Zimo Chai, Amirhossein Ghafari, and Amir Houmansadr, University of Massachusetts Amherst
With the increasing use of TLS encryption over web traffic, censors start to deploy SNI filtering for more effective censorship. Specifically, a censor can identify the web domain being accessed by a client via the SNI extension in the TLS ClientHello message. In response, in August 2018, a new extension called ESNI (Encrypted-SNI) is proposed for TLS 1.3, aiming at fixing this server name leakage.
In this paper, we first characterize SNI-based censorship in China by measuring its prevalence and effectiveness. We outline its assisting role in censorship by comparing it with other commonly used censorship methods. We then measure the deployment prevalence of ESNI and further analyze its current and potential effectiveness in censorship circumvention. We also monitor the censorship associated with ESNI from 14 areas all around the world. Based on our analysis, we discuss the key factors to the success of ESNI and potential problems in a post-ESNI era. We hope our work will make ESNI a more promising and effective censorship circumvention strategy.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Zimo Chai and Amirhossein Ghafari and Amir Houmansadr},
title = {On the Importance of {Encrypted-SNI} ({{{{{ESNI}}}}}) to Censorship Circumvention},
booktitle = {9th USENIX Workshop on Free and Open Communications on the Internet (FOCI 19)},
year = {2019},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/foci19/presentation/chai},
publisher = {USENIX Association},
month = aug
}