Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
The ICSI HaystackA Platform for Hybrid Mobile
Measurements in the Wild
Narseo Vallina-Rodriguez
In collaboration with:
S. Sundaresan, C. Kreibich, M. Allman, V. Paxson (ICSI/UC Berkeley)A. Razaghpanah, P. Gill (Stony Brook University)
AIMS Workshop - CAIDA, February 2016
2
How much do we know about the mobile ecosystem?
3
Privacy
Performance
MVNO3G
Proxies
CDNs
Users
Apps
Security
WiFi
Ads
LTE
The mobile jigsaw
DNS
QUICIPv6
NAT
CGNsTLS
ACTIVEMEASUREMENTS
4
Privacy
Performance
MVNO3G
Proxies
CDNs
Users
Apps
Security
WiFi
Ads
LTE
The mobile jigsaw
DNS
QUICIPv6
NAT
CGNsTLS
STATIC AND DYNAMIC ANALYSIS
5
Privacy
Performance
MVNO3G
Proxies
CDNs
Users
Apps
Security
WiFi
Ads
LTE
The mobile jigsaw
DNS
QUICIPv6
NAT
CGNsTLS
INSTRUMENTED PHONES
(root access)
6
Privacy
Performance
MVNO3G
Proxies
CDNs
Users
Apps
Security
WiFi
Ads
LTE
The mobile jigsaw
DNS
QUICIPv6
NAT
CGNsTLS
ISPTRACES
7
Privacy
Performance
MVNO3G
Proxies
CDNs
Users
Apps
Security
WiFi
Ads
LTE
The mobile jigsaw
DNS
QUICIPv6
NAT
CGNsTLS
VPN AND PROXY TRACES
8
TRADE- OFFS!
9
The ideal mobile measurements platform:
Real-world operation
Comprehensiveness
Local operation
Large scale
A user-centric, and on-device measurements platform that intercepts
and studies network traffic and app activity in user space
The ICSI Haystack
10
Traffic Analyzer (off-path)
Forwarder tun
interface
Schematic view of Haystack
DefaultGW
TLS Proxy
Anonymizedreports (IRB)
DB @ ICSI
App traffic
InternetRaw packets
Java sockets! 😡i.e., no-packet level traces
Max throughput: ~55 MbpsExtra latency < 1-4 ms
Battery overhead: 2-9 %
Optional TLSinterception
Contextualized traffic analysis
12
A easy-to-deploy tool for mobile users!
The user engagement challenge
13
14
Technical details and performance evaluation:
Ongoing and FutureResearch Directions
15
We are [mostly] in the dark about how mobile apps behave in ANY network!
“I love working for the NSA, but if I’d wanted to snoop on people’s most intimate information, I’d have become an app developer!”
http://www.robcottingham.ca/
Who do apps talk to, what do they talk about, and how?
17
0
10
20
30
40
grap
h.fa
cebo
ok.c
omcr
ashl
ytic
s.co
mgo
ogle
.com
goog
leap
is.co
mdo
uble
clic
k.ne
tflu
rry.c
omgs
tatic
.com
goog
lesy
ndic
atio
n.co
mam
azon
aws.
com
scor
ecar
dres
earc
h.co
mgo
ogle
tagm
anag
er.c
omam
azon−a
dsys
tem
.com
mix
pane
l.com
goog
leus
erco
nten
t.com
mop
ub.c
omgo
ogle−a
naly
tics.
com
clou
dfro
nt.n
ettw
itter
.com
face
book
.com
twim
g.co
m
% o
f App
s
Provides DPI and generates accurate behavioral signatures New-generation analytics and ad networks use TLS!
Allows users to stay in control of their traffic
Performance evaluation: Real-world DNS
18
Can measure contextualized “real-world” traffic performance
Enables reactive measurements [Allman+Paxson, PAM 2008]
App Median 𝞓(tApp-ttcpdump) (𝞵s) StdDev 𝞓(tApp-ttcpdump) (𝞵s)
JavaApp 1,254 658
Haystack 1,211 303
• What are your reactions both as users and researchers?
• How can we improve app usability and mobile transparency?
• What are the most challenging, worrying and urging aspects of mobile systems?
19
Community feedback:
Visit: www.haystack.com