TY - GEN
T1 - TSPU
T2 - 22nd ACM Internet Measurement Conference, IMC 2022
AU - Xue, Diwen
AU - Mixon-Baca, Benjamin
AU - Valdik, S. S.
AU - Ablove, Anna
AU - Kujath, Beau
AU - Crandall, Jedidiah R.
AU - Ensafi, Roya
N1 - Funding Information:
The authors are grateful to Georgios Smaragdakis for shepherding the paper, and to the anonymous reviewers for their constructive feedback. We also thank Renuka Kumar, Reethika Ramesh, David Fi-field, and Andrey Viktorov for insightful discussions. This material is based upon work supported by the National Science Foundation under Grant No.2141547, 2042795, 2007741, 2141512, and DRL SLMAQM20GR2132.
Publisher Copyright:
© 2022 Copyright held by the owner/author(s).
PY - 2022/10/25
Y1 - 2022/10/25
N2 - Russia’s Sovereign RuNet was designed to build a Russian national firewall. Previous anecdotes and isolated events in the past two years reflected centrally coordinated censorship behaviors across multiple ISPs, suggesting the deployment of “special equipment” in networks, colloquially known as “TSPU”. Despite the TSPU comprising a critical part of the technical stack of RuNet, very little is known about its design, its capabilities, or the extent of its deployment. In this paper, we develop novel techniques and run in-country and remote measurements to discover the how, what, and where of TSPU’s interference with users’ Internet traffic. We identify different types of blocking mechanisms triggered by SNI, IP, and QUIC, and we find the TSPU to be in-path and stateful, and possesses unique state-management characteristics. Using fragmentation behaviors as fingerprints, we identify over one million endpoints in Russia from 650 ASes that are behind TSPU devices and find that 70% of them are at most two hops away from the end IP. Considering that TSPU devices progressed from ideation to deployment in three years, we fear that the emerging TSPU architecture may become a blueprint for other countries with similar network topology.
AB - Russia’s Sovereign RuNet was designed to build a Russian national firewall. Previous anecdotes and isolated events in the past two years reflected centrally coordinated censorship behaviors across multiple ISPs, suggesting the deployment of “special equipment” in networks, colloquially known as “TSPU”. Despite the TSPU comprising a critical part of the technical stack of RuNet, very little is known about its design, its capabilities, or the extent of its deployment. In this paper, we develop novel techniques and run in-country and remote measurements to discover the how, what, and where of TSPU’s interference with users’ Internet traffic. We identify different types of blocking mechanisms triggered by SNI, IP, and QUIC, and we find the TSPU to be in-path and stateful, and possesses unique state-management characteristics. Using fragmentation behaviors as fingerprints, we identify over one million endpoints in Russia from 650 ASes that are behind TSPU devices and find that 70% of them are at most two hops away from the end IP. Considering that TSPU devices progressed from ideation to deployment in three years, we fear that the emerging TSPU architecture may become a blueprint for other countries with similar network topology.
KW - Censorship
KW - Interception
KW - Measurement
KW - Russia
UR - http://www.scopus.com/inward/record.url?scp=85141427982&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85141427982&partnerID=8YFLogxK
U2 - 10.1145/3517745.3561461
DO - 10.1145/3517745.3561461
M3 - Conference contribution
AN - SCOPUS:85141427982
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 179
EP - 194
BT - IMC 2022 - Proceedings of the 2022 ACM Internet Measurement Conference
PB - Association for Computing Machinery
Y2 - 25 October 2022 through 27 October 2022
ER -