{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T21:48:19Z","timestamp":1780523299186,"version":"3.54.1"},"reference-count":27,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2021,10,24]],"date-time":"2021-10-24T00:00:00Z","timestamp":1635033600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2021,10,24]]},"abstract":"<jats:p>Refraction networking is a promising censorship circumvention technique in which a participating router along the path to an innocuous destination deflects traffic to a covert site that is otherwise blocked by the censor. However, refraction networking faces major practical challenges due to performance issues and various attacks (e.g., routing-around-the-decoy and fingerprinting). Given that many sites are now hosted in the cloud, data centers offer an advantageous setting to implement refraction networking due to the physical proximity and similarity of hosted sites. We propose REDACT, a novel class of refraction networking solutions where the decoy router is a border router of a multi-tenant data center and the decoy and covert sites are tenants within the same data center. We highlight one specific example REDACT protocol, which leverages TLS session resumption to address the performance and implementation challenges in prior refraction networking protocols. REDACT also offers scope for other designs with different realistic use cases and assumptions.<\/jats:p>","DOI":"10.1145\/3503954.3503957","type":"journal-article","created":{"date-parts":[[2021,12,3]],"date-time":"2021-12-03T22:23:38Z","timestamp":1638570218000},"page":"15-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["REDACT"],"prefix":"10.1145","volume":"51","author":[{"given":"Arjun","family":"Devraj","sequence":"first","affiliation":[{"name":"Princeton University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Liang","family":"Wang","sequence":"additional","affiliation":[{"name":"Princeton University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jennifer","family":"Rexford","sequence":"additional","affiliation":[{"name":"Princeton University"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2021,12,3]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Signal App Moves to Decentralize Servers. (February","author":"Benson Jeff","year":"2021","unstructured":"Jeff Benson . 2021. Blocked by Iran , Signal App Moves to Decentralize Servers. (February 2021 ). https:\/\/decrypt.co\/56665\/blocked-by-iran-signal-app-moves-to-decentralize-servers Accessed on: May 28, 2021. Jeff Benson. 2021. Blocked by Iran, Signal App Moves to Decentralize Servers. (February 2021). https:\/\/decrypt.co\/56665\/blocked-by-iran-signal-app-moves-to-decentralize-servers Accessed on: May 28, 2021."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978312"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656890"},{"key":"e_1_2_1_4_1","volume-title":"The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. (August","author":"Dierks Tim","year":"2008","unstructured":"Tim Dierks and Eric Rescorla . 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. (August 2008 ). https:\/\/rfc-editor.org\/rfc\/rfc5246.txt Tim Dierks and Eric Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. (August 2008). https:\/\/rfc-editor.org\/rfc\/rfc5246.txt"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251375.1251396"},{"key":"e_1_2_1_6_1","volume-title":"Annual IEEE Conference on Local Computer Networks (LCN). 91--99","author":"Ellard D.","unstructured":"D. Ellard , C. Jones , V. Manfredi , W. T. Strayer , B. Thapa , M. Van Welie , and A. Jackson . 2015. Rebound: Decoy Routing on Asymmetric Routes via Error Messages . In Annual IEEE Conference on Local Computer Networks (LCN). 91--99 . D. Ellard, C. Jones, V. Manfredi, W. T. Strayer, B. Thapa, M. Van Welie, and A. Jackson. 2015. Rebound: Decoy Routing on Asymmetric Routes via Error Messages. In Annual IEEE Conference on Local Computer Networks (LCN). 91--99."},{"key":"e_1_2_1_7_1","volume-title":"Examining How the Great Firewall Discovers Hidden Circumvention Servers. In Internet Measurement Conference. 