Embed Size (px)
Citation preview
High Speed Networks Laboratory@ Budapest University of Technology and Economics
http://hsnlab.tmit.bme.hu
High Speed Networks Laboratory
Monitoring Network Bias
A joint project with Prof. Aleksandar Kuzmanovic (Northwestern University)Supported by NSF CAREER Award No. 0746360
Gergely BiczókPhD Candidate
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 20092
Outline
• Motivation: network neutrality• Internet Audit• System design• Implementation• Future work
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 20093
Net neutrality: basics
• “… a network free of restrictions on equipment, modes of communication allowed, on content, sites, and platforms and where communication is not unreasonably degraded by other communication streams …” – Wikipedia
• Own definition: you get what you asked/paid for • not less (e.g. blocking some websites)• not more (e.g. ISP-embedded content to websites)
• Debate in public, struggle in legislation, war in the Internet• Pro net neutrality: content providers (e.g., Google) and
freedom activists• www.savetheinternet.com
• Anti net neutrality: Internet Service Providers (with infrastructure, e.g., AT&T)• http://www.handsoff.org/blog/
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 20094
Net Neutrality: incentives and history
• (Access) ISPs have incentives to violate NN• “Resource management” (Comcast)• Potential side deals with content providers (AT&T)• Larger profit through own proprietary services (blocking Skype in favor of
own VoIP service)
• 2005: FCC enforcing net neutrality involving Madison River Communications that blocked Vonage VoIP
• 2006: China using Narus middleboxes to block Skype• 2007: Comcast actively poisoning BitTorrent uploads• 2008: YouTube outage, routing black hole caused by Pakistani ISP’s
regulatory policy• 2009: BitTorrent portals are blocked around the world
• 2005-: Rogers (Canada) blocks/shapes P2P, shapes all encrypted (!) traffic, forces users to its own SMTP servers, embed own content (!) into third-party webpages, …• http://ihaterogers.ca
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 20095
Internet Audit
• Goal: not to take sides in the net neutrality debate, but rather to design a system capable of making the Internet more transparent
• A distributed system to enable network accountability:• What happened, where did it happen, and who is responsible?
• Challenges:• Non-repudiable identification of discriminating network elements• Detect unfair service favoring, e.g., content provider/ISP alliances• Explore a range of threat models
• from open DoS attacks to using network policies in destructive ways
• First step: monitoring biased network behavior• provide the users with information
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 20096
Monitoring network bias
• An active measurement system which is• Distributed• Large-scale• For all end-users• Targeting access ISPs
• Capable of• Detecting DPI, blocking, shaping, DNS hijacking, …• Locating the discriminatory network element• Finding out the subtype of biased behavior (e.g., shaping based on
DPI vs. shaping)
• Provides an online service for end-users• With feedback
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 20097
System overview
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 20098
Measurement methodology
• Collect reported/possible means of discrimination applied by ISPs
• Create active probes that likely trigger these mechanism• We mostly emulate application/protocols
• e.g., BitTorrent-like traffic pattern without implementing a client• Minimal user action is required
• Filtering• Shaping (HTTP, FTP, SSL, BitTorrent)• WWW bias (DNS hijacking, torrent portal blocking, …)
• Locating middleboxes• By executing probes from multiple vantage points to the same
end-host• Correlating results• Vantage point selection is critical (IP/geo, iPlane)
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 20099
Filtering details
• Port-based• Sending packets with random payload to well-defined ports
• Signature-based• Deep Packet Inspection• List of byte signatures for applications/protocols• We derived a list based on
• open-source DPI: ipp2p, l7-filter• protocol definitions• own packet traces
• Flow-pattern based for P2P applications• Header inspection plus spatial correlation of flows• Random payload• Data exchange: Parallel TCP connections from the same IP to several others
in a port range• Control: Parallel UDP connections from the same IP to different IPs to the
same port
• With the correct order of probes the subtype can be determined
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 200910
Implementation issues
• PlanetLab is widely used• De facto standard test network• Lot of users, slice-based access, ~20 active slices on one node• Nodes go down at times
• M-Lab: dedicated to network transparency research• Founded by: Open Technology Institute, Google, PlanetLab
Consortium and researchers• Administered by PlanetLab• Limited number of users, ~1 slice per CPU core• Ideal for active probing
• We are deploying our system to both platforms currently
High Speed Networks Laboratoryhttp://hsnlab.tmit.bme.hu
| 2008-06-29 | FuturICT 200911
• Conduct a large-scale measurement campaign• Evaluate and draw the global map of biased network behavior
More on the Internet Audit project athttp://networks.cs.northwestern.edu/internet-audit/
NetBias tool will be available at the M-Lab website soonhttp://www.measurementlab.net/
Future work
Thank you for your attention!
