Slitheen++: Stealth TLS-based Decoy Routing


Benedikt Birtel and Christian Rossow, CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH


We present Slitheen++, a decoy routing system that---in contrast to its predecessor Slitheen---is not susceptible to traffic analysis in the upstream channel. Slitheen++ overcomes key challenges such as scheduling for covert connections and technologies to more realistically emulate a real user's behavior, such as crawling or delaying overt communication. We measure Slitheen++ according to metrics that not only show the maximum theoretical throughput of the system, but for the first time, also assess the actual user experience by measuring loading times of websites from ten covert targets. We show that emulating a user increases loading times, yet raises the difficulty for an advanced censor to expose decoy routing as such. For example, crawling raises the median of the loading time for covert setups by 1 second from 7s to 8s.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {257166,
author = {Benedikt Birtel and Christian Rossow},
title = {Slitheen++: Stealth {TLS-based} Decoy Routing},
booktitle = {10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20)},
year = {2020},
url = {},
publisher = {USENIX Association},
month = aug,

Presentation Video