445--458","author":"Ensafi Roya","year":"2015","unstructured":"Roya Ensafi , David Fifield , Philipp Winter , Nick Feamster , Nicholas Weaver , and Vern Paxson . 2015 . Examining How the Great Firewall Discovers Hidden Circumvention Servers. In Internet Measurement Conference. 445--458 . Roya Ensafi, David Fifield, Philipp Winter, Nick Feamster, Nicholas Weaver, and Vern Paxson. 2015. Examining How the Great Firewall Discovers Hidden Circumvention Servers. In Internet Measurement Conference. 445--458."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3452296.3472922"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2015-0009"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363218"},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Nikhil Handigol Brandon Heller Vimal Jeyakumar Bob Lantz and Nick McKeown. 2012. Reproducible Network Experiments Using Container-Based Emulation. In CoNEXT.  Nikhil Handigol Brandon Heller Vimal Jeyakumar Bob Lantz and Nick McKeown. 2012. Reproducible Network Experiments Using Container-Based Emulation. In CoNEXT.","DOI":"10.1145\/2413176.2413206"},{"key":"e_1_2_1_12_1","first-page":"2","article-title":"The web is still small after more than a decade","volume":"50","author":"Hoang Nguyen Phong","year":"2020","unstructured":"Nguyen Phong Hoang , Arian Akhavan Niaki , Michalis Polychronakis , and Phillipa Gill . 2020 . The web is still small after more than a decade . ACM SIGCOMM Computer Communication Review (CCR) 50 , 2 (April 2020), 24--31. Nguyen Phong Hoang, Arian Akhavan Niaki, Michalis Polychronakis, and Phillipa Gill. 2020. The web is still small after more than a decade. ACM SIGCOMM Computer Communication Review (CCR) 50, 2 (April 2020), 24--31.","journal-title":"ACM SIGCOMM Computer Communication Review (CCR)"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046730"},{"key":"e_1_2_1_14_1","volume-title":"Decoy Routing: Toward Unblockable Internet Communication. In USENIX Workshop on Free and Open Communications on the Internet (FOCI).","author":"Karlin Josh","unstructured":"Josh Karlin , Daniel Ellard , Alden W. Jackson , Christine E. Jones , Greg Lauer , David P. Mankins , and W. Timothy Strayer . 2011 . Decoy Routing: Toward Unblockable Internet Communication. In USENIX Workshop on Free and Open Communications on the Internet (FOCI). Josh Karlin, Daniel Ellard, Alden W. Jackson, Christine E. Jones, Greg Lauer, David P. Mankins, and W. Timothy Strayer. 2011. Decoy Routing: Toward Unblockable Internet Communication. In USENIX Workshop on Free and Open Communications on the Internet (FOCI)."},{"key":"e_1_2_1_15_1","volume-title":"USENIX Workshop on Free and Open Communications on the Internet (FOCI).","author":"Manfredi Victoria","year":"2018","unstructured":"Victoria Manfredi and Pi Songkuntham . 2018 . MultiFlow: Cross-Connection Decoy Routing using TLS 1.3 Session Resumption . In USENIX Workshop on Free and Open Communications on the Internet (FOCI). Victoria Manfredi and Pi Songkuntham. 2018. MultiFlow: Cross-Connection Decoy Routing using TLS 1.3 Session Resumption. In USENIX Workshop on Free and Open Communications on the Internet (FOCI)."},{"key":"e_1_2_1_16_1","volume-title":"Alamro","author":"Musse Hodan M.","year":"2016","unstructured":"Hodan M. Musse and Lama A . Alamro . 2016 . Cloud Computing : Architecture and Operating System. In Global Summit on Computer Information Technology (GSCIT) . 3--8. Hodan M. Musse and Lama A. Alamro. 2016. Cloud Computing: Architecture and Operating System. In Global Summit on Computer Information Technology (GSCIT). 3--8."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134075"},{"key":"e_1_2_1_19_1","volume-title":"As Google and AWS kill domain fronting, users must find a new way to fight censorship. (May","author":"Sanders James","year":"2018","unstructured":"James Sanders . 2018. As Google and AWS kill domain fronting, users must find a new way to fight censorship. (May 2018 ). https:\/\/www.techrepublic.com\/article\/as-google-and-aws-kill-domain-fronting-users-must-find-a-new-way-to-fight-censorship\/ Accessed on: October 8, 2021. James Sanders. 