NDSS

The use of TLS in Censorship Circumvention

Sergey Frolov (University of Colorado Boulder), Eric Wustrow (University of Colorado Boulder)

TLS, the Transport Layer Security protocol, has
quickly become the most popular protocol on the Internet, already
used to load over 70% of web pages in Mozilla Firefox. Due
to its ubiquity, TLS is also a popular protocol for censorship
circumvention tools, including Tor and Signal, among others.

However, the wide range of features supported in TLS makes
it possible to distinguish implementations from one another by
what set of cipher suites, elliptic curves, signature algorithms, and
other extensions they support. Already, censors have used deep
packet inspection (DPI) to identify and block popular circumven-
tion tools based on the fingerprint of their TLS implementation.

In response, many circumvention tools have attempted to
mimic popular TLS implementations such as browsers, but this
technique has several challenges. First, it is burdensome to keep
up with the rapidly-changing browser TLS implementations, and
know what fingerprints would be good candidates to mimic.
Second, TLS implementations can be difficult to mimic correctly,
as they offer many features that may not be supported by the
relatively lightweight libraries used in typical circumvention tools.
Finally, dependency changes and updates to the underlying li-
braries can silently impact what an application’s TLS fingerprint
looks like, making it difficult for tools to control.

In this paper, we collect and analyze real-world TLS traffic
from over 11.8 billion TLS connections over 9 months to identify
a wide range of TLS client implementations actually used on
the Internet. We use our data to analyze TLS implementations
of several popular censorship circumvention tools, including
Lantern, Psiphon, Signal, Outline, Tapdance, and Tor (Snowflake
and meek). We find that the many of these tools use TLS
configurations that are easily distinguishable from the real-world
traffic they attempt to mimic, even when these tools have put
effort into parroting popular TLS implementations.

To address this problem, we have developed a library, uTLS,
that enables tool maintainers to automatically mimic other pop-
ular TLS implementations. Using our real-world traffic dataset,
we observe many popular TLS implementations we are able to
correctly mimic with uTLS, and we describe ways our tool can
more flexibly adopt to the dynamic TLS ecosystem with minimal
manual effort.