---
_id: '58801'
abstract:
- lang: eng
text: Iran employs one of the most prominent Internet censors in the world. An important
part of Iran’s censorship apparatus is its analysis of unencrypted protocols such
as HTTP and DNS. During routine evaluations of Iran’s HTTP and DNS censorship,
we noticed several properties we believe to be unknown today. For instance, we
found injections of correct static IPs for some domains such as google.com on
the DNS level, unclear HTTP version parsing, and correlations between DNS and
HTTP censorship. In this paper, we present our findings to the community and discuss
possible takeaways for affected people and the censorship circumvention community.
As some of our findings left us bewildered, we hope to ignite a discussion about
Iran’s censorship behavior. We aim to use the discussion of our work to execute
a thorough analysis and explanation of Iran’s censorship behavior in the future.
author:
- first_name: Felix
full_name: Lange, Felix
id: '67893'
last_name: Lange
- first_name: Niklas
full_name: Niere, Niklas
id: '63563'
last_name: Niere
- first_name: Jonathan
full_name: von Niessen, Jonathan
last_name: von Niessen
- first_name: Dennis
full_name: Suermann, Dennis
last_name: Suermann
- first_name: Nico
full_name: Heitmann, Nico
id: '74619'
last_name: Heitmann
orcid: 0009-0003-7687-7044
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Lange F, Niere N, von Niessen J, Suermann D, Heitmann N, Somorovsky J. I(ra)nconsistencies:
Novel Insights into Iran’s Censorship. In: Proceedings on Privacy Enhancing
Technologies. ; 2025.'
apa: 'Lange, F., Niere, N., von Niessen, J., Suermann, D., Heitmann, N., & Somorovsky,
J. (2025). I(ra)nconsistencies: Novel Insights into Iran’s Censorship. Proceedings
on Privacy Enhancing Technologies. Free and Open Communications on the Internet,
Virtual.'
bibtex: '@inproceedings{Lange_Niere_von Niessen_Suermann_Heitmann_Somorovsky_2025,
title={I(ra)nconsistencies: Novel Insights into Iran’s Censorship}, booktitle={Proceedings
on Privacy Enhancing Technologies}, author={Lange, Felix and Niere, Niklas and
von Niessen, Jonathan and Suermann, Dennis and Heitmann, Nico and Somorovsky,
Juraj}, year={2025} }'
chicago: 'Lange, Felix, Niklas Niere, Jonathan von Niessen, Dennis Suermann, Nico
Heitmann, and Juraj Somorovsky. “I(Ra)Nconsistencies: Novel Insights into Iran’s
Censorship.” In Proceedings on Privacy Enhancing Technologies, 2025.'
ieee: 'F. Lange, N. Niere, J. von Niessen, D. Suermann, N. Heitmann, and J. Somorovsky,
“I(ra)nconsistencies: Novel Insights into Iran’s Censorship,” presented at the
Free and Open Communications on the Internet, Virtual, 2025.'
mla: 'Lange, Felix, et al. “I(Ra)Nconsistencies: Novel Insights into Iran’s Censorship.”
Proceedings on Privacy Enhancing Technologies, 2025.'
short: 'F. Lange, N. Niere, J. von Niessen, D. Suermann, N. Heitmann, J. Somorovsky,
in: Proceedings on Privacy Enhancing Technologies, 2025.'
conference:
end_date: 2025-02-20
location: Virtual
name: Free and Open Communications on the Internet
start_date: 2025-02-20
date_created: 2025-02-24T08:09:56Z
date_updated: 2025-05-06T13:48:32Z
ddc:
- '006'
department:
- _id: '632'
file:
- access_level: closed
content_type: application/pdf
creator: flange
date_created: 2025-02-24T08:07:59Z
date_updated: 2025-02-24T08:07:59Z
file_id: '58802'
file_name: foci-2025-0002.pdf
file_size: 535700
relation: main_file
success: 1
file_date_updated: 2025-02-24T08:07:59Z
has_accepted_license: '1'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://www.petsymposium.org/foci/2025/foci-2025-0002.pdf
oa: '1'
publication: Proceedings on Privacy Enhancing Technologies
quality_controlled: '1'
status: public
title: 'I(ra)nconsistencies: Novel Insights into Iran’s Censorship'
type: conference
user_id: '63563'
year: '2025'
...
