- Conferences
![great firewall of china research paper great firewall of china research paper](https://www.usenix.org/sites/default/files/styles/neat_conference_menu_logo/public/sec23_wordmark_stacked_yellow_soldout_400x164.png?itok=nM4vC5Pi)
- Registration Information
- Registration Discounts
- Grant Opportunities
- Venue, Hotel, and Travel
- Program at a Glance
- Technical Sessions
- Summer Accepted Papers
- Fall Accepted Papers
- Poster Session and Happy Hour
- Call for Papers
- Submission Policies and Instructions
- Call for Artifacts
- Instructions for Presenters
- Exhibitor Services
- Symposium Organizers
- Past Symposia
- Conference Policies
- Code of Conduct
![](http://academichelp.site/777/templates/cheerup/res/banner1.gif)
How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic
Mingshi Wu, GFW Report; Jackson Sippe, University of Colorado Boulder; Danesh Sivakumar and Jack Burg, University of Maryland; Peter Anderson, Independent researcher; Xiaokang Wang, V2Ray Project; Kevin Bock, University of Maryland; Amir Houmansadr, University of Massachusetts Amherst; Dave Levin, University of Maryland; Eric Wustrow, University of Colorado Boulder
One of the cornerstones in censorship circumvention is fully encrypted protocols, which encrypt every byte of the payload in an attempt to “look like nothing”. In early November 2021, the Great Firewall of China (GFW) deployed a new censorship technique that passively detects—and subsequently blocks—fully encrypted traffic in real time. The GFW’s new censorship capability affects a large set of popular censorship circumvention protocols, including but not limited to Shadowsocks, VMess, and Obfs4. Although China had long actively probed such protocols, this was the first report of purely passive detection, leading the anti-censorship community to ask how detection was possible.
In this paper, we measure and characterize the GFW’s new system for censoring fully encrypted traffic. We find that, instead of directly defining what fully encrypted traffic is, the censor applies crude but efficient heuristics to exempt traffic that is unlikely to be fully encrypted traffic; it then blocks the remaining non-exempted traffic. These heuristics are based on the fingerprints of common protocols, the fraction of set bits, and the number, fraction, and position of printable ASCII characters. Our Internet scans reveal what traffic and which IP addresses the GFW inspects. We simulate the inferred GFW’s detection algorithm on live traffic at a university network tap to evaluate its comprehensiveness and false positives. We show evidence that the rules we inferred have good coverage of what the GFW actually uses. We estimate that, if applied broadly, it could potentially block about 0.6% of normal Internet traffic as collateral damage.
Our understanding of the GFW’s new censorship mechanism helps us derive several practical circumvention strategies. We responsibly disclosed our findings and suggestions to the developers of different anti-censorship tools, helping millions of users successfully evade this new form of blocking.
Mingshi Wu, GFW Report
Jackson sippe, university of colorado boulder, danesh sivakumar, university of maryland, jack burg, university of maryland, peter anderson, independent researcher, xiaokang wang, v2ray project, kevin bock, university of maryland, amir houmansadr, university of massachusetts amherst, dave levin, university of maryland, eric wustrow, university of colorado boulder, open access media.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
![application/pdf PDF icon](https://www.usenix.org/modules/file/icons/application-pdf.png)
Presentation Video
Help | Advanced Search
Computer Science > Cryptography and Security
Title: how great is the great firewall measuring china's dns censorship.
Abstract: The DNS filtering apparatus of China's Great Firewall (GFW) has evolved considerably over the past two decades. However, most prior studies of China's DNS filtering were performed over short time periods, leading to unnoticed changes in the GFW's behavior. In this study, we introduce GFWatch, a large-scale, longitudinal measurement platform capable of testing hundreds of millions of domains daily, enabling continuous monitoring of the GFW's DNS filtering behavior. We present the results of running GFWatch over a nine-month period, during which we tested an average of 411M domains per day and detected a total of 311K domains censored by GFW's DNS filter. To the best of our knowledge, this is the largest number of domains tested and censored domains discovered in the literature. We further reverse engineer regular expressions used by the GFW and find 41K innocuous domains that match these filters, resulting in overblocking of their content. We also observe bogus IPv6 and globally routable IPv4 addresses injected by the GFW, including addresses owned by US companies, such as Facebook, Dropbox, and Twitter. Using data from GFWatch, we studied the impact of GFW blocking on the global DNS system. We found 77K censored domains with DNS resource records polluted in popular public DNS resolvers, such as Google and Cloudflare. Finally, we propose strategies to detect poisoned responses that can (1) sanitize poisoned DNS records from the cache of public DNS resolvers, and (2) assist in the development of circumvention tools to bypass the GFW's DNS censorship.
