Abstract
Anonymity systems such as Tor are being blocked by many countries, as they are increasingly being used to circumvent censorship systems. As a response, several pluggable transport (proxy) systems have been developed that obfuscate the first hop of the Tor circuit (i.e., the connection between the Tor client and the bridge node). In this paper, we tackle a common challenge faced by all web-based pluggable transports – the need to perfectly emulate the complexities of a web-browser and web-server. To that end, we propose a new system called the JumpBox that readily integrates with existing pluggable transports and avoids emulation by forwarding the HTTP/HTTPS requests through a real browser and webserver. We evaluate our system using multiple pluggable transports and demonstrate that it imposes minimal additional overhead.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
While Chrome provides limited certificate-pinning ability for selected Google properties, it is insufficient for our needs as it does not extend to all sites and also does not have the innocuous request generation capability described below.
References
XMLHttpRequest. W3C Working Draft 6 (2012)
ECMAScript (2014). https://www.ecmascript.org
Burnett, S., Feamster, N., Vempala, S.: Chipping away at censorship firewalls with user-generated content. In: Proceedings of the 19th USENIX Security Symposium, pp. 453–468 (2010)
Clayton, R.C., Murdoch, S.J., Watson, R.N.M.: Ignoring the great firewall of China. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 20–35. Springer, Heidelberg (2006)
Dingledine, R.: Iran blocks Tor. Tor releases same-day fix, Tor Project official blog (2011)
Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Protocol misidentification made easy with format-transforming encryption. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, CCS 2013 (2013)
Feamster, N., Balazinska, M., Harfst, G., Balakrishnan, H., Karger, D.: Infranet: circumventing web censorship and surveillance. In: Proceedings of the 11th USENIX Security Symposium, pp. 247–262 (2002)
Fifield, D.: Meek: A simple HTTP transport. Tor Wiki (2014)
Fifield, D., Hardison, N., Ellithorpe, J., Stark, E., Boneh, D., Dingledine, R., Porras, P.: Evading censorship with browser-based proxies. In: Fischer-Hübner, S., Wright, M. (eds.) PETS 2012. LNCS, vol. 7384, pp. 239–258. Springer, Heidelberg (2012)
Houmansadr, A., Brubaker, C., Shmatikov, V.: The parrot is dead: observing unobservable network communications. In: The \(34^{th}\) IEEE Symposium on Security and Privacy, Oakland (2013)
Houmansadr, A., Nguyen, G.T., Caesar, M., Borisov, N.: Cirripede: circumvention infrastructure using router redirection with plausible deniability. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 187–200 (2011)
Houmansadr, A., Riedl, T.J., Borisov, N., Singer, A.C.: Ip over Voice-over-IP for censorship circumvention (2013)
Kadianakis, G., Mathewson, N.: Obfsproxy (2012)
Karlin, J., Ellard, D., Jackson, A., Jones, C.E., Lauer, G., Makins, D.P., Strayer, W.T.: Decoy routing: toward unblockable Internet communication. In: USENIX Workshop on Free and Open Communications on the Internet (2011)
Lincoln, P., Mason, I., Porras, P., Yegneswaran, V., Weinberg, Z., Massar, J., Simpson, W.A., Vixie, P., Boneh, D.: Bootstrapping communications into an anti-censorship system. In: 2nd USENIX Workshop on Free and Open Communications on the Internet (2012)
Mashable: The Heartbleed Hit List: The Passwords You Need to Change Right Now
Mathewson, N.: Tor and circumvention: lessons learned. Invited talk at the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2011)
Moghaddam, H.M., Li, B., Derakhshani, M., Goldberg, I.: Skypemorph: protocol obfuscation for tor bridges. In: ACM Conference on Computer and Communications Security (2012)
Price, M., Enayat, M., et al.: Persian cyberspace report: Internet blackouts across Iran. Iran Media Program News Bulletin (2012)
Weinberg, Z., Wang, J., Yegneswaran, V., Briesemeister, L., Cheung, S., Wang, F., Boneh, D.: Stegotorus: a camouflage proxy for the tor anonymity system. In: Proceedings of the ACM Conference on Computer and Communications Security (2012)
Wilde, T.: Knock Knock Knockin’ on Bridges’ Doors. Tor Project official blog (2012)
Wiley, B.: Dust: A Blocking-Resistant Internet Transport Protocol (2010)
Winter, P., Pulls, T., Fuss, J.: Scramblesuit: a polymorphic network protocol to circumvent censorship. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES 2013 (2013)
Wustrow, E., Wolchok, S., Goldberg, I., Halderman, J.A.: Telex: anticensorship in the network infrastructure. In: Proceedings of the 20th USENIX Security Symposium, pp. 459–473 (2011)
Acknowledgements
We acknowledge Drew Dean, Roger Dingledine, Mike Lynn, Dodge Mumford, Paul Vixie and Michael Walker for various discussions that led to the design and improvement of the JumpBox system. This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) and Space and Naval Warfare Systems Center Pacific under Contract No. N66001-11-C-4022. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Defense Advanced Research Project Agency or Space and Naval Warfare Systems Center Pacific. Distribution Statement A: Approved for Public Release, Distribution Unlimited.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Massar, J., Mason, I., Briesemeister, L., Yegneswaran, V. (2015). JumpBox – A Seamless Browser Proxy for Tor Pluggable Transports. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 152. Springer, Cham. https://doi.org/10.1007/978-3-319-23829-6_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-23829-6_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23828-9
Online ISBN: 978-3-319-23829-6
eBook Packages: Computer ScienceComputer Science (R0)