---
_id: '60503'
abstract:
- lang: eng
text: 'Censors have long censored Transport Layer Security (TLS) traffic by inspecting
the domain name in the unencrypted Server Name Indication (SNI) extension. By
encrypting the SNI extension, the Encrypted ClientHello (ECH) prevents censors
from blocking TLS traffic to certain domains. Despite this promising outlook,
ECH’s current capability to contest TLS censorship is unclear; for instance, Russia
has started censoring ECH connections successfully. This paper clarifies ECH’s
current role for TLS censorship. To this end, we evaluate servers’ support for
ECH and its analysis and subsequent blocking by censors. We determine Cloudflare
as the only major provider supporting ECH. Additionally, we affirm previously
known ECH censorship in Russia and uncover indirect censorship of ECH through
encrypted DNS censorship in China and Iran. Our findings suggest that ECH’s contribution
to censorship circumvention is currently limited: we consider ECH’s dependence
on encrypted DNS especially challenging for ECH’s capability to circumvent censorship.
We stress the importance of censorship-resistant ECH to solve the long-known problem
of SNI-based TLS censorship.'
author:
- first_name: Niklas
full_name: Niere, Niklas
id: '63563'
last_name: Niere
- first_name: Felix
full_name: Lange, Felix
id: '67893'
last_name: Lange
- first_name: Nico
full_name: Heitmann, Nico
id: '74619'
last_name: Heitmann
orcid: 0009-0003-7687-7044
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Niere N, Lange F, Heitmann N, Somorovsky J. Encrypted Client Hello (ECH) in
Censorship Circumvention. In: ; 2025.'
apa: Niere, N., Lange, F., Heitmann, N., & Somorovsky, J. (2025). Encrypted
Client Hello (ECH) in Censorship Circumvention. Free and Open Communications
on the Internet, Washington, D.C.
bibtex: '@inproceedings{Niere_Lange_Heitmann_Somorovsky_2025, title={Encrypted Client
Hello (ECH) in Censorship Circumvention}, author={Niere, Niklas and Lange, Felix
and Heitmann, Nico and Somorovsky, Juraj}, year={2025} }'
chicago: Niere, Niklas, Felix Lange, Nico Heitmann, and Juraj Somorovsky. “Encrypted
Client Hello (ECH) in Censorship Circumvention,” 2025.
ieee: N. Niere, F. Lange, N. Heitmann, and J. Somorovsky, “Encrypted Client Hello
(ECH) in Censorship Circumvention,” presented at the Free and Open Communications
on the Internet, Washington, D.C., 2025.
mla: Niere, Niklas, et al. Encrypted Client Hello (ECH) in Censorship Circumvention.
2025.
short: 'N. Niere, F. Lange, N. Heitmann, J. Somorovsky, in: 2025.'
conference:
end_date: 2025-07-14
location: Washington, D.C.
name: Free and Open Communications on the Internet
start_date: 2025-07-14
date_created: 2025-07-03T07:14:00Z
date_updated: 2025-10-23T14:26:38Z
ddc:
- '006'
file:
- access_level: open_access
content_type: application/pdf
creator: nniklas
date_created: 2025-07-03T07:11:14Z
date_updated: 2025-10-23T14:26:38Z
file_id: '60505'
file_name: foci-2025-0016.pdf
file_size: 755171
relation: main_file
file_date_updated: 2025-10-23T14:26:38Z
has_accepted_license: '1'
keyword:
- censorship
- circumvention
- ECH
- TLS
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://www.petsymposium.org/foci/2025/foci-2025-0016.pdf
oa: '1'
status: public
title: Encrypted Client Hello (ECH) in Censorship Circumvention
type: conference
user_id: '63563'
year: '2025'
...
---
_id: '54437'
abstract:
- lang: eng
text: "Video conferencing systems have become an indispensable part of our world.
Using video conferencing systems implies the expectation that online meetings
run as smoothly as in-person meetings. Thus, online meetings need to be just as
secure and private as in-person meetings, which are secured against disruptive
factors and unauthorized persons by physical access control mechanisms.\r\n\r\nTo
show the security dangers of conferencing systems and raise general awareness
when using these technologies, we analyze the security of two widely used research
and education open-source video conferencing systems: BigBlueButton and eduMEET.
