2017-gosain-mending
findings extracted from this paper
-
Only 4 Indian ASes are needed to intercept >90% of AS-level paths from all Indian ASes to censored sites; 10 ASes cover ~95% of paths. Fewer than 5,000 edge routers spread across those ASes would suffice for nationwide IP filtering, with ~70% of those routers belonging to just two private ISPs (Bharti Airtel AS9498 and Tata Comm. AS4755).
-
Any one of five Indian ASes — each needing control of only its BGP-speaking routers — can individually censor traffic for all ~896 Indian ASes via IP prefix hijacking. For example, AS4755 (Tata Comm.) fake advertisements can impact 955 ASes total (896 Indian + 41 foreign); AS9730 (Bharti Telesonic) requires as few as 7 edge routers to execute such an attack.
-
If India deployed centralized filtering at its key ASes, approximately 121,931 foreign-origin paths (1.15% of all Internet paths to censored sites worldwide) that transit Indian ASes would experience collateral blocking, affecting non-Indian users in Finland, Hong Kong, Singapore, Malaysia, the US, and elsewhere who have no connection to Indian censorship law.
-
Eight Indian ASes can collectively intercept 99.14% of AS-level paths connecting all Indian ASes to DNS resolvers, including GoogleDNS and OpenDNS; 4,906 routers across these 8 ASes suffice to launch DNS injection attacks covering the entire country. The same 8 ASes also appear among the 10 key ASes identified for IP filtering.
-
India's federated censorship model — each ISP independently enforces government blacklists — produces dramatically inconsistent filtering: Airtel censored only 1 of 50 pornographic sites probed, while MTNL censored 45 of 50; Reliance Jio censored 0 sites across all 540 test URLs. A well-informed user can escape censorship through a judicious choice of ISP.