Internet censorship has become a dishonorable trademark for authoritarian governments around the world, although efforts exist to combat this practice and strengthen fundamental rights such as access to information and freedom of speech. However, information security specialists mention that this is a career led by authoritarian regimes, as censorship tools are becoming more sophisticated and opponents of this practice must find ways to avoid censorship manually, which puts them at great disadvantage.
Although the picture is bleak, it’s not all bad news. A research by experts from the University of Maryland has led to the development of Geneva (the short form of saying Genetic Evasion), a machine learning tool to combat Internet censorship.
After being tested in regions where Internet censorship is common (such as China, Kazakhstan or India), this tool found multiple ways to evade censorship, exploiting some loops in the logic of tools used by governments thanks to the discovery of some flaws that, according to information security experts, would be impossible to discover using manual methods.
Dave Levin, professor of computer science and research director, believes Geneva will be instrumental in matching the race against online censorship imposed by authoritarian governments: “These advances will enable freedom of expression and completely open communications to millions of users who are not allowed to access much of the information on the Internet right now,” says the expert.
As mentioned in the document, all information circulating on the Internet is divided into data packets and reassembled by senders and receivers. Internet censorship mechanisms work by monitoring data packets sent during an Internet search. These tools block requests that include keywords or domain names set by authoritarian governments.
According to information security experts, Geneva is able to modify the way data packages are split and reassembled, thus the censorship tool will not be able to recognize prohibited words or domain names and block the connection.
Its developers call Geneva a “genetic algorithm”, a form of artificial intelligence developed to work in the background in any conventional browser. “Like many biological systems, Geneva develops sets of instructions from code snippets that work as genetic material capable of changing to divide, regroup, and send data packets on the Internet.
Geneva is able to develop its genetic code using successive attempts, also known as generations. In each generation, Geneva maintains the best-functioning instructions for evading censorship and getting rid of the rest, mutating strategies and adding and removing random instructions to find the best way to bypass request-blocking software and websites in a relatively short time.
Levin’s team tested this tool in a lab against some fake censorship software, discovering that Geneva was able to identify virtually all package manipulation strategies used by these variants of test software.
Then it was time to try Geneva in a real environment. To do this, the developers ran the tool on a conventional (unmodified) Google Chrome machine in China. Thanks to Geneva, the user of this computer was able to browse without censorship using some keywords identified by the Chinese government (such as Tiananmen Square). The tool was also successfully analyzed in India (where URL names are blocked) and in Kazakhstan (where the government spy social media pages).
According to information security specialists from the International Institute of Cyber Security (IICS), this research, together with the Geneva code, will be published in the future for the benefit of the inhabitants of these regions where communications are affected by government censorship. One possible way to enhance the scope of this tool is to implement it on the computer that supplies the blocked content instead of that of the user, although this is only a theory for now.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.