Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted Traffic No Longer Safe From Throttling

Posted by CmdrTaco on from the didn't-think-it-was dept.

coderrr writes "New research could allow ISPs to selectively block or slow down your encrypted traffic even if they cannot snoop on your transmitted data. Italian researchers have found a way to categorize the type of traffic that is hidden inside an encrypted SSH session to around 90% accuracy. They are achieving this by analyzing packet sizes and inter-packet intervals instead of looking at the content itself. Challenges remain for ISPs to implement this technology, but it's clear that encrypting your traffic inside an SSH session or VPN connection is not a solution to protect net neutrality."

28 of 268 comments (clear)

  1. Why bother? by Threni · · Score: 2, Insightful

    They could just throttle all encrypted packets for free.

    1. Re:Why bother? by TheLink · · Score: 5, Insightful

      That'll mess up corporate vpn users with clout, and https connections to banks etc.

      Anyway it doesn't take a genius to detect p2p.

      See the user. See the user after 1 hour. See how many bytes up and down. Check how many different IP destinations the user is connected with.

      If they are downloading a lot up and down, and connected to lots of host, chances are they are using P2P. Put them on a watch list. If they are still doing it much later, you put them on a black list where from then on if they are doing something similar you throttle them immediately (you can do it in a way that would in most cases still allow that user's web surfing to work reasonably - since most users don't websurf 20 different sites at the same time AND read those pages at the same time - it doesn't matter if pages come in one by one ).

      If they aren't downloading or uploading much, why throttle? :)

      No need for fancy math. No need for "deep packet inspection" or fancy "Dumb Investors Hand Over Your Money" phrases.

      Then again maybe I should write a "research" paper, mmm $$$$ ;).

      --
    2. Re:Why bother? by TheLink · · Score: 3, Insightful

      I doubt those games even hit 1Mbps up and down sustained for more than even 1 minute :).

      If bittorrent users looked like RTS game players there won't be much traffic to throttle.

      For example it seems like it's 24kbps per opponent for Supreme Commander. So 20 opponents won't even saturate a 512kbps upstream.

      Do many people play Supreme Commander with 40 opponents at a time and expect good performance?

      --
    3. Re:Why bother? by hairyfeet · · Score: 4, Insightful
      I personally wouldn't mind if they throttled down the speed to manage congestion,but of course congestion isn't what this is about.It is about giving you a really lousy cap and going tiered so they can make money off the same customer multiple times.I had a choice of 20Gb for $35(WISP) or 36Gb for $33(cable). I of course went cable. Now there is no way that Vonage will ever have me as a customer,since any VoIP other than the cableco's counts against my cap. And from what I understand Windows updates don't count against the cap which gives me and my customers one more reason not to use Linux.


      Mark my words,they are talking about congestion now,but if they kill off P2P and turn the country into a tiered network,you'll see us end up back with the walled gardens of AOL and Compuserve. Any videos except those hosted(and generating revenue for) your ISP will count against your cap. Any VoIP or other service that isn't run by(and generating money for) your ISP will count against your cap. And they will make the cap so low that unless all you do is surf websites(and you probably want to think about blocking those flash ads while you are at it) then you are going to smack into the cap,and get to pay $1 per Gb. Unless of course you stick with what the ISP offers you,which will of course not count against your cap. Instant lock in,just add congress critters to block that nasty net neutrality. But as always this is my 02c,YMMV

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:Why bother? by amRadioHed · · Score: 2, Insightful

      Get thousands of people killed, who knows you might get elected president

      More likely that should be re-elected. It's hard to get that many deaths under your belt before being President.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
  2. Why would they do it? by cephah · · Score: 5, Insightful

    Can anyone explain to me why any ISP would use this technique? If they start looking at packet sizes to determine different kinds of encrypted traffic then the packets will just be padded, causing their network to be further overloaded...

  3. Re:Correction... by KDR_11k · · Score: 5, Insightful

    Not really, they're providers of the medium and have no business limiting or snooping the datat that goes through their network especially since they were often granted a monopoly over building infrastructure in their area.

    --
    Justice is the sheep getting arrested while an impartial judge declares the vote void.
  4. Would have happened anyway. by zwei2stein · · Score: 4, Insightful

    Even without this analysis it was kinda obvious that throttle-happy ISPs would simply throttle all encrypted data once encrypting became mainstream in P2P.

    --
    -- Technology for the sake of technology is as pathetic as eschewing technology because it's technology.
    1. Re:Would have happened anyway. by CharlieHedlin · · Score: 4, Insightful

      What about VPN tunnels? People working from home are a core customer group they don't want to piss off.

    2. Re:Would have happened anyway. by thegnu · · Score: 5, Insightful

      those people will be more obliged to pay the ridiculously jacked up business internet prices, then, i suppose.

