Skip to main content

The Efficacy and Real-Time Performance of Refraction Networking

  • Reference work entry
  • First Online:
Handbook of Real-Time Computing

Abstract

As the global number of internet users grows it becomes an increasingly important medium for communication and the dissemination of information. This has led to a corresponding rise in internet censorship. Most current censorship circumvention methods relay traffic via a host which is susceptible to address-based blocking. Refraction networking seeks to overcome this problem through stations that intercept traffic at the network level. This chapter evaluates current approaches to refraction networking, classifies them according to their architecture, and presents a comparison of their security properties. It finds there are still barriers to wider scale adoption, including performance issues that may impact real-time communication. The analysis shows that more research is needed to determine the viability of refraction networking in a production environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  • S. Belguith, N. Kaaniche, M. Hammoudeh, T. Dargahi, Proud: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications. Futur. Gener. Comput. Syst. 111, 899–918 (2020)

    Article  Google Scholar 

  • B. Birtel, C. Rossow, Slitheen++: stealth TLS-based decoy routing, in Free and Open Communications on the Internet, (USENIX, 2020). https://www.usenix.org/system/files/foci20-paper-birtel_0.pdf

    Google Scholar 

  • C. Bocovich, I. Goldberg, Slitheen: perfectly imitated decoy routing through traffic replacement, in Computer and Communications Security, (ACM, 2016). https://www.cypherpunks.ca/̃iang/pubs/slitheen-ccs16.pdf

    Google Scholar 

  • C. Bocovich, I. Goldberg, Secure asymmetry and deployability for decoy routing systems. Priv. Enhancing Technol. 3, 43–62 (2018). https://www.petsymposium.org/2018/files/papers/issue3/popets-2018-0020.pdf

    Article  Google Scholar 

  • J. Cesareo, J. Karlin, J. Rexford, M. Schapira, Optimizing the placement of implicit proxies. Technical report, Deptment of Computer Science, Princeton University (2012). http://www.cs.princeton.edu/̃jrex/papers/decoy-routing.pdf

    Google Scholar 

  • D. Ellard, A. Jackson, C. Jones, V.U. Manfredi, T. Strayer, B. Thapa, M.V. Welie, Rebound: decoy routing on asymmetric routes via error messages, in Local Computer Networks, (IEEE, 2015). https://www.victoriamanfredi.com/publications/lcn15.pdf

    Google Scholar 

  • R. Ensafi, D. Fifield, P. Winter, N. Feamster, N. Weaver, V. Paxson, Examining how the great firewall discovers hidden circumvention servers, in Proceedings of the 2015 Internet Measurement Conference, Association for Computing Machinery, New York, NY, USA, IMC ‘15, (2015), pp. 445–458. https://doi.org/10.1145/2815675.2815690

    Chapter  Google Scholar 

  • S. Frolov, F. Douglas, W. Scott, A. McDonald, B. VanderSloot, R. Hynes, A. Kruger, M. Kallitsis, D.G. Robinson, S. Schultze, N. Borisov, J.A. Halderman, E. Wustrow, An ISP-scale deployment of TapDance, in Free and Open Communications on the Internet, (USENIX, 2017). https://www.usenix.org/system/files/conference/foci17/foci17-paper-frolov_0.pdf

    Google Scholar 

  • S. Frolov, J. Wampler, S.C. Tan, J.A. Halderman, N. Borisov, E. Wustrow, Conjure: summoning proxies from unused address space, in Computer and Communications Security, (ACM, 2019). https://jhalderm.com/pub/papers/conjure-ccs19.pdf

    Google Scholar 

  • I. Ghafir, V. Prenosil, M. Hammoudeh, L. Han, U. Raza, Malicious SSL certificate detection: a step towards advanced persistent threat defence, in Proceedings of the International Conference on Future Networks and Distributed Systems, (2017)

    Google Scholar 

  • I. Ghafir, V. Prenosil, M. Hammoudeh, T. Baker, S. Jabbar, S. Khalid, S. Jaf, Botdet: a system for real time botnet command and control traffic detection. IEEE Access 6, 38947–38958 (2018)

    Article  Google Scholar 

  • A. Houmansadr, G.T.K. Nguyen, M. Caesar, N. Borisov, Cirripede: circumvention infrastructure using router redirection with plausible deniability, in Computer and Communications Security, (ACM, 2011), pp. 187–200. https://hatswitch.org/~nikita/papers/cirripede-ccs11.pdf

    Google Scholar 

  • A. Houmansadr, E.L. Wong, V. Shmatikov, No direction home: the true cost of routing around decoys, in Proceedings of the Network and Distributed Security Symposium – NDSS ‘14, Internet Society, (2014)

    Google Scholar 

  • F. House, Freedom on the net 2020: the pandemic’s digital shadow (2020). https://freedomhouse.org/sites/default/files/2020-10/10122020_FOTN2020_Complete_Report_FINAL.pdf

  • W. John, M. Dusi, K. Claffy, Estimating routing symmetry on single links by passive flow measurements in Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, Association for Computing Machinery, New York, NY, USA, IWCMC ’10, (2010), pp. 473–478. https://doi.org/10.1145/1815396.1815506

  • J. Karlin, D. Ellard, A.W. Jackson, C.E. Jones, G. Lauer, D.P. Mankins, W.T. Strayer, Decoy routing: toward unblockable Internet communication, in Free and Open Communications on the Internet, (USENIX, 2011). https://www.usenix.org/legacy/events/foci11/tech/final_files/Karlin.pdf

    Google Scholar 

  • B. Leidl, Obfuscated openssh (2010). https://github.com/brl/obfuscated-openssh

  • V. Manfredi, P. Songkuntham, MultiFlow: cross-connection decoy routing using TLS 1.3 session resumption, in Free and open communications on the Internet, (USENIX, 2018). https://www.usenix.org/system/files/conference/foci18/foci18-paper-manfredi.pdf

    Google Scholar 

  • M. Nasr, H. Zolfaghari, A. Houmansadr, The waterfall of liberty: decoy routing circumvention that resists routing attacks, in Computer and Communications Security, (ACM, 2017). https://acmccs.github.io/papers/p2037-nasrA.pdf

    Google Scholar 

  • Psiphon, Psiphon: uncensored internet access for windows and mobile (2020). https://psiphon3.com

  • J. Saleem, M. Hammoudeh, Defense methods against social engineering attacks, in Computer and Network Security Essentials, (Springer, 2018), pp. 603–618

    Chapter  Google Scholar 

  • M. Schuchard, J. Geddes, C. Thompson, N. Hopper, Routing around decoys, in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), (2012)

    Google Scholar 

  • P.K. Sharma, D. Gosain, H. Sagar, C. Kumar, A. Dogra, V. Naik, H.B. Acharya, S. Chakravarty, SiegeBreaker: an SDN based practical decoy routing system. Priv. Enhancing Technol. (3), 243–263 (2020). https://petsymposium.org/2020/files/papers/issue3/popets-2020-0051.pdf

  • B. VanderSloot, S. Frolov, J. Wampler, S.C. Tan, I. Simpson, M. Kallitsis, J.A. Halderman, N. Borisov, E. Wustrow, Running refraction networking for real. Proc. Priv. Enhancing Technol. (4), 321–335 (2020a)

    Google Scholar 

  • B. VanderSloot, S. Frolov, J. Wampler, S.C. Tan, I. Simpson, M. Kallitsis, J.A. Halderman, N. Borisov, E. Wustrow, Running refraction networking for real. Priv. Enhancing Technol. (3), 321–335 (2020b). https://petsymposium.org/2020/files/papers/issue4/popets-2020-0073.pdf

  • S. Walker-Roberts, M. Hammoudeh, O. Aldabbas, M. Aydin, A. Dehghantanha, Threats on the horizon: understanding security threats in the era of cyber-physical systems. J. Supercomput. 76(4), 2643–2664 (2020)

    Article  Google Scholar 

  • M. Walshe, G. Epiphaniou, H. Al-Khateeb, M. Hammoudeh, V. Katos, A. Dehghantanha, Non-interactive zero knowledge proofs for the authentication of IoT devices in reduced connectivity environments. Ad Hoc Netw. 95, 101988 (2019)

    Article  Google Scholar 

  • E. Wustrow, S. Wolchok, I. Goldberg, J.A. Halderman, Telex: anticensorship in the network infrastructure, in USENIX Security Symposium, (USENIX, 2011). https://www.usenix.org/event/sec11/tech/full_papers/Wustrow.pdf

    Google Scholar 

  • E. Wustrow, C.M. Swanson, J.A. Halderman, Tapdance: end-to-middle anticensorship without flow blocking, in Proceedings of 23rd USENIX Security Symposium (USENIX Security 14), (USENIX Association, San Diego, 2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Andrew Stephens .

Editor information

Editors and Affiliations

Section Editor information

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Singapore Pte Ltd

About this entry

Check for updates. Verify currency and authenticity via CrossMark

Cite this entry

Stephens, A., Hammoudeh, M. (2022). The Efficacy and Real-Time Performance of Refraction Networking. In: Tian, YC., Levy, D.C. (eds) Handbook of Real-Time Computing. Springer, Singapore. https://doi.org/10.1007/978-981-287-251-7_67

Download citation

Publish with us

Policies and ethics