Encrypted Traffic in Egypt - an attempt to understand

31
Encrypted Traffic in Egypt An aempt to understand Ahmed Mekkawy CEO | Founder Spirula Systems

Transcript of Encrypted Traffic in Egypt - an attempt to understand

Page 1: Encrypted Traffic in Egypt - an attempt to understand

Encrypted Traffic in Egypt

An attempt to understand

Ahmed MekkawyCEO | FounderSpirula Systems

Page 2: Encrypted Traffic in Egypt - an attempt to understand

About the Presenter● Founder and CEO of Spirula Systems.

● Co-founder of OpenEgypt.

● Free Software Foundation (FSF) member.

● Independent consultant at MCIT.

● Advisory board member at Mushtarak TechHub.

● One of the authors of the Egyptian national FOSS adoption strategy.

Page 3: Encrypted Traffic in Egypt - an attempt to understand

Scope of this Presentation

● Facts by me: authenticity not proven● Online screenshots● Facts by OONI● My conclusion

Page 4: Encrypted Traffic in Egypt - an attempt to understand

Part I: The Story

Page 5: Encrypted Traffic in Egypt - an attempt to understand

HTTPS MITM attempt

Page 6: Encrypted Traffic in Egypt - an attempt to understand

OpenVPN & PPTP

● Throttling● Blockage

Page 7: Encrypted Traffic in Egypt - an attempt to understand

OpenVPN / UDP1194 – May 20th ● Server: No logs

● Client:May 20 08:48:27 localhost NetworkManager[1109]: <info> VPN connection 'vpn2' (Connect) reply received.May 20 08:48:28 localhost nm-openvpn[5705]: Control Channel Authentication: using '/path/to/ta.key' as a OpenVPN static key fileMay 20 08:48:28 localhost nm-openvpn[5705]: UDPv4 link local: [undef]May 20 08:48:28 localhost nm-openvpn[5705]: UDPv4 link remote: [AF_INET]VPN_IP:1194May 20 08:48:28 localhost nm-openvpn[5705]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:1194May 20 08:49:07 localhost NetworkManager[1109]: <warn> VPN connection 'vpn2' (IP Config Get) timeout exceeded....May 20 08:48:58 localhost nm-openvpn[5705]: message repeated 4 times: [ TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:1194]May 20 08:49:07 localhost nm-openvpn[5705]: SIGTERM[hard,] received, process exiting

Page 8: Encrypted Traffic in Egypt - an attempt to understand

OpenVPN / UDP53 – May 20th ● Server: No logs

● Client:May 20 08:58:51 localhost NetworkManager[1109]: <info> VPN connection 'vpn2' (Connect) reply received.May 20 08:58:51 localhost nm-openvpn[5897]: Control Channel Authentication: using '/path/to/ta.key' as a OpenVPN static key fileMay 20 08:58:51 localhost nm-openvpn[5897]: UDPv4 link local: [undef]May 20 08:58:51 localhost nm-openvpn[5897]: UDPv4 link remote: [AF_INET]VPN_IP:53May 20 08:58:51 localhost nm-openvpn[5897]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:53May 20 08:59:31 localhost NetworkManager[1109]: <warn> VPN connection 'vpn2' (IP Config Get) timeout exceeded....May 20 08:59:21 localhost nm-openvpn[5897]: message repeated 4 times: [ TLS Error: cannot locate HMAC in incoming packet from [AF_INET]VPN_IP:53]May 20 08:59:31 localhost nm-openvpn[5897]: SIGTERM[hard,] received, process exiting

Page 9: Encrypted Traffic in Egypt - an attempt to understand

OpenVPN / TCP443 – May 20th ● Server: No logs

● Client:May 20 08:52:54 localhost nm-openvpn[5791]: Attempting to establish TCP connection with [AF_INET]VPN_IP:1194 [nonblock]May 20 08:52:55 localhost nm-openvpn[5791]: TCP connection established with [AF_INET]VPN_IP:1194May 20 08:52:55 localhost nm-openvpn[5791]: TCPv4_CLIENT link local: [undef]May 20 08:52:55 localhost nm-openvpn[5791]: TCPv4_CLIENT link remote: [AF_INET]VPN_IP:1194May 20 08:52:55 localhost nm-openvpn[5791]: Connection reset, restarting [0]May 20 08:52:55 localhost nm-openvpn[5791]: SIGUSR1[soft,connection-reset] received, process restarting

Page 10: Encrypted Traffic in Egypt - an attempt to understand

OpenVPN / TCP8000 – May 20th ● Client and Server logs normal

● Connectivity within the tunnel:

$ ping -c 10 vpn2--- vpn2 ping statistics ---10 packets transmitted, 10 received, 0% packet loss, time 9014msrtt min/avg/max/mdev = 94.359/96.217/99.897/1.902 ms

$ ping -c 10 10.8.0.5PING 10.8.0.5 (10.8.0.5) 56(84) bytes of data.--- 10.8.0.5 ping statistics ---10 packets transmitted, 0 received, 100% packet loss, time 8999ms

Page 11: Encrypted Traffic in Egypt - an attempt to understand
Page 12: Encrypted Traffic in Egypt - an attempt to understand

HTTPS Blockage – Jul 13th

Page 13: Encrypted Traffic in Egypt - an attempt to understand
Page 14: Encrypted Traffic in Egypt - an attempt to understand
Page 15: Encrypted Traffic in Egypt - an attempt to understand

HTTP MITM on Porn websites (!!)

