ref]link usepassiveoverblocking and underblockingoverblocking and underblocking
Different distribution of packet lengths from normal traffic [ref, ref, ref, ref, ref, ref]
  • Distribution of packet lengths (TCP) [ref]
  • Distribution of packet lengths (Skype) [ref]
  • Packet size distribution [ref, ref, ref]
  • Different distribution of packet sizes than game [ref, ref]
link usepassiveoverblocking and underblockingoverblocking and underblocking
Different distribution of flow sizes from normal TCP [ref]link usepassiveoverblocking and underblockingoverblocking and underblocking
Different distribution of connection times from normal TCP [ref]link usepassiveneither OR overblocking and underblockingneither OR overblocking and underblocking
Different distribution of interpacket arrival times or rate from normal traffic [ref, ref, ref, ref, ref, ref, ref]
  • Distribution of interpacket arrival times (Skype) [ref, ref, ref]
  • Timeing distribution [ref, ref, ref]
  • Different distribution of interpacket arrival times than game [ref, ref]
link usepassiveoverblocking and underblockingoverblocking and underblocking
Percentage of ACK messages that come a certain time after the ACK message that preceded it [ref]link use-1passiveoverblocking and underblockingoverblocking and underblocking
Different average packet size than Skype [ref]link usepassiveoverblocking and underblockingoverblocking and underblocking
Different average difference in packet length over time from Skype voice [ref]link usepassiveoverblocking and underblockingoverblocking and underblocking
Different standard deviation of distribution of packet lengths from Skype voice [ref]link usepassiveoverblocking and underblockingoverblocking and underblocking
Fits the pattern of pre-recorded traffic [ref]
  • Pre-recorded traffic (tool) [ref]
  • Pre-recorded traffic (client) [ref]
link usepassiveoverblocking and underblockingoverblocking and underblocking
Different n-grams distribution over packet lengths than normal traffic [ref, ref]
  • Different n-gram distribution over packet lengths than Skype [ref]
  • Different n-grams distribution over packet lengths than game [ref]
link usepassiveoverblocking and underblockingoverblocking and underblocking
Detect abnormal traffic statistic of feature distributions
The entropy of packets [ref]
  • The minimum payload entropy in the upstream direction within a window [ref]
  • The minimum payload entropy in the downstream direction within a window [ref]
  • The maximum payload entropy in the upstream direction within a window [ref]
  • The maximum payload entropy in the downstream direction within a window [ref]
  • The average payload entropy in the upstream direction within a window [ref]
  • The average payload entropy in the downstream direction within a window [ref]
link use-1passiveoverblocking and underblockingoverblocking and underblocking
Percentage of TCP ACK packets sent in each direction [ref]link use-1passiveoverblocking and underblockingoverblocking and underblocking
Five most common payload lengths of packets [ref]link use-1passiveoverblocking and underblockingoverblocking and underblocking