对Telex互联网反监管系统的攻击

发布时间：2018-05-31 05:40

本文选题：互联网监管 + 路由器重定向　；参考：《通信学报》2014年09期

【摘要】：Telex作为典型的路由器重定向型反监管系统给互联网监管者带来了新的挑战。为帮助用户逃避监管,Telex利用路由器而非终端主机将用户的网络通信重定向到被屏蔽的目标站点。从审查者角度分析了Telex系统的安全性,提出了2类利用主动攻击破坏用户隐私的新方法。第一类为DoS攻击,利用了Telex握手协议的安全漏洞,在破坏系统可用性的同时还可能检出用户是否在使用Telex代理。同时给出了弥补该漏洞的改进协议。第二类称为TCP分组旁路攻击,利用非对称路由或IP隧道技术令客户端的部分TCP分组绕过路由器直达掩护站点,然后通过观察上行数据流的重传反应判断用户是否在使用Telex代理。通过一系列原型系统实验验证了旁路攻击的可行性。TCP分组旁路攻击也适用于其他路由器重定向型反监管系统。
[Abstract]:As a typical router redirected anti-regulation system, Telex brings new challenges to Internet regulators. To help users escape regulation Telex uses routers rather than terminal hosts to redirect users' network traffic to blocked target sites. This paper analyzes the security of Telex system from the perspective of censors, and proposes two new methods to destroy user privacy by active attack. The first is a DoS attack, which exploits the security vulnerability of the Telex handshake protocol and may detect whether the user is using the Telex proxy while destroying the system availability. At the same time, an improved protocol is given to remedy this loophole. The second is called TCP packet bypass attack, which uses asymmetric routing or IP tunneling technology to make part of the TCP packet bypass the router to the cover station, and then determines whether the user is using the Telex proxy by observing the retransmission reaction of the upstream data stream. The feasibility of bypass attack is verified by a series of prototype system experiments. TCP packet bypass attack is also suitable for other router redirected anti-supervision systems.
【作者单位】：西安电子科技大学计算机学院;
【基金】：国家自然科学基金资助项目(61101142) 中央高校基本科研基金资助项目(K50510030012)~~
【分类号】：TP393.08

【相似文献】