Even with domain fronting 'Signal inside UAE blocked even with Censorship Circumvention is ON '

[Dlshad Othman]

Hi everyone, see the following issue on Signal, it seems like Egypt and UAE are able to block Signal even with domain fronting. 

https://github.com/WhisperSystems/Signal-iOS/issues/2678#issuecomment-340391824

[David Fifield]

You noted on the ticket that the issue may be on Google's side, not
necessarily a product of middlebox censorship. That seems plausible, as
it seems to have happened simultaneously in the UAE, Egypt, and Qatar.

If it is actually middlebox censorship, in every case we've seen
previously where domain fronting was blocked, it was done with a
combination of client TLS fingerprint + SNI. Workarounds to try are
adjusting the client TLS fingerprint (adding or removing a ciphersuite,
for example) or using a different SNI (substituting doubleclick.net for
google.com, for example).

[Sergey Frolov]

Eric Wustrow and myself have been collecting various tls clienthello fingerprints lately.
You can see some of our intermediate work here: http://tlsfingerprint.io/top/ - list of top fingerprints.
And we can confirm that at least some tls clienthellos that Signal generates on Android are unique. Which means that it's easily blocked.
We are currently working to get iOS tls clienthello fingerprints, I will be back with more info.
Is anyone in touch with Moxie?

[Eric Wustrow]

As a bit of background, this data comes from analyzing (anonymized) client hellos from our 10Gbps campus network. Since Chrome 58 (currently on Chrome 61), all Chromes on all devices appear to generate the same TLS Client Hello (corresponding to the top 2 fingerprints, one with a padding extensions, one without). I believe this is due to Chrome's use of BoringSSL across all devices; Apple appears similar, but depends on the version of iOS. However, there's a very long tail (>20k unique client hello fingerprints, and growing), and we've yet to identify many of them.

As Sergey mentioned, when we capture the client hello generated by Signal on Android when it attempts to use domain fronting, we see no occurrences of that client hello in our dataset, suggesting that it would be trivial to block. Even when we only look at the list of cipher suites offered/sent by Signal's domain fronting code, we observe very few Client Hellos generated here that send those.

We're still in the process of analyzing this data (and collecting fingerprints from more known devices), with the ultimate goal of helping circumvention projects that try to mimic TLS (i.e. Domain Fronting and Refraction Networking/TapDance) in order to inform what their Client Hello messages should look like, and we hope to have more on that soon. However, we figured this recent discovery might be timely and useful in the context of Signal in the meanwhile.

-Eric

On Mon, Oct 30, 2017 at 12:00 PM, Sergey Frolov <Sergey...@colorado.edu> wrote:

Eric Wustrow and myself have been collecting various tls clienthello fingerprints lately.
You can see some of our intermediate work here: http://tlsfingerprint.io/top/ - list of top fingerprints.
And we can confirm that at least some tls clienthellos that Signal generates on Android are unique. Which means that it's easily blocked.
We are currently working to get iOS tls clienthello fingerprints, I will be back with more info.
Is anyone in touch with Moxie?

On Monday, October 30, 2017 at 11:56:00 AM UTC-6, David Fifield wrote:

--
You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dlshad Othman]

To build on what you just mentioned, someone commented on the issue that it stoped working only on the after updating to the last version of Signal.

I'm also shocked to see UAE and Egypt on a side and Qatar on the other side being able to implement such censorship in exactly the same day where Qatar has no diplomatic relation with UAE and Egypt and they are in the middle of a crises! someone is helping all of them at the same time.  

[Sergey Frolov]

Signal (v. 2.17.1 latest from appstore) on iOS appears to use the standard iOS Client Hello fingerprint seen frequently on the wire (https://tlsfingerprint.io/nid/-1841910333254509671) both when fronting via google(e.g. google.ae), and when connecting directly. This was tested on an iPhone 6S Plus running  iOS 11.

Signal on Android defines 3 different TLS "specs" for domain fronting when in certain (censored) countries (https://github.com/WhisperSystems/Signal-Android/blob/master/src/org/thoughtcrime/securesms/push/SignalServiceNetworkAccess.java#L28) via Google Maps, Mail and Play, so I expected to see 3 different fingerprints. When tested on Android 6.0.1 Samsung G900V with Signal 4.11.5, some fingerprints were never seen in Colorado (e.g. https://tlsfingerprint.io/nid/-940400682138463693), while other fingerprints were seen before (e.g. https://tlsfingerprint.io/nid/-2920019152659185851), but none of them appear to be extremely popular (as one would expect genuine google tls fingerprint be). We also have captured a lot of different fingerprints from the Android emulator (at least 5), but this may not reflect any real clients.

Given that people in GitHub iOS issue thread report this happening at multiple countries at once, it seems less likely to be related to TLS client hello fingerprinting.

However, it does appear that the  Android version may be in jeopardy, but users don't seem to report any issues. There is one: https://github.com/WhisperSystems/Signal-Android/issues/7107 but it's about Domain Fronting simply not getting enabled when US phone number owner goes into UAE.

[Adam Fisk]

I also wouldn't rule out a bug introduced in the new Signal version. It would be surprising if censors were able to quickly fingerprint a new version but not older versions.

-Adam 

--
You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

--
President
Brave New Software Project, Inc.
https://www.getlantern.org

A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89