Portfolio item number 1
Short description of portfolio item number 1
Posts by Collection
portfolio
Portfolio item number 2
Short description of portfolio item number 2
publications
Poster: Circumventing the GFW with TLS Record Fragmentation
Published in ACM CCS, 2023
Abstract
State actors around the world censor the HTTPS protocol to block access to certain websites. While many circumvention strategies utilize the TCP layer only little emphasis has been placed on the analysis of TLS-a complex protocol and integral building block of HTTPS. In contrast to the TCP layer, circumvention methods on the TLS layer do not require root privileges since TLS operates on the application layer. With this proposal, we want to motivate a deeper analysis of TLS in regard to censorship circumvention techniques. To prove the existence of such techniques, we present TLS record fragmentation as a novel circumvention technique and circumvent the Great Firewall of China (GFW) using this technique. We hope that our research fosters collaboration between censorship and TLS researchers.Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling
Published in Free and Open Communications on the Internet (FOCI), 2024
Abstract
Many countries limit their residents' access to various websites. As a substantial number of these websites do not support TLS encryption, censorship of unencrypted HTTP requests remains prevalent. Accordingly, circumvention techniques can and have been found for the HTTP protocol. In this paper, we infer novel circumvention techniques on the HTTP layer from a web security vulnerability by utilizing HTTP request smuggling (HRS). To demonstrate the viability of our techniques, we collected various test vectors from previous work about HRS and evaluated them on popular web servers and censors in China, Russia, and Iran. Our findings show that HRS can be successfully employed as a censorship circumvention technique against multiple censors and web servers. We also discover a standard-compliant circumvention technique in Russia, unusually inconsistent censorship in China, and an implementation bug in Iran. The results of this work imply that censorship circumvention techniques can successfully be constructed from existing vulnerabilities. We conjecture that this implication provides insights to the censorship circumvention community beyond the viability of specific techniques presented in this work.TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations (2nd Place Impact Award)
Published in ACSAC, 2024
Abstract
TLS-Attacker is an open-source framework for analyzing Transport Layer Security (TLS) implementations. The framework allows users to specify custom protocol flows and provides modification hooks to manipulate message contents. Since its initial publication in 2016 by Juraj Somorovsky, TLS-Attacker has been used in numerous studies published at well-established conferences and helped to identify vulnerabilities in well-known open-source TLS libraries. To enable automated analyses, TLS-Attacker has grown into a suite of projects, each designed as a building block that can be applied to facilitate various analysis methodologies. The framework still undergoes continuous improvements with feature extensions, such as DTLS 1.3 or the addition of new dialects such as QUIC, to continue its effectiveness and relevancy as a security analysis framework.I(ra)nconsistencies: Novel Insights into Iran’s Censorship
Published in Free and Open Communications on the Internet (FOCI), 2025