Because both systems are very different, we analyzed their architectures, considering
the respective components with their main tasks, features, and user roles. In
the following systematic security analyses, we found 50 vulnerabilities. These
include broken access control, NoSQL injection, and denial of service (DoS). The
vulnerabilities have root causes of different natures. While BigBlueButton has
a lot of complexity due to many components, eduMEET, which is relatively young,
focuses more on features than security. The sheer amount of results and the lack
of prior work indicate a research gap that needs to be closed since video conferencing
systems continue to play a significant role in research, education, and everyday
life."
author:
- first_name: Nico
full_name: Heitmann, Nico
id: '74619'
last_name: Heitmann
- first_name: Hendrik
full_name: Siewert, Hendrik
last_name: Siewert
- first_name: Sven
full_name: Moog, Sven
last_name: Moog
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Heitmann N, Siewert H, Moog S, Somorovsky J. Security Analysis of BigBlueButton
and eduMEET. In: Applied Cryptography and Network Security. Springer Nature
Switzerland; 2024. doi:10.1007/978-3-031-54776-8_8'
apa: Heitmann, N., Siewert, H., Moog, S., & Somorovsky, J. (2024). Security
Analysis of BigBlueButton and eduMEET. Applied Cryptography and Network Security.
https://doi.org/10.1007/978-3-031-54776-8_8
bibtex: '@inproceedings{Heitmann_Siewert_Moog_Somorovsky_2024, place={Cham}, title={Security
Analysis of BigBlueButton and eduMEET}, DOI={10.1007/978-3-031-54776-8_8},
booktitle={Applied Cryptography and Network Security}, publisher={Springer Nature
Switzerland}, author={Heitmann, Nico and Siewert, Hendrik and Moog, Sven and Somorovsky,
Juraj}, year={2024} }'
chicago: 'Heitmann, Nico, Hendrik Siewert, Sven Moog, and Juraj Somorovsky. “Security
Analysis of BigBlueButton and EduMEET.” In Applied Cryptography and Network
Security. Cham: Springer Nature Switzerland, 2024. https://doi.org/10.1007/978-3-031-54776-8_8.'
ieee: 'N. Heitmann, H. Siewert, S. Moog, and J. Somorovsky, “Security Analysis of BigBlueButton
and eduMEET,” Abu Dhabi, 2024, doi: 10.1007/978-3-031-54776-8_8.'
mla: Heitmann, Nico, et al. “Security Analysis of BigBlueButton and EduMEET.” Applied
Cryptography and Network Security, Springer Nature Switzerland, 2024, doi:10.1007/978-3-031-54776-8_8.
short: 'N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography
and Network Security, Springer Nature Switzerland, Cham, 2024.'
conference:
end_date: 2024-03-08
location: Abu Dhabi
start_date: 2024-03-05
date_created: 2024-05-23T11:15:39Z
date_updated: 2024-05-23T11:20:29Z
department:
- _id: '632'
doi: 10.1007/978-3-031-54776-8_8
language:
- iso: eng
main_file_link:
- url: https://link.springer.com/content/pdf/10.1007/978-3-031-54776-8_8.pdf
place: Cham
publication: Applied Cryptography and Network Security
publication_status: published
publisher: Springer Nature Switzerland
status: public
title: Security Analysis of BigBlueButton and eduMEET
type: conference
user_id: '74619'
year: '2024'
...
---
_id: '57816'
abstract:
- lang: eng
text: "TLS-Attacker is an open-source framework for analyzing Transport\r\nLayer
Security (TLS) implementations. The framework allows users\r\nto specify custom
protocol flows and provides modification hooks to\r\nmanipulate message contents.
Since its initial publication in 2016 by\r\nJuraj Somorovsky, TLS-Attacker has
been used in numerous studies\r\npublished at well-established conferences and
helped to identify\r\nvulnerabilities in well-known open-source TLS libraries.
