Slitheen: Perfectly Imitated Decoy Routing through Traffic Replacement

As the capabilities of censors increase and their ability to perform more powerful deep-packet inspection techniques grows, more powerful systems are needed in turn to disguise user traffic and allow users under a censor's influence to access blocked content on the Internet. Decoy routing is a censorship resistance technique that hides traffic under the guise of a HTTPS connection to a benign, uncensored "overt" site. However, existing techniques far from perfectly mimic a typical access of content on the overt server. Artificial latency introduced by the system, as well as differences in packet sizes and timings betray their use to a censor capable of performing basic packet and latency analysis. While many of the more recent decoy routing systems focus on deployability concerns, they do so at the cost of security, adding vulnerabilities to both passive and active attacks. We propose Slitheen, a decoy routing system capable of perfectly mimicking the traffic patterns of overt sites. Our system is secure against previously undefended passive attacks, as well as known active attacks. Further, we show how recent innovations in traffic-shaping technology for ISPs mitigate previous deployability challenges.