About Disguiser
Disguiser is a novel framework that enables end-to-end measurement for accurately and comprehensively investigating global internet censorship practices. It’s challenging to conduct large-scale internet censorship measurement, as it involves triggering censors through artificial requests and identifying abnormalities from corresponding responses. Due to the lack of “ground truth” on the expected responses from legitimate services, many efforts to conduct large-scale censorship measurement typically require unscalable manual inspection. Disguiser remedies this through its automatic censorship-detection capabilities, revealing censorship deployment without manual efforts.
Individuals can run the disguiser code which replies with a static payload to provide the “ground truth” of server responses. A backend server is required to deploy Disguiser. Requests from various types of vantage points across the world are sent to this control server; censorship activities can be recognized if a vantage point receives a different response. Disguiser can also facilitate extended measurements for investigating more aspects of internet censorship—for example, pinpointing censor devices’ locations and exploring their policies and deployment.
The Audit
Through OTF’s Red Team Lab, 7ASecurity conducted a penetration test and whitebox security review of the Disguiser framework—referred to as “Ground Truth” in the audit report. A whitebox review is a form of application testing that provides the tester with complete knowledge of the application being tested, including access to source code and design documents.
The goal was to review the solution as thoroughly as possible, to ensure researchers using the Disguiser/Ground Truth framework are provided with the best possible security, and to review the team’s server configuration in order to provide guidance to those wishing to deploy Disguiser. This is particularly important, as the framework deals with network traffic potentially tampered with by hostile government-sponsored authorities.
Scope
- Whitebox test against Ground Truth website, servers, and clients
- Ground-truth fuzzing and fuzzing test case creation
- Whitebox tests against Ground Truth servers, infrastructure, and configuration via SSH
- Important notes:
- The server configuration audited was for reference purposes only, and is not what users will implement in practice.
- The Disguiser team created a Checklist for Best Practices for Deploying Secure and Reliable Cloud Instances as Backend Servers.
- Important notes:
- Whitebox tests against Ground Truth cloud infrastructure on AWS and Google Cloud
- Whitebox tests against Ground Truth supply chain implementation
- Ground Truth lightweight threat-model documentation
- Privacy tests against Ground Truth servers and clients
Findings
7ASecurity’s audit uncovered more than 32 issues, 7 of which were identified as serious vulnerabilities that should be fixed and 25 that merit further investigation. In general, the Disguiser/Ground Truth solution defended itself well against a broad range of attack vectors. It will become increasingly difficult to attack as additional cycles of security testing and subsequent hardening continue.
Remediation
The team behind Disguiser/Ground Truth fixed six of the issues identified as serious vulnerabilities. They deemed one as an acceptable risk. In regard to items that 7ASecurity recommended for further investigation, the Disguiser team fixed six. They plan to remediate five others in the future; the rest were considered acceptable risks.