Security Analysis of Shadowsocks(R) Protocol

Shadowsocks(R) is a proxy software based on Socks5, which is the collective name of shadowsocks and shadowsocksR. Shadowsocks(R) is a private protocol without a handshake negotiation mechanism. Peng broke the confidentiality of shadowsocks by exploiting vulnerability in the shadowsocks protocol and decrypted the shadowsocks packets encrypted with none-AEAD encryption options using a redirection attack. Chen et al. started with the cryptographic algorithm used by shadowsocks(R) and preliminarily discussed the confidentiality of user data under the protection of shadowsocks(R) in theory. Based on Chen's work, this paper further clarifies the shadowsocks(R) protocol format and studies the encryption mechanism of shadowsocks(R) from the perspective of protocol analysis. The vulnerability of the shadowsocks(R) encryption mechanism is found, and an attack method of shadowsocks(R) is proposed. The attack method is a passive attack and can decrypt the shadowsocks packets encrypted with any encryption option. Compared with Peng's attack method, the method is more effective and more suitable for actual attacks. Finally, some methods to improve the protocol security of shadowsocks(R) are proposed.