Authors:
(1) Vinod S. Khandkar and Manjesh K. Hanawal, Industrial Engineering and Operations Research Indian Institute of Technology Bombay, Mumbai, India and {vinod.khandkar, mhanawal}@iitb.ac.in. Table of Links Abstract & Introduction Related Work and Background Challenges in TD Detection Measurement Setup Development Case Study : Wehe - TD Detection Tool for Mobile Environment Shortcoming of Wehe on HTTPS Traffic TD Detection of HTTPS Traffic Conclusion & References VII. CONCLUSION Net neutrality violation detection is a need of an hour. As many of the ISPs are also content providers these days, they compete with each other, which can lead to one deliberately discriminating the services of the other to gain market share. However, users should have the freedom to choose services as per their wishes. Our work considered various challenges in the detection of traffic discrimination in HTTPS traffic. As a case study, we validated Wehe, one of the latest tools available to detect traffic differentiation. The described challenges helped us divide the entire tool into multiple interdependent components and validate them independently. Our validation using commercial traffic shaper revealed that traffic in Wehe setup may not mimic the characteristics of HTTPS traffic accessed from the original servers. Hence, middle-boxes may not subject them to intended discrimination. Thus, Wehe may not detect discrimination of HTTPS traffic. Our new method that uses the appropriate SNI parameter value in the initial TLS handshake message overcomes this shortcoming. Hence our work provided a mechanism to detect a wide range of possible discriminations on the Internet. REFERENCES [1] T. Garrett, L. E. Setenareski, L. M. Peres, L. C. E. Bona, and E. P. Duarte, “Monitoring network neutrality: A survey on traffic differentiation detection,” IEEE Communications Surveys Tutorials, vol. 20, no. 3, pp. 2486–2517, 2018. [2] V. Nguyen, D. Mohammed, M. Omar, and P. Dean, “Net neutrality around the globe: A survey,” in 2020 3rd International Conference on Information and Computer Technologies (ICICT), 2020, pp. 480–488. [3] Ramneek, P. Hosein, W. Choi, and W. Seok, “Detecting network neutrality violations through packet loss statistics,” in 2015 17th AsiaPacific Network Operations and Management Symposium (APNOMS), 2015, pp. 404–407. [4] D. Li, F. Tian, M. Zhu, L. Wang, and L. Sun, “A novel framework for analysis of global network neutrality based on packet loss rate,” in 2015 International Conference on Cloud Computing and Big Data (CCBD), 2015, pp. 297–304. [5] M. Dischinger, A. Mislove, A. Haeberlen, and K. P. Gummadi, “Detecting bittorrent blocking,” in Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, Oct. 2008, pp. 3–8. [6] M. B. Tariq, M. Motiwala, N. Feamster, and M. Ammar, “Detecting network neutrality violations with causal inference,” in Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, ser. CoNEXT ’09. New York, NY, USA: Association for Computing Machinery, 2009, p. 289–300. [Online]. Available: https://doi.org/10.1145/1658939.1658972 [7] R. Ravaioli, G. Urvoy-Keller, and C. Barakat, “Towards a general solution for detecting traffic differentiation at the internet access,” in 2015 27th International Teletraffic Congress, Sep. 2015, pp. 1–9. [8] Y. Zhang, Z. M. Mao, and M. Zhang, “Detecting traffic differentiation in backbone isps with netpolice,” in Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, ser. IMC ’09. New York, NY, USA: ACM, 2009, pp. 103–115. [Online]. Available: http://doi.acm.org/10.1145/1644893.1644905 [9] P. Kanuparthy and C. Dovrolis, “Shaperprobe: End-to-end detection of isp traffic shaping using active methods,” in Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, Nov. 2011, pp. 473–482. [10] U. Weinsberg, A. Soule, and L. Massoulie, “Inferring traffic shaping and policy parameters using end host measurements,” in Proceedings of IEEE INFOCOM, 2011. [11] M. Dischinger, M. Marcon, S. Guha, K. Gummadi, R. Mahajan, and