MC2 Researchers Circumvent China’s Latest Form of Internet Censorship

Published December 8, 2023

Researchers in the Maryland Cybersecurity Center have been recognized for their groundbreaking study on China’s latest censorship system that blocks fully-encrypted traffic in real time.

“Our work not only provides a detailed, data-driven understanding of how China has been censoring fully-encrypted traffic, it also uses these new findings to present a slew of ways to circumvent censorship,” says Dave Levin, an associate professor of computer science and core member in MC2.

The Great Firewall of China (GFW) is the nickname given to the combination of tools, services and rules that the government of the People’s Republic of China uses to block certain internet content from those within China’s borders.

The goal of the GFW, which was deployed as early as 1996, is to shield Chinese residents from certain information that China considers to be counter to the best interests of the government and people of China. The firewall blocks entire websites and filters content on sites that are not completely blocked.

One of the cornerstones in censorship circumvention is fully encrypted protocols, which encrypt every byte of data in an attempt to “look like nothing.” However, in early November 2021, internet users in China reported that the GFW deployed a new censorship technique that passively detects—and subsequently blocks— fully encrypted traffic in real-time.

“Sometimes in the course of this work, we discover that new forms of censorship have been deployed,” says Levin, whose group has been studying how powerful nation-states like China censor the internet for the past six years. “But this particular form of censorship caught everyone by surprise: China had never blocked this kind of traffic in this way.”

As a result, Levin says, many popular censorship-evasion tools—like Psiphon, Lantern, Outline, NthLink, ExpressVPN, Shadowsocks, V2Ray, Shadowrocket, and Clash—were suddenly finding it harder to evade censorship.

He says there were many questions nobody knew the answers to, such as how China was identifying this traffic in the first place, and if they would be able to find a way to evade this newest form of censorship.

Levin’s team conducted extensive measurements to infer various properties about the GFW’s traffic analysis algorithm, and evaluated its comprehensiveness and false positives against real-world traffic. Their understanding of the GFW’s new censorship mechanism helped them develop several practical circumvention strategies.

“We spent months engaging with various anti-censorship teams to share our suggestions, and they were implemented and adopted by many of them,” he says. “The end result was that we were able to help many of the most popular censorship circumvention tools to bypass this blocking altogether, therefore allowing tens of millions of users to communicate more freely and openly.”

In early November, the paper “How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic,” received first place in the applied research competition at the CSAW Cybersecurity Games and Conference, the most comprehensive student-run cybersecurity event in the world.

Levin, who also holds an appointment in the University of Maryland Institute for Advanced Computer Studies, says he is proud to receive this award.

“To me, an ideal paper is one whose results don’t stop on the page; they get out into the real world and truly help people,” he says. “The CSAW award specifically tries to identify papers that have demonstrated real-world impact, so to receive it is, to me, one of the highest honors a paper can get.”

Most of all, Levin says, it is a recognition of the efforts of his co-authors—in particular the student co-authors—took to engage with the anti-censorship community.

“They turned what could have been a purely academic exercise into something actionable that helped people around the world,” he says.

UMD co-authors include Danesh Sivakumar, a senior double majoring in mathematics and computer science; Jack Burg, a senior majoring in computer science; and Kevin Bock, an adjunct faculty member who received his Ph.D. in computer science in 2022.

Additional co-authors include researchers from the University of Massachusetts Amherst, University of Colorado Boulder, GFW Report, and the V2Ray Project.

The paper was also presented earlier this year at the 32nd USENIX Security Symposium in Anaheim, California; and the 2023 Free and Open Communications event in Lausanne, Switzerland where it won the Best Practical Award, which aims to acknowledge and reward individuals who have developed practical solutions in the field of internet freedom.

—Story by Melissa Brachfeld, UMIACS communications group