Enemy At the Gateways: A Game Theoretic Approach to Proxy Distribution

TL;DR

This paper models the proxy distribution problem in circumvention systems as a game between censors and system operators, deriving optimal strategies to improve resistance against insider attacks and censorship.

Contribution

It introduces a game-theoretic framework to derive optimal proxy distribution strategies, addressing insider attack challenges in proxy-based circumvention systems.

Findings

Optimal proxy distribution strategies outperform prior ad hoc methods.

The proposed algorithm shows superior resistance to strong censorship adversaries.

Simulations validate the effectiveness of the game-theoretic approach.

Abstract

A core technique used by popular proxy-based circumvention systems like Tor, Psiphon, and Lantern is to secretly share the IP addresses of circumvention proxies with the censored clients for them to be able to use such systems. For instance, such secretly shared proxies are known as bridges in Tor. However, a key challenge to this mechanism is the insider attack problem: censoring agents can impersonate as benign censored clients in order to obtain (and then block) such secretly shared circumvention proxies. In this paper, we perform a fundamental study on the problem of insider attack on proxy-based circumvention systems. We model the proxy distribution problem using game theory, based on which we derive the optimal strategies of the parties involved, i.e., the censors and circumvention system operators. That is, we derive the optimal proxy distribution mechanism of a circumvention system like Tor, against the censorship adversary who also takes his optimal censorship strategies. This is unlike previous works that design ad hoc mechanisms for proxy distribution, against non-optimal censors. We perform extensive simulations to evaluate our optimal proxy assignment algorithm under various adversarial and network settings. Comparing with the state-of-the-art prior work, we show that our optimal proxy assignment algorithm has superior performance, i.e., better resistance to censorship even against the strongest censorship adversary who takes her optimal actions. We conclude with lessons and recommendation for the design of proxy-based circumvention systems.