NANOG Meeting Presentation Abstract

Avoiding Nation-State Surveillance
Meeting:	NANOG67
Date / Time:	2016-06-14 2:30pm - 3:00pm
Room:	Imperial Ballroom (B2 Level)
Presenters:	Speakers: Roya Ensafi Roya Ensafi is a Postdoctoral Research Associate and a fellow at the Center for Information Technology Policy (CITP) at Princeton University. Her research work focuses on computer networking and security, with an emphasis on network measurement. The primary goal of her current research is to better understand and bring transparency to network interference (e.g. censorship) by designing new tools and techniques. In her dissertation, which passed with distinction, Roya developed side channels to remotely measure TCP connectivity between two hosts, without requiring access to any of the hosts. Most of her latest research projects center around studying national firewalls, especially the Great Firewall of China (GFW). Her work studying how the Great Firewall of China discovers hidden circumvention servers received an IRTF Applied Networking Research Prize (ANRP) in 2016. Nick Feamster. Annie Edmundson, Princeton University Annie is a Ph.D. candidate in the Security and Privacy Research Group at Princeton University. She is also a Graduate Student Fellow at the Center for Information Technology Policy, where she studies computer security and privacy, and its intersection with policy. Her prior work includes research on electronic voting machines and network-level adversaries on the Tor network, as well as being a member of the Application Security team at Twitter. Jennifer Rexford.
Abstract:	When Internet traffic enters a country, it becomes subject to those countries’ laws. As an increasing number of countries pass laws that facilitate mass surveillance, Internet users have more need than ever to determine---and control---which countries their traffic is traversing. To this end, we first conduct a large-scale measurement study to demonstrate that Internet paths often transit countries where laws may make users more vulnerable to surveillance than they would be in their home country. We investigate different options that give users the power to avoid certain countries, which could ultimately make them less vulnerable to state-level surveillance. Our measurement-driven evaluation shows that tunneling allows users in many countries to access many popular sites without traversing certain other countries. Our study focuses on five different countries: Brazil, Netherlands, India, Kenya, and the United States. We find that these different options increase clients’ (end-users’) abilities to avoid other countries, but no country can completely avoid all other countries. Our results also show how central the United States is to inter-domain routing, as clients in Brazil, Netherlands, India, and Kenya cannot avoid the United States when accessing a significant portion of the top domains.
Files:	Avoiding Nation-State Surveillance Edmundson_Avoiding Nation-State (PDF)
Sponsors:	None.

Back to NANOG67 agenda.

NANOG67 Abstracts

• Show All

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• Conference Opening
  Moderators:
  Daniel Golding, NANOG Board, Google; Speakers:
  Peter JacobyRCN; .
  L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  

• The Real Cost of Public IXPs
  Speakers:
  David Temkin, Netflix;

• NANOG 67 Hackathon team black hole route monitor
  Speakers:
  John Kristoff, DePaul University;

• NANOG 67 Hackathon team take-off
  Speakers:
  Chris WoodfieldTwitter; .
  Peter Hoose, Facebook, Inc.;

• NANOG 67 Hackathon team take-off
  Speakers:
  Chris WoodfieldTwitter; .
  Peter Hoose, Facebook, Inc.;

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• NCI TNG: NANOG, The Next Generation
  Moderators:
  David Temkin, Netflix; Panelists:
  Daniel Golding, NANOG Board, Google; Jesse Sowell, Stanford; Kevin Epperson.
  Ronald Kovac

• Network Support for TCP Fast Open
  Speakers:
  Christoph Paasch, Apple;

• Elliptic curves to the rescue: tackling availability and attack potential in DNSSEC
  Speakers:
  Roland van Rijswijk-Deij, SURFnet;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Tutorial Everything You Always Wanted to Know About Optical Networking
  Speakers:
  Richard A Steenbergen, PacketFabric;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
  Moderators:
  Sandra Murphy, Parsons, Inc.; Doug Montgomery, National Institute of Standards and Technologies (NIST); Panelists:
  Tony Tauber, Comcast; Rick Mayberry, Microsoft; John Scudder, Juniper Networks; Thomas KingHenk Steenman, AMS-IX; Greg Hankins, Nokia; Mark Kosters, ARIN; Arjun SreekantiahCisco; .
  Keyur Patel, Cisco; Matthias Wählisch, Freie Universitaet Berlin;

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• DNS Track
  Speakers:
  edward lewisICANN; .
  Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
  Casey Deccio, Verisign Labs; Yacin Nadji.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• DNSSEC Tutorial
  Speakers:
  Eddy Winstead, Internet Systems Consortium;

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• Security Track
  Speakers:
  John Kristoff, DePaul University; Christoph Dietzel.
  Ryan Haley.
  Jelena Mirkovic.
  

• NANOG 67 Hackathon team PiCon
  Speakers:
  Brandon Bennett.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Avoiding Nation-State Surveillance
  Speakers:
  Roya EnsafiNick Feamster.
  Annie Edmundson, Princeton University; Jennifer Rexford.
  

• Everyday practical BGP filtering
  Speakers:
  Job Snijders, NTT;

• Peering Security and Resiliency
  Speakers:
  Greg Hankins, Nokia; Job Snijders, NTT;

• Peering Security and Resiliency
  Speakers:
  Greg Hankins, Nokia; Job Snijders, NTT;

• DNS-based censorship: theory and measurements
  Speakers:
  Stphane Bortzmeyer, AFNIC;

• Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild
  Speakers:
  Christoph Dietzel, DE-CIX / TU Berlin;

• TCP over IP Anycast - Pipe dream or Reality?
  Speakers:
  Shawn Zandi, LinkedIn; Ritesh Maheshwari, LinkedIn;

• TCP over IP Anycast - Pipe dream or Reality?
  Speakers:
  Shawn Zandi, LinkedIn; Ritesh Maheshwari, LinkedIn;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Suffering Withdrawal; an automated approach to connectivity evaluation
  Speakers:
  Tim Hoffman, Twitter; Bruce McDougall, Cisco Systems; Nick Slabakov, Juniper Networks; Micah Croff, GitHub;

• Measurement based inter-domain traffic engineering
  Speakers:
  WENQIN SHAO, Telecom ParisTech;

• Utilizing Kea hook points for modern IP addressing
  Speakers:
  Eddy Winstead, Internet Systems Consortium;

• Ten Lessons From Telemetry
  Speakers:
  Shelly Cadora, Cisco Systems;

• Automating Maintenance Notifications
  Speakers:
  Erik Klavon, Box; Francisco HidalgoFacebook; .
  

• Automating Maintenance Notifications
  Speakers:
  Erik Klavon, Box; Francisco HidalgoFacebook; .
  

• Post IPv4 Depletion Trends
  Speakers:
  Leslie Nobile

• Experiences with network automation at Dyn
  Speakers:
  Carlos Vicente, Dyn Inc.;

• Closing Session
  Speakers:
  Betty Burke, NANOG;