DNS-sly: Avoiding censorship through network complexity

Qurat Ul Ann Danyal Akbar, Marcel Flores, Aleksandar Kuzmanovic

Research output: Contribution to conferencePaperpeer-review

Abstract

We design DNS-sly, a counter-censorship system which enables a covert channel between a DNS client and server. To achieve covertness and deniability in the upstream direction, DNS-sly applies user personalization, adapting to individual behaviors. In the downstream direction, it utilizes CDN-related DNS responses to embed data, while retaining statistical covertness. We show DNS-sly achieves downstream throughput of up to 600 Bytes of raw hidden data per click on a regular Web page, making it a practical system in the context of a covert Web proxy service. We implement DNS-sly and evaluate it in a known censorship environment, demonstrating its real-world usability.

Original languageEnglish (US)
StatePublished - Jan 1 2016
Event6th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2016, co-located with USENIX Security 2016 - Austin, United States
Duration: Aug 8 2016 → …

Conference

Conference6th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2016, co-located with USENIX Security 2016
CountryUnited States
CityAustin
Period8/8/16 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software

Fingerprint Dive into the research topics of 'DNS-sly: Avoiding censorship through network complexity'. Together they form a unique fingerprint.

Cite this