Deploying anticensorship in the network

March 05, 2018

12:00 p.m. - 1:00 p.m. ET

DEC, CIC 1201

This event is part of the CyLab Distinguished Seminar Series.

Eric Wustrow
Assistant Professor at the University of Colorado Boulder


Many governments censor their Internet using sophisticated network firewalls. While some tools attempt to circumvent these firewalls using point-to-point proxies, censors can easily block access. Previously, researchers developed a new kind of proxy technique---called refraction networking---that is significantly more difficult to block. By placing proxies in friendly Internet Service Providers (ISPs) located outside the censoring country, users in censored regions can communicate with these proxies using connections that pass through the friendly ISP on their way to unblocked reachable websites. To the censor, it looks like users are simply talking directly to these reachable websites. However, while blocking this style of proxy is more expensive for censors (compared with traditional techniques), it is also significantly more difficult to deploy.

Over the past several years, we have worked to make refraction networking proxies more deployable and have made significant strides toward that goal. Earlier this year, we completed the first trial deployment in two at-scale ISPs. During our trial, we provided uncensored Internet access to over 50,000 users in censored countries, while processing up to 100 Gbps of network traffic across our deployment. In this talk, we'll describe the engineering behind these and other recent advances in this space, and discuss future directions for censorship and circumvention technology.


Eric Wustrow is an Assistant Professor at the University of Colorado Boulder. His work focuses on building and attacking secure systems that users rely on for privacy and autonomy. Eric's research includes developing new censorship circumvention systems that combat online government censorship, studying the security and deployment of popular cryptographic protocols such as TLS, and creating new ways to efficiently perform Internet-wide measurements.