DOCSLIB.ORG

Implications of Deep Packet Inspection (DPI) Internet Surveillance for Society

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Implications of Deep Packet Inspection (DPI) Internet Surveillance for Society The Privacy & Security Research Paper Series Implications of Deep Packet Inspection (DPI) Internet Surveillance for Society issue #1 The Privacy & Security - Research Paper Series ISSN 2279-7467 Implications of Deep Packet Inspection (DPI) Internet Surveillance for Society Christian Fuchs Research Paper Number #1 Date of Publication: July 2012 Department of Informatics and Media, Uppsala University Kyrkogårdsgatan 10, Box 513, 75120 Uppsala, Sweden [email protected] http://www.im.uu.se Edited by Centre for Science, Society & Citizenship Co-edited by Uppsala University - Department of Informatics and Media Acknowledgement: The research presented in this paper was conducted in the project “PACT – Public Perception of Security and Privacy: Assessing Knowledge, Collecting Evidence, Translating Research into Action”, funded by EU FP7 SECURITY, grant agreement no. 285635 The Privacy & Security Research Paper Series, Issue # 1 Implications of Deep Packet Inspection (DPI) Internet Sur- veillance for Society Christian Fuchs Abstract: This research paper analyses societal implications of Deep Packet Inspection (DPI) technologies. Deep Packet Inspection (DPI) surveillance technologies are communications surveillance tools that are able to monitor the traffic of network data that is sent over the Internet at all seven layers of the OSI Ref­ erence Model of Internet communication, which includes the surveillance of content data. The analysis presented in this paper is based on product sheets, self­descriptions, and product presenta­ tions by 20 European security technology companies that produce and sell DPI technologies. For each company, we have conducted a document analysis of the available files. It focused on the four following aspects: 1) Description and use of the Internet surveillance technologies that are produced and sold. 2) The self­description of the company. 3) The explanation of the relevance of Internet surveillance, i.e. why the company thinks it is important that it produces and sells such technologies. 4) A documentation of what the company says about opportunities and problems that can arise in the context of Internet surveillance. The assessment of societal implications of DPI is based on opinions of security industry representatives, scholars, and privacy advocates that were voiced in white papers, tech reports, research reports, on web­ sites, in press releases, and in news media. The results can be summarized in the form of several impact dimensions: 1. Potential advantages of DPI 2. Net neutrality 3. The power of Internet Service Providers (ISPs) for undermining users’ trust 4. Potential function creep of DPI surveillance 5. Targeted advertising 6. The surveillance of file sharers 7. Political repression and social discrimination The conducted analysis of Deep Packet Inspection (DPI) technologies shows that there is a variety of po­ tential impacts of this technology on society. A general conclusion is that for understanding new surveil­ lance technologies, we do not only need privacy and data protection assessments, but broader societal and ethical impact assessments. Keywords: surveillance, DPI, Deep Packet Inspection, Internet surveillance, societal implications, tech­ nology assessment, society, information society, Internet Studies Short biography of the author/s: Christian Fuchs holds the chair professorship in Media and Com‐ munication Studies at Uppsala University’s Department of Informatics and Media. He is chair of the European Sociological Association’s Research Network 18 – Sociology of Communications and Media Research and co‐ordinator of the research project “Social networking sites in the surveillance society” (funded by the Austrian Science Fund FWF). He is co‐ordinator of Uppsala University’s involvement in the EU FP7 projects “PACT – Public Perception of Security and Privacy: Assessing Knowledge, Collect‐ ing Evidence, Translating Research into Action” and “RESPECT – Rules, Expectations & Security through Privacy‐Enhanced Convenient Technologies” 1 The Privacy & Security Research Paper Series, Issue # 1 2 The Privacy & Security Research Paper Series, Issue # 1 1. Introduction The Wall Street Journal wrote in August 2011 that the French company Amesys, a unit of the firm Bull SA, sold deep packet inspection technologies to Libya, where Gaddafi’s regime used them in an Internet spying centre in Tripoli to monitor the Internet usage of Libyan citizens and political opponents (Wall Street Journal Online, Firms aided Libyan spies. First look inside security unit shows how citizens were tracked. August 30, 2011). The International Federation for Human Rights and the Ligue des Droits de l'Homme et du Citoyen filed criminal charges against Amesys (FIDH, FIDH and LDH File a Complaint Concerning the Responsibility of the Company AMESYS in Relation to Acts of Torture. October 19, 2011). Similarly, it was reported that the British firm Gamma International sold its FinSpy software to Egyptian secu‐ rity authorities and the Italian firm HackingTeam surveillance software to security agencies in North Africa and the Middle East (EUobserver.com, EU Companies Banned From Selling Spyware to Repressive Regimes. October 11, 2011). The Dutch MEP Marietje Schaake commented that the EU must make “the new technologies are not systematically used to repress citizens. […] There are standard lists of military tech‐ nology banned for export during an embargo on a country. But this is not updated to include online weapons” (EUobserver.com, EU Companies Banned from Selling Spy‐ ware to Repressive Regimes. October 11, 2011). In