SpotProxy: Rediscovering the Cloud for Censorship Circumvention

Authors: 

Patrick Tser Jern Kon, University of Michigan; Sina Kamali, University of Waterloo; Jinyu Pei, Rice University; Diogo Barradas, University of Waterloo; Ang Chen, University of Michigan; Micah Sherr, Georgetown University; Moti Yung, Google and Columbia University

Abstract: 

Censorship circumvention is often fueled by supporters out of goodwill. However, hosting circumvention proxies can be costly, especially when they are placed in the cloud. We argue for re-examining cloud features and leveraging them to achieve novel circumvention benefits, even though these features are not explicitly engineered for censorship circumvention. SpotProxy is inspired by Spot VMs—cloud instances backed with excess resources, sold at a fraction of the cost of regular instances, that can be taken away at a moment's notice if higher-paying requests arrive. We observe that for circumvention proxies, Spot VMs not only translate to cost savings, but also create a high churn rate since proxies are constantly re-spawned at different IP addresses—making them more difficult for a censor to enumerate and block. SpotProxy pushes this observation to the extreme and designs a circumvention infrastructure that constantly searches for cheaper VMs and refreshes the fleet for anti-blocking, for spot and regular VMs alike. We adapt Wireguard and Snowflake for use with SpotProxy, and demonstrate that our active migration mechanism allows clients to seamlessly move between proxies without degrading their performance or disrupting existing connections. We show that SpotProxy leads to significant cost savings, and that SpotProxy's rejuvenation mechanism enables proxies to be replenished frequently with new addresses.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299772,
author = {Patrick Tser Jern Kon and Sina Kamali and Jinyu Pei and Diogo Barradas and Ang Chen and Micah Sherr and Moti Yung},
title = {{SpotProxy}: Rediscovering the Cloud for Censorship Circumvention},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {2653--2670},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/kon},
publisher = {USENIX Association},
month = aug
}

Presentation Video