Scalable Anti-Censorship Framework Using Moving Target Defense for Web Servers

Vahid Heydari, Sun Il Kim, Seong Moo Yoo

Research output: Contribution to journalArticlepeer-review

17 Scopus citations

Abstract

Although the Internet has become a hub around which every aspect of our lives-from commerce to leisurely activities-is centered, many around the world are not able to freely access information over the Internet. Some governments censor what the people can and cannot see. In this paper, regardless of the socio-political view points, we focus on the design of anti-censorship technology that can be implemented on the side of the information purveyors. The primary objective is to develop a framework for combating censorship. Our approach aims to make it too expensive and impractical for the adversary to censor Web sites. In particular, we propose the use of Mobile IPv6 to form a moving target defense strategy, where the Web servers logically behave as if they are the mobile nodes (without actually moving). The potential efficacy of this framework is modeled analytically. Probabilistic models are used to derive important metrics and parameters. One key factor termed swarming ratio enables hosting sites to reason about the amount of resources needed to force the adversary's costs over practical limits. This model is used to guide the performance goals and architectural setup of the prototype implementation (modifications are made on the server-side software and Kernel without changing the standard Mobile IPv6 protocol). Hence, the solution can be utilized without any changes to the existing network infrastructure. Furthermore, we introduce a novel, credit-based accounting strategy for grouping of users to drastically shift resource requirements in our favor. Lab-based tests are used to measure performance overheads, and based on the findings, targeted optimizations are performed to consider practical deployment scenarios. The end result is a solution that may also be combined with existing anti-censorship methods (that are end-user-based and/or assisted by friendly network assets) to form a robust anti-censorship solution.

Original languageEnglish (US)
Article number7803557
Pages (from-to)1113-1124
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Volume12
Issue number5
DOIs
StatePublished - May 2017
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Scalable Anti-Censorship Framework Using Moving Target Defense for Web Servers'. Together they form a unique fingerprint.

Cite this