Disclaimer: This is a screenshot from OONI report

Page 16: Encrypted Traffic in Egypt - an attempt to understand

Part II: Service Providers

Page 17: Encrypted Traffic in Egypt - an attempt to understand

ISPs

Page 18: Encrypted Traffic in Egypt - an attempt to understand
Page 19: Encrypted Traffic in Egypt - an attempt to understand
Page 20: Encrypted Traffic in Egypt - an attempt to understand

ISPs

Page 21: Encrypted Traffic in Egypt - an attempt to understand
Page 22: Encrypted Traffic in Egypt - an attempt to understand
Page 23: Encrypted Traffic in Egypt - an attempt to understand
Page 24: Encrypted Traffic in Egypt - an attempt to understand

CAIX

Page 25: Encrypted Traffic in Egypt - an attempt to understand

Part III: OONI Report

Page 26: Encrypted Traffic in Egypt - an attempt to understand

What is OONI

● Open Observatory of Network Interfaces

● Part of TOR project

● Checks a list of URLs provided by Citizen Lab

Page 27: Encrypted Traffic in Egypt - an attempt to understand
Page 28: Encrypted Traffic in Egypt - an attempt to understand

The Report

Page 29: Encrypted Traffic in Egypt - an attempt to understand

Report Highlights

● Media censorship– Collateral damage

● HTTPS throttling– Inaccessible URLs

● Attempts to block Tor● Advertisement and malware injection

– Third party tools (curl) showing injected content

Page 30: Encrypted Traffic in Egypt - an attempt to understand

Conclusion

● DPI with MITM capabilities● Possible daily Big Data analytics to enhance the DPI rules

through a certain AI model● All this is a testing phase

Page 31: Encrypted Traffic in Egypt - an attempt to understand

Discussion

Ahmed [email protected]


Encrypted Messages

Encrypted Messages

Encrypted Disk 3.0 User Manual - Paragon Software5.3 Encrypted Disk Manager Encrypted Disk Manager is a special tool for managing of existing encrypted disks. It is available from:

Encrypted Disk 3.0 User Manual - Paragon Software5.3 Encrypted Disk Manager Encrypted Disk Manager is a special tool for managing of existing encrypted disks. It is available from:

Search Able Encrypted

Search Able Encrypted

Improving Reversible Data Hiding Schemes in Encrypted ... · Encrypted Images before Encryption . ... This paper describe reversible data hiding in encrypted images, ... we propose

Improving Reversible Data Hiding Schemes in Encrypted ... · Encrypted Images before Encryption . ... This paper describe reversible data hiding in encrypted images, ... we propose

Conjunctive, Subset, and Range Queries on Encrypted Datacrypto.stanford.edu/~dabo/papers/search.pdf · Conjunctive, Subset, and Range Queries on Encrypted Data ... say encrypted under

Conjunctive, Subset, and Range Queries on Encrypted Datacrypto.stanford.edu/~dabo/papers/search.pdf · Conjunctive, Subset, and Range Queries on Encrypted Data ... say encrypted under

Conditional Encrypted Mapping and Comparing Encrypted Numbers

Conditional Encrypted Mapping and Comparing Encrypted Numbers

AVG Encrypted Email - avgcloud.net · emails are encrypted against specific user defined criteria that are automatically applied ... 14386_Tech DataSheet_CCS Encrypted Email v1 US

AVG Encrypted Email - avgcloud.net · emails are encrypted against specific user defined criteria that are automatically applied ... 14386_Tech DataSheet_CCS Encrypted Email v1 US

Encrypted Mobile Communications

Encrypted Mobile Communications

Search on encrypted data

Search on encrypted data

REVERSIBLE ENCRYPTED DATA CONCEALMENT IN ENCRYPTED IMAGES ... · REVERSIBLE ENCRYPTED DATA CONCEALMENT IN ENCRYPTED IMAGES ... by reserving room before encryption and a ... Reversible

REVERSIBLE ENCRYPTED DATA CONCEALMENT IN ENCRYPTED IMAGES ... · REVERSIBLE ENCRYPTED DATA CONCEALMENT IN ENCRYPTED IMAGES ... by reserving room before encryption and a ... Reversible

Encrypted Traffic Mining

Encrypted Traffic Mining

Encrypted RMAN Backup Tips

Encrypted RMAN Backup Tips

Iterative Reconstruction of an Encrypted Image Using · PDF fileIterative Reconstruction of an Encrypted Image ... introduced to achieve lossy compression of encrypted image ... content

Iterative Reconstruction of an Encrypted Image Using · PDF fileIterative Reconstruction of an Encrypted Image ... introduced to achieve lossy compression of encrypted image ... content

Querying Encrypted Data - · PDF fileQuerying Encrypted Data Arvind Arasu, ... AWS Security Advice 7 ...

Querying Encrypted Data - · PDF fileQuerying Encrypted Data Arvind Arasu, ... AWS Security Advice 7 ...

Encrypted Threat Protection - Infopoint Security · Encrypted Threat Protection Network IPS for SSL Encrypted Traffic 3 Introduction Protecting valuable information assets from network-based

Encrypted Threat Protection - Infopoint Security · Encrypted Threat Protection Network IPS for SSL Encrypted Traffic 3 Introduction Protecting valuable information assets from network-based

Encrypted password storage

Encrypted password storage

Never Clueless Encrypted Email

Never Clueless Encrypted Email

National Academic Reference Standards Environmental Sciences · Environmental sciences attempt to identify and remedy many ... Egypt today include limited natural fresh water resources,

National Academic Reference Standards Environmental Sciences · Environmental sciences attempt to identify and remedy many ... Egypt today include limited natural fresh water resources,

Always encrypted overview

Always encrypted overview

publications encrypted... ·

publications encrypted... ·