Transcript Monitoring Network Bias

High Speed Networks Laboratory
@ Budapest University of Technology and Economics
http://hsnlab.tmit.bme.hu
Monitoring Network Bias
A joint project with Prof. Aleksandar Kuzmanovic (Northwestern University)
Supported by NSF CAREER Award No. 0746360
High Speed Networks Laboratory
Gergely Biczók
PhD Candidate
[email protected]
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Outline
• Motivation: network neutrality
• Internet Audit
• System design
• Implementation
• Future work
2
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Net neutrality: basics
• “… a network free of restrictions on equipment, modes of
communication allowed, on content, sites, and platforms and
where communication is not unreasonably degraded by other
communication streams …” – Wikipedia
• Own definition: you get what you asked/paid for
• not less (e.g. blocking some websites)
• not more (e.g. ISP-embedded content to websites)
• Debate in public, struggle in legislation, war in the Internet
• Pro net neutrality: content providers (e.g., Google) and
freedom activists
• www.savetheinternet.com
• Anti net neutrality: Internet Service Providers (with
infrastructure, e.g., AT&T)
• http://www.handsoff.org/blog/
3
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Net Neutrality: incentives and history
• (Access) ISPs have incentives to violate NN
• “Resource management” (Comcast)
• Potential side deals with content providers (AT&T)
• Larger profit through own proprietary services (blocking Skype in favor of
own VoIP service)
• 2005: FCC enforcing net neutrality involving Madison River
•
•
•
•
Communications that blocked Vonage VoIP
2006: China using Narus middleboxes to block Skype
2007: Comcast actively poisoning BitTorrent uploads
2008: YouTube outage, routing black hole caused by Pakistani ISP’s
regulatory policy
2009: BitTorrent portals are blocked around the world
• 2005-: Rogers (Canada) blocks/shapes P2P, shapes all encrypted (!)
traffic, forces users to its own SMTP servers, embed own content (!)
into third-party webpages, …
• http://ihaterogers.ca
4
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Internet Audit
• Goal: not to take sides in the net neutrality debate, but rather
to design a system capable of making the Internet more
transparent
• A distributed system to enable network accountability:
• What happened, where did it happen, and who is responsible?
• Challenges:
• Non-repudiable identification of discriminating network elements
• Detect unfair service favoring, e.g., content provider/ISP alliances
• Explore a range of threat models
• from open DoS attacks to using network policies in destructive ways
• First step: monitoring biased network behavior
• provide the users with information
5
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Monitoring network bias
• An active measurement system which is
• Distributed
• Large-scale
• For all end-users
• Targeting access ISPs
• Capable of
• Detecting DPI, blocking, shaping, DNS hijacking, …
• Locating the discriminatory network element
• Finding out the subtype of biased behavior (e.g., shaping based on
DPI vs. shaping)
• Provides an online service for end-users
• With feedback
6
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
System overview
7
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Measurement methodology
• Collect reported/possible means of discrimination applied by
ISPs
• Create active probes that likely trigger these mechanism
• We mostly emulate application/protocols
• e.g., BitTorrent-like traffic pattern without implementing a client
• Minimal user action is required
• Filtering
• Shaping (HTTP, FTP, SSL, BitTorrent)
• WWW bias (DNS hijacking, torrent portal blocking, …)
• Locating middleboxes
• By executing probes from multiple vantage points to the same
end-host
• Correlating results
• Vantage point selection is critical (IP/geo, iPlane)
8
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Filtering details
• Port-based
• Sending packets with random payload to well-defined ports
• Signature-based
• Deep Packet Inspection
• List of byte signatures for applications/protocols
• We derived a list based on
• open-source DPI: ipp2p, l7-filter
• protocol definitions
• own packet traces
• Flow-pattern based for P2P applications
• Header inspection plus spatial correlation of flows
• Random payload
• Data exchange: Parallel TCP connections from the same IP to several
others in a port range
• Control: Parallel UDP connections from the same IP to different IPs to the
same port
• With the correct order of probes the subtype can be determined
9
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Implementation issues
• PlanetLab is widely used
• De facto standard test network
• Lot of users, slice-based access, ~20 active slices on one node
• Nodes go down at times
• M-Lab: dedicated to network transparency research
• Founded by: Open Technology Institute, Google, PlanetLab
Consortium and researchers
• Administered by PlanetLab
• Limited number of users, ~1 slice per CPU core
• Ideal for active probing
• We are deploying our system to both platforms currently
10
| 2008-06-29 | FuturICT 2009
High Speed Networks Laboratory
http://hsnlab.tmit.bme.hu
Future work
• Conduct a large-scale measurement campaign
• Evaluate and draw the global map of biased network behavior
More on the Internet Audit project at
http://networks.cs.northwestern.edu/internet-audit/
NetBias tool will be available at the M-Lab website soon
http://www.measurementlab.net/
Thank you for your attention!
11
| 2008-06-29 | FuturICT 2009