Bootstrapping Communications into an Anti-Censorship System

Adversary-resistant communication bootstrapping is a fundamental problem faced by many circumvention (anti-censorship) systems such as Tor. Censoring regimes actively harvest and block published Tor entry points and bridge nodes. More recently, some countries have resorted to reactive (follow-up) probing of the destination hosts of outbound encrypted traffic to identify unpublished Tor nodes. We present the design of a new architecture for bypassing censorship, called DEFIANCE, that extends Tor with resilience to both active harvesting and network scanning attacks. The first goal is accomplished using the DEFIANCE Rendezvous Protocol (RP), and the second is achieved using a novel handshake that we call Address-Change Signaling (ACS). We describe prototype implementations of both components, discuss the limits of our architecture, and evaluate what it would take for a determined adversary to defeat our system. While we develop our prototype components over Tor, their design can be easily extended to other circumvention systems.