Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory

A core technique used by popular proxy-based circumvention systems like Tor is to privately and selectively distribute the IP addresses of circumvention proxies among censored clients to keep them unknown to the censors. In Tor, for instance, such privately shared proxies are known as bridges. A key challenge to this mechanism is the insider attack problem: censoring agents can impersonate benign censored clients in order to learn (and then block) the privately shared circumvention proxies. To minimize the risks of the insider attack threat, in-thewild circumvention systems like Tor use various proxy assignment mechanisms in order to minimize the risk of proxy enumeration by the censors, while providing access to a large fraction of censored clients. Unfortunately, existing proxy assignment mechanisms (like the one used by Tor) are based on ad hoc heuristics that offer no theoretical guarantees and are easily evaded in practice. In this paper, we take a systematic approach to the problem of proxy distribution in circumvention systems by establishing a gametheoretic framework. We model the proxy assignment problem as a game between circumvention system operators and the censors, and use game theory to derive the optimal strategies of each of the parties. Using our framework, we derive the best (optimal) proxy assignment mechanism of a circumvention system like Tor in the presence of the strongest censorship adversary who takes her best censorship actions. We perform extensive simulations to evaluate our optimal proxy assignment algorithm under various adversarial and network settings. We show that the algorithm has superior performance compared to the state of the art, i.e., provides stronger resistance to censorship even against the strongest censorship adversary. Our study establishes a generic framework for optimal proxy assignment that can be applied to various types of circumvention systems and under various threat models. We conclude with lessons and recommendations for the design of proxy-based circumvention systems.

[1]  Hamed Haddadi,et al.  A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients , 2015, Proc. Priv. Enhancing Technol..

[2]  Vitaly Shmatikov,et al.  CovertCast: Using Live Streaming to Evade Internet Censorship , 2016, Proc. Priv. Enhancing Technol..

[3]  Nikita Borisov,et al.  Cirripede: circumvention infrastructure using router redirection with plausible deniability , 2011, CCS '11.

[4]  Thomas Ristenpart,et al.  Protocol misidentification made easy with format-transforming encryption , 2013, CCS.

[5]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[6]  Ian Goldberg,et al.  A Framework for the Game-theoretic Analysis of Censorship Resistance , 2016, Proc. Priv. Enhancing Technol..

[7]  Nikita Borisov,et al.  SWEET: Serving the Web by Exploiting Email Tunnels , 2012, IEEE/ACM Transactions on Networking.

[8]  Jinyang Li,et al.  Pass it on: social networks stymie censors , 2008, IPTPS.

[9]  Ian Goldberg,et al.  BridgeSPA: improving Tor bridges with single packet authorization , 2011, WPES.

[10]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[11]  Amir Houmansadr,et al.  Practical Censorship Evasion Leveraging Content Delivery Networks , 2016, CCS.

[12]  Alvin E. Roth Deferred acceptance algorithms: history, theory, practice, and open questions , 2008, Int. J. Game Theory.

[13]  Nikita Borisov,et al.  I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention , 2013, NDSS.

[14]  Ian Goldberg,et al.  SkypeMorph: protocol obfuscation for Tor bridges , 2012, CCS.

[15]  Mung Chiang,et al.  A Taxonomy of Censors and Anti-Censors Part II: Anti-Censorship Technologies , 2012, Int. J. E Politics.

[16]  Damon McCoy,et al.  Proximax : A Measurement Based System for Proxies Dissemination , 2010 .

[17]  Vern Paxson,et al.  SoK: Towards Grounding Censorship Circumvention in Empiricism , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[18]  Vitaly Shmatikov,et al.  The Parrot Is Dead: Observing Unobservable Network Communications , 2013, 2013 IEEE Symposium on Security and Privacy.

[19]  Vitaly Shmatikov,et al.  CloudTransport: Using Cloud Storage for Censorship-Resistant Networking , 2014, Privacy Enhancing Technologies.

[20]  Yasushi Shinjo,et al.  VPN Gate: A Volunteer-Organized Public VPN Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls , 2014, NSDI.

[21]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[22]  Ian Goldberg,et al.  Telex: Anticensorship in the Network Infrastructure , 2011, USENIX Security Symposium.

[23]  Stefan Lindskog,et al.  How the Great Firewall of China is Blocking Tor , 2012, FOCI.

[24]  Nikita Borisov,et al.  rBridge: User Reputation based Tor Bridge Distribution with Privacy Preservation , 2013, NDSS.

[25]  L. S. Shapley,et al.  College Admissions and the Stability of Marriage , 2013, Am. Math. Mon..

[26]  W. Timothy Strayer,et al.  Decoy Routing: Toward Unblockable Internet Communication , 2011, FOCI.

[27]  Milad Nasr,et al.  GAME OF DECOYS: Optimal Decoy Routing Through Game Theory , 2016, CCS.

[28]  Nicholas Hopper,et al.  Cover your ACKs: pitfalls of covert channel censorship circumvention , 2013, CCS.

[29]  Parag A. Pathak,et al.  The Boston Public School Match , 2005 .

[30]  Milad Nasr,et al.  The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks , 2017, CCS.

[31]  R. Dingledine,et al.  Design of a blocking-resistant anonymity system , 2006 .

[32]  Nick Feamster,et al.  Thwarting Web Censorship with Untrusted Messenger Discovery , 2003, Privacy Enhancing Technologies.

[33]  Mohammad Mahdian Fighting censorship with algorithms , 2011, XRDS.

[34]  Amir Houmansadr,et al.  CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content , 2015, CCS.