Slashdot Mirror
Encrypted Traffic No Longer Safe From Throttling
coderrr writes "New research could allow ISPs to selectively block or slow down your encrypted traffic even if they cannot snoop on your transmitted data. Italian researchers have found a way to categorize the type of traffic that is hidden inside an encrypted SSH session to around 90% accuracy. They are achieving this by analyzing packet sizes and inter-packet intervals instead of looking at the content itself. Challenges remain for ISPs to implement this technology, but it's clear that encrypting your traffic inside an SSH session or VPN connection is not a solution to protect net neutrality."
First, encrypted traffic was never safe from throttling anyway. Second, FTA:
"So it seems the use of a tool like this would be limited to an extremely controlled environment where users are limited to a white-list set of network protocols (so that they can't use a different tunneling mechanism, stunnel for example) and only allowed to ssh to servers under the control of the censoring party. In which case you would wonder why the admin wouldn't just set the ssh server's AllowTcpForwarding option to false."
Kinda useless.
Can anyone explain to me why any ISP would use this technique? If they start looking at packet sizes to determine different kinds of encrypted traffic then the packets will just be padded, causing their network to be further overloaded...
Not really, they're providers of the medium and have no business limiting or snooping the datat that goes through their network especially since they were often granted a monopoly over building infrastructure in their area.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
Even without this analysis it was kinda obvious that throttle-happy ISPs would simply throttle all encrypted data once encrypting became mainstream in P2P.
-- Technology for the sake of technology is as pathetic as eschewing technology because it's technology.
You can identify the type of traffic, because we're not trying very hard to hide it. If you keep going down this road, we'll just send all the time, the same constant packet size, the same rate, regardless of actually required service. It's the same to us, really, because we pay a flat price. It is not the same to you, though, because when we have to make every traffic look the same, we'll use much more of your precious bandwidth, so cut out the crap.
All its going to do is encourage P2P developers to try (and they will likely succeed) to make P2P traffic look more like other traffic. Want your bittorent to look more like encrypted telnet? Easy send tons of tiny packets and take a short break every few seconds. All this is going to do is increase the packet overhead the ISPs see. That same overhead will also hurt P2P end users but unless its more then the throttle does they will do it anyone. Its a loose loose situation really. They ISPs should realize they gain nothing going down this path.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
How about:
Not a solution to defeat ISPs attempts to control what's going through the government-funded, monopoly-protected, public-land-using network.
You're right, facts do change the interpretation.
Could be worse. Rogers and Bell, here in Canada, just throttle ALL encrypted traffic.
Do you understand that ISPs are not exactly charity organizations, don't you? I am paying for their service and I expect it to work as it was advertised in their offer.
detect if one of the mario brothers is inside the packet, 89.9% of the time
If these policies where openly documented, and there where truly free competition, I'd agree with you; let the market sort it out.
That typically isn't the case. First, these policies are rarely documented at all, and if they are, it's in language so vague as to make it useless for purposes of comparing one ISP to another. ("We may, at our discretion, at various times, perform adjustments to packet-priority")
Free competition is also the exception rather than the rule. A huge fraction of end-user-lines where built by telcos acting as a government-granted monopoly, and then they somehow got to keep a large piece of this after the monopolies are no longer in principle monopolies. Which means in many areas they are still in -practice- pretty close to monopolies.
And even where they're not, competition is low and that will remain so. Few people have more than 2, perhaps 3 physical cables coming in that are suitable for broadband. (many have a twisted-pair copper that used to be for POTS and a coax that used to be for analogue-cable, and that's it, extra bonus if the old monopolist owns the tv-cable in your area!)
This ain't gonna change. A single modern cable has moder than enough capacity for all needs, so it's not economically sensible to have a large number of competitive cable-networks.
Really, last-mile networks should be owned and run by the neighbourhoods, or failing that atleast be considered infrastructure, really today a working broadband-connection is basic infrastructure like electric power, water, sewage and roads. (it's not -equally- crucial as those, but it's crucial nevertheless, I doubt a house with -no- telecom-connection of any sort would find many buyers)
Wireless changes the picture a bit, for low-bandwith applications. But only a bit. The problem is that the RF-spectrum is fundamentally shared, thus it will not be possible to deliver the same speeds and reliability as is possible on physical cable. (a single single-mode fibre easily supports speeds up atleast a Tbps or thereabouts which is more than most people need for the next few decades)
Not a solution to defeat ISPs attempts to control, what's going through networks they constructed with large sums of both public and private money they mortgaged against providing a service to their customers, not fighting against them.
Yup, sure do.
That'll mess up corporate vpn users with clout, and https connections to banks etc.
:)
;).
Anyway it doesn't take a genius to detect p2p.
See the user. See the user after 1 hour. See how many bytes up and down. Check how many different IP destinations the user is connected with.
If they are downloading a lot up and down, and connected to lots of host, chances are they are using P2P. Put them on a watch list. If they are still doing it much later, you put them on a black list where from then on if they are doing something similar you throttle them immediately (you can do it in a way that would in most cases still allow that user's web surfing to work reasonably - since most users don't websurf 20 different sites at the same time AND read those pages at the same time - it doesn't matter if pages come in one by one ).
