Routing around decoys

Max Schuchard; John Geddes; Christopher Thompson; Nick Hopper

doi:10.1145/2382196.2382209

Routing around decoys

Max Schuchard, John Geddes, Christopher Thompson, Nick Hopper

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

56 Scopus citations

Abstract

Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems. We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.

Original language	English (US)
Title of host publication	CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
Pages	85-96
Number of pages	12
DOIs	https://doi.org/10.1145/2382196.2382209
State	Published - 2012
Event	2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC, United States Duration: Oct 16 2012 → Oct 18 2012

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	2012 ACM Conference on Computer and Communications Security, CCS 2012
Country/Territory	United States
City	Raleigh, NC
Period	10/16/12 → 10/18/12

Keywords

BGP
Censorship
Cirripede
Decoy Routing
Telex

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access

10.1145/2382196.2382209

OpenUrl availability

Full text

Cite this

Schuchard, M, Geddes, J, Thompson, C & Hopper, N 2012, Routing around decoys. in CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, pp. 85-96, 2012 ACM Conference on Computer and Communications Security, CCS 2012, Raleigh, NC, United States, 10/16/12. https://doi.org/10.1145/2382196.2382209

@inproceedings{c3562e612b7d45fd8fb757e9bc6f9988,

title = "Routing around decoys",

abstract = "Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems. We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.",

keywords = "BGP, Censorship, Cirripede, Decoy Routing, Telex",

author = "Max Schuchard and John Geddes and Christopher Thompson and Nick Hopper",

year = "2012",

doi = "10.1145/2382196.2382209",

language = "English (US)",

isbn = "9781450316507",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "85--96",

booktitle = "CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security",

note = "2012 ACM Conference on Computer and Communications Security, CCS 2012 ; Conference date: 16-10-2012 Through 18-10-2012",

}

TY - GEN

T1 - Routing around decoys

AU - Schuchard, Max

AU - Geddes, John

AU - Thompson, Christopher

AU - Hopper, Nick

PY - 2012

Y1 - 2012

N2 - Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems. We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.

AB - Decoy Routing is a new approach to Internet censorship circumvention that was recently and independently proposed at FOCI'11, USENIX Security'11 and CCS'11. Decoy routing aims to hamper nation-state level Internet censorship by having routers, rather than end hosts, relay traffic to blocked destinations. We analyze the security of these schemes against a routing capable adversary, a censoring authority that is willing to make routing decisions in response to decoy routing systems. We explore China, Syria, Iran, and Egypt as routing capable adversaries, and evaluate several attacks that defeat the security goals of existing decoy routing proposals. In particular, we show that a routing capable adversary can enumerate the participating routers implementing these protocols; can successfully avoid sending traffic along routes containing these routers with little or no adverse effects; can identify users of these schemes through active and passive attacks; and in some cases can probabilistically identify connections to targeted destinations.

KW - BGP

KW - Censorship

KW - Cirripede

KW - Decoy Routing

KW - Telex

UR - http://www.scopus.com/inward/record.url?scp=84869416653&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869416653&partnerID=8YFLogxK

U2 - 10.1145/2382196.2382209

DO - 10.1145/2382196.2382209

M3 - Conference contribution

AN - SCOPUS:84869416653

SN - 9781450316507

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 85

EP - 96

BT - CCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security

T2 - 2012 ACM Conference on Computer and Communications Security, CCS 2012

Y2 - 16 October 2012 through 18 October 2012

ER -

Routing around decoys

Abstract

Publication series

Other

Keywords

UN SDGs

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this