September 2011, the EU Parlia‐ ment passed a resolution suggested by the Austrian MEP Jörg Leichtfried “with 567 votes in favour, 89 against, and 12 abstentions” European Parliament News, Control‐ ling dual‐use exports, September 27th, 2011 that bans the export of IT systems that can be used "in connection with a violation of human rights, democratic principles or freedom of speech [...] by using interception technologies and digital data transfer devices for monitoring mobile phones and text messages and targeted surveillance of Internet use (e.g. via Monitoring Centres and Lawful Interception Gateways)" (EU regulation no. 1232/2011, European Union General Export Authorisation No EU005, annex IIe) from Europe to certain countries. The export regulation was passed in the form of the EU General Export Authorisation No. EU005 that concerns telecommuni‐ cations. The regulation banned the export of IT surveillance systems to Argentina, China (including Hong Kong and Macao), Croatia, India, Russia, South Africa, South Korea, Turkey, and the Ukraine. This report will focus on the analysis of the societal implications of the production and selling of Internet surveillance technologies using Deep Packet Inspection (DPI) by European companies. There has been an increase and intensification of surveillance after 9/11 (Lyon 2003b, 2007). “Data mining, a technique for deriving usable intelligence from the analysis of massive amounts of computer‐accessible information, became increas‐ ingly attractive to the government as a resource in the war on terrorism, although its strategic use within business for marketing and risk assessment had long been estab‐ lished” (Gandy 2009, 136). 3 The Privacy & Security Research Paper Series, Issue # 1 Also in the European Union the belief that security, understood as “the protection of the individual, but also of the collective self, the nation state”, “is a core value threatened by ‘global terrorism’ has spread” after 9/11 (Bigo 2010, 263). The EU FP6 CHALLENGE research project (The Changing Landscape of European Liberty and Se‐ curity) concluded that after 9/11 “the framings of the relationship between liberty and security” has been redefined “in favour of control, surveillance, policing, and war” (Bigo, Guild and Walker 2010, 12). European security politics have therefore “been mainly oriented towards the right for governments to strengthen coercive and sur‐ veillance security measures” (Bigo 2010, 265f). At the same time, the focus on secu‐ rity and surveillance policies have brought about concerns about the power consti‐ tuted by the employment of new surveillance technologies and the implications for privacy, data protection, human rights, freedom and equality these technologies have (Ball and Webster 2003; Bigo 2010; Gandy 2009, Jewkes 2011; Lyon 2003a, 2003b; Monahan 2010, Webb 2007). We live in times of heightened attention to surveillance, privacy and data protection. This situation is the context for the study of new surveil‐ lance technologies. 2. Deep Packet Inspection Internet Surveillance and the European Security Industry 2.1. Introduction In 2011, 71% of the individuals aged 16‐74 living in the EU27 countries accessed the Internet (within a 3 month period; data source: Eurostat. Internet use by indi‐ viduals). This shows that Internet use has become an everyday activity for the major‐ ity of Europeans. The topic of Internet surveillance matters because it much affects the lives of humans in contemporary societies. Scholars in surveillance studies and information society studies have stressed the importance of computing for conducting surveillance since more than 20 years. This has resulted in a number of categories that describe the interconnection of computing and surveillance, such as the new surveillance (Marx 1988, 2002), dataveillance (Clarke 1988), the electronic (super)panopticon (Poster 1990), electronic surveil‐ lance (Lyon 1994), digital surveillance
Load more

Recommended publications
  • Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses
    Poster: Introducing MassBrowser: A Censorship Circumvention System Run by the Masses Milad Nasr∗, Anonymous∗, and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] ∗Equal contribution Abstract—We will present a new censorship circumvention sys- side the censorship regions, which relay the Internet traffic tem, currently being developed in our group. The new system of the censored users. This includes systems like Tor, VPNs, is called MassBrowser, and combines several techniques from Psiphon, etc. Unfortunately, such circumvention systems are state-of-the-art censorship studies to design a hard-to-block, easily blocked by the censors by enumerating their limited practical censorship circumvention system. MassBrowser is a set of proxy server IP addresses [14]. (2) Costly to operate: one-hop proxy system where the proxies are volunteer Internet To resist proxy blocking by the censors, recent circumven- users in the free world. The power of MassBrowser comes from tion systems have started to deploy the proxies on shared-IP the large number of volunteer proxies who frequently change platforms such as CDNs, App Engines, and Cloud Storage, their IP addresses as the volunteer users move to different a technique broadly referred to as domain fronting [3]. networks. To get a large number of volunteer proxies, we This mechanism, however, is prohibitively expensive [11] provide the volunteers the control over how their computers to operate for large scales of users. (3) Poor QoS: Proxy- are used by the censored users. Particularly, the volunteer based circumvention systems like Tor and it’s variants suffer users can decide what websites they will proxy for censored from low quality of service (e.g., high latencies and low users, and how much bandwidth they will allocate.
