Practical P2P-Based Censorship Resistance
Loading...
Files
Date
2011-07-21
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
People around the world are using the Internet to access news, to publish information, and to
organize themselves. Recently, web services such as Facebook and Twitter have been used to
organize peaceful demonstrations against totalitarian leaders, forcing them to resign and even leave
the country. However, these regimes are aware of the power given to the people by the Internet
and are therefore increasingly limiting access to these services [1]. Cutting off the Internet entirely
is an option that is used only seldomly, as it severely impacts the country's economy.
The New York Times recently published an article [2] on a new US State Department policy
that plans to support Internet freedom by financing various projects. Possible candidates for government
support are projects like UltraSurf or TOR. UltraSurf along with many others, however, is
proprietary and not well suited to serve a large amount of user requests due to a client/server based
architecture. TOR on the other hand is open source and has a long history in providing anonymity
to Internet users. However, its client/server approach has two drawbacks: Poor scalability and weak
censorship resistance. Regarding these issues, there is active research and development improving
TOR. Nevertheless, TOR was built with anonymity in mind and not censorship resistance.
In this work we propose a new P2P-based approach focusing on:
Censorship Resistance Our approach is entirely P2P-based, eliminating the need for central
servers and therefore single points of failures. Participating nodes use a distributed hash table
(DHT) to locate each other and necessary cryptographic certificates. Trusted peers can be used to
detect attacks. Peer communication is normalized using SSL to impede traffic analysis.
Low Operator Risk One of TOR's strengths is at the same time a weak point: TOR servers
can be used for a wide variety of TCP applications, with only a port-based filter built in. Running
a TOR exit node can therefore have legal consequences for server operators. We propose a very
light-weight approach allowing only HTTP traffic to a small selection of web sites that are legal in
the operator's country.
Scalability Every user of the network offers the service to others, as well. This approach scales
well and at the same time complicates IP-based censorship efforts.
Other success factors are ease-of-use and trustworthiness. All of these factors are addressed by
our prototype implementation, which is being developed as an open source Firefox plugin.