S. Saroiu, “Glasnost: Enabling end users to detect traffic differentiation,” in 7th USENIX Conf. Networked Systems Design and Implementation, Apr. 2010, pp. 27–27. [12] V. Bashko, N. Melnikov, A. Sehgal, and J. Schonw ¨ alder, “Bonafide: A ¨ traffic shaping detection tool for mobile networks,” in 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013), 2013, pp. 328–335. [13] A. Molavi Kakhki, A. Razaghpanah, A. Li, H. Koo, R. Golani, D. Choffnes, P. Gill, and A. Mislove, “Identifying traffic differentiation in mobile networks,” in Proceedings of the 2015 Internet Measurement Conference, Oct. 2015, pp. 239–251. [14] R. Narisetty and D. Gurkan, “Identification of network measurement challenges in openflow-based service chaining,” in 39th Annual IEEE Conference on Local Computer Networks Workshops, 2014, pp. 663– 670. [15] E. Balestrieri, L. De Vito, F. Lamonaca, F. Picariello, S. Rapuano, and I. Tudosa, “Research challenges in measurement for internet of things systems,” ACTA IMEKO, vol. 7, p. 82, 01 2019. [16] E. Karoly. (2000, Feb.) Qos performance validation in real life scenarios. [Online]. Available: http://archive.opengroup.org/tech/qos/ conference/q101/karoly.pdf [17] S. Molnar, P. Megyesi, and G. Szab ´ o, “How to validate traffic gen- ´ erators?” in 2013 IEEE International Conference on Communications Workshops (ICC), 2013, pp. 1340–1344. [18] G. Lu, Y. Chen, S. Birrer, F. E. Bustamante, C. Y. Cheung, and X. Li, “End-to-end inference of router packet forwarding priority,” in IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications, 2007, pp. 1784–1792. [19] R. Mahajan, M. Zhang, L. Poole, and V. Pai, “Uncovering performance differences among backbone isps with netdiff,” in Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, 2008, pp. 205–218. [20] (2008, Jun.) Ookla, measuring and understanding broadband : Speed, quality and application. [Online]. Available: https://www.ookla.com/ docs/UnderstandingBroadbandMeasurement.pdf [21] V. S. Khandkar and M. K. Hanawal, “Detection of traffic discrimination in the internet,” in 2020 International Conference on COMmunication Systems NETworkS (COMSNETS), 2020, pp. 677–679. [22] Tcpreplay: Pcap editing and replay tools for *nix. [Online]. Available: https://github.com/appneta/tcpreplay [23] W. Cui, V. Paxson, N. Weaver, and R. Katz, “Protocol-independent adaptive replay of application dialog,” in 13th Annual Network and Distributed System Security Symposium (NDSS), Feb. 2006, pp. 27–27. [24] R. T. El-Maghraby, N. M. Abd Elazim, and A. M. Bahaa-Eldin, “A survey on deep packet inspection,” in 2017 12th International Conference on Computer Engineering and Systems (ICCES), 2017, pp. 188–197. [25] M. AlSabah, K. Bauer, and I. Goldberg, “Enhancing tor’s performance using real-time traffic classification,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, ser. CCS ’12. New York, NY, USA: Association for Computing Machinery, 2012, p. 73–84. [Online]. Available: https://doi.org/10.1145/2382196.2382208 [26] Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman, “The Transport Layer Security (TLS) Protocol Version 1.3,” Internet Requests for Comments, IETF, RFC 7858, August 2018. [Online]. Available: https://tools.ietf.org/pdf/rfc8446.pdf [27] C. Zhou, C. Lin, and Z. Guo, “mdash: A markov decision-based rate adaptation approach for dynamic http streaming,” IEEE Transactions on Multimedia, vol. 18, no. 4, pp. 738–751, Apr. 2016. [28] T. Joe, L. Eliot, M. Allison, K. Markku, O. Kumiko, S. Martin, E. Lars, M. Alexey, E. Wes, Z. Alexander, T. Brian, I. Jana, M. Allison, T. Michael, K. Eddie, and N. Yoshifumi. (2020, Sept) Service name and transport protocol port number registry. [Online]. Available: https://www.iana.org/assignments/ service-names-port-numbers/service-names-port-numbers.xhtml [29] G. Keinan. (2018, January) Optimizing enterprise networks through sd-avc (software define application visibility and control). [Online]. Available: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/ pdf/BRKCRS-2502.pdf [30] A. Rao, J. Sherry, A. Legout, A. Krishnamurthy, W. Dabbous, and D. Choffnes, “Meddle: middleboxes for increased transparency and control of mobile traffic,” in CoNEXT Student Workshop, ACM, 12 2012, pp. 65–66. [31] R. Liu and X. Yu, “A survey on encrypted traffic identification,” in Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies, ser. CIAT 2020. New York, NY, USA: Association for Computing Machinery, 2020, p. 159–163. [Online]. Available: https://doi.org/10.1145/3444370.3444564 [32] F. Li, A. A. Niaki, D. Choffnes, P. Gill, and A. Mislove, “A large-scale analysis of deployed traffic differentiation practices,” in Proceedings of the ACM Special Interest Group on Data Communication, ser. SIGCOMM ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 130–144. [Online]. Available: https://doi.org/10.1145/3341302.3342092 [33] P. Srisuresh and K. Egevang, “Traditional IP Network Address Translator (Traditional NAT),” Internet Requests for Comments, IETF, RFC 3022, Jan 2001. [Online]. Available: https://tools.ietf.org/pdf/rfc3022.pdf This paper is available on arxiv under CC 4.0 license. Authors: (1) Vinod S. Khandkar and Manjesh K. Hanawal, Industrial Engineering and Operations Research Indian Institute of Technology Bombay, Mumbai, India and {vinod.khandkar, mhanawal}@iitb.ac.in. Authors: Authors: (1) Vinod S. Khandkar and Manjesh K. Hanawal, Industrial Engineering and Operations Research Indian Institute of Technology Bombay, Mumbai, India and {vinod.khandkar, mhanawal}@iitb.ac.in. Table of Links Abstract & Introduction Abstract & Introduction Related Work and Background Related Work and Background Challenges in TD Detection Measurement Setup Development Challenges in TD Detection Measurement Setup Development Case Study : Wehe - TD Detection Tool for Mobile Environment Case Study : Wehe - TD Detection Tool for Mobile Environment Shortcoming of Wehe on HTTPS Traffic Shortcoming of Wehe on HTTPS Traffic TD Detection of HTTPS Traffic TD Detection of HTTPS Traffic Conclusion & References Conclusion & References VII. CONCLUSION Net neutrality violation detection is a need of an hour. As many of the ISPs are also content providers these days, they compete with each other, which can lead to one deliberately discriminating the services of the other to gain market share. However, users should have the freedom to choose services as per their wishes. Our work considered various challenges in the detection of traffic discrimination in HTTPS traffic. As a case study, we validated Wehe, one of the latest tools available to detect traffic differentiation. The described challenges helped us divide the entire tool into multiple interdependent components and validate them independently. Our validation using commercial traffic shaper revealed that traffic in Wehe setup may not mimic the characteristics of HTTPS traffic accessed from the original servers. Hence, middle-boxes may not subject them to intended discrimination. Thus, Wehe may not detect discrimination of HTTPS traffic. Our new method that uses the appropriate SNI parameter value in the initial TLS handshake message overcomes this shortcoming. Hence our work provided a mechanism to detect a wide range of possible discriminations on the Internet. REFERENCES [1] T. Garrett, L. E. Setenareski, L. M. Peres, L. C. E. Bona, and E. P. Duarte, “Monitoring network neutrality: A survey on traffic differentiation detection,” IEEE Communications Surveys Tutorials, vol. 20, no. 3, pp. 2486–2517, 2018. [2] V. Nguyen, D. Mohammed, M. Omar, and P. Dean, “Net neutrality around the globe: A survey,” in 2020 3rd International Conference on Information and Computer Technologies (ICICT), 2020, pp. 480–488. [3] Ramneek, P. Hosein, W. Choi, and W. Seok, “Detecting network neutrality violations through packet loss statistics,” in 2015 17th AsiaPacific Network Operations and Management Symposium (APNOMS), 2015, pp. 404–407. [4] D. Li, F. Tian, M. Zhu, L. Wang, and