    [Show full text]
  • Brocade Vyatta Network OS ALG Configuration Guide, 5.2R1
    CONFIGURATION GUIDE Brocade Vyatta Network OS ALG Configuration Guide, 5.2R1 Supporting Brocade 5600 vRouter, VNF Platform, and Distributed Services Platform 53-1004711-01 24 October 2016 © 2016, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, and MyBrocade are registered trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands, product names, or service names mentioned of Brocade Communications Systems, Inc. are listed at www.brocade.com/en/legal/ brocade-Legal-intellectual-property/brocade-legal-trademarks.html. Other marks may belong to third parties. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
    [Show full text]
  • Security Forum Strategic Panel Phorm Position Paper
    Security Forum Strategic Panel Phorm Position Paper PHORM – PRIVACY IMPACT OF NEW INTERNET ADVERTISING MECHANISMS 1. INTRODUCTION 1.1. Online advertising company Phorm has caused a stir in the Internet community because of its profile-driven service. Phorm has trialled this service with BT, and signed further contracts with Virgin Media and TalkTalk. However, critics claim that the service breaches the Regulation of Investigatory Powers Act (2000), and that Phorm’s approach is contrary to users’ privacy wishes. 1.2. The BCS believes that the solution to this debate rests in self-regulation of online advertising: companies must establish and enforce a code of conduct; be completely transparent about their practices; resist sharing data with third parties; and submit to ongoing oversight from an independent third party organisation. 2. THE BATTLE FOR THE INTERNET 2.1. The massive market for online advertising is one that affects every Internet user: many search engines and websites depend upon advertising revenues for funding, and some ISPs use advertising to subsidise subscription costs. In the absence of those funding sources they would either have to pass on additional operating costs to users, or cease trading altogether. 2.2. The battle for control of Internet advertising had, until recently, been confined to a small number of (rapidly consolidating) players including the likes of Microsoft, Google, Yahoo! and DoubleClick. These well-established companies have built their offerings over many years and believed themselves to control the market, with little threat from new companies. 2.3. However, a new breed of online advertising company has recently appeared.
    [Show full text]
  • Managed Firewalls
    DEDICATED HOSTING PRODUCT OVERVIEW MANAGED FIREWALLS Securing your network from malicious activity. Rackspace delivers expertise and service for the world’s leading clouds and technologies. TRUST RACKSPACE And we can help secure your dedicated servers and your cloud, with firewalls from Cisco® and • A leader in the 2017 Gartner Magic Quadrant Juniper Networks — fully supported around the clock by certified Rackspace engineers. Your for Public Cloud Infrastructure Managed Service firewall is dedicated completely to your environment for the highest level of network security Providers, Worldwide and connectivity, and includes access to our Firewall Manager and our One-Hour Hardware • Hosting provider for more than half of the Replacement Guarantee. Fortune 100 • 16+ years of hosting experience WHY RACKSPACE FOR DEDICATED, FULLY MANAGED FIREWALLS? • Customers in 150+ countries You have valuable and confidential information stored on your dedicated and cloud servers. Dedicated firewalls from Cisco and Juniper Networks add an additional layer of security to your servers, helping to stop potentially malicious packets from ever reaching your network. “RACKSPACE’S SECURITY CONTROLS AND REPUTATION AS AN SSAE 16 CERTIFIED KEY BENEFITS PROVIDER HAS BEEN A Highest level of security: Help protect your data and stop potentially malicious packets TREMENDOUS FACTOR IN OUR from entering your network with an IPSec, and Common Criteria EAL4 evaluation status certified firewall. SUCCESS.” DAVID SCHIFFER :: FOUNDER AND PRESIDENT, Expertise: Rackspace security experts fully manage your firewalls 24x7x365. Consult with SAFE BANKING SYSTEMS CISSP-certified security engineers to assess and architect your firewalls to help you meet your security and compliance requirements. Visibility and control: Help protect your infrastructure with deep packet inspection of traffic based on traffic filtering rules you define.
