Abstract:
Decoy Routing, the use of routers (rather than end hosts) as proxies, shows great promise as an anti-censorship mechanism. To use a Decoy Router, the user sends specially crafted packets, apparently to an uncensored website. En route, the packets encounter the Decoy Router (beyond the network boundaries of the censor), which identifies them (using a covert cryptographic handshake), decrypts their content, and proxies them to their true destination. How-ever, Decoy Routing requires routers able to perform complicated operations (detecting secret handshakes, decrypting packets, etc). This requirement is a major challenge: commercial routers are limited in flexibility, and existing Decoy Router implementations (on commodity servers) are unsuitable for carrier-grade deployments. SiegeBreaker is a practical Decoy Routing system on an SDN architecture, and divides the responsibilities for Decoy Routing among three entities the SDN switch that simply forwards packets, the SDN controller that identifies the secret handshake, and a hidden proxy server to which the switch eventually forwards the clients' request. However SiegeBreaker didn't have any support for Multiple Clients. My major contributions were towards a significant aspect of any deployable system i.e its ability to scale well. They include support for multiple clients at proxy, module which allows simultaneous access to all websites, performance improvements, enforcing fair share policy among fellow SiegeBreaker/TCP connections.