Unblocking the Internet : Social networks foil censors

Many countries and administrative domains exploit control over their communication infrastructure to censor online content. This paper presents the design, implementation and evaluation of Kaleidoscope, a peer-to-peer system of relays that enables users within a censored domain to access blocked content. The main challenge facing Kaleidoscope is to resist the censor’s efforts to block the circumvention system itself. Kaleidoscope achieves blocking-resilience using restricted service discovery that allows each user to discover a small set of unblocked relays while only exposing a small fraction of relays to the censor. To restrict service discovery, Kaleidoscope leverages a trust network where links reflects real-world social relationships among users and uses a limited advertisement protocol based on random routes to disseminate relay addresses along the trust network; the number of nodes reached by a relay advertisement should ideally be inversely proportional to the maximum fraction of infiltration and is independent of the network size. To increase service availability in large networks with few exit relay nodes, Kaleidoscope forwards the actual data traffic across multiple relay hops without risking exposure of exit relays. Using detailed analysis and simulations, we show that Kaleidoscope provides > 90% service availability even under substantial infiltration (close to 0.5% of edges) and when only 30% of the relay nodes are online. We have implemented and deployed our system on a small scale serving over 100,000 requests to 40 censored users (relatively small user base to realize Kaleidoscope’s anti-blocking guarantees) spread across different countries and administrative domains over a 6-month period.

[1]  Dan Wing,et al.  Session Traversal Utilities for NAT (STUN) , 2020, RFC.

[2]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2008, TNET.

[3]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[4]  Krishna P. Gummadi,et al.  Ostra: Leveraging Trust to Thwart Unwanted Communication , 2008, NSDI.

[5]  Jedidiah R. Crandall,et al.  ConceptDoppler: a weather tracker for internet censorship , 2007, CCS '07.

[6]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[7]  Arati Baliga,et al.  A Web Based Covert File System , 2007, HotOS.

[8]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[9]  Robert N. M. Watson,et al.  Ignoring the Great Firewall of China , 2006, Privacy Enhancing Technologies.

[10]  David Mazières,et al.  RE: Reliable Email , 2006, NSDI.

[11]  K. Kaski,et al.  A Model For Social Networks , 2006, physics/0601114.

[12]  R. Dingledine,et al.  Design of a blocking-resistant anonymity system , 2006 .

[13]  Alice Cheng,et al.  Sybilproof reputation mechanisms , 2005, P2PECON '05.

[14]  Stefan Köpsell,et al.  How to achieve blocking resistance for existing systems enabling anonymous web surfing , 2004, WPES '04.

[15]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[16]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[17]  Nick Feamster,et al.  Thwarting Web Censorship with Untrusted Messenger Discovery , 2003, Privacy Enhancing Technologies.

[18]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[19]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.

[20]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[21]  David Mazières,et al.  Tangler: a censorship-resistant publishing system based on document entanglements , 2001, CCS '01.

[22]  Lorrie Faith Cranor,et al.  Publius: A Robust, Tamper-Evident, Censorship-Resistant, and Source-Anonymous Web Publishing System , 2000, USENIX Security Symposium.

[23]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[24]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[25]  Alexander Aiken,et al.  Attack-Resistant Trust Metrics for Public Key Certification , 1998, USENIX Security Symposium.

[26]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[27]  Bruce S. Davie,et al.  Computer Networks: A Systems Approach , 1996 .

[28]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.