This action might not be possible to undo. Are you sure you want to continue?
Morgan Sennhauser Project Coordinator, NedaNet July 09, 2009
THE STATE OF IRANIAN NETWORKING ________________________________________________________________ 1 PURPOSE ____________________________________________________________________________________________________ 1 HISTORY ____________________________________________________________________________________________________ 1 TRAFFIC MANIPULATION ____________________________________________________________________________________ 3 Overview_________________________________________________________________________________________________ 3 IP Blocking ______________________________________________________________________________________________ 3 Traffic Classification ____________________________________________________________________________________ 4 Deep Packet Inspection _________________________________________________________________________________ 4 What Else is Possible ____________________________________________________________________________________ 5 Where Manipulation Occurs ____________________________________________________________________________ 5 RESPONSE ___________________________________________________________________________________________________ 7 Normal Usage ___________________________________________________________________________________________ 8 Special Usage___________________________________________________________________________________________ 11 CONCLUSION _______________________________________________________________________________________________ 12
This document is an examination of the current state of the Internet infrastructure in Iran. The intended audience is non-technical people who have interest in knowing how, in a general sense, the government is doing what they are doing, and which methods will work best for circumvention.
After the election in Iran on June 13th, the Iranian government began to limit civilian's basic freedoms in strict and unjustifiable ways due to allegations of election fraud. They prevented them from protesting peacefully with batons, teargas, and eventually, automatic weapons. They cut off land-line and cellular phones, preventing people from being able to contact their friends and family in and out of Iran. They also began limiting the Iranian people's access to the Internet. However, they did not block several sites which proved to be key in helping the Iranian people get out photographs, video, and their thoughts on the crackdown against protesters. The most notable site for the torrent of information coming out of Iran was Twitter, where content tags like #iranelection and #gr88 (Green Revolution 1388, the current year on the Islamic calendar) took control of the most used tags for over two weeks. During the early days after the election, as people watched the footage of protesters being beaten, and became far too familiar with the concept of the Basij militia, they wondered what they could do. Initially, it was easy to help. You simply set up a proxy1, following easily accessible instructions for doing so, and sent the IP and port of the proxy to one of several volunteers who had promised to spread the proxies into Iran. Unfortunately, most proxies were quickly blocked, meaning that it took a constant rush of people setting up proxies on thousands of computers to keep the lines of communications even partially open. Obviously, this pace could not be continued indefinitely, and it was becoming clear that this was going to be a long struggle for the Iranian people. To make matters worse, rumors were circulating that the Iranians were enabling previously unused hardware, meant to make the majority of proxies (HTTP proxies specifically) obsolete.
1 Proxy: a network connection which allows a client to connect to a server by means of an intermediary connection.
Some examination by networking experts quickly proved these rumors to be true. Put simply, the Iranian government was now using deep packet inspection (DPI), in addition to manually blocking IPs and traffic shaping by port and protocol. This left a great number of people confused as networking gurus struggled to find what solutions might be employed against this quickly adapting entity. This document is intended to help explain what methods the Iranian government is employing to manipulate the traffic of the country, and what could be done to circumvent it.
(A note to the technical: This document is meant to be fairly straightforward, so there may be things worded in ways which are technically incorrect, but get the point across much more clearly than a lengthy technical explanation would. However, if there is something explained in a way which is blatantly incorrect, please inform me.)
Traffic manipulation, in terms of computer networking, is any tampering done to the information as it is in transit from its origin to its destination.
It has been impressive how fast the Iranian government has adapted their filtration and manipulation of the information coming from and to Iran. They have been able to expand their efforts in information tampering immensely since the first days after the election, and are continuing to do so. While logic would say that there must be some end to the resources they can expend on limiting communication, it is better to approach the situation with a belief that they have unlimited resources, so any solution must withstand any technologically feasible reaction. The following is a brief and nontechnical overview of the methods that the Iranians have been using to manipulate what communication is possible. It will also share some thoughts about what will come next.
The first method with which the Iranian government limited communication was simple. They simply dropped any packets2 that were going to or coming from an IP address3. For example, www.bbcpersian.com (IP 126.96.36.199) was blocked fairly early on. Any traffic going to or from that IP would simply be ignored; it would appear to both sides as if the other did not exist. This is useful in blocking entire servers- for example, websites that go against what the Iranian government says, or computers acting as proxies.