    [Show full text]
  • Phorm PIA Interim
    80/20 Thinking Ltd: Interim PIA for Phorm Inc 1 80/20 Thinking Ltd First Stage (Interim) Privacy Impact Assessment For Phorm Inc. February 10, 2008 80/20 Thinking Limited Registered office: 4th floor, 18 Pall Mall, London, SW1Y 5LU Company number 06483833 80/20 Thinking Ltd: Interim PIA for Phorm Inc 2 INTRODUCTION Phorm Inc has engaged 80/20 Thinking Ltd to deliver a Privacy Impact Assessment (PIA) as an integrated component of product development and deployment of its technology. This document serves as an Interim (first stage) report that will lead to the publication of a full PIA in March 2008. The commissioned work involves the following elements: • Scoping the technology and engineering elements to assess privacy functionality. • Assessment of due diligence and compliance aspects. • Conducting a full risk assessment of presentational and other elements of the product launch and deployment. • Working collaboratively to develop a sustainable privacy framework within the organisation. • Conducting privacy training to all Phorm staff. • Auditing the privacy policies. • Developing an outreach and stakeholder engagement process. • Creating a rapid response privacy reporting & response regime. • Follow-up for nine months, involving meetings with the executive team. As this assessment is being conducted relatively late in the lifecycle of Phorm’s product deployment, 80/20 Thinking has developed a “late stage implementation” PIA model that aims to satisfy most, if not all, of the criteria of a “full product cycle” PIA. This model is specifically designed to assist the implementation of a risk mitigation strategy for the implementation and lifecycle of IT projects that either involve personal data or which deploy potentially complex or controversial technologies and techniques.
    [Show full text]
  • Deep Packet Inspection Bypass
    Deep Packet Inspection Bypass Thomas Kjøglum Master of Science in Communication Technology Submission date: February 2015 Supervisor: Stig Frode Mjølsnes, ITEM Norwegian University of Science and Technology Department of Telematics 1 Title: Deep Packet Inspection Bypass Student: Thomas Kjøglum Problem description: Authoritarian governments consistently request the network operators to censor internet communications. Deep packet inspection systems and tools are regularly in use for this purpose. Several techniques have been proposed to bypass these communication restrictions. One example is the Kickstarter project titled "Operator, a News Reader that Circumvents Internet Censorship" by Brandon Wiley. Wiley has designed a protocol "Dust" [1] that aims to defeat a number of filtering methods currently in active use to censor Internet communication. Some basic questions are: How is it possible to bypass deep packet inspection filters with high likelihood? On the other hand, could the approach of Dust and other filtering bypass techniques be useful for masquerading malicious code? The candidate will start out by investigating possible techniques for bypassing a open source packet inspection tool, such as SNORT. The candidate will support his experimentation by method of setting up and running hacker competitions (or trials) where the participants’ challenge will be to set up, configure and run efficient deep packet inspection systems directed against various types of "subversive communications" generated by the organizer of the competition. [1] WILEY, Brandon. Dust: A blocking-resistant internet transport protocol. Tech- nical report. http://blanu.net/Dust.pdf, 2011. Responsible professor: Stig Frode Mjølsnes, ITEM Supervisor: Stig Frode Mjølsnes, ITEM Abstract Internet censorship is a problem, where governments and authorities restricts access to what the public can read on the Internet.