L. Sun, “A novel framework for analysis of global network neutrality based on packet loss rate,” in 2015 International Conference on Cloud Computing and Big Data (CCBD), 2015, pp. 297–304. [5] M. Dischinger, A. Mislove, A. Haeberlen, and K. P. Gummadi, “Detecting bittorrent blocking,” in Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, Oct. 2008, pp. 3–8. [6] M. B. Tariq, M. Motiwala, N. Feamster, and M. Ammar, “Detecting network neutrality violations with causal inference,” in Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, ser. CoNEXT ’09. New York, NY, USA: Association for Computing Machinery, 2009, p. 289–300. [Online]. Available: https://doi.org/10.1145/1658939.1658972 [7] R. Ravaioli, G. Urvoy-Keller, and C. Barakat, “Towards a general solution for detecting traffic differentiation at the internet access,” in 2015 27th International Teletraffic Congress, Sep. 2015, pp. 1–9. [8] Y. Zhang, Z. M. Mao, and M. Zhang, “Detecting traffic differentiation in backbone isps with netpolice,” in Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement, ser. IMC ’09. New York, NY, USA: ACM, 2009, pp. 103–115. [Online]. Available: http://doi.acm.org/10.1145/1644893.1644905 [9] P. Kanuparthy and C. Dovrolis, “Shaperprobe: End-to-end detection of isp traffic shaping using active methods,” in Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, Nov. 2011, pp. 473–482. [10] U. Weinsberg, A. Soule, and L. Massoulie, “Inferring traffic shaping and policy parameters using end host measurements,” in Proceedings of IEEE INFOCOM, 2011. [11] M. Dischinger, M. Marcon, S. Guha, K. Gummadi, R. Mahajan, and S. Saroiu, “Glasnost: Enabling end users to detect traffic differentiation,” in 7th USENIX Conf. Networked Systems Design and Implementation, Apr. 2010, pp. 27–27. [12] V. Bashko, N. Melnikov, A. Sehgal, and J. Schonw ¨ alder, “Bonafide: A ¨ traffic shaping detection tool for mobile networks,” in 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013), 2013, pp. 328–335. [13] A. Molavi Kakhki, A. Razaghpanah, A. Li, H. Koo, R. Golani, D. Choffnes, P. Gill, and A. Mislove, “Identifying traffic differentiation in mobile networks,” in Proceedings of the 2015 Internet Measurement Conference, Oct. 2015, pp. 239–251. [14] R. Narisetty and D. Gurkan, “Identification of network measurement challenges in openflow-based service chaining,” in 39th Annual IEEE Conference on Local Computer Networks Workshops, 2014, pp. 663– 670. [15] E. Balestrieri, L. De Vito, F. Lamonaca, F. Picariello, S. Rapuano, and I. Tudosa, “Research challenges in measurement for internet of things systems,” ACTA IMEKO, vol. 7, p. 82, 01 2019. [16] E. Karoly. (2000, Feb.) Qos performance validation in real life scenarios. [Online]. Available: http://archive.opengroup.org/tech/qos/ conference/q101/karoly.pdf [17] S. Molnar, P. Megyesi, and G. Szab ´ o, “How to validate traffic gen- ´ erators?” in 2013 IEEE International Conference on Communications Workshops (ICC), 2013, pp. 1340–1344. [18] G. Lu, Y. Chen, S. Birrer, F. E. Bustamante, C. Y. Cheung, and X. Li, “End-to-end inference of router packet forwarding priority,” in IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications, 2007, pp. 1784–1792. [19] R. Mahajan, M. Zhang, L. Poole, and V. Pai, “Uncovering performance differences among backbone isps with netdiff,” in Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, 2008, pp. 205–218. [20] (2008, Jun.) Ookla, measuring and understanding broadband : Speed, quality and application. [Online]. Available: https://www.ookla.com/ docs/UnderstandingBroadbandMeasurement.pdf [21] V. S. Khandkar and M. K. Hanawal, “Detection of traffic discrimination in the internet,” in 2020 International Conference on COMmunication Systems NETworkS (COMSNETS), 2020, pp. 677–679. [22] Tcpreplay: Pcap editing and replay tools for *nix. [Online]. Available: https://github.com/appneta/tcpreplay [23] W. Cui, V. Paxson, N. Weaver, and R. Katz, “Protocol-independent adaptive