Internet freedom in the network’s core
For a colorful, visual explanation of one way that decoy routing can work, see the overview of Telex provided by the Telex team.
Most of today’s censorship circumvention tools use the same fundamental approach to help users in censored network environments: They encrypt the user’s traffic to make it look innocuous, and channel it to a proxy server located outside the censored network. This leads to a fundamental problem: Once authorities in an Internet-censoring regime detect a proxy server, the proxy itself becomes just another site to block. Circumvention tool providers are forced to play a game of cat and mouse, because they must somehow let censored individuals find and use their proxy servers, without letting the censoring government find and block those same servers.
In this race to find and use — or find and block — proxy servers, censoring governments enjoy natural, growing advantages over censored users. For example, they can examine all data flowing across their borders in search of telltale signatures or traffic patterns of disfavored activity, and they can react in real time using a range of increasingly sophisticated commercial products. Indicators of censors’ growing capabilities are everywhere: In Iran, the regime created VPN outages ahead of the 2013 presidential election. In China, new Tor bridges last less than 48 hours before being blocked. Strategies that rely on friendly servers are failing against increasingly sophisticated state-level censors who can see and control a country’s entire network.
Decoy routing takes a different approach. Rather than trying to hide individual proxies from censors, decoy routing locates proxy functionality in the core of the network. This makes censorship much more costly, because it is no longer possible to selectively block only those servers used to provide Internet freedom. Instead, whole networks outside the censored country provide Internet freedom to users—and any data exchange between a censored nation’s Internet and a participating friendly network can become a conduit for the free flow of information.
A coalition of researchers and Internet freedom advocates has begun working together to develop a promising new approach to Internet freedom, called decoy routing. This technology works well in the lab, but there are a number of barriers that we need to address to make it ready for widespread deployment. Our new coalition brings together all three of the engineering teams that have developed and tested working prototypes of decoy routers in the lab. Through our engineering, outreach, and other efforts, we aim to make decoy routing a practical option for network operators and censored users around the world.
Decoy routing was independently invented in 2011 by three separate engineering teams — at the University of Michigan, the University of Illinois, and BBN — who each built running code to show that the approach really works.
Five laboratory prototypes exist: Cirripede at the University of Illinois, Curveball and Rebound at BBN, and Telex and TapDance at the University of Michigan. The Michigan team has run a small Telex prototype for three years and has provided basic service to over 100,000 clients, primarily in China and Iran. BBN, with funding from DARPA, built a Curveball prototype and subjected it to intensive red team security testing.
These existing designs share the same basic premise but represent a range of design choices and technical tradeoffs. The papers are:
There have been several other research papers that directly address issues connected with decoy routing: