Deep Packet Inspection
Download
Report
Transcript Deep Packet Inspection
Deep Packet Inspection
Ma t t h ew Ca r s o n
What is Deep Packet Inspection?
A form of packet filtering which examines the data portion of
an internet packet as it passes an inspection point, which
searches for protocol non-compliance, viruses, spam,
intrusions or other specified criteria to determine whether
the packet may pass through the inspection point or if it
needs to be routed to a different destination.
How is it used?
• Network Security
• Network Optimization
• Copyright enforcement
• Data mining
• Eavesdropping
• Censorship
Why is it important?
How much data??
According to Intel
• In just 60 seconds, nearly 640
TB of IP data is transferred
over the internet
• Amazon averages $83,000 in
sales
• Google processes over 2
million search requests
• In one day, on average, nearly
900 Petabytes are sent over
the internet
My information is protected…
Right?
Electronic Communications
Privacy Act of 1986
(ECPA)
• Prevents unauthorized interception of
electronic communications
• Imposes civil liability upon those who do
• Includes traffic on the internet
Embarq & NebuAd
In 2007 ISP Embarq authorized NebuAd to collect information
about their customers
Collected Browsing data as customers passed through network
“checkpoints”
Class Action Lawsuit filed November 2008
Legal vs Ethical
Court Ruling
• Embarq was not in violation of ECPA
• Embarq had “access” to the information
through the use of devices used during the
course of normal business operations
• Embarq had no access to the data apart from
its access as an ISP
And NebuAd?
SUBSEQUENTLY DISSOLVED
AGREED TO A $2.4 MILLION DOLLAR
SETTLEMENT
ASSERTS NO WRONG DOING
Other Uses of DPI technology
Security
• Dell utilizes a DPI technology known as
Reassembly-Free Deep Packet Inspection
(RFDPI) to monitor for viruses, malware,
Trojans, etc.
Internet Censorship
• China uses DPI to monitor and control the flow
of information throughout the population
CALEA
Communications Assistance for
Law Enforcement Act
(CALEA)
• Requires Telecommunications providers to
provide the ability for law enforcement to
intercept communications in the pursuit of
criminal activity
Conclusion
• DPI is a powerful and necessary technology
• Mostly used for security purposes
• Can be misused, like all other technology
• Need for more detailed, up -to-date laws
References
http://en.wikipedia.org/wiki/Communications_Assistance_for_Law
_Enforcement_Act
https://www.sonicwall.com/us/en/products/Deep-PacketInspection.html
http://en.wikipedia.org/wiki/NebuAd
http://arstechnica.com/uncategorized/2008/07/06 -opt-outnebuad-hides-link-in-5000-word-privacy-policy
http://www.telecomlawmonitor.com/2013/01/articles/litigation/cou
rt-rules-for-isp-in-deep-packet-inspection-lawsuit
References
http://blogs.wsj.com/venturecapital/2009/05/19/turning -out-thelights-nebuad
http://blog.ericgoldman.org/archives/2013/01/tenth_circuit_g_1.ht
m
http://www.techspot.com/news/52011-one-minute-on-theinternet-640tb-data-transferred-100k-tweets-204-million-e-mailssent.html
http://www.mediapost.com/publications/article/155980