Running Refraction Networking for Real

Authors: Benjamin VanderSloot (University of Michigan), Sergey Frolov (University of Colorado Boulder), Jack Wampler (University of Colorado Boulder), Sze Chuen Tan (University of Illinois, Urbana-Champaign), Irv Simpson (Psiphon), Michalis Kallitsis (Merit Network), J. Alex Halderman (University of Michigan), Nikita Borisov (University of Illinois, Urbana-Champaign), Eric Wustrow (University of Colorado Boulder)

Volume: 2020
Issue: 4
Pages: 321–335
DOI: https://doi.org/10.2478/popets-2020-0075

Download PDF

Abstract: Refraction networking is a next-generation censorship circumvention approach that locates proxy functionality in the network itself, at participating ISPs or other network operators. Following years of research and development and a brief pilot, we established the world’s first production deployment of a Refraction Networking system. Our deployment uses a highperformance implementation of the TapDance protocol and is enabled as a transport in the popular circumvention app Psiphon. It uses TapDance stations at four physical uplink locations of a mid-sized ISP, Merit Network, with an aggregate bandwidth of 140 Gbps. By the end of 2019, our system was enabled as a transport option in 559,000 installations of Psiphon, and it served upwards of 33,000 unique users per month. This paper reports on our experience building the deployment and operating it for the first year. We describe how we overcame engineering challenges, present detailed performance metrics, and analyze how our system has responded to dynamic censor behavior. Finally, we review lessons learned from operating this unique artifact and discuss prospects for further scaling Refraction Networking to meet the needs of censored users.

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.