The Devil's in The Details: Placing Decoy Routers in the Internet

Decoy Routing, the use of routers (rather than end hosts) as proxies, is a new direction in anti-censorship research. Decoy Routers (DRs), placed in Autonomous Systems, proxy traffic from users; so the adversary, e.g. a censorious government, attempts to avoid them. It is quite difficult to place DRs so the adversary cannot route around them -- for example, we need the cooperation of 850 ASes to contain China alone [1]. In this paper, we consider a different approach. We begin by noting that DRs need not intercept all the network paths from a country, just those leading to Overt Destinations, i.e. unfiltered websites hosted outside the country (usually popular ones, so that client traffic to the OD does not make the censor suspicious). Our first question is -- How many ASes are required for installing DRs to intercept a large fraction of paths from e.g. China to the top-n websites (as per Alexa)? How does this number grow with n ? To our surprise, the same few (≈ 30) ASes intercept over 90% of paths to the top n sites worldwide, for n = 10, 20...200 and also to other destinations. Investigating further, we find that this result fits perfectly with the hierarchical model of the Internet [2]; our first contribution is to demonstrate with real paths that the number of ASes required for a world-wide DR framework is small (≈ 30). Further, censor nations' attempts to filter traffic along the paths transiting these 30 ASes will not only block their own citizens, but others residing in foreign ASes. Our second contribution in this paper is to consider the details of DR placement: not just in which ASes DRs should be placed to intercept traffic, but exactly where in each AS. We find that even with our small number of ASes, we still need a total of about 11, 700 DRs. We conclude that, even though a DR system involves far fewer ASes than previously thought, it is still a major undertaking. For example, the current routers cost over 10.3 billion USD, so if Decoy Routing at line speed requires all-new hardware, the cost alone would make such a project unfeasible for most actors (but not for major nation states).

[1]  W. Timothy Strayer,et al.  Decoy Routing: Toward Unblockable Internet Communication , 2011, FOCI.

[2]  Peter Steenkiste,et al.  Exploiting internet route sharing for large scale available bandwidth estimation , 2005, IMC '05.

[3]  Matthew Wright,et al.  DeNASA: Destination-Naive AS-Awareness in Anonymous Communications , 2016, Proc. Priv. Enhancing Technol..

[4]  Eric Wustrow,et al.  TapDance: End-to-Middle Anticensorship without Flow Blocking , 2014, USENIX Security Symposium.

[5]  Vitaly Shmatikov,et al.  The Parrot Is Dead: Observing Unobservable Network Communications , 2013, 2013 IEEE Symposium on Security and Privacy.

[6]  Arun Venkataramani,et al.  iPlane: an information plane for distributed services , 2006, OSDI '06.

[7]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[8]  W. Timothy Strayer,et al.  Rebound: Decoy routing on asymmetric routes via error messages , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[9]  Milad Nasr,et al.  GAME OF DECOYS: Optimal Decoy Routing Through Game Theory , 2016, CCS.

[10]  Nick McKeown,et al.  Rethinking IP core networks , 2013, IEEE/OSA Journal of Optical Communications and Networking.

[11]  Sambuddho Chakravarty,et al.  Few Throats to Choke: On the Current Structure of the Internet , 2017, 2017 IEEE 42nd Conference on Local Computer Networks (LCN).

[12]  Damien Magoni,et al.  Internet core topology mapping and analysis , 2005, Comput. Commun..

[13]  Lixin Gao,et al.  CAM04-4: AS Path Inference by Exploiting Known AS Paths , 2006, IEEE Globecom 2006.

[14]  Miguel Rio,et al.  Network topologies: inference, modeling, and generation , 2008, IEEE Communications Surveys & Tutorials.

[15]  Ian Goldberg,et al.  Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement , 2016, CCS.

[16]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[17]  Nikita Borisov,et al.  Cirripede: circumvention infrastructure using router redirection with plausible deniability , 2011, CCS '11.

[18]  Mohamed Ali Kâafar,et al.  Digging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network , 2010, 2010 Fourth International Conference on Network and System Security.

[19]  Enrico Gregori,et al.  A Novel Methodology to Address the Internet AS-Level Data Incompleteness , 2015, IEEE/ACM Transactions on Networking.

[20]  Minaxi Gupta,et al.  Inferring Mechanics of Web Censorship Around the World , 2012, FOCI.

[21]  Paul F. Syverson,et al.  As-awareness in Tor path selection , 2009, CCS.

[22]  Enrico Gregori,et al.  Isolario: a Do-ut-des Approach to Improve the Appeal of BGP Route Collecting , 2016, ArXiv.

[23]  Josh Karlin jkarlin Optimizing the Placement of Implicit Proxies , 2012 .

[24]  Ian Goldberg,et al.  SkypeMorph: protocol obfuscation for Tor bridges , 2012, CCS.

[25]  Randy H. Katz,et al.  Characterizing the Internet hierarchy from multiple vantage points , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[26]  Ian Goldberg,et al.  Telex: Anticensorship in the Network Infrastructure , 2011, USENIX Security Symposium.

[27]  Ratul Mahajan,et al.  Measuring ISP topologies with Rocketfuel , 2004, IEEE/ACM Transactions on Networking.

[28]  George Danezis,et al.  Proceedings of the 2012 ACM conference on Computer and communications security , 2012, CCS 2012.

[29]  Neo,et al.  The collateral damage of internet censorship by DNS injection , 2012, Comput. Commun. Rev..

[30]  Vitaly Shmatikov,et al.  No Direction Home: The True Cost of Routing Around Decoys , 2014, NDSS.

[31]  Chiara Orsini,et al.  Evolution of the Internet $k$-Dense Structure , 2013, IEEE/ACM Transactions on Networking.

[32]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[33]  Nicholas Hopper,et al.  Routing around decoys , 2012, CCS.

[34]  H. Jonathan Chao,et al.  High Performance Switches and Routers , 2007 .

[35]  Stefan Lindskog,et al.  How the Great Firewall of China is Blocking Tor , 2012, FOCI.

[36]  Vinod Yegneswaran,et al.  StegoTorus: a camouflage proxy for the Tor anonymity system , 2012, CCS.

[37]  Thomas D. Gautheir Detecting Trends Using Spearman's Rank Correlation Coefficient , 2001 .

[38]  James Won-Ki Hong,et al.  IP network topology discovery using SNMP , 2009, 2009 International Conference on Information Networking.