Submission history
Access paper:.
- Other Formats
![great firewall of china research paper license icon](https://arxiv.org/icons/licenses/by-nc-nd-4.0.png)
References & Citations
- Google Scholar
- Semantic Scholar
DBLP - CS Bibliography
Bibtex formatted citation.
![great firewall of china research paper BibSonomy logo](https://arxiv.org/static/browse/0.3.4/images/icons/social/bibsonomy.png)
Bibliographic and Citation Tools
Code, data and media associated with this article, recommenders and search tools.
- Institution
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs .
![](http://academichelp.site/777/templates/cheerup/res/banner1.gif)
Amanote Research
The great firewall of china: a critical analysis, doi 10.21236/ada488175.
Available in full text
June 1, 2008
Defense Technical Information Center
Ignoring the Great Firewall of China
- Conference paper
- Cite this conference paper
- Richard Clayton 18 ,
- Steven J. Murdoch 18 &
- Robert N. M. Watson 18
Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4258))
Included in the following conference series:
- International Workshop on Privacy Enhancing Technologies
7145 Accesses
85 Citations
32 Altmetric
The so-called “Great Firewall of China” operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST flag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the firewall unscathed, if the endpoints completely ignore the firewall’s resets, then the connection will proceed unhindered. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
- Available as PDF
- Read on any device
- Instant download
- Own it forever
- Compact, lightweight edition
- Dispatched in 3 to 5 business days
- Free shipping worldwide - see info
Tax calculation will be finalised at checkout
Purchases are for personal use only
Institutional subscriptions
Unable to display preview. Download preview PDF.
Bellovin, S.: Defending Against Sequence Number Attacks. RFC1948, IETF (May 1996)
Google Scholar
Carter, E.: Secure Intrusion Detection Systems. Cisco Press (2001)
Clayton, R.: Failures in a Hybrid Content Blocking System. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, Springer, Heidelberg (2006)
Chapter Google Scholar
Clayton, R.: Anonymity and Traceability in Cyberspace. Tech Report UCAM-CL-TR-653, Computer Laboratory, University of Cambridge (2005)
Dornseif, M.: Government mandated blocking of foreign Web content. In: von Knop, J., Haverkamp, W., Jessen, E. (eds.) Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Düsseldorf 2003. Lecture Notes in Informatics, pp. 617–648 (2003)
Edelman, B.: Web Sites Sharing IP Addresses: Prevalence and Significance. Berkman Center for Internet and Society (February 2003), http://cyber.law.harvard.edu/people/edelman/ip-sharing/
King Abdulaziz City for Science and Technology: Local content filtering Procedure. Internet Services Unit, KACST (2004), http://www.isu.net.sa/saudi-internet/contenet-filtring/filtring-mechanism.htm
The OpenNet Initiative: Probing Chinese search engine filtering. Bulletin 005 (August 2004), http://www.opennetinitiative.net/bulletins/005/
The OpenNet Initiative: Internet Filtering in China in 2004–2005: A Country Study (June 2004), http://www.opennetinitiative.net/studies/china/ONI_China_Country_Study.pdf
The OpenNet Initiative: Internet Filtering in Burma in 2005: A Country Study (October 2004), http://www.opennetinitiative.net/burma/ONI_Burma_Country_Study.pdf
Postel, J. (ed.): Transmission Control Protocol: DARPA Internet Program Protocol Specification. RFC 793, IETF (1981)
Norge, T.: Telenor and KRIPOS introduce Internet child pornography filter. Telenor Press Release (September 21, 2004), http://presse.telenor.no/PR/200409/961319_5.html
US District Court for the Eastern District of Pennsylvania: CDT, ACLU, Plantagenet Inc. v Pappert, 337 F.Supp.2d 606 (September 10, 2004)
Villeneuve, N.: Censorship Is In the Router (June 3, 2005), http://ice.citizenlab.org/?p=113
Watson, P.: Slipping in the Window: TCP Reset Attacks. CanSecWest/core04 (2004)
Watson, R.: 20060607-tcp-ttl.diff (June 2006), http://www.cl.cam.ac.uk/~rnw24/patches/
Download references
Author information
Authors and affiliations.
Computer Laboratory, William Gates Building, University of Cambridge, 15 JJ Thomson Avenue, Cambridge, CB3 0FD, United Kingdom
Richard Clayton, Steven J. Murdoch & Robert N. M. Watson
You can also search for this author in PubMed Google Scholar
Editor information
Editors and affiliations.
Microsoft Research, Cambridge, UK
George Danezis
Palo Alto Research Center, 3333 Coyote Hill Rd, 94304, Palo Alto, CA, USA
Philippe Golle
Rights and permissions
Reprints and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper.
Clayton, R., Murdoch, S.J., Watson, R.N.M. (2006). Ignoring the Great Firewall of China. In: Danezis, G., Golle, P. (eds) Privacy Enhancing Technologies. PET 2006. Lecture Notes in Computer Science, vol 4258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11957454_2
Download citation
DOI : https://doi.org/10.1007/11957454_2
Publisher Name : Springer, Berlin, Heidelberg
Print ISBN : 978-3-540-68790-0
Online ISBN : 978-3-540-68793-1
eBook Packages : Computer Science Computer Science (R0)
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
- Publish with us
Policies and ethics
- Find a journal
- Track your research
![](http://academichelp.site/777/templates/cheerup/res/banner1.gif)
IMAGES
VIDEO
COMMENTS
research paper, but throughout the entire Cyber Warfare program. His efforts and passion for the future in cyber is infectious and I have learned a great deal from him. I'd ... Great Firewall of China, which is a tool to censor all Internet activity coming into and out of China. A comparison will be drawn between the two to show reasons the Great
In early November 2021, the Great Firewall of China (GFW) deployed a new censorship technique that passively detects—and subsequently blocks—fully encrypted traffic in real time. ... In this paper, we measure and characterize the GFW's new system for censoring fully encrypted traffic. ... Our research team consulted experts with a deep ...
In early November 2021, the Great Firewall of China (GFW) deployed a new censorship technique that passively detects—and subsequently blocks—fully encrypted traffic in real time. ... USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any ...
drop in use from China [69]. The start of this blocking co-incided with the sixth plenary session of the 19th Chinese communist party central committee [1,4], which was held on November 8-11, 2021. Blocking these circumvention tools represents a new capability in China's Great Firewall (GFW).
are apparent specifically on the internet. China utilizes three methods of internet control: (1) the so-called "Great Firewall," (2) filtering, and (3) manual blocking, and I examined each method by consulting scholarly journals that provided detailed research.
An STS Research Paper presented to the faculty of the School of Engineering and Applied Science ... Behind the Great Firewall: How China's Government, Businesses, and Populace Compete to Shape the Chinese Internet ... (Koty, 2018). For these reasons, in this paper VPN refers to unlicensed and non-corporate VPNs. 6 Such heavy censorship has ...
The Internet filtering infrastructure of China, allegedly de-signed in the late 90s under the Golden Shield project [85, 94], is a system used by the Chinese government to regulate the country's domestic Internet access. The filtering system, commonly referred to as the Great Firewall [52], consists
This paper measures and characterize the Great Firewall of China's new system for censoring fully encrypted traffic and simulates the inferred GFW's detection algorithm at a university network tap to evaluate its comprehensiveness and false positives, and shows evidence that the rules it inferred have good coverage. One of the cornerstones in censorship circumvention is fully encrypted ...
In early November 2021, the Great Firewall of China (GFW) deployed a new censorship technique that passively detects—and subsequently blocks— fully encrypted traffic in real time. The GFW's new censorship capability affects a large set of popular censorship circum- vention protocols, including but not limited to Shadowsocks, VMess, and Obfs4.
Censorship has a great impact on society as the authors enter the cyber environment and the United States finds itself in a unique situation trying to eliminate human rights violations while encouraging freedom. Abstract : Censorship has a great impact on society as we enter the cyber environment. The Chinese "Great Firewall", as it is commonly called, brings great attention to China as they ...
The Chinese Great Firewall, as it is commonly called, brings great attention to China as they enter into the global economy. The Great Firewall is one approach China tries to censor their people. Many techniques are used to establish this cyber boundary such as firewalls, real-name internet registration, filtering, political controls, police ...
This research was partially supported by a Graduate Research Grant from Northwestern University. ... if the Great Firewall of China is lifted. Internet Censorship and the Internet in China China's very first full-function linkage to the World Wide Web was realized in 1994, through
Over Space and Time. Abstract: A nation-scale firewall, colloquially referred. to as the "Great Firewall of China," implements man y. different types of censorship and conten t filtering to ...
In this paper, we will focus on the development of the Great Firewall that includes the timeline of its development, the censorship policy used for its implementation, its effects and the principles behind the technology used for its application. We will discuss where it stands after a decade of its implementation.
If you need immediate assistance, call 877-SSRNHelp (877 777 6435) in the United States, or +1 212 448 2500 outside of the United States, 8:30AM to 6:00PM U.S. Eastern, Monday - Friday. The term "Great Firewall" was coined to describe the massive and sophisticated Internet-filtering system used in China, which blocks the populace from ...
recent research usually finds that these factors tend to destabilize the democratic information system, their impacts on the autocratic information system are less studied. This paper examines the Great Firewall of China in terms of these factors. It finds that these factors could both
While recent research tends to find that these factors tend to destabilize the democratic information system, their impacts on the autocratic information system are less studied. ... This paper examines the Great Firewall of China in terms of these factors. It finds that these factors could both stabilize and destabilize China's autocratic ...
The authors' measurements reveal that failures in the firewall occur throughout the entire country without any conspicuous geographical patterns, and give some evidence that routing plays a role, but other factors (such as how the GFW maintains its list of IP/port pairs to block) may also be important. Abstract A nation-scale firewall, colloquially referred to as the "Great Firewall of China ...
The DNS filtering apparatus of China's Great Firewall (GFW) has evolved considerably over the past two decades. However, most prior studies of China's DNS filtering were performed over short time periods, leading to unnoticed changes in the GFW's behavior. In this study, we introduce GFWatch, a large-scale, longitudinal measurement platform capable of testing hundreds of millions of domains ...
The Great Firewall of China: A Critical Analysis doi 10.21236/ada488175. Full Text Open PDF Abstract. Available in full text. Date. June 1, 2008. Authors Michael D. Whiting
Selected Papers of Internet Research 15: The 15th Annual Meeting of the Association of Internet Researchers Daegu, Korea, 22-24 October 2014 Suggested Citation (APA): Yeo, T.E.D. (2014, October 22-24). The great firewall of China: uses and gratifications for circumventing state-imposed internet boundaries. Paper presented at Internet Research ...
The so-called "Great Firewall of China" operates, in part, by inspecting TCP packets for keywords that are to be blocked. ... Ignoring the Great Firewall of China. Conference paper; pp 20-35; Cite this conference paper; Download book PDF. ... Microsoft Research, Cambridge, UK. George Danezis . Palo Alto Research Center, 3333 Coyote Hill ...
The Great Firewall of China. Shawn P. Healy. Published 1 April 2007. Political Science, Computer Science. TLDR. China's censorship machine, the reaction of its citizenry to this arsenal and the complicity of American companies in enabling the process are described in detail. Expand.
Chinese authorities' ability to monitor the activities of overseas students is also enabled by Beijing's extensive censorship and digital surveillance capabilities behind the "Great Firewall", which requires students to rely on exploitable Chinese state-approved apps to communicate with their family and friends in China.