TY - GEN
T1 - Routing around decoys
AU - Schuchard, Max
AU - Geddes, John
AU - Thompson, Christopher
AU - Hopper, Nick
PY - 2012
Y1 - 2012
N2 - Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems. We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.
AB - Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems. We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.
KW - BGP
KW - Censorship
KW - Cirripede
KW - Decoy Routing
KW - Telex
UR - http://www.scopus.com/inward/record.url?scp=84869416653&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84869416653&partnerID=8YFLogxK
U2 - 10.1145/2382196.2382209
DO - 10.1145/2382196.2382209
M3 - Conference contribution
AN - SCOPUS:84869416653
SN - 9781450316507
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 85
EP - 96
BT - CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
T2 - 2012 ACM Conference on Computer and Communications Security, CCS 2012
Y2 - 16 October 2012 through 18 October 2012
ER -