Routing around decoys

Max Schuchard, John Geddes, Christopher Thompson, Nick Hopper

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Scopus citations

Abstract

Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems. We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.

Original languageEnglish (US)
Title of host publicationCCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
Pages85-96
Number of pages12
DOIs
StatePublished - Nov 26 2012
Event2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC, United States
Duration: Oct 16 2012Oct 18 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2012 ACM Conference on Computer and Communications Security, CCS 2012
Country/TerritoryUnited States
CityRaleigh, NC
Period10/16/1210/18/12

Keywords

  • BGP
  • Censorship
  • Cirripede
  • Decoy Routing
  • Telex

Fingerprint

Dive into the research topics of 'Routing around decoys'. Together they form a unique fingerprint.

Cite this