To enable\r\nautomated analyses, TLS-Attacker has grown into a suite of projects,\r\neach
designed as a building block that can be applied to facilitate\r\nvarious analysis
methodologies. The framework still undergoes\r\ncontinuous improvements with feature
extensions, such as DTLS\r\n1.3 or the addition of new dialects such as QUIC,
to continue its\r\neffectiveness and relevancy as a security analysis framework."
author:
- first_name: Fabian
full_name: Bäumer, Fabian
last_name: Bäumer
- first_name: Marcus
full_name: Brinkmann, Marcus
last_name: Brinkmann
- first_name: Nurullah
full_name: Erinola, Nurullah
last_name: Erinola
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
orcid: 0009-0006-1172-1665
- first_name: Nico
full_name: Heitmann, Nico
id: '74619'
last_name: Heitmann
orcid: 0009-0003-7687-7044
- first_name: Felix
full_name: Lange, Felix
id: '67893'
last_name: Lange
- first_name: Marcel
full_name: Maehren, Marcel
last_name: Maehren
- first_name: Robert
full_name: Merget, Robert
last_name: Merget
- first_name: Niklas
full_name: Niere, Niklas
id: '63563'
last_name: Niere
- first_name: Maximilian Manfred
full_name: Radoy, Maximilian Manfred
id: '68826'
last_name: Radoy
orcid: 0009-0005-3059-6823
- first_name: Conrad
full_name: Schmidt, Conrad
last_name: Schmidt
- first_name: Jörg
full_name: Schwenk, Jörg
last_name: Schwenk
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Bäumer F, Brinkmann M, Erinola N, et al. TLS-Attacker: A Dynamic Framework
for Analyzing TLS Implementations. In: Proceedings of Cybersecurity Artifacts
Competition and Impact Award (ACSAC ’24). ; 2024.'
apa: 'Bäumer, F., Brinkmann, M., Erinola, N., Hebrok, S. N., Heitmann, N., Lange,
F., Maehren, M., Merget, R., Niere, N., Radoy, M. M., Schmidt, C., Schwenk, J.,
& Somorovsky, J. (2024). TLS-Attacker: A Dynamic Framework for Analyzing TLS
Implementations. Proceedings of Cybersecurity Artifacts Competition and Impact
Award (ACSAC ’24). Annual Computer Security Applications Conference, Hawaii.'
bibtex: '@inproceedings{Bäumer_Brinkmann_Erinola_Hebrok_Heitmann_Lange_Maehren_Merget_Niere_Radoy_et
al._2024, title={TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations},
booktitle={Proceedings of Cybersecurity Artifacts Competition and Impact Award
(ACSAC ’24)}, author={Bäumer, Fabian and Brinkmann, Marcus and Erinola, Nurullah
and Hebrok, Sven Niclas and Heitmann, Nico and Lange, Felix and Maehren, Marcel
and Merget, Robert and Niere, Niklas and Radoy, Maximilian Manfred and et al.},
year={2024} }'
chicago: 'Bäumer, Fabian, Marcus Brinkmann, Nurullah Erinola, Sven Niclas Hebrok,
Nico Heitmann, Felix Lange, Marcel Maehren, et al. “TLS-Attacker: A Dynamic Framework
for Analyzing TLS Implementations.” In Proceedings of Cybersecurity Artifacts
Competition and Impact Award (ACSAC ’24), 2024.'
ieee: 'F. Bäumer et al., “TLS-Attacker: A Dynamic Framework for Analyzing
TLS Implementations,” presented at the Annual Computer Security Applications Conference,
Hawaii, 2024.'
mla: 'Bäumer, Fabian, et al. “TLS-Attacker: A Dynamic Framework for Analyzing TLS
Implementations.” Proceedings of Cybersecurity Artifacts Competition and Impact
Award (ACSAC ’24), 2024.'
short: 'F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange,
M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky,
in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC
’24), 2024.'
conference:
end_date: 2024-12-13
location: Hawaii
name: Annual Computer Security Applications Conference
start_date: 2024-12-09
date_created: 2024-12-17T11:25:14Z
date_updated: 2025-02-27T08:02:30Z
department:
- _id: '632'
keyword:
- SSL
- TLS
- DTLS
- Protocol State Fuzzing
- Planning Based
language:
- iso: eng
publication: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC
’24)
quality_controlled: '1'
status: public
title: 'TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations'
type: conference
user_id: '67893'
year: '2024'
...