Packet: a packet is the base unit with which information is transmitted. IP address: this is a computer’s address on the Internet, it is how it is usually referred to by other machines.
Traffic classification, also referred to as Quality of Service (QoS) is the manipulation of traffic based on protocol and port, and is far more advanced than IP blocking. For example, FTP4 occurs via the TCP5 protocol, typically on port 21. Therefore, if the Iranian government wanted to throttle all FTP traffic, they could simply limit the bandwidth available across TCP port 21. Additionally, they can monitor all the traffic on that port, since the majority of it will be file transfers, so they would be able to detect, for example, if a person is uploading video or images from a protest. Additionally, it is possible to filter by QoS. For example, if they were to monitor port 21, they could choose to simply drop any traffic that had the word 'protest'. This form of traffic control is as of today the most widely used, due to the fact that it is not too resource intensive and is fairly easy to set up. It would also appear that the degree to which they shape the traffic in this way varies based on time of day and day of the week. This is most likely to prevent there from being too heavy of restrictions on normal business operations. However, I have been told that most Iranian businesses, even those which are branches of international corporations, do not rely heavily on the Internet for communication, so there may be other reasons that are currently unknown.
DEEP PACKET INSPECTION
Deep Packet Inspection6, or DPI, is the most thorough kind of traffic manipulation that can be used. While traffic classification gives a cursory examination of the packet to see where it originated and where it is going, DPI examines the packet to see what type of content it has. Almost all digital traffic has some identifying information that goes with it, that says whether it is HTTP, SSL, FTP, or other types of traffic. This can be done regardless of port or protocol, meaning that simply setting up an FTP server to use port 9328 instead of 21 will not protect you from traffic manipulation. This is the type of filtering which allows the Iranian government to quickly detect and block proxies, as well as throttle other types of connection. For example, there have been several attempts to gain functional access into the Iranian Internet infrastructure, however because of their thorough packet inspection, we gain only short access before being disconnected. This is the most resource intensive type of traffic manipulation, however since the Iranian government employs the previous two methods in addition, they are not hampered by that. Additionally, this is the most difficult type of traffic manipulation to circumvent, however that does not mean it is impossible.
FTP: file transfer protocol, a common way of transferring files with little overhead. TCP: TCP is one of the main protocols used on the Internet. 6 Deep packet inspection: The scanning of a packet’s header information to determine its contents.
WHAT ELSE IS POSSIBLE
It is hard to predict what other tricks the Iranian Government will come up with, though it is almost certainly going to revolve around three concepts:
AUTOMATION They are going to continue to work on improving ways to automatically block content and detect when these blocks are circumvented.
EXPANSION As the traffic manipulation becomes a more permanent feature on the Iranian communication infrastructure, it will become imperative that the methods become redundant, so that even if one method of filtration is beaten, there may be another capable of detecting it. This will also decrease the workload on the central servers, meaning that they will be able to reopen some of the bandwidth, reducing the pressure from businesses to stop traffic manipulation.
INVISIBILITY For any manipulation to be successful, long term, it has to be undetectable. While those of us outside Iran are looking to make our traffic invisible to them, they are working to make their efforts invisible to us. You can't go around a wall you don't know is there. However, traffic manipulation on a massive scale with noticeable results is tough to keep secret, so it is unknown how feasible this goal is.
WHERE MANIPULATION OCCURS
There are two main points at which traffic manipulation occurs:
National. This is where the majority of traffic manipulation is occurring at. This is most likely due to the fact that there is only one physical link leaving Iran, and only around 30 satellite uplinks, making the management of them fairly simple. ISP7 level. While there is some manipulation of traffic at the provider level, it appears to be fairly limited, such as dropping traffic based on keywords. This is similar to the type of traffic manipulation you commonly see at schools or workplaces, to prevent people from accessing materials they probably shouldn't be accessing while there. The benefits of doing this type of manipulation at this level, as opposed to nationally, is that the cost to the government is lower. However, there is a risk that an ISP might have something misconfigured, meaning that there may be easier ways to circumvent the base filtering, at least for a while. Unfortunately, it would seem that this is one of the first systems they made redundant, so even if one were somehow able to circumvent the ISP filters, it would only be beneficial for connections within the borders.
