The use of TLS in Censorship Circumvention (NDSS 19)

[agiix]

The use of TLS in Censorship Circumvention
Sergey Frolov and Eric Wustrow
https://censorbib.nymity.ch/#Frolov2019a
https://tlsfingerprint.io/static/frolov2019.pdf

The paper analyzes real-world TLS traffic from over 11.8 billion TLS connections in order to identify which wide range of TLS client implementations are actually used on the Internet. The data included counts and coarse-grained time-stamps of unique Client Hello messages, a sample of SNI and metadata for each Client Hello and Server Hello responses.
For every successfully parsed Client Hello, a fingerprint was generated by calculating the SHA1 hash over several specific extensions including the TLS record version, handshake version, cipher suite list, compression method list, elliptic curve list, EC point format list, extension list, signature algorithm list and ALPN list.
As well as TLS record version, handshake version, cipher suite, compression method, list of extensions, supported groups (elliptic curves), EC point format, and ALPN extensions from every corresponding Server Hello message.

The collected fingerprints are then used to analyze how distinguishable certain censorship circumvention tools are from real-world traffic.
In total, 230000 unique fingerprints were collected.
Some of the key findings are:

• Some TLS implementations generate several fingerprints, like Google Chrome, which generate at least 4 fingerprints even from the same device, due to sending different combinations of extension depending on the context and size of TLS requests.

• The top 3 fingerprints for the month of August 2018 were Chrome 65-68 (16,51%), iOS 11/macOS 10.13 Safari (5,95%) and MS Office 2016 (including Outlook) (5,34%)

• The top 3 fingerprints for the month of December 2018 were Chrome 70 (with padding) (8,49%), iOS 12/macOS 10.14 Safari (7,55%) and iOS 12/macOS 10.14 Safari (without ALPN) (4,15%)

• To measure how quickly fingerprints change and how this might impact a censor using a whitelist approach, a list of new fingerprints (1 week old) was compiled and compared to the collected amount in the following weeks, showing a steady but small increase of 0,33%. However, TLS updates in Chrome and iOS would cause a whitelist approach to block half of all connections after 6 months.

• As of August 2018 Psiphon was able to mimic Chrome 58-64, making it less likely to be blocked, followed by Outline (which uses a randomized protocol to look like nothing), meek, Snowflake, Lantern, Tapdance and Signal.

Mimicking a fingerprint is hard to get right, since there are lots of features that need to be tracked and implemented, while a fingerprint goes rapidly obsolete.
In order to assist censorship circumvention tools, a TLS library named uTLS (fork of Golangs TLS library) was created, which allows developers to mimic arbitrary Client Hello messages. The library has been adopted so far by Psiphon, Lantern, TapDance and meek.

The use of TLS in Censorship Circumvention was the subject of the Tor anti-censorship team's reading group on 2020-11-12. There is a transcript of the discussion:
http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-11-12-15.59.log.html#l-41