Network Measurement

Detecting Network Interference Without Endpoint Participation

Abstract: Internet censorship research has been centered around notorious censors (e.g., China, Russia, and Iran) since they have developed complex and intricate censorship infrastructures that affect huge populations of people. However, there are other state-sponsored censors that deploy filtering apparatus as extensively, but which come from countries with a small population. These censors are often overlooked by the censorship research community due to the difficult nature in studying them. Current methods that exist to study censorship in such countries include deploying physical probes, recruiting volunteers to run experiments, using VPNs, or taking advantage of public infrastructures.

Measuring and Evading Turkmenistan's Internet Censorship

Abstract: Since 2006, Turkmenistan has been listed as one of the few Internet enemies by Reporters without Borders due to its extensively censored Internet and strictly regulated information control policies. Existing reports of filtering in Turkmenistan rely on a small number of vantage points or test a small number of websites. Yet, the country’s poor Internet adoption rates and small population can make more comprehensive measurement challenging. With a population of only six million people and an Internet penetration rate of only 38%, it is challenging to either recruit in-country volunteers or obtain vantage points to conduct remote network measurements at scale.

Measuring the Accessibility of Domain Name Encryption and its Impact on Internet Filtering

Most online communications rely on DNS to map domain names to their hosting IP address(es). Previous work has shown that DNS-based network interference is widespread due to the unencrypted and unauthenticated nature of the original DNS protocol. In …

How Great is the Great Firewall? Measuring China's DNS Censorship

Abstract: The DNS filtering apparatus of China’s Great Firewall (GFW) has evolved considerably over the past two decades. However, most prior studies of China’s DNS filtering were performed over short time periods, leading to unnoticed changes in the GFW’s behavior. In this study, we introduce GFWatch, a large-scale, longitudinal measurement platform capable of testing hundreds of millions of domains daily, enabling continuous monitoring of the GFW’s DNS filtering behavior. We present the results of running GFWatch over a nine-month period, during which we tested an average of 411M domains per day and detected a total of 311K domains censored by GFW’s DNS filter.

Domain Name Encryption Is Not Enough: Privacy Leakage via IP-based Website Fingerprinting

Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by---the still exposed---IP address …

"Assessing the Privacy Benefits of Domain Name Encryption" presented at Internet Engineering Task Force 110 Meeting

We are grateful to Dr. Mirja Kühlewind and Dr. Dave Plonka for giving us a chance to present our work on Assessing the Privacy Benefits of Domain Name Encryption to the Measurements and Analysis for Protocols Research Group (MAPRG) at IETF 110.

Triplet Censors: Demystifying Great Firewall’s DNS Censorship Behavior

The Great Firewall of China (GFW) has long used DNS packet injection to censor Internet access. In this work, we analyze the DNS injection behavior of the GFW over a period of nine months using the Alexa top 1M domains as a test list. We first focus …

Assessing the Privacy Benefits of Domain Name Encryption

As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak …

The Web is Still Small After More Than a Decade - A Revisit Study of Web Co-location

Understanding web co-location is essential for various reasons. For instance, it can help one to assess the collateral damage that denial-of-service attacks or IP-based blocking can cause to the availability of co-located web sites. However, it has …

K-resolver: Towards Decentralizing Encrypted DNS Resolution

Centralized DNS over HTTPS/TLS (DoH/DoT) resolution , which has started being deployed by major hosting providers and web browsers, has sparked controversy among Internet activists and privacy advocates due to several privacy concerns. This design …

"K-resolver" presented at NDSS MADWeb 2020

We are happy to have our paper entitled "K-resolver: Towards Decentralizing Encrypted DNS Resolution" accepted at NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2020