Routing around decoys

  • Authors:
  • Max Schuchard;John Geddes;Christopher Thompson;Nicholas Hopper

  • Affiliations:
  • University of Minnesota, Minneapolis, MN, USA;University of Minnesota, Minneapolis, MN, USA;University of California, Berkeley, CA, USA;University of Minnesota, Minneapolis, MN, USA

  • Venue:
  • Proceedings of the 2012 ACM conference on Computer and communications security
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems. We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.