Detecting and Evading Censorship-in-Depth: A Case Study of Iran’s Protocol Whitelister


Kevin Bock, Yair Fax, Kyle Reese, Jasraj Singh, and Dave Levin, University of Maryland


As the censorship arms race advances, some nation-states are deploying “censorship-in depth,” composing multiple orthogonal censorship mechanisms. This can make it more difficult to both measure and evade censorship. Earlier this year, Iran deployed their protocol filter that permits only a small set of protocols (DNS, HTTP, and HTTPS) and censors connections using any other protocol. Iran composes their protocol filter with their standard censorship, threatening the success of existing evasion tools and measurement efforts. In this paper, we present the first detailed analysis of Iran’s protocol filter: how it works, its limitations, and how it can be defeated. We reverse engineer the fingerprints used by the protocol filter, enabling tool developers to bypass the filter, and report on multiple packet-manipulation strategies that defeat the filter. Despite acting concurrently with and on the same traffic as Iran’s standard DPI-based censorship, we demonstrate that it is possible to engage with (and defeat) each censorship system in isolation. Our code is publicly available at

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {257162,
author = {Kevin Bock and Yair Fax and Kyle Reese and Jasraj Singh and Dave Levin},
title = {Detecting and Evading Censorship-in-Depth: A Case Study of Iran{\textquoteright}s Protocol Whitelister},
booktitle = {10th {USENIX} Workshop on Free and Open Communications on the Internet ({FOCI} 20)},
year = {2020},
url = {},
publisher = {{USENIX} Association},
month = aug,

Presentation Video