REDACT: Refraction Networking from the Data Center

Abstract

Internet censorship remains an ever-present threat to free and open communication across the globe. As a result, numerous promising censorship circumvention technologies have emerged, of which refraction networking is particularly encouraging. By effectively using the router (known as the “decoy router”) as a proxy, refraction networking not only enables the client to access blocked sites unbeknownst to the censor, but unlike traditional proxy services, forces the censor to face significant collateral damage when blocking any clandestine communication that has been detected. At a high level, this is accomplished by using the decoy router to mask communication with the covert destination, the blocked site that the client is secretly attempting to access, as innocuous communication with a decoy destination that is permitted by the censor. However, before refraction networking can become an effective censorship circumvention tool used in the real world, a major practical challenge must be addressed: how can we ensure that traffic from the client to the decoy and covert destinations even passes through the decoy router? Given that many sites are now hosted in the Cloud, data centers offer an advantageous setting to implement refraction networking due to the physical proximity and similarity of hosted sites. Thus, we propose a novel refraction networking system in which the decoy router is a border router of a multi-tenant data center and the decoy and covert destinations are tenants within the same data center. Under this paradigm, we utilize TLS session resumption, a performance improvement to the TLS handshake that is commonly used in the data center setting, to inconspicuously “migrate” the client’s connection with the decoy destination to the covert destination and gain additional privacy and performance benefits from the cooperation between the data center owner and tenants. As demonstrated by our working prototype, our approach offers many of the privacy protections conferred by traditional refraction networking protocols while also resolving—based on the data center setting—serious practical concerns about feasibility and performance.