ABSTRACT
Refraction Networking (formerly known as "Decoy Routing") has emerged as a promising next-generation approach for circumventing Internet censorship. Rather than trying to hide individual circumvention proxy servers from censors, proxy functionality is implemented in the core of the network, at cooperating ISPs in friendly countries. Any connection that traverses these ISPs could be a conduit for the free flow of information, so censors cannot easily block access without also blocking many legitimate sites. While one Refraction scheme, TapDance, has recently been deployed at ISP-scale, it suffers from several problems: a limited number of "decoy" sites in realistic deployments, high technical complexity, and undesirable tradeoffs between performance and observability by the censor. These challenges may impede broader deployment and ultimately allow censors to block such techniques. We present Conjure, an improved Refraction Networking approach that overcomes these limitations by leveraging unused address space at deploying ISPs. Instead of using real websites as the decoy destinations for proxy connections, our scheme connects to IP addresses where no web server exists leveraging proxy functionality from the core of the network. These phantom hosts are difficult for a censor to distinguish from real ones, but can be used by clients as proxies. We define the Conjure protocol, analyze its security, and evaluate a prototype using an ISP testbed. Our results suggest that Conjure can be harder to block than TapDance, is simpler to maintain and deploy, and offers substantially better network performance.
Supplemental Material
- Alexa Internet, Inc. 2019. Alexa Top 500 Global Sites. https://www.alexa.com/topsites.Google Scholar
- Daniel J Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange. 2013. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In 20th ACM Conference on Computer and Communications Security (CCS). 967--980.Google ScholarDigital Library
- Cecylia Bocovich and Ian Goldberg. 2016. Slitheen: Perfectly imitated decoyrouting through traffic replacement. In 23rd ACM Conference on Computer and Communications Security (CCS). 1702--1714.Google ScholarDigital Library
- Cecylia Bocovich and Ian Goldberg. 2018. Secure asymmetry and deployability for decoy routing systems. Proceedings on Privacy Enhancing Technologies 2018,3 (2018), 43--62.Google ScholarCross Ref
- Chad Brubaker, Amir Houmansadr, and Vitaly Shmatikov. 2014. Cloud Transport: Using Cloud Storage for Censorship-Resistant Networking. In The 14th Privacy Enhancing Technologies Symposium (PETS).Google Scholar
- Jacopo Cesareo, Josh Karlin, Michael Shapira, and Jennifer Rexford. 2012. Optimizing the Placement of Implicit Proxies.Google Scholar
- Roger Dingledine. 2011. Research problems: Ten ways to discover Tor bridges. https://blog.torproject.org/research-problems-ten-ways-discover-tor-bridgesGoogle Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. In13th USENIX Security Symposium. 303--320.Google ScholarCross Ref
- Frederick Douglas, Rorshach, Weiyang Pan, and Matthew Caesar. 2016. Salmon:Robust Proxy Distribution for Censorship Circumvention. PoPETs 2016, 4 (2016),4--20.Google Scholar
- Arun Dunna, Ciarán O'Brien, and Phillipa Gill. 2018. Analyzing China's Blocking of Unpublished Tor Bridges. In Free and Open Communications on the Internet. 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI18).Google Scholar
- Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast Internet-Wide Scanning and its Security Applications. In 22nd USENIX Security Symposium.Google Scholar
- K. P. Dyer, S. E. Coull, T. Ristenpart, and T Shrimpton. 2013. Protocol misidentification made easy with format-transforming encryption. In 20th ACM Conference on Computer and Communications Security (CCS). 61--72.Google ScholarDigital Library
- Daniel Ellard, Alden Jackson, Christine Jones, Victoria Manfredi, W. Timothy Strayer, Bishal Thapa, and Megan Van Welie. 2015. Rebound: Decoy routing on asymmetric routes via error messages. In 40th IEEE Conference on Local Computer Networks (LCN). 91--99.Google ScholarDigital Library
- R. Ensafi, D. Fifield, P. Winter, N. Feamster, N. Weaver, and V. Paxson. 2015. Examining How the Great Firewall Discovers Hidden Circumvention Servers. In 15th ACM Internet Measurement Conference (IMC). 445--458.Google Scholar
- David Fifield. 2017. Threat modeling and circumvention of Internet censorship. Ph.D. Dissertation. University of California, Berkeley.Google Scholar
- David Fifield, Nate Hardison, Jonathan Ellithorpe, Emily Stark, Roger Dingledine, Phil Porras, and Dan Boneh. 2012. Evading Censorship with Browser-Based Proxies. In 12th Privacy Enhancing Technologies Symposium (PETS). 239--258.Google Scholar
- David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. 2015. Blocking-resistant communication through domain fronting. Proceedings on Privacy Enhancing Technologies 2015, 2 (2015), 46--64.Google ScholarCross Ref
- Pawel Foremski, David Plonka, and Arthur Berger. 2016. Entropy/ip: Uncovering structure in ipv6 addresses. In Proceedings of the 2016 Internet Measurement Conference. ACM, 167--181.Google ScholarDigital Library
- Freedom House. 2018. Freedom on the Net 2018: The Rise of Digital Authoritarianism. https://freedomhouse.org/sites/default/files/FOTN_2018_FinalBooklet_11_1_2018.pdf .Google Scholar
- Sergey Frolov, Fred Douglas, Will Scott, Allison McDonald, Benjamin Vander Sloot, Rod Hynes, Adam Kruger, Michalis Kallitsis, David Robinson, Nikita Borisov, J. Alex Halderman, and Eric Wustrow. 2017. An ISP-scale deployment of Tap-Dance. Free and Open Communications on the Internet (FOCI)(2017), 49.Google Scholar
- Sergey Frolov and Eric Wustrow. 2019. The use of TLS in Censorship Circumvention. In 2019 Network and Distributed System Security Symposium (NDSS).Google ScholarCross Ref
- Devashish Gosain, Anshika Agarwal, Sambuddho Chakravarty, and H. B. Acharya. 2017. The Devil's in The Details: Placing Decoy Routers in the Internet. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017). ACM, 577--589.Google ScholarDigital Library
- Serene Han. 2017. Snowflake. https://trac.torproject.org/projects/tor/wiki/doc/Snowflake.Google Scholar
- Jamie Hayes and George Danezis. 2016. k-fingerprinting: A robust scalable website fingerprinting technique. In 25th USENIX Security Symposium. 1187--1203.Google Scholar
- Amir Houmansadr, Chad Brubaker, and Vitaly Shmatikov. 2013. The Parrotis Dead: Observing Unobservable Network Communications. In The 34th IEEE Symposium on Security and Privacy.Google Scholar
- Amir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, and Nikita Borisov. 2011. Cirripede: Circumvention infrastructure using router redirection with plausible deniability. In 18th ACM Conference on Computer and Communications Security (CCS). 187--200.Google ScholarDigital Library
- Amir Houmansadr, Edmund L. Wong, and Vitaly Shmatikov. 2014. No Direction Home: The True Cost of Routing Around Decoys. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014. The Internet Society.Google Scholar
- Amir Houmansadr, Wenxuan Zhou, Matthew Caesar, and Nikita Borisov. 2017. SWEET: Serving the Web by Exploiting Email Tunnels. IEEE/ACM Transactions on Networking 25, 3 (Jan 2017).Google ScholarDigital Library
- Josh Karlin, Daniel Ellard, Alden W. Jackson, Christine E. Jones, Greg Lauer, David P. Mankins, and W. Timothy Strayer. 2011. Decoy Routing: Toward Unblockable Internet Communication. In 1st USENIX Workshop on Free and Open Communications on the Internet (FOCI).Google Scholar
- Redis Labs. 2019. Redis is open source, in-memory data structure store. https://redis.io/.Google Scholar
- Bruce Leidl. 2009. Obfuscated SSH. https://github.com/brl/obfuscated-opensshGoogle Scholar
- Patrick Lincoln, Ian Mason, Phillip A Porras, Vinod Yegneswaran, Zachary Weinberg, Jeroen Massar, William Allen Simpson, Paul Vixie, and Dan Boneh. 2012. Bootstrapping Communications into an Anti-Censorship System. In 2nd USENIX Workshop on Free and Open Communications on the Internet. USENIX.Google Scholar
- Colm MacCarthaigh. 2018. Enhanced Domain Protections for Amazon Cloud-Front Requests. https://aws.amazon.com/blogs/security/enhanced-domain-protections-for-amazon-cloudfront-requests/.Google Scholar
- Victoria Manfredi and Pi Songkuntham. 2018. MultiFlow: Cross-Connection Decoy Routing using TLS 1.3 Session Resumption. In 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI 18). USENIX Association.Google Scholar
- Bill Marczak, Nicholas Weaver, Jakub Dalek, Roya Ensafi, David Fifield, Sarah McKune, Arn Rey, John Scott-Railton, Ron Deibert, and Vern Paxson. 2015. An analysis of China's "Great Cannon". FOCI. USENIX(2015), 37.Google Scholar
- Moxie Marlinspike. 2016. Doodles, stickers, and censorship circumvention for Signal Android. https://signal.org/blog/doodles-stickers-censorship/.Google Scholar
- Moxie Marlinspike. 2018. Amazon threatens to suspend Signal's AWS accountover censorship circumvention. https://signal.org/blog/looking-back-on-the-front/.Google Scholar
- Damon McCoy, Jose Andre Morales, and Kirill Levchenko. 2012. Proximax: Measurement-driven Proxy Dissemination (Short Paper). In Proceedings of the 15th International Conference on Financial Cryptography and Data Security (FC'11). Springer-Verlag, Berlin, Heidelberg, 260--267.Google ScholarDigital Library
- Milad Nasr and Amir Houmansadr. 2016. GAME OF DECOYS: Optimal Decoy Routing Through Game Theory. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24--28,2016. ACM, 1727--1738.Google ScholarDigital Library
- Milad Nasr, Hadi Zolfaghari, and Amir Houmansadr. 2017. The waterfall of liberty: Decoy routing circumvention that resists routing attacks. In 24th ACM Conference on Computer and Communications Security (CCS). 2037--2052.Google ScholarDigital Library
- Refraction Networking. 2019. uTLS-fork of the Go standard TLS library, providing low-level access to the Client Hello for mimicry purposes. https://github.com/refraction-networking/utls/.Google Scholar
- Ntop. PF_RING. http://www.ntop.org/products/pf_ring.Google Scholar
- Open Whisper Systems. Signal Private Messenger. https://signal.org/.Google Scholar
- Psiphon. Psiphon. https://psiphon.ca.Google Scholar
- Refraction Routing Site [n.d.]. Refraction Networking: Internet freedom in the network's core. https://refraction.network/.Google Scholar
- Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3.RFC 8446.Google Scholar
- Eric Rescorla, Kazuho Oku, Nick Sullivan, and Christopher A. Wood. 2018. Encrypted Server Name Indication for TLS 1.3. Internet-Draft draft-ietf-tls-esni-02. Internet Engineering Task Force. Work in Progress.Google Scholar
- David Robinson, Harlan Yu, and Anne An. 2013. Collateral freedom: A snapshot of chinese Internet users circumventing censorship. Open Internet Tools Project Report(2013).Google Scholar
- Max Schuchard, John Geddes, Christopher Thompson, and Nicholas Hopper. 2012. Routing around decoys. In 19th ACM Conference on Computer and Communications Security (CCS). 85--96.Google ScholarDigital Library
- Shadowsocks. 2019. Shadowsocks: A secure SOCKS5 proxy.Google Scholar
- Payap Sirinam, Mohsen Imani, Marc Juarez, and Matthew Wright. 2018. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1928--1943.Google ScholarDigital Library
- The Tor Project. obfs4 Specification. https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt.Google Scholar
- Liang Wang, Kevin P Dyer, Aditya Akella, Thomas Ristenpart, and Thomas Shrimpton. 2015. Seeing through network-protocol obfuscation. In 22nd ACM Conference on Computer and Communications Security (CCS). ACM, 57--69.Google ScholarDigital Library
- Qiyan Wang, Xun Gong, Giang T. K. Nguyen, Amir Houmansadr, and Nikita Borisov. 2012. Censor Spoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing. In Computer and Communications Security. ACM.Google Scholar
- Qiyan Wang, Zi Lin, Nikita Borisov, and Nicholas Hopper. 2013. rBridge: User Reputation based Tor Bridge Distribution with Privacy Preservation. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013. The Internet Society.Google Scholar
- Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective attacks and provable defenses for website fingerprinting. In 23rd USENIX Security Symposium. 143--157.Google Scholar
- Tim Wilde. Jan. 7, 2012. Knock knock knockin' on bridges' doors. Tor Blog. https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors.Google Scholar
- Philipp Winter and Stefan Lindskog. 2012. How the Great Firewall of China is Blocking Tor. In 2nd USENIX Workshop on Free and Open Communications on the Internet. USENIX.Google Scholar
- Eric Wustrow, Colleen M. Swanson, and J. Alex Halderman. 2014. Tap Dance: End-to-Middle Anticensorship without Flow Blocking. In 23rd USENIX Security Symposium. 159--174.Google Scholar
- Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman. 2011. Telex: Anti-censorship in the Network Infrastructure. In 20th USENIX Security Symposium.Google Scholar
- ZeroMQ. ZeroMQ Distributed Messaging. http://zeromq.org/.Google Scholar
Index Terms
- Conjure: Summoning Proxies from Unused Address Space
Recommendations
The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityDecoy routing is an emerging approach for censorship circumvention in which circumvention is implemented with help from a number of volunteer Internet autonomous systems, called decoy ASes. Recent studies on decoy routing consider all decoy routing ...
Routing around decoys
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications securityDecoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather ...
Thwarting E-mail Spam Laundering
Laundering e-mail spam through open-proxies or compromised PCs is a widely-used trick to conceal real spam sources and reduce spamming cost in the underground e-mail spam industry. Spammers have plagued the Internet by exploiting a large number of spam ...
Comments