All prior decoy routing systems (Cirripede, Telex, TapDance, Slitheen, Waterfall) require the DR to inspect every traversing flow — either all TCP SYN packets or all TLS flows — to identify DR requests, creating a privacy breach for non-DR users and a computational bottleneck. SiegeBreaker eliminates this by using an out-of-band email pre-registration (encrypted to the controller's 2048-bit RSA public key) that pins the controller's inspection rule to a single client-IP/OD-IP/ISN triple, so only authenticated potential DR flows are ever redirected.

SiegeBreaker's session bootstrapping (from initial email to installed SP redirection rule) averaged 3–4 seconds across 100 trials, with the dominant delay attributed to email handling (SMTP connection, Selenium composition) rather than network latency; this setup cost is not included in the download-time benchmarks. The auxiliary ping-based switch-selection signal encodes 48 bits across three ICMP header fields (IP-ID, ping sequence number, ping identifier), requiring ~281 trillion spoofed ping packets per client–OD pair to brute-force.

§4.4, §5.2 evaluation

SiegeBreaker explicitly acknowledges two unresolved attack vectors: (1) latency-based traffic analysis attacks (forced-asymmetry / RAD-style), which the system does not mitigate, and (2) website fingerprinting attacks against the proxied traffic, for which no defense is implemented. Additionally, the email-based control channel is vulnerable to a censor who can delay or block emails to the controller's address, disrupting rule installation before the client's SYN packet arrives.

§3, §4.1, §4.3 detection

Prior decoy routing deployments suffered severe throughput degradation: the TapDance ISP pilot reported average client throughput of only ~5 KB/s, making it unsuitable for most web content; other DR prototypes restricted evaluation to files under 1 MB in controlled lab settings, with some reporting over 30 seconds to load home pages under 1.5 MB in size.

§3, §2.3 evaluation

SiegeBreaker achieves near-native TCP performance in Internet experiments: average download time for Alexa top-500 home pages via SB was 1.8 s versus 1.7 s for direct wget, across 500 concurrent client instances; bulk downloads of 1 GB files over a shared 1 Gbps link showed SB and native TCP sharing bandwidth almost equally, and throughput remained stable under 15 Gbps of cross-traffic or 50,000 parallel flows on the SDN switch.

§5.1, §5.2 defense

During the June 2025 Iran shutdown, circumvention tool performance diverged sharply by transport design. Psiphon's multi-protocol architecture sustained 1.5 million concurrent users—roughly one-third of its normal Iranian base. Lantern's "proxyless" protocol (domain-fronting via CDN, ~40% of Lantern's Iranian traffic) showed moderate success. Tor usage collapsed during the blackout but bridge connections surged and rebounded quickly after lifting. BeePass (serving 500k+ daily users at shutdown onset) used live A/B testing of port/obfuscation-prefix combinations to probe the censors' blocking parameters in real time. The Ceno Browser's P2P network grew from 600 active peers on June 13 to ~8,000 by July 11, indicating that decentralized fallback paths stayed up even during peak blocking.

2025-iran-shutdown-measurement §Tool Performance dpithrottling

The June 2025 Iran shutdown—carried out during the Iran-Israel war beginning ~June 19—did not use BGP route withdrawals as in 2019. Instead, authorities applied service-level restrictions at the national border: DNS poisoning of foreign destinations, protocol whitelisting permitting only pre-approved domestic services, and DPI to block circumvention-tool traffic. Iran's international traffic fell roughly 90% while the country's BGP routes remained advertised, making the shutdown invisible to BGP-based monitoring systems. OONI measurement volume, which totalled 121,333 in June 2025, collapsed to under 200 submissions on June 19-20.

2025-iran-shutdown-measurement Executive Summary / §2 dpidns-poisoningport-blockingip-blocking

During the June 2025 shutdown, Iranian authorities blocked international One-Time Password (OTP) SMS delivery, preventing new sign-ins to foreign secure-messaging platforms and VPN services. This forced users toward government-approved domestic platforms that lack security and privacy protections. The blockade of OTPs effectively weaponized account-recovery flows as a secondary shutdown layer, disproportionately affecting users who needed to activate new circumvention tools during the crisis.

2025-iran-shutdown-measurement §Human Rights Implications port-blockingdpikeyword-filtering

Input blocking in Chinese LLM services (DeepSeek, Qwen, Kimi, Doubao) is overwhelmingly consistent: all four services persistently block the exact same queries across all 5 measurement samples in both Simplified and Traditional Chinese. Output blocking is far less consistent, with only 29 out of 349 output-blocked queries blocked across all 5 samples. Baidu-Chat is exceptional: it performs almost no input blocking but instead relies heavily on post-search and output blocking (78.6% of blocks are output-phase).

2026-ablove-characterizing §VI-B keyword-filteringdpi

A three-stage detection pipeline exploiting the "dual-role" behavioral fingerprint of single-IP circumvention relays achieved 23.2% recall (96/414 ground-truth relays) with a 0.18% false-positive rate against 97,651 benign TLS servers, for an overall accuracy of 99.5%. The ground-truth set covered OpenVPN, WireGuard, and SOCKS relays identified in a 17 TB single-day backbone trace (WIDE Project, April 9, 2025).

2026-almutairi-server §3.4, Table 1 traffic-shapedpiflow-correlation

The paper identifies a fundamental architectural vulnerability in single-IP circumvention designs: a relay must generate new observable flows (via DNS or TLS SNI) to reach end services after receiving client connections, creating a detectable server-and-client behavioral contrast. A relay accessing user-facing domains (news, social media) scores high on a Relay Suspicion Score (w=0.9) versus infrastructure domains (w=0.1). The paper argues this host-level signal is censorship-invariant and cannot be concealed by link obfuscation.

2026-almutairi-server §2.4, §4 traffic-shapedpisni-blocking