Abstract
We design DNS-sly, a counter-censorship system which enables a covert channel between a DNS client and server. To achieve covertness and deniability in the upstream direction, DNS-sly applies user personalization, adapting to individual behaviors. In the downstream direction, it utilizes CDN-related DNS responses to embed data, while retaining statistical covertness. We show DNS-sly achieves downstream throughput of up to 600 Bytes of raw hidden data per click on a regular Web page, making it a practical system in the context of a covert Web proxy service. We implement DNS-sly and evaluate it in a known censorship environment, demonstrating its real-world usability.
Original language | English (US) |
---|---|
State | Published - Jan 1 2016 |
Event | 6th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2016, co-located with USENIX Security 2016 - Austin, United States Duration: Aug 8 2016 → … |
Conference
Conference | 6th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2016, co-located with USENIX Security 2016 |
---|---|
Country/Territory | United States |
City | Austin |
Period | 8/8/16 → … |
Funding
This project is supported by the National Science Foundation (NSF) via grant CNS-1526052.
ASJC Scopus subject areas
- Computer Networks and Communications
- Software