- Saturday, 14 November 2009
- INQ Mobile
- RSS
The visionary lies to himself, the liar only to others - Nietzche
Encryption might not protect Net Neutrality
NETWORK RESEARCHERS in Italy published a paper in IEEE Communications last month on " Detection of Encrypted Tunnels across Network Boundaries" (pdf) that might lead to technical means for those wanting to censor Internet traffic - think authoritarian governments (cough, China) and Peer-to-Peer (P2P) throttling Internet Service Providers (ISPs) - to target particular user sessions for " management" even if they are encrypted.
With opportunistic networking technology vendors having recently gotten into deep packet inspection to serve some high-handed ISPs' desire to throttle or suppress certain types of network traffic loads, and some Internet users starting to turn to encryption of network sessions to thwart them, this could become the next front in an evolving see-saw struggle over network neutality.
The scientists said they developed a statistical technique that can identify what types of network traffic Secure Shell (SSH) encrypted sessions are tunneling. Their method uses Bayesian analysis of packet sizes and transmission intervals. They claim it can determine with 99 per cent accuracy whether a specific SSH session is tunneling another network protocol rather than plain text such as operating system shell commands and text editing.
They also said that their Bayesian network traffic classifier was able to detect the type of protocol that was being encrypted and tunneled, that is, either P2P file transfers, POP and SMTP email messages, or HTTP website pages, with close to 90 per cent accuracy.
Their initial implementation has several limitations that would make it impractical for application as a generalised network censorship, er... management, facility. It can only detect tunneled SSH sessions established through servers that they control. It can handle only one type of SSH authentication. And it requires that the SSH session doesn't employ traffic compression. However, these limitations can likely be overcome with further work.
As one commenter noted, "If perfected this technology could be used by ISPs to block or throttle even encrypted P2P traffic."
However, as he then went on to say, "...it would probably be easy to create a tunneling mechanism which thwarts their detection attempts. Knowing that they use packet size and inter packet intervals you could easily manipulate these to match whatever protocol type you wanted."
Then also, traffic analysis of packet source(s) might be capable of identifying some types of P2P file transfers. Some P2P bit-torrent protocol traffic, for example, might be easily identified by its characteristic of having several network traffic sources simultaneously.
A lot of effort and money could be sunk into such a cat-and-mouse game between Internet users and the network infrastructure vendors, all to no one's eventual benefit in the event neither side ever really completely wins.
At the end of the day, that's a good argument to support the view that network neutrality is the only truly sane overarching principle that should be enforced to govern the Internet. ยต
L'Inq
Coderrr's
bog
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Remember when PAYME(c)Ultie_Tom A.R.R., asks about secure & non secure in little window?, Do You SEE https:// in address? Even if Fully Encrypted? 
Often NOT, Secure Often dosn't Even Mean Secure Socket Line, it might mean Encrypted, Which has to have UnEncryption Subroutine in place in Your End to work. Meaning Both You & Every Other Computer in Transmission Line Has That DeEncrypter, So What Good Is it?
Like Diamond Ring, Visual Identifier, Sheeish Stated:"I thought Its' Secure Cocket Line?". Most Likely NO.

haha drashek mmuuuee.
put all that money, and hard work into talking with the likes of bit torrent and such and optomising their clients to work over the network better. Tis has already been done to a large degree.

The music industry is only jsut coming round to the idea that it cannot substantially, or to any real degree of sustained success be beaten.

Game makers, especially with reference to a game called "sins of a solar empire" are coming round to the idea. indeed look for the above game, and everyone is asking people to buy it if they do use it, as people really do respect that if they are trusted they might just behave!!!!

Two things; is that "cough, China" a joke? Or are we onboard pretending we in the west aren't more into spying on and controlling normal people than china ever was?
Secondly: can someone kneecap those 'scientist' and explain them why? Soonest.
"authoritarian governments (cough, China)"

Researchers at US DOE National Labs can and do use proxies in China to access remote Internet sites which are being blocked by the US government. Imagine that even images.google.com is being censored, not only blocking pictures of - yikes - naked people. Now that is funny, isn't it? Not really if you think about the kind of people doing that, next door. You have no idea how bad the situation really is.

The same statistical methods used to identify traffic can also be used to hide traffic by adding appropriate noise.
"A lot of effort and money could be sunk into such a cat-and-mouse game between Internet users and the network infrastructure vendors, all to no one's eventual benefit in the event neither side ever really completely wins."

Yeah, but.. think of the fun tech generated.. :-)
This wouldn't help because if this type of analysis was put into use then those who used an ssh tunnel for a VPN or used encryption to disguise their P2P software usage need merely add some "noise" to the data they are sending and receiving.

The authors of the ssh VPN tunnel software could have it send some additional data (in both directions) that would disguise the data patterns and packet sizes that given them away. Ditto for P2P software authors. Just add some data that looks like a VPN, some that looks like P2P, some that looks like https and some that looks like streaming video. Suddenly that 99% certainty will drop way down and the technique will become useless.

If ISPs tried to use this analysis to determine who was doing something they didn't want, they'd only succeed in adding to their overall traffic load due to all the garbage data getting sent across their network to hide that usage they are trying to stop.

Doug
Couldn't all the money being spent on a better way to invade net users privacy be better spent to make the internet faster so we don't have to burden it with invasive technologies like this? Yes I realize you can't tell this to the Keystone Kontent Kops at the MPAA/RIAA but if I were an ISP I would be more interested in tech that wins me customers, not tech that scares them off.
It is mostly costly to the corps that are paying for the research or the technology to detect the miscreants... er, customers. Those who are working on detection avoidance are largely developing free software technology in their spare time.

It's David and Goliath all over again, although David in this case is not backed up by an Israeli army. That would mean those developing detection technology would be Phillistines. Isn't that appropriate?:)