How cryptography relates to Internet censorship circumvention (WAC7 presentation video)

[wkrp]

A few weeks ago I gave a talk with the title "How cryptography relates to Internet censorship circumvention". The video of the talk is now online.

https://www.bamsoftware.com/talks/wac7-fep/
Video (45 minutes) with slides and text transcript

YouTube version (Talk 3 of WAC7)

This talk is about the importance of cryptography to censorship circumvention, taking as motivating case studies real cryptographic attacks that have affected widely deployed circumvention protocols. It is meant as an introduction to censorship threat modeling for the cryptography-capable, and to that end I will comment on how security notions like "attack" and "indistinguishability" map onto the censorship problem.

The talk was given at the Workshop on Attacks in Cryptography 7, which is affiliated with the Crypto conference. The event is more cryptography-focused than censorship- or security-focused. I tried to make the talk serve as an introduction to censorship and circumvention for cryptographers, building the discussion around the attacks on Shadowsocks and obfs4 from my "Comments on certain past cryptographic flaws" article.

The talk goes over these topics:

1. Definition of censorship and circumvention
2. Fully encrypted protocols (FEPs)
3. FEPs used for circumvention (e.g. Shadowsocks, obfs4, VMess)
4. Shadowsocks stream ciphers decryption oracle (Decryption vulnerability in Shadowsocks stream ciphers #24)
5. obfs4 public key Elligator representative distinguishability
6. Reflection on why these protocols continue being significant, despite these attacks (cost asymmetry of censor classification, non-cryptographic considerations)