ISP: Internet Service Provider, a company which provides access to the Internet.
Due to the complex and adaptive way in which the Iranian government has responded, coming up with an appropriate response to restore open communications is much more difficult than with a relatively static blocking system, such as that used by China. As the system has evolved, many people have suggested many ways that may work to circumvent the traffic manipulation. The following are a few questions I ask of any method before serious consideration (I use HTTP proxies as an example since they are now known to fail.) • How resilient is it to countermeasures? Any method that can be seriously considered as a long term method of defeating traffic manipulation must be resistant to the methods used to do so. For example, HTTP proxies were not a good response due to the fact that they can be detected in several ways and blocked quickly, requiring constant server rotation to stay operational. How secure is it? Under close scrutiny, how secure is the data being transmitted? Unencrypted, or plain, text is horribly insecure. Anyone in the transmission path, and that includes the government, can view what you are transmitting. All HTTP proxies are entirely plaintext, making them incredibly risky for those who use them. (At the time this was not true, since traffic was not being inspected close enough for encrypted transmission to matter.) How expensive is it to run? A sad truth is that servers tend to be expensive to run. The monetary cost involved in any operation is something to be considered, as it could quickly reach to tens of thousands of dollars a month. HTTP proxies were actually good on this, because they could be crowdsourced. If everyone set one up, the cost to any one individual was near zero. However, with solutions that require dedicated servers, the costs can quickly become prohibitive, especially when you have an entire country relying on you. Is it traceable? One important thing to consider is whether or not the information can be tracked to the person who used it. The government should not be able to view the traffic and have proof that Iranian was viewing photographs of the protests in Shiraz. Additionally, they shouldn't be able to see if Iranian was uploading photographs from a protest near his home. How easily can it be deployed? Most solutions are fairly difficult to deploy. For example, HTTP proxy deployment had quite a few steps: o o o o Donor sets up proxy Donor gives the IP and port to Facilitator Iranian asks Facilitator for a proxy Facilitator gives Iranian a proxy
As you can see, there is a lot of work involved with distributing a proxy. This involves a lot of cooperation and communication between Foreigner and Assister, and Assister and Native. This costs time, effort, and above all, the system of communication, already incredibly fragile, is now relying solely on Assister being there to fulfill his assumed role. 7
How easy is it to use? While many of us trying to formulate solutions are skilled with computers, those that we are helping may not be. Any method of connection has to be fairly simple to set up.
There are generally two types of solutions that we focus one: those which allow for normal Internet usage (browsing the web, chatting with family, checking e-mail) and those which are catered to special usage. The special usage methods are, unfortunately, kept fairly quiet, and therefore are not discussed too thoroughly in this document.
SINGLE-HOP PROXIES This includes all methods of single client-server8 connections. HTTP proxies, FreeGate, UltraSurf, and Psiphon all fall under this. There are both good sides and bad sides to single-hop9 proxies. While they are an excellent way to prevent temporary Internet restrictions, they are themselves a temporary measure, and therefore generally not recommended for deployment except in emergency cases. Generally, the main issue with single hop proxies is that they are too easy to block, especially with the advanced filtration used by the Iranian government. This means that in order to be successful long term, there will either be a need for large sums of money or continually growing public support to ensure that there can be enough servers kept operational. As of today, there is no single-hop proxy which cannot be blocked easily. However, if you absolutely must use a single-hop system, it is recommended to use it on the week, between noon and 5pm, as that is when the least traffic manipulation is being done.
Client-server: this is the most prominent type of connection, where one side is receiving the information, and the other is serving it. 9 Single-hop: a connection which has only one intermediate connection between the client and the destination.