If they aren't downloading or uploading much, why throttle?
No need for fancy math. No need for "deep packet inspection" or fancy "Dumb Investors Hand Over Your Money" phrases.
Then again maybe I should write a "research" paper, mmm $$$$
Yeah but that's a cheat owing to the tubes. See, they route all traffic through a huge green pipe and listen for the "Gew gew gew" noise that signals the presence of a Mario Brother.
Why would an ISP do Deep Mario Brother Inspection, I hear you ask? Well if you remember, those depths were filled with coins! There's no depth an ISP won't go in order to get those.
And in the next (or two) release of SSH implementations, this weakness will, no doubt, be fixed.
Professional cryptographers have known for decades that you don't just switch on your transmitter when you want to send a secret message - no matter how well encrypted it is. The mere fact of traffic is frequently a sizeable tell-tale itself. Instead, you keep your transmitter on 24*7 sending encrypted garbage, with the ability to interleave genuine messages when the need arises. I'm sure that in a short time, the SSH people will remove the ability to profile the transmission to glean anything usable from it.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
how would this work for gaming online? 16 different IP destinations and I play for hours on in. My understanding of Xbox Live is that it is P2P and if they throttle my Halo 3 game, I'm gonna get pwned even more than normal.
Can I bum a sig?
> introducing random jitter would go some way to subverting this, no?
Exactly. I took a few minutes to glance over the paper. Their feature
extraction stage consists of two predictable attributes: packet size
and time between packets. Modifying the traffic sent at the
application layer (SSH itself does not even need to be touched) can
trivially ambiguate the extracted features so as to throw off the
classification attempt. This is simply a road bump; as soon as it gets
into use, application-layer proxies will pop up to circumvent it.
They also seemed to have inventented their own home-brew statistical
analysis. I was disappointed that they did not go into detail as to
why they largely ignored the entire field of Machine Learning
(NaiveBayes? Perceptron? kNN? Why not try using these?) when coming up
with their classification model.
An unjust law is no law at all. - St. Augustine
My ISP already throttles my connection by price. I've currently got 256/768 as that suits my needs. If they were to start throttling any more of my net access (I'm paying for unlimited at 256/768) I'd have their asses in court in a hurry for false advertising and violation of contract, which I have kept the hard copy of from the day I signed up for service.
I was one of the first adopters to get broadband when it became available 6 years ago in my area and according to the original contract (have hardcopy on file) they planned offering tierred service with it being a simple change in minimum speeds and thus not requiring a new contract. I also informed them that I'm worse then a squeaky wheel, I'm like a brake that's gone metal to metal since I'm semi-retired and disabled with plenty of time on my hands to pursue things every time they try to change my contract without consent.
Mod me up/Mod me down: I wont frown as I've no crown
1) Those plugins don't do very much uploading whereas bittorrent users do.
:).
:).
2) Those plugins that do "fetch ahead" tend to stick to fetching from the same few sites - they may make lots of connections but they are to the same few sites (ad webserver, content webserver, icon/widget server etc), and they stop at some point - otherwise your browser would be downloading the entire internet (and AFAIK they don't do that). And really they definitely don't upload much.
Personally I think the US ISPs are scumbags not because they throttle, but because it seems they took USD 200 billion and promised to deliver 45Mbps up/down.
But after taking that 200 billion, more than ten years later their users have still only got DSL and cable, and they're getting throttled.
Too bad most of the users don't appear to know how screwed they really got. They should ask for the ISPs to build the infrastructure NOW.
But I suppose given a big enough crime, you are more likely to get away with it
Cheat one person of money and it's jail time. Cheat 10 people and it's longer jail time. Cheat 100000 people, and you become a rich CEO and the board gives you a big fat bonus.
Kill one person you get a life sentence or death row. Kill 20 people, people start asking for you to be executed. Get thousands of people killed, who knows you might get elected president
how would this work for gaming online? 16 different IP destinations and I play for hours on in. My understanding of Xbox Live is that it is P2P and if they throttle my Halo 3 game, I'm gonna get pwned even more than normal.
I totally agree. Steam creates a lot of connections to various content servers to bring down content faster for the Steam Client. It also creates a shitload of traffic when you refresh the server list via Steam Clinet > Servers Tab. The Steam Client is also P2P by definition.
Now this type of throttling would piss me off greatly.
Mark my words,they are talking about congestion now,but if they kill off P2P and turn the country into a tiered network,you'll see us end up back with the walled gardens of AOL and Compuserve. Any videos except those hosted(and generating revenue for) your ISP will count against your cap. Any VoIP or other service that isn't run by(and generating money for) your ISP will count against your cap. And they will make the cap so low that unless all you do is surf websites(and you probably want to think about blocking those flash ads while you are at it) then you are going to smack into the cap,and get to pay $1 per Gb. Unless of course you stick with what the ISP offers you,which will of course not count against your cap. Instant lock in,just add congress critters to block that nasty net neutrality. But as always this is my 02c,YMMV
ACs don't waste your time replying, your posts are never seen by me.