Salmon: Robust Proxy Distribution for Censorship Circumvention

Frederick Douglas 1 , Rorshach, Weiyang Pan 1 , und Matthew Caesar 1
  • 1 University of Illinois Urbana-Champaign


Many governments block their citizens’ access to much of the Internet. Simple workarounds are unreliable; censors quickly discover and patch them. Previously proposed robust approaches either have non-trivial obstacles to deployment, or rely on low-performance covert channels that cannot support typical Internet usage such as streaming video. We present Salmon, an incrementally deployable system designed to resist a censor with the resources of the “Great Firewall” of China. Salmon relies on a network of volunteers in uncensored countries to run proxy servers. Although any member of the public can become a user, Salmon protects the bulk of its servers from being discovered and blocked by the censor via an algorithm for quickly identifying malicious users. The algorithm entails identifying some users as especially trustworthy or suspicious, based on their actions. We impede Sybil attacks by requiring either an unobtrusive check of a social network account, or a referral from a trustworthy user.

Falls das inline PDF nicht korrekt dargestellt ist, können Sie das PDF hier herunterladen.

  • [1] What is internet censorship? Amnesty Intl., March 2008.

  • [2] Iran hackers use fake Facebook profiles to spy on US and Britain. The Telegraph, May 2014.

  • [3] Dingledine, R., 2011.

  • [4] Dingledine, R., and Mathewson, N. Design of a blocking-resistant anonymity system.

  • [5] Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (Berkeley, CA, USA, 2004), SSYM’04, USENIX Association.

  • [6] Ellard, D., Jones, C., Manfredi, V., Strayer, W. T., Thapa, B., Van Welie, M., and Jackson, A. Rebound: Decoy routing on asymmetric routes via error messages. In IEEE 40th Conference on Local Computer Networks (LCN) (2015), pp. 91-99.

  • [7] Feamster, N., Balazinska, M., Wang, W., Balakrishnan, H., and Karger, D. Thwarting web censorship with untrusted messenger discovery. In Privacy Enhancing Technologies 2003 (Dresden, Germany, March 2003).

  • [8] Fifield, D., Hardison, N., Ellithorpe, J., Stark, E., Boneh, D., Dingledine, R., and Porras, P. Evading censorship with browser-based proxies. In Privacy Enhancing Technologies (2012), Springer, pp. 239-258.

  • [9] Fifield, D., Lan, C., Hynes, R., Wegmann, P., and Paxson, V. Blocking-resistant communication through domain fronting. Proceedings on Privacy Enhancing Technologies 2015, 2 (2015), 1-19.

  • [10] Geddes, J., Schuchard, M., and Hopper, N. Cover your acks: Pitfalls of covert channel censorship circumvention. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013), pp. 361-372.

  • [11] Houmansadr, A., Nguyen, G. T. K., Caesar, M., and Borisov, N. Cirripede: circumvention infrastructure using router redirection with plausible deniability. In Proceedings of CCS (2011).

  • [12] Houmansadr, A., Riedl, T. J., Borisov, N., and Singer, A. C. IP over Voice-over-IP for censorship circumvention. CoRR abs/1207.2683 (2012).

  • [13] Houmansadr, A., Wong, E. L., and Shmatikov, V. No direction home: The true cost of routing around decoys. In Proceedings of the 2014 Network and Distributed System Security (NDSS) Symposium (2014).

  • [14] Karlin, J., Ellard, D., Jackson, A. W., Jones, C. E., Lauer, G., Mankins, D. P., and Strayer, W. T. Decoy routing: Toward unblockable internet communication.

  • [15] Li, S., Schliep, M., and Hopper, N. Facet: Streaming over videoconferencing for censorship circumvention. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (2014), ACM, pp. 163-172.

  • [16] McCoy, D., Morales, J. A., and Levchenko, K. Proximax: Fighting censorship with an adaptive system for distribution of open proxies. In Proceedings of the International Conference on Financial Cryptography and Data Security (St Lucia, February 2011).

  • [17] Miller, B., Pearce, P., Grier, C., Kreibich, C., and Paxson, V. What’s clicking what? techniques and innovations of today’s clickbots. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2011, pp. 164-183.

  • [18] Mohajeri Moghaddam, H., Li, B., Derakhshani, M., and Goldberg, I. Skypemorph: Protocol obfuscation for tor bridges. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 97-108.

  • [19] Nobori, D., and Shinjo, Y. VPN Gate: A volunteerorganized public VPN relay system with blocking resistance for bypassing government censorship firewalls. In Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14) (Seattle, WA, 2014), USENIX, pp. 229-241.

  • [20] Schuchard, M., Geddes, J., Thompson, C., and Hopper, N. Routing around decoys. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 85-96.

  • [21] Wang, Q., Gong, X., Nguyen, G. T., Houmansadr, A., and Borisov, N. Censorspoofer: asymmetric communication using ip spoofing for censorship-resistant web browsing. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 121-132.

  • [22] Wang, Q., Lin, Z., Borisov, N., and Hopper, N. rBridge: User reputation based tor bridge distribution with privacy preservation. In NDSS (2013).

  • [23] Weinberg, Z., Wang, J., Yegneswaran, V., Briesemeister, L., Cheung, S., Wang, F., and Boneh, D. Stegotorus: a camouflage proxy for the tor anonymity system. In Proceedings of the 2012 ACM conference on computer and communications security (2012), pp. 109-120.

  • [24] Wustrow, E., Swanson, C. M., and Halderman, J. A. Tapdance: End-to-middle anticensorship without flow blocking. In 23rd USENIX Security Symposium (USENIX Security 14) (2014), pp. 159-174.

  • [25] Wustrow, E., Wolchok, S., Goldberg, I., and Halderman, J. A. Telex: Anticensorship in the network infrastructure. In Proceedings of the 20th USENIX Security Symposium (August 2011).

  • [26] Zhou, W., Houmansadr, A., Caesar, M., and Borisov, N. SWEET: Serving the web by exploiting email tunnels. Privacy Enhancing Technologies Symposium (2013).


Zeitschrift + Hefte