The Good • • • Insecure
Easily blockable Expensive (either financially or in terms of effort) to run Easily detectable Difficult to deploy Traceable Requires trusting your proxy If the server fails the client is disconnected No deniability to server provider Tend to have obvious fingerprints Dependent on outside connections
• • • • Fast Easy to set up Usually don't require a client application • • • • • • •
MULTI-HOP CIRCUITS Multiple-hop10 circuits are generally much more secure than single hop proxies, however they have their own list of downsides. The most commonly recommended multiple hop client/server package is Tor, short for The Onion Router. While it is in some ways peer-to-peer, due to the hidden services, it still follows the traditional client-to-server model; more specifically, clientto-server-to-server-to-final-server. Generally they tend to be much more secure and much more feasible to run as a long term solution, as even if a server is blocked, it can still be used as a link the overall circuit. However, this durability comes at a significant speed cost, that added to the already limited bandwidth in Iran can be highly prohibitive. Luckily, the network can be greatly sped up if there are more people running relays, especially in geographically close locations.
10 Multiple-hop: A connection which has more than one intermediate point between the client and destination. This type of connection is commonly referred to as a circuit.
Another added benefit of multi-hop circuit methods is that they can be almost entirely crowd-sourced. Due to the nature of the network, there is usually only one link on the circuit which would require a high bandwidth server, and that is the link which the traffic leaves out of. There has been some work in attempting to get universities to lend their bandwidth to this purpose, which again helps to reduce the cost to any one person to near zero.
The Good • • Difficult to block Once a server is blocked, it can still be used as part of the circuit Usually easy to deploy Untraceable Difficult to detect the information being transmitted Easy to crowdsource • • • • • Slow
• • •
Can be more difficult to set up Risk Requires special client Dependent on outside connections
PEER-TO-PEER Peer-to-peer11 networking solutions are radically different than the previously suggested networking solutions, and are intended to be used as a supplement to them. The goal of peer-topeer solutions is to enable the Iranian people to stay connected and share information with each other, even if they are completely cut off from the outside connections. While the above two models use the concept of tunneling through the block, peer-to-peer solutions ignore the block entirely, instead circulating information within the country, although there is no reason why there could not be external peers. However, if those external peers are blocked, the peers inside the country aren’t cut off from information, as they have shared it with themselves, and can access it that way. Unfortunately we are struggling to find a solution that is ready for deployment on a massive scale, so there has been a somewhat limited examination into peer-to-peer networking; however several members of NedaNet agree that it is the next step forward in ensuring the Iranian people can continue to communicate freely.
11 Peer-to-peer: A connection which does not rely on a central server, but one that pulls information from other peers. The most common type of peer-to-peer connection is BitTorrent file-sharing.
The Good Almost impossible to block Highly secure Doesn't even show on the radar of most inspection Doesn't require outside connections Can accept only trusted connections • • • • • • Slow
• • •
Limited features Limited content Can be difficult to use Eliminates plausible deniability No service is ready for deployment
SUMMARY Now that the benefits and detriments of the various connection methods have been examined, it is easier to see what is feasible to use to fight censorship. Generally, the use of multiple-hop proxy circuits are recommended due to their high level of security and anonymity, despite their slow connection speeds. Additionally, they are not a temporary measure. While a server may be blocked, it is not then rendered useless as it would be for a single-hop proxy. Additionally, despite the lack of a working solution, the use of peer-to-peer is still highly recommended, if only as a redundancy plan should the Internet be completely disabled within Iran. Any method which relies on a single intermediate connection is most likely not a good solution, since there are so many apparent flaws with the technique. In moving forward, I think the focus needs to be put on improving the ease of use of multiple-hop relays, and working to improve their speeds. Thankfully, the speed issues can largely be remedied by increasing the number of relays available, which can be done by volunteers, meaning the need for donations is minimal.
There are several solutions which have been devised for specific applications, which function in ways entirely different than the above listed methods. However, due to their limited deployment, they are still confidential, to ensure that they stay operational for as long as possible. Hopefully soon we’ll be able to declassify some, as they are replaced by more stable and secure methods. 11
There has been a lot learned by all involved about what techniques work to circumvent manipulation, however there is still a lot more to do. There are many new ways we’re testing and developing now to try to reduce the threat that any entity’s actions pose to the security and stability of communication, and hopefully will prevent such a strong offensive from ever forming in the first place. While it is difficult to predict what will and won’t work without real world usage, I believe the methods outlined above should help to promote open communication.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.