Abstract
As the global number of internet users grows it becomes an increasingly important medium for communication and the dissemination of information. This has led to a corresponding rise in internet censorship. Most current censorship circumvention methods relay traffic via a host which is susceptible to address-based blocking. Refraction networking seeks to overcome this problem through stations that intercept traffic at the network level. This chapter evaluates current approaches to refraction networking, classifies them according to their architecture, and presents a comparison of their security properties. It finds there are still barriers to wider scale adoption, including performance issues that may impact real-time communication. The analysis shows that more research is needed to determine the viability of refraction networking in a production environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
S. Belguith, N. Kaaniche, M. Hammoudeh, T. Dargahi, Proud: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications. Futur. Gener. Comput. Syst. 111, 899–918 (2020)
B. Birtel, C. Rossow, Slitheen++: stealth TLS-based decoy routing, in Free and Open Communications on the Internet, (USENIX, 2020). https://www.usenix.org/system/files/foci20-paper-birtel_0.pdf
C. Bocovich, I. Goldberg, Slitheen: perfectly imitated decoy routing through traffic replacement, in Computer and Communications Security, (ACM, 2016). https://www.cypherpunks.ca/̃iang/pubs/slitheen-ccs16.pdf
C. Bocovich, I. Goldberg, Secure asymmetry and deployability for decoy routing systems. Priv. Enhancing Technol. 3, 43–62 (2018). https://www.petsymposium.org/2018/files/papers/issue3/popets-2018-0020.pdf
J. Cesareo, J. Karlin, J. Rexford, M. Schapira, Optimizing the placement of implicit proxies. Technical report, Deptment of Computer Science, Princeton University (2012). http://www.cs.princeton.edu/̃jrex/papers/decoy-routing.pdf
D. Ellard, A. Jackson, C. Jones, V.U. Manfredi, T. Strayer, B. Thapa, M.V. Welie, Rebound: decoy routing on asymmetric routes via error messages, in Local Computer Networks, (IEEE, 2015). https://www.victoriamanfredi.com/publications/lcn15.pdf
R. Ensafi, D. Fifield, P. Winter, N. Feamster, N. Weaver, V. Paxson, Examining how the great firewall discovers hidden circumvention servers, in Proceedings of the 2015 Internet Measurement Conference, Association for Computing Machinery, New York, NY, USA, IMC ‘15, (2015), pp. 445–458. https://doi.org/10.1145/2815675.2815690
S. Frolov, F. Douglas, W. Scott, A. McDonald, B. VanderSloot, R. Hynes, A. Kruger, M. Kallitsis, D.G. Robinson, S. Schultze, N. Borisov, J.A. Halderman, E. Wustrow, An ISP-scale deployment of TapDance, in Free and Open Communications on the Internet, (USENIX, 2017). https://www.usenix.org/system/files/conference/foci17/foci17-paper-frolov_0.pdf
S. Frolov, J. Wampler, S.C. Tan, J.A. Halderman, N. Borisov, E. Wustrow, Conjure: summoning proxies from unused address space, in Computer and Communications Security, (ACM, 2019). https://jhalderm.com/pub/papers/conjure-ccs19.pdf
I. Ghafir, V. Prenosil, M. Hammoudeh, L. Han, U. Raza, Malicious SSL certificate detection: a step towards advanced persistent threat defence, in Proceedings of the International Conference on Future Networks and Distributed Systems, (2017)
I. Ghafir, V. Prenosil, M. Hammoudeh, T. Baker, S. Jabbar, S. Khalid, S. Jaf, Botdet: a system for real time botnet command and control traffic detection. IEEE Access 6, 38947–38958 (2018)
A. Houmansadr, G.T.K. Nguyen, M. Caesar, N. Borisov, Cirripede: circumvention infrastructure using router redirection with plausible deniability, in Computer and Communications Security, (ACM, 2011), pp. 187–200. https://hatswitch.org/~nikita/papers/cirripede-ccs11.pdf
A. Houmansadr, E.L. Wong, V. Shmatikov, No direction home: the true cost of routing around decoys, in Proceedings of the Network and Distributed Security Symposium – NDSS ‘14, Internet Society, (2014)
F. House, Freedom on the net 2020: the pandemic’s digital shadow (2020). https://freedomhouse.org/sites/default/files/2020-10/10122020_FOTN2020_Complete_Report_FINAL.pdf
W. John, M. Dusi, K. Claffy, Estimating routing symmetry on single links by passive flow measurements in Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, Association for Computing Machinery, New York, NY, USA, IWCMC ’10, (2010), pp. 473–478. https://doi.org/10.1145/1815396.1815506
J. Karlin, D. Ellard, A.W. Jackson, C.E. Jones, G. Lauer, D.P. Mankins, W.T. Strayer, Decoy routing: toward unblockable Internet communication, in Free and Open Communications on the Internet, (USENIX, 2011). https://www.usenix.org/legacy/events/foci11/tech/final_files/Karlin.pdf
B. Leidl, Obfuscated openssh (2010). https://github.com/brl/obfuscated-openssh
V. Manfredi, P. Songkuntham, MultiFlow: cross-connection decoy routing using TLS 1.3 session resumption, in Free and open communications on the Internet, (USENIX, 2018). https://www.usenix.org/system/files/conference/foci18/foci18-paper-manfredi.pdf
M. Nasr, H. Zolfaghari, A. Houmansadr, The waterfall of liberty: decoy routing circumvention that resists routing attacks, in Computer and Communications Security, (ACM, 2017). https://acmccs.github.io/papers/p2037-nasrA.pdf
Psiphon, Psiphon: uncensored internet access for windows and mobile (2020). https://psiphon3.com
J. Saleem, M. Hammoudeh, Defense methods against social engineering attacks, in Computer and Network Security Essentials, (Springer, 2018), pp. 603–618
M. Schuchard, J. Geddes, C. Thompson, N. Hopper, Routing around decoys, in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012), (2012)
P.K. Sharma, D. Gosain, H. Sagar, C. Kumar, A. Dogra, V. Naik, H.B. Acharya, S. Chakravarty, SiegeBreaker: an SDN based practical decoy routing system. Priv. Enhancing Technol. (3), 243–263 (2020). https://petsymposium.org/2020/files/papers/issue3/popets-2020-0051.pdf
B. VanderSloot, S. Frolov, J. Wampler, S.C. Tan, I. Simpson, M. Kallitsis, J.A. Halderman, N. Borisov, E. Wustrow, Running refraction networking for real. Proc. Priv. Enhancing Technol. (4), 321–335 (2020a)
B. VanderSloot, S. Frolov, J. Wampler, S.C. Tan, I. Simpson, M. Kallitsis, J.A. Halderman, N. Borisov, E. Wustrow, Running refraction networking for real. Priv. Enhancing Technol. (3), 321–335 (2020b). https://petsymposium.org/2020/files/papers/issue4/popets-2020-0073.pdf
S. Walker-Roberts, M. Hammoudeh, O. Aldabbas, M. Aydin, A. Dehghantanha, Threats on the horizon: understanding security threats in the era of cyber-physical systems. J. Supercomput. 76(4), 2643–2664 (2020)
M. Walshe, G. Epiphaniou, H. Al-Khateeb, M. Hammoudeh, V. Katos, A. Dehghantanha, Non-interactive zero knowledge proofs for the authentication of IoT devices in reduced connectivity environments. Ad Hoc Netw. 95, 101988 (2019)
E. Wustrow, S. Wolchok, I. Goldberg, J.A. Halderman, Telex: anticensorship in the network infrastructure, in USENIX Security Symposium, (USENIX, 2011). https://www.usenix.org/event/sec11/tech/full_papers/Wustrow.pdf
E. Wustrow, C.M. Swanson, J.A. Halderman, Tapdance: end-to-middle anticensorship without flow blocking, in Proceedings of 23rd USENIX Security Symposium (USENIX Security 14), (USENIX Association, San Diego, 2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Section Editor information
Rights and permissions
Copyright information
© 2022 Springer Nature Singapore Pte Ltd
About this entry
Cite this entry
Stephens, A., Hammoudeh, M. (2022). The Efficacy and Real-Time Performance of Refraction Networking. In: Tian, YC., Levy, D.C. (eds) Handbook of Real-Time Computing. Springer, Singapore. https://doi.org/10.1007/978-981-287-251-7_67
Download citation
DOI: https://doi.org/10.1007/978-981-287-251-7_67
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-287-250-0
Online ISBN: 978-981-287-251-7
eBook Packages: EngineeringReference Module Computer Science and Engineering