DNS-sly: Avoiding Censorship through Network Complexity

 

Description

 

DNS-sly is a counter-censorship system which enables a covert channel between a DNS client and server. To achieve this, DNS-sly applies user personalization, adapting to individual behaviors in the upstream direction. In the downstream direction, it utilizes CDN-related DNS responses to em- bed data, while retaining statistical covertness.

Our experiments show DNS-sly achieves downstream throughput of up to 600 Bytes of raw hidden data per click on a regular Web page, making it a practical system in the context of a covert Web proxy service. We implement DNS-sly and evaluate it in a known censorship environment, demon- strating its real-world usability.

 

People

 

Faculty:

Aleksandar Kuzmanovic

 

Graduate Students:

Qurat-Ul-Ann Akbar

Marcel Flores

 

Publications

 

DNS-sly: Avoiding Censorship through Network Complexity in USENIX FOCI '16, Austin, Texas, August 2016.

 

Source Code

 

We have built a prototype of DNS-sly in Python with full implementaion of a DNS client and server. The source as well as scripts to perform the basic setup can be found here.[readme]

 

Contact

 

For questions or comments please contact quratulanakbar2015@u.northwestern.edu.