Body

A New Take On Censorship Circumvention Could Advance Global Internet Freedom

Rice researchers turn an untapped class of network infrastructure into a powerful censorship circumvention apparatus

Rice CS PhD Student Patrick Kon standing outside Duncan Hall on the Rice University campus

For Rice University Computer Science Ph.D. student Patrick Kon, censorship is a threat to the freedom of the Internet that must be mitigated, so he’s created NetShuffle as a means of circumventing restrictions erected by oppressive regimes that affect more than half the global population. 

“Patrick is presenting NetShuffle at the 45th IEEE Symposium on Security and Privacy, the top conference in computer security colloquially known as ‘Oakland’,” said Patrick’s advisor Ang Chen. Patrick, a second-year Ph.D. student, is the paper’s first author.

“Information, and our ability to access it, is a cornerstone of personal, political, and socio-economic progress,” said Kon. “The internet is an unprecedented tool for such access, but censorship poses a significant threat to this dynamic. It isn’t just about blocking access to specific websites or services, it is about inhibiting the free flow of ideas, stifling creativity, and denying the right to freely acquire and disseminate information.”

From client to proxy to destination

Proxy servers have many applications and have been used for decades to access a large amount of Internet services. But when Kon describes the use of a proxy to circumvent web censorship, his words sound like lines from the Matrix movies. Essentially, a client attempting to access the ‘free’ internet — as opposed to their nation’s curated or approved sites — uses a proxy to hide their actual destination. The client connects to the proxy which appears to be an acceptable site, and the proxy connects to the actual destination.

Kon said, “The client to proxy connection, and the ways in which we deploy, access and obfuscate said proxies, is where our focus lies. NetShuffle was born out of our frustration with existing anti-censorship solutions which we broadly classify into two categories: end-user networks and core networks. Core network based solutions have significant drawbacks (e.g., practicing self censorship, and only a small number of dominant players can contribute), and end-user circumvention proxies like Tor or Lantern can be easily blocked by censors.”

Using the edge network layer to combat internet censorship

NetShuffle was tailored for use in edge networks, those robust but otherwise small networks as compared to global giants like Google, Amazon, and Microsoft. Examples of edge networks include university networks, enterprise networks, and private data centers.

“As far as we know, NetShuffle is the first work to recognize the potential and underutilization of edge networks as a circumvention substrate, and the first to fully leverage this potential. The effective solution is simple and intuitive and can be incrementally deployed. Even before our Oakland paper was accepted, NetShuffle had been thoroughly evaluated with an actual live deployment within a slice of a campus network,” said Kon.

“On a very high level, with NetShuffle, regular proxies hide behind an edge network where it is very difficult to pinpoint their exact location. To an outsider, the proxy service appears similar to other services hosted within the edge network.”

NetShuffle elevates proxy ‘unblockability’

NetShuffle offers a new class of ‘shuffle proxies,’ raising regular proxy services (e.g., Tor bridges) to a new degree of unblockability. By decoupling services from their public identifiers via shuffling, NetShuffle scrambles the mapping between a participating edge network’s domains and its IP addresses. 

Apart from an elegant and simple algorithm, the technology makes use of existing resources such as network equipment and public IP space available within edge networks, with minimal changes and no disruption to existing clients and services. After upgrading an edge network’s border router to a programmable device, operators can schedule programmable packet processing at hardware speeds, and allow NetShuffle to interface with its authoritative name server to ensure synchronization between domain names and shuffled IPs.

Future internet anti-censorsorship research

A single edge network deployment of NetShuffle is enough to begin chipping away at the firewalls of internet censorship, but Kon envisions a world with many deployments.

“NetShuffle presents a new point in the design space of censorship circumvention technologies,” he said. “Our Oakland paper opens the discussion by bringing attention to the space of edge networks. We hope it will act as a call to action from our colleagues in academia so we can explore edge networks’ capabilities and limitations more thoroughly. Because it is the first system geared for edge networks, we need subsequent research toward understanding how to optimize different types of edge network deployments. And if NetShuffle becomes prevalent, we will need more work to understand and quantify the perceived collateral damage edge networks can impose on censors.”

Chen said he is “super excited about the project—not only because Internet freedom is important but more importantly because of Patrick’s leadership in the entire process. His upbeat spirit helped mobilize our team to conquer a wide variety of obstacles. One time, we faced a surprising downturn of events, but Patrick led the team to persevere despite this setback; another time, he flew red-eye across the three coasts (Houston to LA to DC to LA) in two days so that we could install NetShuffle gears on our collaborator’s campus. I’m impressed by the incredible resolve in Patrick and his deep passion about his work. I cannot be more proud as an advisor!”

 

Carlyn Chatfield, contributing writer