1. bookVolume 2016 (2016): Issue 4 (October 2016)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Salmon: Robust Proxy Distribution for Censorship Circumvention

Published Online: 14 Jul 2016
Page range: 4 - 20
Received: 29 Feb 2016
Accepted: 02 Jun 2016
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English

Many governments block their citizens’ access to much of the Internet. Simple workarounds are unreliable; censors quickly discover and patch them. Previously proposed robust approaches either have non-trivial obstacles to deployment, or rely on low-performance covert channels that cannot support typical Internet usage such as streaming video. We present Salmon, an incrementally deployable system designed to resist a censor with the resources of the “Great Firewall” of China. Salmon relies on a network of volunteers in uncensored countries to run proxy servers. Although any member of the public can become a user, Salmon protects the bulk of its servers from being discovered and blocked by the censor via an algorithm for quickly identifying malicious users. The algorithm entails identifying some users as especially trustworthy or suspicious, based on their actions. We impede Sybil attacks by requiring either an unobtrusive check of a social network account, or a referral from a trustworthy user.

Keywords

[1] What is internet censorship? Amnesty Intl., March 2008.Search in Google Scholar

[2] Iran hackers use fake Facebook profiles to spy on US and Britain. The Telegraph, May 2014.Search in Google Scholar

[3] Dingledine, R. https://blog.torproject.org/blog/researchproblems-ten-ways-discover-tor-bridges, 2011.Search in Google Scholar

[4] Dingledine, R., and Mathewson, N. Design of a blocking-resistant anonymity system.Search in Google Scholar

[5] Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (Berkeley, CA, USA, 2004), SSYM’04, USENIX Association.Search in Google Scholar

[6] Ellard, D., Jones, C., Manfredi, V., Strayer, W. T., Thapa, B., Van Welie, M., and Jackson, A. Rebound: Decoy routing on asymmetric routes via error messages. In IEEE 40th Conference on Local Computer Networks (LCN) (2015), pp. 91-99.Search in Google Scholar

[7] Feamster, N., Balazinska, M., Wang, W., Balakrishnan, H., and Karger, D. Thwarting web censorship with untrusted messenger discovery. In Privacy Enhancing Technologies 2003 (Dresden, Germany, March 2003).Search in Google Scholar

[8] Fifield, D., Hardison, N., Ellithorpe, J., Stark, E., Boneh, D., Dingledine, R., and Porras, P. Evading censorship with browser-based proxies. In Privacy Enhancing Technologies (2012), Springer, pp. 239-258.Search in Google Scholar

[9] Fifield, D., Lan, C., Hynes, R., Wegmann, P., and Paxson, V. Blocking-resistant communication through domain fronting. Proceedings on Privacy Enhancing Technologies 2015, 2 (2015), 1-19.Search in Google Scholar

[10] Geddes, J., Schuchard, M., and Hopper, N. Cover your acks: Pitfalls of covert channel censorship circumvention. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013), pp. 361-372.Search in Google Scholar

[11] Houmansadr, A., Nguyen, G. T. K., Caesar, M., and Borisov, N. Cirripede: circumvention infrastructure using router redirection with plausible deniability. In Proceedings of CCS (2011).Search in Google Scholar

[12] Houmansadr, A., Riedl, T. J., Borisov, N., and Singer, A. C. IP over Voice-over-IP for censorship circumvention. CoRR abs/1207.2683 (2012).Search in Google Scholar

[13] Houmansadr, A., Wong, E. L., and Shmatikov, V. No direction home: The true cost of routing around decoys. In Proceedings of the 2014 Network and Distributed System Security (NDSS) Symposium (2014).Search in Google Scholar

[14] Karlin, J., Ellard, D., Jackson, A. W., Jones, C. E., Lauer, G., Mankins, D. P., and Strayer, W. T. Decoy routing: Toward unblockable internet communication.Search in Google Scholar

[15] Li, S., Schliep, M., and Hopper, N. Facet: Streaming over videoconferencing for censorship circumvention. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (2014), ACM, pp. 163-172.Search in Google Scholar

[16] McCoy, D., Morales, J. A., and Levchenko, K. Proximax: Fighting censorship with an adaptive system for distribution of open proxies. In Proceedings of the International Conference on Financial Cryptography and Data Security (St Lucia, February 2011).Search in Google Scholar

[17] Miller, B., Pearce, P., Grier, C., Kreibich, C., and Paxson, V. What’s clicking what? techniques and innovations of today’s clickbots. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2011, pp. 164-183.Search in Google Scholar

[18] Mohajeri Moghaddam, H., Li, B., Derakhshani, M., and Goldberg, I. Skypemorph: Protocol obfuscation for tor bridges. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 97-108.Search in Google Scholar

[19] Nobori, D., and Shinjo, Y. VPN Gate: A volunteerorganized public VPN relay system with blocking resistance for bypassing government censorship firewalls. In Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14) (Seattle, WA, 2014), USENIX, pp. 229-241.Search in Google Scholar

[20] Schuchard, M., Geddes, J., Thompson, C., and Hopper, N. Routing around decoys. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 85-96.Search in Google Scholar

[21] Wang, Q., Gong, X., Nguyen, G. T., Houmansadr, A., and Borisov, N. Censorspoofer: asymmetric communication using ip spoofing for censorship-resistant web browsing. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 121-132.Search in Google Scholar

[22] Wang, Q., Lin, Z., Borisov, N., and Hopper, N. rBridge: User reputation based tor bridge distribution with privacy preservation. In NDSS (2013).Search in Google Scholar

[23] Weinberg, Z., Wang, J., Yegneswaran, V., Briesemeister, L., Cheung, S., Wang, F., and Boneh, D. Stegotorus: a camouflage proxy for the tor anonymity system. In Proceedings of the 2012 ACM conference on computer and communications security (2012), pp. 109-120.Search in Google Scholar

[24] Wustrow, E., Swanson, C. M., and Halderman, J. A. Tapdance: End-to-middle anticensorship without flow blocking. In 23rd USENIX Security Symposium (USENIX Security 14) (2014), pp. 159-174.Search in Google Scholar

[25] Wustrow, E., Wolchok, S., Goldberg, I., and Halderman, J. A. Telex: Anticensorship in the network infrastructure. In Proceedings of the 20th USENIX Security Symposium (August 2011).Search in Google Scholar

[26] Zhou, W., Houmansadr, A., Caesar, M., and Borisov, N. SWEET: Serving the web by exploiting email tunnels. Privacy Enhancing Technologies Symposium (2013).Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo