Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CensorLess: Cost-Efficient Censorship Circumvention Through Serverless Cloud Functions

Dayeon Kang, Jade Sheffey, Mingshi Wu, Pubali Datta, Amir Houmansadr

TL;DR

Compared to existing low-cost, state-of-the-art circumvention techniques, CensorLess reduces costs by 97%, while simultaneously enabling robust censorship resistance by employing bridge rotation.

Abstract

With the increase in Internet censorship globally, various circumvention tools have been designed and developed. However, the monetary cost of these tools deeply impacts both user choice and the sustainability of provider operations. Recent developments in censorship circumvention research attempted to achieve cost efficiency by utilizing Infrastructure-as-a-Service (IaaS) spot instances as bridges, but still incurred substantial expenses related to network connectivity and instance maintenance. In this work, we present CensorLess, a circumvention proxy built leveraging the unique benefits of a serverless platform. CensorLess comprises three components: a local proxy that handles client-side communication and ensures compliance with serverless functions' security restrictions, a function refresher that periodically regenerates bridges, and a live migration mechanism that maintains continuous connectivity. CensorLess inherits the serverless platform's cost efficiency, ephemerality, scalability, concurrency, and performance. Compared to existing low-cost, state-of-the-art circumvention techniques, CensorLess reduces costs by 97%, while simultaneously enabling robust censorship resistance by employing bridge rotation.

CensorLess: Cost-Efficient Censorship Circumvention Through Serverless Cloud Functions

TL;DR

Compared to existing low-cost, state-of-the-art circumvention techniques, CensorLess reduces costs by 97%, while simultaneously enabling robust censorship resistance by employing bridge rotation.

Abstract

With the increase in Internet censorship globally, various circumvention tools have been designed and developed. However, the monetary cost of these tools deeply impacts both user choice and the sustainability of provider operations. Recent developments in censorship circumvention research attempted to achieve cost efficiency by utilizing Infrastructure-as-a-Service (IaaS) spot instances as bridges, but still incurred substantial expenses related to network connectivity and instance maintenance. In this work, we present CensorLess, a circumvention proxy built leveraging the unique benefits of a serverless platform. CensorLess comprises three components: a local proxy that handles client-side communication and ensures compliance with serverless functions' security restrictions, a function refresher that periodically regenerates bridges, and a live migration mechanism that maintains continuous connectivity. CensorLess inherits the serverless platform's cost efficiency, ephemerality, scalability, concurrency, and performance. Compared to existing low-cost, state-of-the-art circumvention techniques, CensorLess reduces costs by 97%, while simultaneously enabling robust censorship resistance by employing bridge rotation.
Paper Structure (34 sections, 3 equations, 13 figures, 3 tables)

This paper contains 34 sections, 3 equations, 13 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Internet Censorship
  4. Censorship Circumvention
  5. Why use Serverless Computing?
  6. Merits of Serverless Computing
  7. Design Challenges
  8. System Design
  9. Design Goals
  10. Threat Model
  11. Overview
  12. Client Side
  13. Operator Side
  14. CensorLess for Privacy
  15. Domain Fronting on CensorLess
  16. ...and 19 more sections

Figures (13)

  • Figure 1: Overview of CensorLess operational workflow
  • Figure 2: Overview of CensorLess architecture
  • Figure 3: This diagram shows throughput patterns according to different content loadings. The user browsed a news website and read 5 articles of different lengths (Figure \ref{['fig:throughput_cnn']}), browsed a research paper and downloaded the PDF file 10 times (Figure \ref{['fig:throughput-pdf']}), and the user watched the same video 5 times (Figure \ref{['fig:throughput-streaming']}).
  • Figure 4: Results of throughput by different serverless function bridge configurations. These configurations have different memory sizes, ranging from 128 MB to 512 MB, with the same timeout (15 seconds) and ephemeral storage size (512 MB).
  • Figure 5: Results of the serverless function bridge's concurrency experiment. Based on our experimental log, we sorted the average duration and success rate according to the specific number of invocations.
  • ...and 8 more figures