SNIT: a modified TLS handshake protocol for censorship circumvention

Abstract

Internet censorship is a global problem. Many countries censor the internet for different reasons. This threatens internet freedom and access to information. 82.8% of websites use the Transport Layer Security (TLS) protocol, which significantly enhances security. However, weaknesses exposed by TLS can still be exploited for internet censorship. For example, the unencrypted Server Name Indication (SNI) directly reveals the website’s identity. We propose a modified handshake protocol, SNIT, for both TLS 1.2 and TLS 1.3, making it difficult to conduct SNI-based censorship. SNIT has high resistance to active probing. On average, the performance loss is 31.69 ms per TLS connection, and there is no effect on subsequent traffic. Compared to competitive approaches, SNIT has decent overall security and performance.