Turbo Tunnel, a good way to design censorship circumvention protocols

This paper advocates for the use of an interior session and reliability layer in censorship circumvention systems—some protocol that provides a reliable stream interface over a possibly unreliable or transient carrier protocol, with sequence numbers, acknowledgements, and retransmission of lost data. The inner session layer enables persistent end-to-end session state that is largely independent of, and survives disruptions in, the outer obfuscation layer by which it is transported. The idea—which I call Turbo Tunnel—is simple, but has many benefits. Decoupling an abstract session from the specific means of censorship circumvention provides more design flexibility, and in some cases may increase blocking resistance and performance. This work motivates the concept by exploring specific problems that a Turbo Tunnel design can solve, describes the essential components of such a design, and reflects on the experience of implementation in the obfs4, meek, and Snowflake circumvention systems, as well as a new DNS over HTTPS tunnel.

[1]  Ian Goldberg,et al.  SkypeMorph: protocol obfuscation for Tor bridges , 2012, CCS.

[2]  Jason A. Donenfeld WireGuard: Next Generation Kernel Network Tunnel , 2017, NDSS.

[3]  Nicholas Hopper,et al.  Cover your ACKs: pitfalls of covert channel censorship circumvention , 2013, CCS.

[4]  Apostolis Zarras Leveraging Internet Services to Evade Censorship , 2016, ISC.

[5]  Paul E. Hoffman,et al.  DNS Queries over HTTPS (DoH) , 2018, RFC.

[6]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[7]  Ian Goldberg,et al.  The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting , 2013, Privacy Enhancing Technologies.

[8]  Gabi Nakibly,et al.  OSS: Using Online Scanning Services for Censorship Circumvention , 2013, Privacy Enhancing Technologies.

[9]  Vinod Yegneswaran,et al.  StegoTorus: a camouflage proxy for the Tor anonymity system , 2012, CCS.

[10]  Fan Yang,et al.  The QUIC Transport Protocol: Design and Internet-Scale Deployment , 2017, SIGCOMM.

[11]  Mike Bishop,et al.  Hypertext Transfer Protocol Version 3 (HTTP/3) , 2020 .

[12]  Eric Wustrow,et al.  Running Refraction Networking for Real , 2020, Proc. Priv. Enhancing Technol..

[13]  Hari Balakrishnan,et al.  Mosh: An Interactive Remote Shell for Mobile Clients , 2012, USENIX Annual Technical Conference.

[14]  Martin Thomson,et al.  QUIC: A UDP-Based Multiplexed and Secure Transport , 2020, RFC.

[15]  J. Alex Halderman,et al.  Internet Censorship in Iran: A First Look , 2013, FOCI.