TY - GEN
T1 - TSPU
T2 - 22nd ACM Internet Measurement Conference, IMC 2022
AU - Xue, Diwen
AU - Mixon-Baca, Benjamin
AU - Valdik, S. S.
AU - Ablove, Anna
AU - Kujath, Beau
AU - Crandall, Jedidiah R.
AU - Ensafi, Roya
N1 - Publisher Copyright:
© 2022 Copyright held by the owner/author(s).
PY - 2022/10/25
Y1 - 2022/10/25
N2 - Russia’s Sovereign RuNet was designed to build a Russian national firewall. Previous anecdotes and isolated events in the past two years reflected centrally coordinated censorship behaviors across multiple ISPs, suggesting the deployment of “special equipment” in networks, colloquially known as “TSPU”. Despite the TSPU comprising a critical part of the technical stack of RuNet, very little is known about its design, its capabilities, or the extent of its deployment. In this paper, we develop novel techniques and run in-country and remote measurements to discover the how, what, and where of TSPU’s interference with users’ Internet traffic. We identify different types of blocking mechanisms triggered by SNI, IP, and QUIC, and we find the TSPU to be in-path and stateful, and possesses unique state-management characteristics. Using fragmentation behaviors as fingerprints, we identify over one million endpoints in Russia from 650 ASes that are behind TSPU devices and find that 70% of them are at most two hops away from the end IP. Considering that TSPU devices progressed from ideation to deployment in three years, we fear that the emerging TSPU architecture may become a blueprint for other countries with similar network topology.
AB - Russia’s Sovereign RuNet was designed to build a Russian national firewall. Previous anecdotes and isolated events in the past two years reflected centrally coordinated censorship behaviors across multiple ISPs, suggesting the deployment of “special equipment” in networks, colloquially known as “TSPU”. Despite the TSPU comprising a critical part of the technical stack of RuNet, very little is known about its design, its capabilities, or the extent of its deployment. In this paper, we develop novel techniques and run in-country and remote measurements to discover the how, what, and where of TSPU’s interference with users’ Internet traffic. We identify different types of blocking mechanisms triggered by SNI, IP, and QUIC, and we find the TSPU to be in-path and stateful, and possesses unique state-management characteristics. Using fragmentation behaviors as fingerprints, we identify over one million endpoints in Russia from 650 ASes that are behind TSPU devices and find that 70% of them are at most two hops away from the end IP. Considering that TSPU devices progressed from ideation to deployment in three years, we fear that the emerging TSPU architecture may become a blueprint for other countries with similar network topology.
KW - Censorship
KW - Interception
KW - Measurement
KW - Russia
UR - http://www.scopus.com/inward/record.url?scp=85141427982&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85141427982&partnerID=8YFLogxK
U2 - 10.1145/3517745.3561461
DO - 10.1145/3517745.3561461
M3 - Conference contribution
AN - SCOPUS:85141427982
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 179
EP - 194
BT - IMC 2022 - Proceedings of the 2022 ACM Internet Measurement Conference
PB - Association for Computing Machinery
Y2 - 25 October 2022 through 27 October 2022
ER -