Salmon: Robust Proxy Distribution for Censorship Circumvention

Abstract Many governments block their citizens’ access to much of the Internet. Simple workarounds are unreliable; censors quickly discover and patch them. Previously proposed robust approaches either have non-trivial obstacles to deployment, or rely on low-performance covert channels that cannot support typical Internet usage such as streaming video. We present Salmon, an incrementally deployable system designed to resist a censor with the resources of the “Great Firewall” of China. Salmon relies on a network of volunteers in uncensored countries to run proxy servers. Although any member of the public can become a user, Salmon protects the bulk of its servers from being discovered and blocked by the censor via an algorithm for quickly identifying malicious users. The algorithm entails identifying some users as especially trustworthy or suspicious, based on their actions. We impede Sybil attacks by requiring either an unobtrusive check of a social network account, or a referral from a trustworthy user.

[1]  Nikita Borisov,et al.  Cirripede: circumvention infrastructure using router redirection with plausible deniability , 2011, CCS '11.

[2]  Vitaly Shmatikov,et al.  No Direction Home: The True Cost of Routing Around Decoys , 2014, NDSS.

[3]  Nicholas Hopper,et al.  Cover your ACKs: pitfalls of covert channel censorship circumvention , 2013, CCS.

[4]  Eric Wustrow,et al.  TapDance: End-to-Middle Anticensorship without Flow Blocking , 2014, USENIX Security Symposium.

[5]  Vern Paxson,et al.  What's Clicking What? Techniques and Innovations of Today's Clickbots , 2011, DIMVA.

[6]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[7]  Nikita Borisov,et al.  IP over Voice-over-IP for censorship circumvention , 2012, ArXiv.

[8]  Nikita Borisov,et al.  rBridge: User Reputation based Tor Bridge Distribution with Privacy Preservation , 2013, NDSS.

[9]  Nick Feamster,et al.  Thwarting Web Censorship with Untrusted Messenger Discovery , 2003, Privacy Enhancing Technologies.

[10]  W. Timothy Strayer,et al.  Decoy Routing: Toward Unblockable Internet Communication , 2011, FOCI.

[11]  Ian Goldberg,et al.  SkypeMorph: protocol obfuscation for Tor bridges , 2012, CCS.

[12]  Dan Boneh,et al.  Evading Censorship with Browser-Based Proxies , 2012, Privacy Enhancing Technologies.

[13]  Nikita Borisov,et al.  SWEET: Serving the Web by Exploiting Email Tunnels , 2012, IEEE/ACM Transactions on Networking.

[14]  Shuai Li,et al.  Facet: Streaming over Videoconferencing for Censorship Circumvention , 2014, WPES.

[15]  Ian Goldberg,et al.  Telex: Anticensorship in the Network Infrastructure , 2011, USENIX Security Symposium.

[16]  Yasushi Shinjo,et al.  VPN Gate: A Volunteer-Organized Public VPN Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls , 2014, NSDI.

[17]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[18]  Nicholas Hopper,et al.  Routing around decoys , 2012, CCS.

[19]  Vinod Yegneswaran,et al.  StegoTorus: a camouflage proxy for the Tor anonymity system , 2012, CCS.

[20]  W. Timothy Strayer,et al.  Rebound: Decoy routing on asymmetric routes via error messages , 2015, 2015 IEEE 40th Conference on Local Computer Networks (LCN).

[21]  Xun Gong,et al.  CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing , 2012, CCS.