2018. As Google and AWS kill domain fronting, users must find a new way to fight censorship. (May 2018). https:\/\/www.techrepublic.com\/article\/as-google-and-aws-kill-domain-fronting-users-must-find-a-new-way-to-fight-censorship\/ Accessed on: October 8, 2021."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3473604.3474564"},{"key":"e_1_2_1_21_1","volume-title":"Routing Around Decoys. In ACM Conference on Computer and Communications Security (CCS).","author":"Schuchard Max","year":"2012","unstructured":"Max Schuchard , John Geddes , Christopher Thompson , and Nicholas Hopper . 2012 . Routing Around Decoys. In ACM Conference on Computer and Communications Security (CCS). Max Schuchard, John Geddes, Christopher Thompson, and Nicholas Hopper. 2012. Routing Around Decoys. In ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0051"},{"key":"e_1_2_1_23_1","first-page":"2","article-title":"The Growth of Global Internet Censorship and Circumvention: A Survey","volume":"11","author":"Subramanian Ramesh","year":"2011","unstructured":"Ramesh Subramanian . 2011 . The Growth of Global Internet Censorship and Circumvention: A Survey . Communications of the International Information Management Association (CIIMA) 11 , 2 (October 2011), 33--42. Ramesh Subramanian. 2011. The Growth of Global Internet Censorship and Circumvention: A Survey. Communications of the International Information Management Association (CIIMA) 11, 2 (October 2011), 33--42.","journal-title":"Communications of the International Information Management Association (CIIMA)"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274708"},{"key":"e_1_2_1_25_1","unstructured":"uProxy. 2017. uProxy: Your private access to the open internet. (2017). https:\/\/www.uproxy.org\/  uProxy. 2017. uProxy: Your private access to the open internet. (2017). https:\/\/www.uproxy.org\/"},{"key":"e_1_2_1_26_1","volume-title":"USENIX Workshop on Free and Open Communications on the Internet (FOCI).","author":"Winter Philipp","year":"2012","unstructured":"Philipp Winter and Stefan Lindskog . 2012 . How the Great Firewall of China is Blocking Tor . In USENIX Workshop on Free and Open Communications on the Internet (FOCI). Philipp Winter and Stefan Lindskog. 2012. How the Great Firewall of China is Blocking Tor. In USENIX Workshop on Free and Open Communications on the Internet (FOCI)."},{"key":"e_1_2_1_27_1","volume-title":"USENIX Security Symposium. 159--174","author":"Wustrow Eric","unstructured":"Eric Wustrow , Colleen M. Swanson , and J. Alex Halderman . 2014. TapDance: End-to-Middle Anticensorship without Flow Blocking . In USENIX Security Symposium. 159--174 . Eric Wustrow, Colleen M. Swanson, and J. Alex Halderman. 2014. TapDance: End-to-Middle Anticensorship without Flow Blocking. In USENIX Security Symposium. 159--174."},{"key":"e_1_2_1_28_1","volume-title":"Telex: Anticensorship in the Network Infrastructure. In USENIX Security Symposium.","author":"Wustrow Eric","unstructured":"Eric Wustrow , Scott Wolchok , Ian Goldberg , and J. Alex Halderman . 2011 . Telex: Anticensorship in the Network Infrastructure. In USENIX Security Symposium. Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman. 2011. Telex: Anticensorship in the Network Infrastructure. In USENIX Security Symposium."}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3503954.3503957","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3503954.3503957","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:32Z","timestamp":1750188632000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3503954.3503957"}},"subtitle":["refraction networking from the data center"],"short-title":[],"issued":{"date-parts":[[2021,10,24]]},"references-count":27,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,10,24]]}},"alternative-id":["10.1145\/3503954.3503957"],"URL":"https:\/\/doi.org\/10.1145\/3503954.3503957","relation":{},"ISSN":["0146-4833"],"issn-type":[{"value":"0146-4833","type":"print"}],"subject":[],"published":{"date-parts":[[2021,10,24]]},"assertion":[{"value":"2021-12-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}