Fingerprint-resistant DTLS for usage in Snowflake
Authors: Theodor Signebøen Midtlien, David Palma (Norwegian University of Science and Technology)
Year: 2025
Issue: 2
Pages: 1–9
Abstract: Internet censorship circumvention requires continuous effort and attention in order to achieve its goals. This paper aims at making the Pion DTLS library used in Snowflake less prone to fingerprinting and blocking. We developed a tool for analyzing and passively identifying field-based fingerprints of DTLS, validated using a dataset containing known fingerprints. Our findings revealed that the extensions field is particularly vulnerable to identification. To address this, we propose and implement covertDTLS which extends the Pion DTLS Go library with handshake hooking to offer mimicry and randomization features inspired by uTLS. In addition, we created a continuous delivery pipeline to generate fresh DTLS-WebRTC handshakes based on popular browsers, allowing researchers to monitor changes and ensuring that mimicking remains up-to-date. Our results indicate that mimicking and randomization are effective countermeasures against allowlisting and blocklisting respectively. We further analyze the evolution of DTLS-WebRTC handshakes collected from browsers over a year and their impact on Snowflake’s distinguishability. To fully understand the impact of our proposed solution, we also deployed standard Snowflake proxies and improved ones using our fingerprint-resistant DTLS library, and report our findings. Our observations suggest that the prompt adoption of DTLS 1.3 is necessary to keep pace with browser updates, and our fingerprint-resistant library demonstrated stability when mimicking DTLS 1.2 handshakes, but less so with the randomization approach. These obtained results suggest that our modifications to Snowflake effectively reduce the fingerprintability of DTLS traffic, enhancing its capability to bypass censorship. However, we also argue that continuous monitoring and prompt adaptation to evolving Internet protocols and applications is essential for the anti-censorship community.
Copyright in FOCI articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