    [Show full text]
  • Deep Packet Inspection and Internet Censorship: International Convergence on an ‘Integrated Technology of Control’1
    Deep Packet Inspection and Internet Censorship: International Convergence on an ‘Integrated Technology of Control’1 Ben Wagner, Ludwig-Maximilians-Universität München and Universiteit Leiden Introduction* The academic debate on deep packet inspection (DPI) centres on methods of network management and copyright protection and is directly linked to a wider debate on freedom of speech on the Internet. The debate is deeply rooted in an Anglo-Saxon perspective of the Internet and is frequently depicted as a titanic struggle for the right to fundamentally free and unfettered access to the Internet.2 This debate is to a great extent defined by commercial interests. These interests whether of copyright owners, Internet service providers, 1 (Bendrath 2009) * A first draft of this paper was presented at the 3rd Annual Giganet Symposium in December 2008 in Hyderabad, India. For their advice and support preparing this paper I would like to thank: Ralf Bendrath, Claus Wimmer, Geert Lovink, Manuel Kripp, Hermann Thoene, Paul Sterzel, David Herzog, Rainer Hülsse, Wolfgang Fänderl and Stefan Scholz. 2 (Frieden 2008, 633-676; Goodin 2008; Lehr et al. 2007; Mueller 2007, 18; Zittrain 2008) Deep Packet Inspection and Internet Censorship: International Convergence on an ‘Integrated Technology of Control’1, by Ben Wagner application developers or consumers, are all essentially economic. All of these groups have little commercial interest in restricting free speech as such. However some might well be prepared to accept a certain amount of ‘collateral damage’ to internet free speech in exchange for higher revenues. It can be argued that more transparent and open practices from network service providers are needed regarding filtering policy and the technology used.
    [Show full text]
  • ISA09 Paper Ralf Bendrath DPI
    Ralf Bendrath Global technology trends and national regulation: Explaining Variation in the Governance of Deep Packet Inspection Paper prepared for the International Studies Annual Convention New York City, 15-18 February 2009 first draft Updated versions will be available from the author upon request. author contact information Delft University of Technology Faculty of Technology, Policy, and Management Section ICT P.O. Box 5015 2600 GA Delft Netherlands [email protected] http://bendrath.blogspot.com Abstract Technological advances in routers and network monitoring equipment now allow internet service providers (ISPs) to monitor the content of data flows in real-time and make decisions accordingly about how to handle them. If rolled out widely, this technology known as deep packet inspection (DPI) would turn the internet into something completely new, departing from the “dumb pipe” principle which Lawrence Lessig has so nicely compared to a “daydreaming postal worker” who just moves packets around without caring about their content. The internet’s design, we can see here, is the outcome of political and technological decisions and trends. The paper examines the deployment of DPI by internet service providers in different countries, as well as their different motives. In a second step, it will offer a first explanation of the varying cases by examining the different factors promoting as well as constraining the use of DPI, and how they play out in different circumstances. The paper uses and combines theoretical approaches from different strands of research: Sociology of technology, especially the concept of disruptive technologies; and interaction-oriented policy research, namely the approach of actor-centric institutionalism.
    [Show full text]
  • Network Disaggregation at the Edge with the Open SD-Edge Platform
    Network Disaggregation at the Edge With the Open SD-Edge Platform November 11, 2020 Sponsored By: Information Classification: General Today’s Speakers Jennifer Clark, Robert Bays Principal Analyst – Assistant VP Heavy Reading ATT - Vyatta Srikanth Krishnamohan Elad Blatt Director of Product Marketing CSO IP Infusion Silicom Information Classification: General ©Page 2020 3 Omdia NFV in a Production Environment: Leading Use Cases Commercial NFV deployment expectation Information Classification: General Enterprises are Shifting to Managed Services Enterprises are shifting from DIY vCPE to managed services, supporting the same VFNs but with improved security, performance, reliability and cost Information Classification: General Edge deployment barriers • Today, operators are faced with three top challenges to deploying edge: – High costs – Unclear business case – Technical issues Information Classification: General Edge Investment: Everything is a Priority Information Classification: General Network Disaggregation at the Edge With the Open SD-Edge Platform Q&A Information Classification: General DANOS Vyatta Edition 2020-11-11.1 © 2020 AT&T Inc. What is DANOS Vyatta Edition? Gen 2 architecture >700 Subscription Multiple CSPs Vyatta sets vRouter Founded released customers Standardize on Vyatta speed record Domain 2.0 partner Acquires Vyatta Initial release Apr 2005 Oct 2007 Sep 2011 Jan 2013 Jun 2014 Dec 2014 July 2017 Nov 2019 First release 1M Downloads Gen 3 architecture Broadcom Tomahawk Gen 4 architecture EA Oct 2005 Jan 2011 Acquires
    [Show full text]
  • Shunned Profiling Technology on the Verge of Comeback
    Dow Jones Reprints: This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, use the Order Reprints tool at the bottom of any article or visit www.djreprints.com See a sample reprint in PDF format. Order a reprint of this article now WHAT THEY KNOW November 23, 2010, 11:31 p.m. ET Shunned Profiling Technology on the Verge of Comeback By STEVE STECKLOW and PAUL SONNE One of the most potentially intrusive technologies for profiling and targeting Internet users with ads is on the verge of a comeback, two years after an outcry by privacy advocates in the U.S. and Britain appeared to kill it. The technology, known as "deep packet inspection," is capable of reading and analyzing the A History of Phorm "packets" of data traveling across the Internet. It can be far more powerful than "cookies" and other techniques commonly used to track people online because it can be used to monitor all online activity, not just Web browsing. Spy agencies use the technology for surveillance. Now, two U.S. companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads More interactive graphics and photos to people based on extremely detailed profiles of their Internet activity.
