Towards Secure Decoy Routing by Using SDN

Software Defined Networking (SDN) is an emerging architecture, which allows networks to be centralized and programmable, aiding researchers in implementing complex network algorithms and policies. While SDN is widely used in LANs, it has also been deployed in WAN environments [2]. Like Tor, Decoy Routing [3] aids users to circumvent censorship on the Internet. While Tor uses onion routing, Decoy Routing uses some designated routers within the censored network, to divert traffic between the blocked destination and the client. Decoy Routing is faster than Tor as the former does away with multiple cryptographic operations. As the traditional routers are not programmable, Decoy Routers are either servers with router software, or routers with proxy servers connected to them. In either case, such routers slow down traffic, nor is it scalable to manage them. We use SDN-based routers for Decoy Routing. In our work, we propose an SDN-based Decoy Routing protocol, without losing any of its Decoy Routing capabilities [1]. Our protocol is equally secure as the original Decoy Routing protocol. Adversaries have used traffic analysis for attacking Tor and Decoy Routing. These routers have used traffic engineering to defend against these attacks. Thus, programmability of routers eliminates the need for servers or proxies, and the controller-based architecture gives us a consistent and centralized view of the Decoy Routing topology in the WAN. Although centralized, the SDN architecture and its implementation are robust. This central view of the network makes traffic engineering scalable [2]. BODY Against existing censorship circumvention protocols, we propose SDN-based Decoy Routing that is faster and resilient to traffic analysis.