Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

Salmon: Robust Proxy Distribution for Censorship Circumvention

Frederick Douglas / Rorshach / Weiyang Pan / Matthew Caesar
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0026


Many governments block their citizens’ access to much of the Internet. Simple workarounds are unreliable; censors quickly discover and patch them. Previously proposed robust approaches either have non-trivial obstacles to deployment, or rely on low-performance covert channels that cannot support typical Internet usage such as streaming video. We present Salmon, an incrementally deployable system designed to resist a censor with the resources of the “Great Firewall” of China. Salmon relies on a network of volunteers in uncensored countries to run proxy servers. Although any member of the public can become a user, Salmon protects the bulk of its servers from being discovered and blocked by the censor via an algorithm for quickly identifying malicious users. The algorithm entails identifying some users as especially trustworthy or suspicious, based on their actions. We impede Sybil attacks by requiring either an unobtrusive check of a social network account, or a referral from a trustworthy user.

Keywords: Censorship


  • [1] What is internet censorship? Amnesty Intl., March 2008.Google Scholar

  • [2] Iran hackers use fake Facebook profiles to spy on US and Britain. The Telegraph, May 2014.Google Scholar

  • [3] Dingledine, R. https://blog.torproject.org/blog/researchproblems-ten-ways-discover-tor-bridges, 2011.Google Scholar

  • [4] Dingledine, R., and Mathewson, N. Design of a blocking-resistant anonymity system.Google Scholar

  • [5] Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (Berkeley, CA, USA, 2004), SSYM’04, USENIX Association.Google Scholar

  • [6] Ellard, D., Jones, C., Manfredi, V., Strayer, W. T., Thapa, B., Van Welie, M., and Jackson, A. Rebound: Decoy routing on asymmetric routes via error messages. In IEEE 40th Conference on Local Computer Networks (LCN) (2015), pp. 91-99.Google Scholar

  • [7] Feamster, N., Balazinska, M., Wang, W., Balakrishnan, H., and Karger, D. Thwarting web censorship with untrusted messenger discovery. In Privacy Enhancing Technologies 2003 (Dresden, Germany, March 2003).Google Scholar

  • [8] Fifield, D., Hardison, N., Ellithorpe, J., Stark, E., Boneh, D., Dingledine, R., and Porras, P. Evading censorship with browser-based proxies. In Privacy Enhancing Technologies (2012), Springer, pp. 239-258.Google Scholar

  • [9] Fifield, D., Lan, C., Hynes, R., Wegmann, P., and Paxson, V. Blocking-resistant communication through domain fronting. Proceedings on Privacy Enhancing Technologies 2015, 2 (2015), 1-19.Google Scholar

  • [10] Geddes, J., Schuchard, M., and Hopper, N. Cover your acks: Pitfalls of covert channel censorship circumvention. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013), pp. 361-372.Google Scholar

  • [11] Houmansadr, A., Nguyen, G. T. K., Caesar, M., and Borisov, N. Cirripede: circumvention infrastructure using router redirection with plausible deniability. In Proceedings of CCS (2011).Google Scholar

  • [12] Houmansadr, A., Riedl, T. J., Borisov, N., and Singer, A. C. IP over Voice-over-IP for censorship circumvention. CoRR abs/1207.2683 (2012).Google Scholar

  • [13] Houmansadr, A., Wong, E. L., and Shmatikov, V. No direction home: The true cost of routing around decoys. In Proceedings of the 2014 Network and Distributed System Security (NDSS) Symposium (2014).Google Scholar

  • [14] Karlin, J., Ellard, D., Jackson, A. W., Jones, C. E., Lauer, G., Mankins, D. P., and Strayer, W. T. Decoy routing: Toward unblockable internet communication.Google Scholar

  • [15] Li, S., Schliep, M., and Hopper, N. Facet: Streaming over videoconferencing for censorship circumvention. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (2014), ACM, pp. 163-172.Google Scholar

  • [16] McCoy, D., Morales, J. A., and Levchenko, K. Proximax: Fighting censorship with an adaptive system for distribution of open proxies. In Proceedings of the International Conference on Financial Cryptography and Data Security (St Lucia, February 2011).Google Scholar

  • [17] Miller, B., Pearce, P., Grier, C., Kreibich, C., and Paxson, V. What’s clicking what? techniques and innovations of today’s clickbots. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2011, pp. 164-183.Google Scholar

  • [18] Mohajeri Moghaddam, H., Li, B., Derakhshani, M., and Goldberg, I. Skypemorph: Protocol obfuscation for tor bridges. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 97-108.Google Scholar

  • [19] Nobori, D., and Shinjo, Y. VPN Gate: A volunteerorganized public VPN relay system with blocking resistance for bypassing government censorship firewalls. In Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14) (Seattle, WA, 2014), USENIX, pp. 229-241.Google Scholar

  • [20] Schuchard, M., Geddes, J., Thompson, C., and Hopper, N. Routing around decoys. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 85-96.Google Scholar

  • [21] Wang, Q., Gong, X., Nguyen, G. T., Houmansadr, A., and Borisov, N. Censorspoofer: asymmetric communication using ip spoofing for censorship-resistant web browsing. In Proceedings of the 2012 ACM conference on Computer and communications security (2012), pp. 121-132.Google Scholar

  • [22] Wang, Q., Lin, Z., Borisov, N., and Hopper, N. rBridge: User reputation based tor bridge distribution with privacy preservation. In NDSS (2013).Google Scholar

  • [23] Weinberg, Z., Wang, J., Yegneswaran, V., Briesemeister, L., Cheung, S., Wang, F., and Boneh, D. Stegotorus: a camouflage proxy for the tor anonymity system. In Proceedings of the 2012 ACM conference on computer and communications security (2012), pp. 109-120.Google Scholar

  • [24] Wustrow, E., Swanson, C. M., and Halderman, J. A. Tapdance: End-to-middle anticensorship without flow blocking. In 23rd USENIX Security Symposium (USENIX Security 14) (2014), pp. 159-174.Google Scholar

  • [25] Wustrow, E., Wolchok, S., Goldberg, I., and Halderman, J. A. Telex: Anticensorship in the network infrastructure. In Proceedings of the 20th USENIX Security Symposium (August 2011).Google Scholar

  • [26] Zhou, W., Houmansadr, A., Caesar, M., and Borisov, N. SWEET: Serving the web by exploiting email tunnels. Privacy Enhancing Technologies Symposium (2013).Google Scholar

About the article

Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2016, Issue 4, Pages 4–20, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0026.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Comments (0)

Please log in or register to comment.
Log in