Running Refraction Networking for Real

Benjamin VanderSloot 1 , Sergey Frolov 2 , Jack Wampler 3 , Sze Chuen Tan 4 , Irv Simpson 5 , Michalis Kallitsis 6 , J. Alex Halderman 7 , Nikita Borisov 8 ,  and Eric Wustrow 9
  • 1 University of Michigan,
  • 2 University of Colorado Boulder,
  • 3 University of Colorado Boulder,
  • 4 University of Illinois, , Urbana-Champaign
  • 5 , Psiphon
  • 6 , Merit Network
  • 7 University of Michigan,
  • 8 University of Illinois, , Urbana-Champaign
  • 9 University of Colorado Boulder,

Abstract

Refraction networking is a next-generation censorship circumvention approach that locates proxy functionality in the network itself, at participating ISPs or other network operators. Following years of research and development and a brief pilot, we established the world’s first production deployment of a Refraction Networking system. Our deployment uses a highperformance implementation of the TapDance protocol and is enabled as a transport in the popular circumvention app Psiphon. It uses TapDance stations at four physical uplink locations of a mid-sized ISP, Merit Network, with an aggregate bandwidth of 140 Gbps. By the end of 2019, our system was enabled as a transport option in 559,000 installations of Psiphon, and it served upwards of 33,000 unique users per month. This paper reports on our experience building the deployment and operating it for the first year. We describe how we overcame engineering challenges, present detailed performance metrics, and analyze how our system has responded to dynamic censor behavior. Finally, we review lessons learned from operating this unique artifact and discuss prospects for further scaling Refraction Networking to meet the needs of censored users.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] D. J. Bernstein, M. Hamburg, A. Krasnova, and T. Lange. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In ACM Conference on Computer and Communications Security (CCS), 2013.

  • [2] C. Bocovich and I. Goldberg. Slitheen: Perfectly imitated decoy routing through traffic replacement. In ACM Conference on Computer and Communications Security (CCS), 2016.

  • [3] C. Bocovich and I. Goldberg. Secure asymmetry and deployability for decoy routing systems. Proceedings on Privacy Enhancing Technologies, 2018(3), 2018.

  • [4] J. Cesareo, J. Karlin, M. Schapira, and J. Rexford. Optimizing the placement of implicit proxies, June 2012. Technical Report, Available: http://www.cs.princeton.edu/~jrex/papers/decoy-routing.pdf.

  • [5] L. Dixon, T. Ristenpart, and T. Shrimpton. Network traffic obfuscation and automated Internet censorship. IEEE Security & Privacy, 14(6):43–53, 2016.

  • [6] Elastic, Co. Elastic stack and product documentation. Available: https://www.elastic.co/guide/index.html.

  • [7] D. Ellard, A. Jackson, C. Jones, V. Manfredi, W. T. Strayer, B. Thapa, and M. V. Welie. Rebound: Decoy routing on asymmetric routes via error messages. In IEEE Conference on Local Computer Networks (LCN), 2015.

  • [8] S. Frolov, F. Douglas, W. Scott, A. McDonald, B. VanderSloot, R. Hynes, A. Kruger, M. Kallitsis, D. Robinson, N. Borisov, J. A. Halderman, and E. Wustrow. An ISP-scale deployment of TapDance. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2017.

  • [9] S. Frolov, J. Wampler, S. C. Tan, J. A. Halderman, N. Borisov, and E. Wustrow. Conjure: Summoning proxies from unused address space. In ACM Conference on Computer and Communications Security (CCS), 2019.

  • [10] D. Gosain, A. Agarwal, S. Chakravarty, and H. B. Acharya. The devil’s in the details: Placing decoy routers in the Internet. In Annual Computer Security Applications Conference (ACSAC), 2017.

  • [11] Grafana Labs. Grafana documentation. Available: https://grafana.com/docs/.

  • [12] P. Hintjens. ZeroMQ: Messaging for Many Applications. O’Reilly, 2013.

  • [13] A. Houmansadr, G. T. K. Nguyen, M. Caesar, and N. Borisov. Cirripede: Circumvention infrastructure using router redirection with plausible deniability. In ACM Conference on Computer and Communications Security (CCS), 2011.

  • [14] A. Houmansadr, E. L. Wong, and V. Shmatikov. No direction home: The true cost of routing around decoys. In Internet Society Network and Distributed System Security Symposium (NDSS), 2014.

  • [15] M. Kan. Russia to block 9 VPNs for rejecting censorship demand. PCMag, June 7, 2019. Available: https://www.pcmag.com/news/russia-to-block-9-vpns-for-rejectingcensorship-demand.

  • [16] J. Karlin, D. Ellard, A. W. Jackson, C. E. Jones, G. Lauer, D. P. Mankins, and W. T. Strayer. Decoy routing: Toward unblockable Internet communication. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2011.

  • [17] V. Manfredi and P. Songkuntham. Multiflow: Crossconnection decoy routing using TLS 1.3 session resumption. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2018.

  • [18] B. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Railton, R. Deibert, and V. Paxson. An analysis of China’s Great Cannon. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2015.

  • [19] M. Nasr and A. Houmansadr. Game of decoys: Optimal decoy routing through game theory. In ACM Conference on Computer and Communications Security (CCS), 2016.

  • [20] M. Nasr, H. Zolfaghari, and A. Houmansadr. The waterfall of liberty: Decoy routing circumvention that resists routing attacks. In ACM Conference on Computer and Communications Security (CCS), 2017.

  • [21] Ntop. PF_RING. Available: http://www.ntop.org/products/pf_ring.

  • [22] Prometheus: Monitoring system and time series database. Available: https://prometheus.io.

  • [23] E. Rescorla. The transport layer security (TLS) protocol version 1.3. RFC 8446, 2018.

  • [24] D. Robinson, H. Yu, and A. An. Collateral freedom: A snapshot of Chinese Internet users circumventing censorship, 2013. Available at https://www.upturn.org/static/files/CollateralFreedom.pdf.

  • [25] M. Schuchard, J. Geddes, C. Thompson, and N. Hopper. Routing around decoys. In ACM Conference on Computer and Communications Security (CCS), 2012.

  • [26] W. Tarreau. The PROXY protocol versions 1 & 2, 2017. Available: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt.

  • [27] E. Wustrow, C. M. Swanson, and J. A. Halderman. Tap- Dance: End-to-middle anticensorship without flow blocking. In USENIX Security Symposium, 2014.

  • [28] E. Wustrow, S. Wolchok, I. Goldberg, and J. A. Halderman. Telex: Anticensorship in the network infrastructure. In USENIX Security Symposium, 2011.

OPEN ACCESS

Journal + Issues

Search