1 / 11

Monitoring Network Bias

Monitoring Network Bias. A joint project with Prof. Aleksandar Kuzmanovic (Northwestern University) Supported by NSF CAREER Award No. 0746360. Gergely Bicz ók PhD Candidate biczok@tmit.bme.hu. Outline. Motivation: network neutrality Internet Audit System design Implementation

abel-abbott
Télécharger la présentation

Monitoring Network Bias

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Monitoring Network Bias A joint project with Prof. Aleksandar Kuzmanovic (Northwestern University) Supported by NSF CAREER Award No. 0746360 Gergely Biczók PhD Candidate biczok@tmit.bme.hu

  2. Outline • Motivation: network neutrality • Internet Audit • System design • Implementation • Future work | 2008-06-29 | FuturICT 2009

  3. Net neutrality: basics • “… a network free of restrictions on equipment, modes of communication allowed, on content, sites, and platforms and where communication is not unreasonably degraded by other communication streams …” – Wikipedia • Own definition: you get what you asked/paid for • not less (e.g. blocking some websites) • not more (e.g. ISP-embedded content to websites) • Debate in public, struggle in legislation, war in the Internet • Pro net neutrality: content providers (e.g., Google) and freedom activists • www.savetheinternet.com • Anti net neutrality: Internet Service Providers (with infrastructure, e.g., AT&T) • http://www.handsoff.org/blog/ | 2008-06-29 | FuturICT 2009

  4. Net Neutrality: incentives and history • (Access) ISPs have incentives to violate NN • “Resource management” (Comcast) • Potential side deals with content providers (AT&T) • Larger profit through own proprietary services (blocking Skype in favor of own VoIP service) • 2005: FCC enforcing net neutrality involving Madison River Communications that blocked Vonage VoIP • 2006: China using Narus middleboxes to block Skype • 2007: Comcast actively poisoning BitTorrent uploads • 2008: YouTube outage, routing black hole caused by Pakistani ISP’s regulatory policy • 2009: BitTorrent portals are blocked around the world • 2005-: Rogers (Canada) blocks/shapes P2P, shapes all encrypted (!) traffic, forces users to its own SMTP servers, embed own content (!) into third-party webpages, … • http://ihaterogers.ca | 2008-06-29 | FuturICT 2009

  5. Internet Audit • Goal: not to take sides in the net neutrality debate, but rather to design a system capable of making the Internet more transparent • A distributed system to enable network accountability: • What happened, where did it happen, and who is responsible? • Challenges: • Non-repudiable identification of discriminating network elements • Detect unfair service favoring, e.g., content provider/ISP alliances • Explore a range of threat models • from open DoS attacks to using network policies in destructive ways • First step: monitoring biased network behavior • provide the users with information | 2008-06-29 | FuturICT 2009

  6. Monitoring network bias • An active measurement system which is • Distributed • Large-scale • For all end-users • Targeting access ISPs • Capable of • Detecting DPI, blocking, shaping, DNS hijacking, … • Locating the discriminatory network element • Finding out the subtype of biased behavior (e.g., shaping based on DPI vs. shaping) • Provides an online service for end-users • With feedback | 2008-06-29 | FuturICT 2009

  7. System overview | 2008-06-29 | FuturICT 2009

  8. Measurement methodology • Collect reported/possible means of discrimination applied by ISPs • Create active probes that likely trigger these mechanism • We mostly emulate application/protocols • e.g., BitTorrent-like traffic pattern without implementing a client • Minimal user action is required • Filtering • Shaping (HTTP, FTP, SSL, BitTorrent) • WWW bias (DNS hijacking, torrent portal blocking, …) • Locating middleboxes • By executing probes from multiple vantage points to the same end-host • Correlating results • Vantage point selection is critical (IP/geo, iPlane) | 2008-06-29 | FuturICT 2009

  9. Filtering details • Port-based • Sending packets with random payload to well-defined ports • Signature-based • Deep Packet Inspection • List of byte signatures for applications/protocols • We derived a list based on • open-source DPI: ipp2p, l7-filter • protocol definitions • own packet traces • Flow-pattern based for P2P applications • Header inspection plus spatial correlation of flows • Random payload • Data exchange: Parallel TCP connections from the same IP to several others in a port range • Control: Parallel UDP connections from the same IP to different IPs to the same port • With the correct order of probes the subtype can be determined | 2008-06-29 | FuturICT 2009

  10. Implementation issues • PlanetLab is widely used • De facto standard test network • Lot of users, slice-based access, ~20 active slices on one node • Nodes go down at times • M-Lab: dedicated to network transparency research • Founded by: Open Technology Institute, Google, PlanetLab Consortium and researchers • Administered by PlanetLab • Limited number of users, ~1 slice per CPU core • Ideal for active probing • We are deploying our system to both platforms currently | 2008-06-29 | FuturICT 2009

  11. Future work • Conduct a large-scale measurement campaign • Evaluate and draw the global map of biased network behavior More on the Internet Audit project at http://networks.cs.northwestern.edu/internet-audit/ NetBias tool will be available at the M-Lab website soon http://www.measurementlab.net/ Thank you for your attention! | 2008-06-29 | FuturICT 2009

More Related