    [Show full text]
  • Internet (And Other) Censorship “Censorship” Internet Laws in The
    Internet (and other) Censorship What is censorship? Does venue matter? Cigarette commercials on TV, profanity, military and national-security documents, Google Earth images, Super Bowl commercials, What about Internet censorship? Nationwide: where and why School-wide: where and why Family-wide: where and why Compsci 82, Fall 2009 14.1 Compsci 82, Fall 2009 14.2 “Censorship” Internet laws in the US Censorship in Australia (Denmark,…) Communications Decency Act: ACLU v Reno Blacklists for ISPs at the country level “offensive” material off-limits to minors Domain name censorship 1997 SCOTUS, unanimously unconstitutional. Section 230 survives: blogger/ISP immunity Children’s Internet Protection Act: CIPA Schools, libraries must install and use Wikileaks hosts site, threatened with fines filtering software (e-rate: Duke? Durham?...) Started with good intentions (perhaps), but … Affirmed by SCOTUS in 2003, filters must be How does a domain name get on the list? Off? “disableable”, though not by minors Compsci 82, Fall 2009 14.3 Compsci 82, Fall 2009 14.4 Internet/Web Censorship Firewalls and Proxies Blacklists, client, ISP, country, other? Golden Shield How are these implemented? Great Firewall of China Atlantic on firewall.cn Possible to bypass with 79.141.34.22 Counteract with whitelist? Personal/Corporate Firewall IP packet layer, Application layer Stop or allow, based on … Can we block, filter, or examine IP address? Port numbers used for granularity Where is the IP address? Proxy server • ISP-wide, bottlenecks, technologically feasible? For firewall, for content, for What about “deep packet inspection”? censorship? Compsci 82, Fall 2009 14.5 Compsci 82, Fall 2009 14.6 Software filters, what do they do? http://opennet.net (2002) Peacefire, open access for net gen.
    [Show full text]
  • Deep Packet Inspection on Commodity Hardware Using Fastflow
    Deep Packet Inspection on Commodity Hardware using FastFlow M. Danelutto, L. Deri, D. De Sensi, M. Torquati Computer Science Department University of Pisa, Italy Abstract. The analysis of packet payload is mandatory for network security and traffic monitoring applications. The computational cost of this activity pushed the industry towards hardware-assisted deep packet inspection (DPI) that have the dis- advantage of being more expensive and less flexible. This paper covers the design and implementation of a new DPI framework us- ing FastFlow, a skeleton-based parallel programming library targeting efficient streaming on multi-core architectures. The experimental results demonstrate the ef- ficiency of the DPI framework proposed, proving the feasibility to perform 10Gbit DPI analysis using modern commodity hardware. Keywords. Network streaming, NetFlow, DPI, FastFlow, multi-core. Introduction When the Internet was designed, all routing and security protocols were conceived to process traffic only based on packet headers. When the original equation TCP/UDP port equal application port could no longer be applied as developers started to implement ser- vices over dynamic ports, network monitor companies started to develop packet payload analysis tools aimed at identifying the application protocol being used, or at enforcing laws and copyright. This trend was further fostered by the introduction of IDS/IPS systems (Intrusion Detection/Prevention Systems) that inspect all packets with the purpose of detecting ma- licious traffic. These have been the driving forces for the development of DPI (Deep Packet Inspection) tools and frameworks able to inspect packet payload and thus easing the development of applications using them. Most tools are accelerated using custom hardware network cards such as those based on FPGAs (Field Programmable Gate Array) [1] or proprietary silicon [2] such as chips produced by companies like Cavium, Radisys or Netronome.
    [Show full text]