Use the red “Join on YouTube” button above to join the livestream. If you cannot see this button, make sure you are logged in (see the upper-right corner of your screen).
Session Chair: Nick Hopper
- Running Refraction Networking for Real
- SiegeBreaker: An SDN Based Practical Decoy Routing System
- MoneyMorph: Censorship Resistant Rendezvous using Permissionless Cryptocurrencies
Benjamin VanderSloot (University of Michigan), Sergey Frolov (University of Colorado Boulder), Jack Wampler (University of Colorado Boulder), Sze Chuen Tan (University of Illinois, Urbana-Champaign), Irv Simpson (Psiphon), Michalis Kallitsis (Merit), J. Alex Halderman (University of Michigan), Nikita Borisov (University of Illinois, Urbana-Champaign), and Eric Wustrow (University of Colorado Boulder)
Summary: Refraction networking is a next-generation censorship circumvention approach that locates proxy functionality in the network itself, at participating ISPs or other network operators. Following years of research and development and a brief pilot, we established the world's first production deployment of a Refraction Networking system. Our deployment uses a high-performance implementation of the TapDance protocol and is enabled as a transport in the popular circumvention app Psiphon. It uses TapDance stations at four physical uplink locations of a mid-sized ISP, Merit Network, with an aggregate bandwidth of 140 Gbps. By the end of 2019, our system was enabled as a transport option in 559,000 installations of Psiphon, and it served upwards of 33,000 unique users per month. This paper reports on our experience building the deployment and operating it for the first year. We describe how we overcame engineering challenges, present detailed performance metrics, and analyze how our system has responded to dynamic censor behavior. Finally, we review lessons learned from operating this unique artifact and discuss prospects for further scaling Refraction Networking to meet the needs of censored users.
Piyush Sharma (IIIT Delhi), Devashish Gosain (IIIT Delhi), Himanshu Sagar (IIIT Delhi), Chaitanya Kumar (IBM research Labs, Singapore), Aneesh Dogra (IIIT Delhi), Vinayak Naik (BITS Pilani, Goa), H.B. Acharya (RIT, New York USA), and Sambuddho Chakravarty (IIIT Delhi)
Summary: Decoy Routing (DR), a promising approach to censorship circumvention, uses routers (rather than end hosts) as proxy servers. Users of censored networks, who wish to use DR, send specially crafted packets, nominally addressed to an uncensored website. Once safely out of the censored network, the packets encounter a special router (the Decoy Router) which identifies them using a secret handshake and proxies them to their true destination (a censored site).
However, DR has implementation problems: it is infeasible to reprogram routers for the complex operations required. Existing DR solutions fall back on using commodity servers as a Decoy Router. But as servers are not efficient at routing, most web applications show poor performance when accessed over DR. A further concern is that the Decoy Router has to inspect all flows in order to identify the ones that need DR. This may itself be a breach of privacy for other users (who neither require DR nor want to be monitored).
In this paper, we present a novel DR system, SiegeBreaker (SB), which solves the aforementioned problems using an SDN-based architecture. Previous proposals involve a single unit that performs all major operations (inspecting all flows, identifying the DR requests, and proxying them). In contrast, SB distributes the tasks for DR among three independent modules. (1) The SDN controller identifies DR requests via a covert, privacy-preserving scheme, and does not need to inspect all flows. (2) The reconfigurable SDN switch intercepts packets and forwards them to a secret proxy efficiently. (3) The secret proxy server proxies the client's traffic to the censored site. Our modular, lightweight design achieves performance comparable to direct TCP downloads, for both in-lab setups, and Internet-based tests involving commercial SDN switches.
Mohsen Minaei (Purdue University), Pedro Moreno-Sanchez (TU Wien), and Aniket Kate (Purdue University)
Summary: Cryptocurrencies play a major role in the global financial ecosystem. Their presence across different geopolitical corridors, including in repressive regimes, has been one of their striking features. In this work, we leverage this feature for bootstrapping Censorship Resistant communication. We conceptualize the notion of stego-bootstrapping scheme and its security in terms of rareness and security against chosencovertext attacks. We present MoneyMorph, a provably secure stego-bootstrapping scheme using cryptocurrencies. MoneyMorph allows a censored user to interact with a decoder entity outside the censored region, through blockchain transactions as rendezvous, to obtain bootstrapping information such as a censorship-resistant proxy and its public key. Unlike the usual bootstrapping approaches (eg, emailing) with heuristic security, if any, MoneyMorph employs public-key steganography over blockchain transactions to ensure provable cryptographic security. We design rendezvous over Bitcoin, Zcash, Monero, and Ethereum, and analyze their effectiveness in terms of available bandwidth and transaction cost. With its highly cryptographic structure, we show that Zcash provides 1148 byte bandwidth per transaction costing less than 0. 01 USD as the fee.