      --
      Please stop stalking me, bro.
    3. Re:Would have happened anyway. by thegnu · · Score: 2, Insightful

      I'm just saying that restricting the majority of encrypted traffic will have no effect on the people who actually need the traffic for their job. The ISP will probably consider it a perk that they've manufactured a new "feature" for their business internet package: We don't renege on our contract.

      --
      Please stop stalking me, bro.
  5. Look, this is a dead end. by Anonymous Coward · · Score: 5, Insightful

    You can identify the type of traffic, because we're not trying very hard to hide it. If you keep going down this road, we'll just send all the time, the same constant packet size, the same rate, regardless of actually required service. It's the same to us, really, because we pay a flat price. It is not the same to you, though, because when we have to make every traffic look the same, we'll use much more of your precious bandwidth, so cut out the crap.

    1. Re:Look, this is a dead end. by Anonymous Coward · · Score: 2, Insightful

      Right. It's not like they would just throttle your entire connection if you did that.

    2. Re:Look, this is a dead end. by Anonymous Coward · · Score: 2, Insightful

      Actually - this isn't that extreme. Back about 100 years ago when I took an undergraduate Security/Encryption class - one of the issues we discussed at length was that of "Inference Control". Basically, one could *infer* certain characteristics of a communications stream just by looking at it.

      Ex: A military line normally has X amount of encrypted traffic on it. We can't crack it, but we know something is going across it...

      We pull some shit on our side of the pond, and notice that the military line now has X^2 amount of encrypted traffic on it. What are the chances that they're talking about us? Since we theorize that they're talking about us, we start looking for patterns that might decode into stuff about us... and from there, we go on to crack more and more until the code is broken...

      Even if we don't crack it, we know that this particular line is used to monitor some stuff we're doing, so we can pull some more shit and if the traffic doesn't increase on this line, then chances are we haven't been detected...

      The solution was to always keep the line filled and transmitting at a constant rate. Whenever regular traffic wasn't being transmitted, some randomized stuff was. Thus, the line was always operating at the same constant rate, and no one could infer things from the utilization of the line.

      That said - the solution to the current P2P problem is to encrypt everything, but also transmit constant amounts of traffic across the line at all times - if you're not sending real packets, send some randomized, encrypted shit instead. Just make certain that the random source is truly pseudorandom (but that's a whole different discussion)...

      Basically, this is an arms race - and we need to win it. The solutions are going to be rather interesting, and I predict will have more application than just this current P2P nonsense which the ISP's are battling against...

  6. This will backfire by DarkOx · · Score: 5, Insightful

    All its going to do is encourage P2P developers to try (and they will likely succeed) to make P2P traffic look more like other traffic. Want your bittorent to look more like encrypted telnet? Easy send tons of tiny packets and take a short break every few seconds. All this is going to do is increase the packet overhead the ISPs see. That same overhead will also hurt P2P end users but unless its more then the throttle does they will do it anyone. Its a loose loose situation really. They ISPs should realize they gain nothing going down this path.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    1. Re:This will backfire by Brainix · · Score: 4, Insightful

      The ISPs will continue down this path until it is no longer economically feasible to do so. And that day *is* coming. One day, it'll be more expensive to play these cat-and-mouse games than to just give away cheap bandwidth, disk space, etc.

      --
      Raj Against the Machine! http://social-butterfly.appspot.com/
    2. Re:This will backfire by grahamd0 · · Score: 2, Insightful

      It will always be economically feasible to provide lousy service. Prices can always be raised if reducing the quality of service becomes more expensive.

  7. Or they can just be lazy and save money by Zerth · · Score: 2, Insightful

    And throttle all encrypted traffic over whatever an IP phone or VPN connection would use on assumption of file-sharing. They don't give a rat's ass what you are doing, really, they just want a reason to throttle you and this company just makes money by giving them one.

  8. Another Correction... by JustinOpinion · · Score: 5, Insightful

    How about:

    Not a solution to defeat ISPs attempts to control what's going through the government-funded, monopoly-protected, public-land-using network.

    You're right, facts do change the interpretation.

  9. Next move... by PhotoGuy · · Score: 3, Insightful

    Well, the next move would simply be some tool, or modification to bittorrent, that makes the traffic patterns look like that of other protocols. While I'm sure it would have some impact upon performance, surely torrent packets can be make to look pretty damn similar to a bunch of HTTPS images being loaded on a web page (or something along those lines). Just like DRM, each move like this isn't solving any problem, just slowing things down, while a counter-move is made. (Or, another provider is chosen who doesn't throttle traffic, competition permitting.)

    --
    Love many, trust a few, do harm to none.
  10. Re:Correction... by DrJokepu · · Score: 4, Insightful

    Not a solution to defeat ISPs attempts to control, what's going through their network.

    Do you understand that ISPs are not exactly charity organizations, don't you? I am paying for their service and I expect it to work as it was advertised in their offer.

  11. Re:Correction... by Eivind · · Score: 5, Insightful

    If these policies where openly documented, and there where truly free competition, I'd agree with you; let the market sort it out.

    That typically isn't the case. First, these policies are rarely documented at all, and if they are, it's in language so vague as to make it useless for purposes of comparing one ISP to another. ("We may, at our discretion, at various times, perform adjustments to packet-priority")

    Free competition is also the exception rather than the rule. A huge fraction of end-user-lines where built by telcos acting as a government-granted monopoly, and then they somehow got to keep a large piece of this after the monopolies are no longer in principle monopolies. Which means in many areas they are still in -practice- pretty close to monopolies.

    And even where they're not, competition is low and that will remain so. Few people have more than 2, perhaps 3 physical cables coming in that are suitable for broadband. (many have a twisted-pair copper that used to be for POTS and a coax that used to be for analogue-cable, and that's it, extra bonus if the old monopolist owns the tv-cable in your area!)

    This ain't gonna change. A single modern cable has moder than enough capacity for all needs, so it's not economically sensible to have a large number of competitive cable-networks.

    Really, last-mile networks should be owned and run by the neighbourhoods, or failing that atleast be considered infrastructure, really today a working broadband-connection is basic infrastructure like electric power, water, sewage and roads. (it's not -equally- crucial as those, but it's crucial nevertheless, I doubt a house with -no- telecom-connection of any sort would find many buyers)

    Wireless changes the picture a bit, for low-bandwith applications. But only a bit. The problem is that the RF-spectrum is fundamentally shared, thus it will not be possible to deliver the same speeds and reliability as is possible on physical cable. (a single single-mode fibre easily supports speeds up atleast a Tbps or thereabouts which is more than most people need for the next few decades)

  12. Re:Correction... by Dr_Barnowl · · Score: 4, Insightful

    Not a solution to defeat ISPs attempts to control, what's going through networks they constructed with large sums of both public and private money they mortgaged against providing a service to their customers, not fighting against them.

    Yup, sure do.

  13. Comparison to copy protection schemes by intx13 · · Score: 3, Insightful

    Attempts to analyze (and then throttle) Internet traffic reminds me of copy protection schemes. The schemes get more and more complicated (and costly) and at every turn the user gets more sophisticated in his or her attempts to get around the protection. ISPs would be wise to look at the music, movie, and in particular video game industries and realize that there are many, many more users who wish to use P2P software than there are ISP engineers who wish to throttle said users, and that it will always be a losing battle.

    Personally, I think the granularity of the ISP payment schemes need to be increased. We pay for cell phone minutes in blocks of 100 or so (or by the minute, depending on your plan); we pay for electricity by the kWH, we pay for water by the gallon (or liter), and so on... why not pay for bandwidth by the Mb? In a perfect world (yeah, well, one can dream!) this would mean reduced costs for the average home Internet user, as most people aren't using anywhere close to what is available, and maybe slightly increased costs for people like me. But then at the same time throttling is no longer an issue. Of course in reality this is unlikely to happen any time soon; why charge responsible, realistic rates when you could charge a flat fee and then just block any traffic you don't like with increasingly expensive technology (and pass the cost on to your monthly subscribers, of course)?

    ISPs, learn from the "War on Copyright Violation" - you won't win this battle; give it up and fix the underlying problem.

  14. Re:They can already throttle encrypted traffic. by Klaus_1250 · · Score: 4, Insightful

    There is another weakness in BT which allows ISP's to throttle traffic. Client to tracker communications. Unless your tracker uses SSL, all peers inside a swarm are send over in the clear. So your ISP knows which IPs are likely to send and receive BT-traffic. They don't have to look at the traffic, they just use the same information the tracker provided to you. IP in BT-swarm? Throttle.

    --
    It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
  15. Re:Correction... by aussie_a · · Score: 3, Insightful

    Funny, when I began using their service they never told me they would throttle certain protocols. They said they'd give me access to the internet at certain speeds to the best of their ability. Throttling packets seemed to be significantly below their best.

  16. Let me help you with this.... by spasmhead · · Score: 1, Insightful

    See the user. See the user after 1 hour. See how many bytes up and down. Check how many different IP destinations the user is connected with.

    Errrr, if they are using VPN then they will have 1 IP destination, to the company that's providing the VPN (think SecureIX or Relakks)

    If they aren't downloading or uploading much, why throttle? :)

    well, of course, we could all just buy an overpriced brardband connection and just not use it. At all. Then we could confidently boast that our connections are never getting throttled and happily invite people to look long and hard at how fucking good we are.

    As it happens, we bought our net connections for a reason.

    And while Iâ(TM)m at it, does anyone notice that the same ISP's that are most inclined to throttle you (or even report you to the music industry) are the ones who *still* advertise their service by boasting how many music/video files you can download in an hour?

  17. Re:Er, no. by UnderCoverPenguin · · Score: 2, Insightful

    Moreover, isn't there a simple workaround in padding your ssh/scp packets and adding a random 10% chance of +1-25ms delay between packets?

    The extra random delay might help a little, but adding padding would just make it more likely to get flagged for throttling.

    --
    Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr