Max Schuchard
Christopher Thompson
ABSTRACT
Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems.
We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.
- Knock Knock Knockin' on Bridges' Doors. https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors.Google Scholar
- CAIDA AS relationship dataset. http://www.caida.org/data/active/as-relationships/index.xml.Google Scholar
- JAP: The JAP anonymity & privacy homepage. http://www.anon-online.de.Google Scholar
- New blocking activity from iran, Sep, 14, 2011. https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix.Google Scholar
- A. Back, U. Möller, and A. Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. In Proceedings of the 4th International Workshop on Information Hiding, IHW '01, pages 245--257. Springer-Verlag, 2001. Google ScholarDigital Library
- Berkman Center for Internet & Society. Mapping local internet control. http://cyber.law.harvard.edu/netmaps/geo_map_home.php.Google Scholar
- U. I. Corporation. Ultrasurf - proxy-based internet privacy and security tools. http://ultrasurf.us.Google Scholar
- T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Aug. 2008. Updated by RFCs 5746, 5878, 6176.Google Scholar
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th conference on USENIX Security Symposium, pages 21--21. USENIX Association, 2004. Google ScholarDigital Library
- K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, May 2012. Google ScholarDigital Library
- M. Edman and P. Syverson. As-awareness in tor path selection. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09. ACM, 2009. Google ScholarDigital Library
- N. Feamster and R. Dingledine. Location diversity in anonymity networks. In Proceedings of the 2004 ACM workshop on Privacy in the electronic society, WPES '04, 2004. Google ScholarDigital Library
- L. Gao and J. Rexford. Stable internet routing without global coordination. IEEE/ACM Transactions on Networking (TON), 9(6):681--692, 2001. Google ScholarDigital Library
- Y. He, M. Faloutsos, and S. Krishnamurthy. Quantifying routing asymmetry in the internet at the as level. In Global Telecommunications Conference, 2004, volume 3 of GLOBECOM '04, pages 1474--1479. IEEE, 2004.Google ScholarCross Ref
- D. Herrmann, R. Wendolsky, and H. Federrath. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naive-bayes classifier. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW '09), pages 31--42, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- A. Hintz. Fingerprinting websites using traffic analysis. In R. Dingledine and P. Syverson, editors, Proceedings of Privacy Enhancing Technologies workshop (PET 2002). Springer-Verlag, LNCS 2482, April 2002. Google ScholarDigital Library
- N. Hopper, E. Y. Vasserman, and E. Chan-tin. How much anonymity does network latency leak. In Proceedings of the 14th ACM conference on Computer and communications security, CCS '07, 2007. Google ScholarDigital Library
- A. Houmansadr, G. T. Nguyen, M. Caesar, and N. Borisov. Cirripede: circumvention infrastructure using router redirection with plausible deniability. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), 2011. Google ScholarDigital Library
- J. Karlin, D. Ellard, A. W. Jackson, C. E. Jones, G. Lauer, D. P. Mankins, and W. T. Strayer. Decoy routing: Toward unblockable internet communication. In Proceedings of the USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2011.Google Scholar
- Z. Mao, L. Qiu, J. Wang, and Y. Zhang. On as-level path inference. In ACM SIGMETRICS Performance Evaluation Review, volume 33, pages 339--349. ACM, 2005. Google ScholarDigital Library
- S. J. Murdoch and P. Zielinski. Sampled traffic analysis by internet-exchange-level adversaries. In Proceedings of the 7th international conference on Privacy enhancing technologies, PET'07, 2007. Google ScholarDigital Library
- A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, WPES '11. ACM, 2011. Google ScholarDigital Library
- J. Postel. Transmission Control Protocol. RFC 793 (Standard), Sept. 1981. Updated by RFCs 1122, 3168, 6093, 6528.Google Scholar
- J. Qiu and L. Gao. As path inference by exploiting known as paths. In IEEE GLOBECOM, 2006.Google Scholar
- Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4). RFC 4271 (Draft Standard), Jan. 2006. Updated by RFC 6286.Google Scholar
- E. Rosen and Y. Rekhter. BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4364 (Proposed Standard), Feb. 2006. Updated by RFCs 4577, 4684, 5462.Google Scholar
- E. Wustrow, S. Wolchok, I. Goldberg, and J. A. Halderman. Telex: anticensorship in the network infrastructure. In Proceedings of the 20th USENIX Conference on Security (SEC), 2011. Google ScholarDigital Library
Index Terms
- Routing around decoys
Recommendations
GAME OF DECOYS: Optimal Decoy Routing Through Game Theory
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityDecoy routing is a promising new approach for censorship circumvention that relies on traffic re-direction by volunteer autonomous systems. Decoy routing is subject to a fundamental censorship attack, called routing around decoy (RAD), in which the ...
The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityDecoy routing is an emerging approach for censorship circumvention in which circumvention is implemented with help from a number of volunteer Internet autonomous systems, called decoy ASes. Recent studies on decoy routing consider all decoy routing ...
Dynamics of hot-potato routing in IP networks
Despite the architectural separation between intradomain and interdomain routing in the Internet, intradomain protocols do influence the path-selection process in the Border Gateway Protocol (BGP). When choosing between multiple equally-good BGP routes, ...
Comments