An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Ignoring the great firewall of china
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
| Hi-index | 0.00 |
Three main methods of content blocking are used on the Internet: blocking routes to particular IP addresses, blocking specific URLs in a proxy cache or firewall, and providing invalid data for DNS lookups. The mechanisms have different accuracy / cost trade-offs. This paper examines a hybrid, two-stage system that redirects traffic that might need to be blocked to a proxy cache, which then takes the final decision. This promises an accurate system at a relatively low cost. A British ISP has deployed such a system to prevent access to child pornography. However, circumvention techniques can now be employed at both system stages to reduce effectiveness; there are risks from relying on DNS data supplied by the blocked sites; and unhappily, the system can be used as an oracle to determine what is being blocked. Experimental results show that it is straightforward to use the system to compile a list of illegal websites.