Refraction networking is a promising censorship circumvention technique in which a participating router along the path to an innocuous destination deflects traffic to a covert site that is otherwise blocked by the censor. However, refraction networking faces major practical challenges due to performance issues and various attacks (e.g., routing-around-the-decoy and fingerprinting). Given that many sites are now hosted in the cloud, data centers offer an advantageous setting to implement refraction networking due to the physical proximity and similarity of hosted sites. We propose REDACT, a novel class of refraction networking solutions where the decoy router is a border router of a multi-tenant data center and the decoy and covert sites are tenants within the same data center. We highlight one specific example REDACT protocol, which leverages TLS session resumption to address the performance and implementation challenges in prior refraction networking protocols. REDACT also offers scope for other designs with different realistic use cases and assumptions.

中文翻译：

---

纂

折射网络是一种很有前途的审查规避技术，其中参与的路由器沿着通往无害目的地的路径将流量转移到一个隐蔽的站点，否则该站点会被审查器阻止。然而，由于性能问题和各种攻击（例如，围绕诱饵的路由和指纹识别），折射网络面临着重大的实际挑战。鉴于现在许多站点都托管在云中，由于托管站点的物理邻近性和相似性，数据中心为实施折射网络提供了有利的设置。我们提出了 REDACT，这是一种新型的折射网络解决方案，其中诱饵路由器是多租户数据中心的边界路由器，而诱饵和隐蔽站点是同一数据中心内的租户。我们重点介绍一个特定的示例 REDACT 协议，它利用 TLS 会话恢复来解决先前折射网络协议中的性能和实现挑战。REDACT 还为具有不同实际用例和假设的其他设计提供了范围。