Preview only show first 10 pages with watermark. For full document please download

Monitoring Network Bias

   EMBED

  • Rating

  • Date

    August 2018

  • Size

    641.3KB

  • Views

    8,579

  • Categories

    Others

Share

Transcript

High Speed Networks Laboratory @ Budapest University of Technology and Economics http://hsnlab.tmit.bme.hu Monitoring Network Bias A joint project with Prof. Aleksandar Kuzmanovic (Northwestern University) Supported by NSF CAREER Award No. 0746360 High Speed Networks Laboratory Gergely Biczók PhD Candidate [email protected] High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Outline • Motivation: network neutrality • Internet Audit • System design • Implementation • Future work 2 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Net neutrality: basics • “… a network free of restrictions on equipment, modes of communication allowed, on content, sites, and platforms and where communication is not unreasonably degraded by other communication streams …” – Wikipedia • Own definition: you get what you asked/paid for • not less (e.g. blocking some websites) • not more (e.g. ISP-embedded content to websites) • Debate in public, struggle in legislation, war in the Internet • Pro net neutrality: content providers (e.g., Google) and freedom activists • www.savetheinternet.com • Anti net neutrality: Internet Service Providers (with infrastructure, e.g., AT&T) • http://www.handsoff.org/blog/ 3 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Net Neutrality: incentives and history • (Access) ISPs have incentives to violate NN • “Resource management” (Comcast) • Potential side deals with content providers (AT&T) • Larger profit through own proprietary services (blocking Skype in favor of own VoIP service) • 2005: FCC enforcing net neutrality involving Madison River • • • • Communications that blocked Vonage VoIP 2006: China using Narus middleboxes to block Skype 2007: Comcast actively poisoning BitTorrent uploads 2008: YouTube outage, routing black hole caused by Pakistani ISP’s regulatory policy 2009: BitTorrent portals are blocked around the world • 2005-: Rogers (Canada) blocks/shapes P2P, shapes all encrypted (!) traffic, forces users to its own SMTP servers, embed own content (!) into third-party webpages, … • http://ihaterogers.ca 4 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Internet Audit • Goal: not to take sides in the net neutrality debate, but rather to design a system capable of making the Internet more transparent • A distributed system to enable network accountability: • What happened, where did it happen, and who is responsible? • Challenges: • Non-repudiable identification of discriminating network elements • Detect unfair service favoring, e.g., content provider/ISP alliances • Explore a range of threat models • from open DoS attacks to using network policies in destructive ways • First step: monitoring biased network behavior • provide the users with information 5 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Monitoring network bias • An active measurement system which is • Distributed • Large-scale • For all end-users • Targeting access ISPs • Capable of • Detecting DPI, blocking, shaping, DNS hijacking, … • Locating the discriminatory network element • Finding out the subtype of biased behavior (e.g., shaping based on DPI vs. shaping) • Provides an online service for end-users • With feedback 6 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu System overview 7 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Measurement methodology • Collect reported/possible means of discrimination applied by ISPs • Create active probes that likely trigger these mechanism • We mostly emulate application/protocols • e.g., BitTorrent-like traffic pattern without implementing a client • Minimal user action is required • Filtering • Shaping (HTTP, FTP, SSL, BitTorrent) • WWW bias (DNS hijacking, torrent portal blocking, …) • Locating middleboxes • By executing probes from multiple vantage points to the same end-host • Correlating results • Vantage point selection is critical (IP/geo, iPlane) 8 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Filtering details • Port-based • Sending packets with random payload to well-defined ports • Signature-based • Deep Packet Inspection • List of byte signatures for applications/protocols • We derived a list based on • open-source DPI: ipp2p, l7-filter • protocol definitions • own packet traces • Flow-pattern based for P2P applications • Header inspection plus spatial correlation of flows • Random payload • Data exchange: Parallel TCP connections from the same IP to several others in a port range • Control: Parallel UDP connections from the same IP to different IPs to the same port • With the correct order of probes the subtype can be determined 9 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Implementation issues • PlanetLab is widely used • De facto standard test network • Lot of users, slice-based access, ~20 active slices on one node • Nodes go down at times • M-Lab: dedicated to network transparency research • Founded by: Open Technology Institute, Google, PlanetLab Consortium and researchers • Administered by PlanetLab • Limited number of users, ~1 slice per CPU core • Ideal for active probing • We are deploying our system to both platforms currently 10 | 2008-06-29 | FuturICT 2009 High Speed Networks Laboratory http://hsnlab.tmit.bme.hu Future work • Conduct a large-scale measurement campaign • Evaluate and draw the global map of biased network behavior More on the Internet Audit project at http://networks.cs.northwestern.edu/internet-audit/ NetBias tool will be available at the M-Lab website soon http://www.measurementlab.net/ Thank you for your attention! 11 | 2008-06-29 | FuturICT 2009