Last updated on May 22, 2022
VPNs have become a popular tool for evading surveillance and circumventing censorship. OpenVPN is a free and open-source VPN system that many popular VPNs used for censorship circumvention are built on. Despite many of these VPN services promising security and unidentifiability to users of their services, a new paper by Xue et al. shows that OpenVPN based VPNs have fingerprintable features, such as unique opcodes and ACK sequences, and that many commercial VPNs fail to implement obfuscation that prevent these unique features from being identified.
To mitigate this fingerprintability, Xue et al. recommend short-term mitigations such as ensuring that obfuscated OpenVPN and obfuscation servers are not co-located or easily linked to OpenVPN instances, that VPN providers use random padding rather than static padding for all obfuscated services, and that servers respond less predictably to failed handshake attempts.
Along with VPN specific vulnerabilities is the ongoing targetting of connections deemed suspicious by censors. Many censorship circumvention tools used today depend, to some extent, on TLS which requires the reliability of TCP-based connections. In response, censors have developed sophisticated methods such as deep packet inspection, active probing and other attacks on the TCP state to surveil and block TCP-based connections.
With the development of HTTP/3 protocols such as QUIC, KCP and SCTP, that provide reliability and security for UDP streams, there has been growing interest in exploring UDP based censorship resistance tools and censors’ existing and hypothesized strategies to block them. HTTP/3 protocols provide an interesting avenue to explore and develop new modes of censorship circumvention. In a study by Elmenhorst et al., censors in Iran, India and China were observed to have an almost 1:1 mapping in handshake timeout errors between TCP-based connections and their QUIC-based counterparts. While this seems to indicate that SNI blocking applies to both TCP and QUIC, Elmenhorst et al. note that the QUIC packets that carry this information are protected by connection and version-specific keys, which do not prevent decryption but do make QUIC-SNI blocking less efficient. Indeed, in a report by OONI QUIC-SNI blocking was recorded only very rarely. Other techniques that are effective for blocking TCP and TLS connections were seen to be ineffective against QUIC connections. In support of their study, Elmenhorst provides several additional insights on HTTP/3 censorship methods, potential strategies for exploiting QUIC censors and a tool for testing HTTP/3 connections.
Pluggable transports are an obvious area for innovation with HTTP/3 protocols. Hogan gives a detailed analysis of the built in censorship resistant properties of QUIC that have already been used to implement new pluggable transports (hysteria, v2ray). To our knowledge, other UDP based transports such as KCP and SCTP are less well explored, though may also be suitable for censorship resistance. Fifield’s Turbotunnel which was presented as a design pattern for circumvention protocols, has acted as a blueprint for taking advantage of the reliability/session layers provided by HTTP/3 protocols like KCP and QUIC and adding an obfuscation layer on top.
At LEAP, we are working on a UDP-based pluggable transports with traffic obfuscation and are currently hiring for a Go Developer to help support this effort. In the coming months we will be trying to answer to the following questions:
We will be posting regular blog posts and are hoping that through this blog and through talking with other researchers and organizations that may be working on similar things, we can collectively share insights and best practices to avoid reinventing the wheel while developing a diverse collection of tools for robust and effective censorship resistance.
Keep a look out here for the next post and please contact us via IRC or at [email protected] for questions to share ideas or otherwise collaborate further.