replay of application dialog,” in 13th Annual Network and Distributed System Security Symposium (NDSS), Feb. 2006, pp. 27–27. [24] R. T. El-Maghraby, N. M. Abd Elazim, and A. M. Bahaa-Eldin, “A survey on deep packet inspection,” in 2017 12th International Conference on Computer Engineering and Systems (ICCES), 2017, pp. 188–197. [25] M. AlSabah, K. Bauer, and I. Goldberg, “Enhancing tor’s performance using real-time traffic classification,” in Proceedings of the 2012 ACM Conference on Computer and Communications Security, ser. CCS ’12. New York, NY, USA: Association for Computing Machinery, 2012, p. 73–84. [Online]. Available: https://doi.org/10.1145/2382196.2382208 [26] Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman, “The Transport Layer Security (TLS) Protocol Version 1.3,” Internet Requests for Comments, IETF, RFC 7858, August 2018. [Online]. Available: https://tools.ietf.org/pdf/rfc8446.pdf [27] C. Zhou, C. Lin, and Z. Guo, “mdash: A markov decision-based rate adaptation approach for dynamic http streaming,” IEEE Transactions on Multimedia, vol. 18, no. 4, pp. 738–751, Apr. 2016. [28] T. Joe, L. Eliot, M. Allison, K. Markku, O. Kumiko, S. Martin, E. Lars, M. Alexey, E. Wes, Z. Alexander, T. Brian, I. Jana, M. Allison, T. Michael, K. Eddie, and N. Yoshifumi. (2020, Sept) Service name and transport protocol port number registry. [Online]. Available: https://www.iana.org/assignments/ service-names-port-numbers/service-names-port-numbers.xhtml [29] G. Keinan. (2018, January) Optimizing enterprise networks through sd-avc (software define application visibility and control). [Online]. Available: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/ pdf/BRKCRS-2502.pdf [30] A. Rao, J. Sherry, A. Legout, A. Krishnamurthy, W. Dabbous, and D. Choffnes, “Meddle: middleboxes for increased transparency and control of mobile traffic,” in CoNEXT Student Workshop, ACM, 12 2012, pp. 65–66. [31] R. Liu and X. Yu, “A survey on encrypted traffic identification,” in Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies, ser. CIAT 2020. New York, NY, USA: Association for Computing Machinery, 2020, p. 159–163. [Online]. Available: https://doi.org/10.1145/3444370.3444564 [32] F. Li, A. A. Niaki, D. Choffnes, P. Gill, and A. Mislove, “A large-scale analysis of deployed traffic differentiation practices,” in Proceedings of the ACM Special Interest Group on Data Communication, ser. SIGCOMM ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 130–144. [Online]. Available: https://doi.org/10.1145/3341302.3342092 [33] P. Srisuresh and K. Egevang, “Traditional IP Network Address Translator (Traditional NAT),” Internet Requests for Comments, IETF, RFC 3022, Jan 2001. [Online]. Available: https://tools.ietf.org/pdf/rfc3022.pdf This paper is available on arxiv under CC 4.0 license. This paper is available on arxiv under CC 4.0 license. available on arxiv

Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.

Why Wehe Struggles with TD Detection of HTTPS Traffic

Read My Stories

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

Ensuring Fair Internet Access: Challenges and Solutions in Traffic Discrimination Detection

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Why Wehe Struggles with TD Detection of HTTPS Traffic

Understanding the Shortcomings of Wehe on HTTPS Traffic Detection

Challenges in Net Neutrality Violation Detection: A Case Study of Wehe Tool and Improvements

Techniques for Detecting Discrimination in Streaming Services

Addressing Challenges in Network Response and Traffic Differentiation Detection

Why Wehe Struggles with TD Detection of HTTPS Traffic

Understanding the Shortcomings of Wehe on HTTPS Traffic Detection

Challenges in Net Neutrality Violation Detection: A Case Study of Wehe Tool and Improvements

Techniques for Detecting Discrimination in Streaming Services

Addressing Challenges in Network Response and Traffic Differentiation Detection

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps