exposing and evading middlebox policies
play

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes - PowerPoint PPT Presentation

Mar 28, 2023 •233 likes •617 views

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network functionality can be really helpful Security (IPS) Performance (proxies) Fairness (traffic management) 2 Middleboxes are pervasive

  1. Exposing and Evading Middlebox Policies DAVID CHOFFNES

  2. Middleboxes are pervasive In-network functionality can be really helpful ◦ Security (IPS) ◦ Performance (proxies) ◦ Fairness (traffic management) 2

  3. Middleboxes are pervasive In-network functionality can be really helpful ◦ Security (IPS) ◦ Performance (proxies) ◦ Fairness (traffic management) Double-edged sword ◦ “Security” (censorship) ◦ “Performance” (transcoding to degraded quality) ◦ “Fairness” (throttling or boosting specific apps) 2

  4. Context Some device in the network ( middlebox ) uses 
 DPI to classify traffic and apply policies accordingly 3

  5. Key open questions What is the nature of deployed middlebox policies ? How do middleboxes enforce policies? What are (un)intentional consequences ? What can users do about this? 4

  6. Challenges for middlebox research Middleboxes are protected, undisclosed systems ◦ Expensive (5-6 figures) ◦ Hard to acquire ◦ Little-to-no documentation ◦ (Almost) never acknowledged 5

  7. Challenges for middlebox research Middleboxes are protected, undisclosed systems ◦ Expensive (5-6 figures) ◦ Hard to acquire ◦ Little-to-no documentation ◦ (Almost) never acknowledged Understanding policies requires targeted traffic ◦ Need to identify potential targets ◦ Potentially requires lots of tests ◦ Not clear a priori what signals to use to detect classification 5

  8. Our approach Examine (in detail) a small testbed of DPI middleboxes ◦ Clear signals for classification ◦ Control over policies applied to classes 6

  9. Our approach Examine (in detail) a small testbed of DPI middleboxes ◦ Clear signals for classification ◦ Control over policies applied to classes Extend to operationally deployed devices 6

  10. Our approach Examine (in detail) a small testbed of DPI middleboxes ◦ Clear signals for classification ◦ Control over policies applied to classes Extend to operationally deployed devices Use application-generated traffic to trigger policies ◦ Then explore what part of traffic triggered them ◦ Identify implications of inferred implementations 6

  11. Our approach Examine (in detail) a small testbed of DPI middleboxes ◦ Clear signals for classification ◦ Control over policies applied to classes Extend to operationally deployed devices Use application-generated traffic to trigger policies ◦ Then explore what part of traffic triggered them ◦ Identify implications of inferred implementations Systematically violate assumptions in classifiers 6

  12. What are middleboxes doing? 7

  13. What are middleboxes doing (2015)? m : content modified on the fly p : translucent proxies change connection behavior 8

  14. 
 What are middleboxes doing (2015)? m : content modified on the fly p : translucent proxies change connection behavior Stopped after Open Internet Order… 
 We will keep monitoring... 8

  15. 
 What are middleboxes doing (2015)? m : content modified on the fly p : translucent proxies change connection behavior Stopped after Open Internet Order… 
 We will keep monitoring... 8

  16. What are middleboxes doing (2015)? m : content modified on the fly p : translucent proxies change connection behavior 8

  17. How do they classify traffic? DPI: It’s dumber than you think What isn’t it looking at? ◦ IP addresses ◦ Traffic timings ◦ … 9

  18. How do they classify traffic? DPI: It’s dumber than you think What isn’t it looking at? ◦ IP addresses ◦ Traffic timings ◦ … What is it looking for? ◦ Specific keywords (or bytes) ◦ With limited understanding of deployed protocols 9

  19. How do they classify traffic? 10

  20. What are unintentional consequences? Header Example Value User-Agent: User-Agent GalaxyWarsMultiplayer 11

  21. What are unintentional consequences? Example Header Example Value Application User-Agent: User-Agent iPlayer GalaxyWarsMultiplayer 11

  22. What are unintentional consequences? Example Header Example Value Application User-Agent: User-Agent iPlayer GalaxyWarsMultiplayer 11

  23. What are unintentional consequences? Free riding on T-Mobile 12

  24. What are unintentional consequences? Free riding on T-Mobile 12

  25. What are unintentional consequences? Free riding on T-Mobile Get / 
 X-Host: foo.com 
 Host: hbogo.com 12

  26. What are unintentional consequences? Free riding on T-Mobile Get / 
 X-Host: foo.com 
 Host: hbogo.com 12

  27. What are unintentional consequences? Free riding on T-Mobile Get / 
 X-Host: foo.com 
 Host: hbogo.com 12

  28. What are unintentional consequences? Free riding on T-Mobile Get / 
 X-Host: foo.com 
 Host: hbogo.com 12

  29. What are unintentional consequences? Free riding on T-Mobile Get / 
 X-Host: foo.com 
 Host: hbogo.com 12

  30. What are unintentional consequences? Free riding on T-Mobile Get / 
 X-Host: foo.com 
 Host: hbogo.com 12

  31. What are unintentional consequences? Free riding on T-Mobile Get / 
 X-Host: foo.com 
 Host: hbogo.com 12

  32. What are unintentional consequences? Free riding on T-Mobile Get / 
 X-Host: foo.com 
 Host: hbogo.com 12

  33. What can users do about this? Axiom : 
 Middleboxes necessarily infer end-to-end state 
 using incomplete information 13

  34. What can users do about this? Axiom : 
 Middleboxes necessarily infer end-to-end state 
 using incomplete information Hypothesis : 
 It is possible to systematically identify and violate assumptions used in inference, unilaterally at transport/network layer 13

  35. What can users do about this? Axiom : 
 Middleboxes necessarily infer end-to-end state 
 using incomplete information Hypothesis : 
 It is possible to systematically identify and violate assumptions used in inference, unilaterally at transport/network layer Our approach : 
 Build a system that automatically , efficiently does this, to enable user control over impact of policies ◦ Evade censorship ◦ Select policies applied to traffic ◦ Overhead is ~ one header (10s of B) per flow, sometimes zero 13

  36. Conclusion Lack of transparency and control over network policies Empirical, practical approach can recover these properties ◦ Reverse engineer middleboxes ◦ Identify policies and their implications ◦ Exploit invalid assumptions to regain control over policies Testbed, datasets, results available 
 http://dd.meddle.mobi 14

  37. What do I want How do I engage with policy in an impactful way? ◦ You know, besides giving the FCC ombudsperson my reports, scheduling multiple phone calls with him, agreeing on there being potentially actionable issues, and having him forward to “the commission” Who wants to help test networks for differentiation? ◦ We have an app, python clients ◦ We love to collaborate Which networks should we test? Who wants to use our testbed? What do you want? …and of course any other feedback/questions from you 15

Recommend

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox Discovery ID Summary and Status Discussion of Middlebox Needs Other Common Middlebox Issues of Potential Interest to IETF References ID

474 views • 12 slides
EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE &

EXPOSING EXPOSING A FLEXIBLE, COMPOSABLE & EXTENSIBLE A FLEXIBLE, COMPOSABLE & EXTENSIBLE REST API REST API Thierry Delprat td@nuxeo.com https://github.com/tiry/ AGENDA AGENDA Quick introduction provide some context API design

1.37k views • 75 slides
EVADING DEEP INSPECTION FOR FUN AND SHELL Who we are

EVADING DEEP INSPECTION FOR FUN AND SHELL Who we are

EVADING DEEP INSPECTION FOR FUN AND SHELL Who we are Olli-Pekka Niemi An; Levomki Chief Research Officer, Senior Vulnerability Stoneso9

1.02k views • 57 slides
Optimal Evading Strategies and Task Allocation in Multi-Pursuer Single-Evader Problems Venkata

Optimal Evading Strategies and Task Allocation in Multi-Pursuer Single-Evader Problems Venkata

Motivation Optimal Evading Strategies Active/Redundant Pursuers Simulations Optimal Evading Strategies and Task Allocation in Multi-Pursuer Single-Evader Problems Venkata Ramana Makkapati and Panagiotis Tsiotras Dynamics and Control Systems

526 views • 27 slides
A Middlebox-Cooperative TCP for a non End-to-End Internet Ryan Craven (NPS / SPAWAR) Robert

A Middlebox-Cooperative TCP for a non End-to-End Internet Ryan Craven (NPS / SPAWAR) Robert

A Middlebox-Cooperative TCP for a non End-to-End Internet Ryan Craven (NPS / SPAWAR) Robert Beverly (NPS) Mark Allman (ICSI) Support from: ACM SIGCOMM 19 Aug 2014 1 TCPs knowledge of end -to-end path conditions a priori ??? ???

557 views • 38 slides
APTs Way: Evading your EBNIDS Ali Abbasi Jos Wetzels Who

APTs Way: Evading your EBNIDS Ali Abbasi Jos Wetzels Who

APTs Way: Evading your EBNIDS Ali Abbasi Jos Wetzels Who we are? Ali Abbasi : PhD student in Distributed and Embedded System Security Group

921 views • 43 slides
Evading&Android&Run?me&Analysis& via&& Sandbox&Detec?on&

Evading&Android&Run?me&Analysis& via&& Sandbox&Detec?on&

Evading&Android&Run?me&Analysis& via&& Sandbox&Detec?on& &&&&&&&&&&&&&&&&Timothy&Vidas,&Nicolas&Chris?n&

526 views • 28 slides
SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration Pedro Fonseca

SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration Pedro Fonseca

SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration Pedro Fonseca (MPI-SWS) Rodrigo Rodrigues Bjrn Brandenburg (MPI-SWS) (NOVA University of Lisbon) OSDI 2014 SKI: Exposing Kernel Concurrency Bugs

840 views • 67 slides
On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways Teemu Rytilahti,

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways Teemu Rytilahti,

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways Teemu Rytilahti, Thorsten Holz Horst Grtz Institute for IT-Security, Ruhr University Bochum, Germany Network and Distributed System Security Symposium 2020 1

581 views • 46 slides
Bruteforcing in the Shadows Evading Automated Detection Martin Draar, Jan Vykopal

Bruteforcing in the Shadows Evading Automated Detection Martin Draar, Jan Vykopal

Bruteforcing in the Shadows Evading Automated Detection Martin Draar, Jan Vykopal {drasar|vykopal}@ics.muni.cz Institute of Computer Science Masaryk University Brno, Czech Republic FloCon 2012 January 12, Austin, Texas Part I Network

898 views • 22 slides
Policy-preserving Middlebox Placement in SDN-Enabled Data Centers Bin Tang Computer Science

Policy-preserving Middlebox Placement in SDN-Enabled Data Centers Bin Tang Computer Science

Policy-preserving Middlebox Placement in SDN-Enabled Data Centers Bin Tang Computer Science Department California State University Dominguez Hills Some slides are from www.cs.berkeley.edu/~randy/Courses/CS268.F08/lectures/22-

867 views • 30 slides
Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue

Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue

Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside Background The Great Fire Wall (GFW) A

322 views • 28 slides
Optimizing Flow Bandwidth Consumption with Traffic-diminishing Middlebox Placement Yan Yang

Optimizing Flow Bandwidth Consumption with Traffic-diminishing Middlebox Placement Yan Yang

Optimizing Flow Bandwidth Consumption with Traffic-diminishing Middlebox Placement Yan Yang Chen en, Jie Wu, and Bo Ji Center for Networked Computing Temple University, USA VNF: Evolution of Network Service l Network Function Virtualization

315 views • 19 slides
Automatically Evading Classifiers A Case Study on PDF Malware Classifiers Weilin Xu

Automatically Evading Classifiers A Case Study on PDF Malware Classifiers Weilin Xu

Automatically Evading Classifiers A Case Study on PDF Malware Classifiers Weilin Xu David Evans Yanjun Qi University of Virginia Machine Learning is Solving Our Problems Fake Fake Spam IDS

1.07k views • 34 slides
liberate, (n): A library for exposing (tra ffi c-classification) rules and avoiding them e ffi

liberate, (n): A library for exposing (tra ffi c-classification) rules and avoiding them e ffi

liberate, (n): A library for exposing (tra ffi c-classification) rules and avoiding them e ffi ciently Fangfan Li , Abbas Razaghpanah, Arash Molavi Kakhki, Arian Akhavan Niaki, David Cho ff nes, Phillipa Gill, Alan Mislove 1 Traffic management 2

1.54k views • 115 slides
LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI

LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI

LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI DEPARTMENT OF COMPUTER SCIENCE CALIFORNIA STATE UNIVERSITY DOMINGUEZ HILLS 1 INTRODUCTION - Middleboxes network appliances or network functions

489 views • 25 slides
Evading/Attacking NIDS Insertion, Evasion, DoS Attacks Proposed Solutions Traf fi c

Evading/Attacking NIDS Insertion, Evasion, DoS Attacks Proposed Solutions Traf fi c

Agenda Network ID Systems Architecture, Problems Evading/Attacking NIDS Insertion, Evasion, DoS Attacks Proposed Solutions Traf fi c Normalization Priyank Porwal Active Mapping COMP 290 Network Intrusion Detection

397 views • 11 slides
Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue

Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue

Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside 1 Internet Censorship Key technology: Deep Packet

528 views • 33 slides
fling: A Flexible Ping for Middlebox Measurements Ahmed Elmokashfi, Runa Barik, Michael Welzel,

fling: A Flexible Ping for Middlebox Measurements Ahmed Elmokashfi, Runa Barik, Michael Welzel,

fling: A Flexible Ping for Middlebox Measurements Ahmed Elmokashfi, Runa Barik, Michael Welzel, Thomas Dreibholz, Stein Gjessing AIMs 2018 March 14 th 2018 Metropolitan Center for Digital Engineering Motivation Lack of a generic tool that

538 views • 19 slides
Exposing the Lack of Privacy in File Hos9ng Services Nick

Exposing the Lack of Privacy in File Hos9ng Services Nick

Exposing the Lack of Privacy in File Hos9ng Services Nick Nikiforakis Marco Balduzzi Steven Van Acker Wouter Joosen Davide BalzaroF Sharing is

876 views • 35 slides
Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection

Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection

Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection Systems Signature Based IDS Monitor packets on the network Compare them against database of signatures/attributes from known threats

476 views • 26 slides
Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1 Whats all the fuss with middleboxes? 2 Background 3 What are middleboxes? 4 Middleboxes in the Cloud Cloud APLOMB gateway Enterprise

668 views • 37 slides
EXPOSING PARTICLE PARALLELISM IN THE XGC PIC CODE BY EXPLOITING GPU MEMORY HIERARCHY Stephen

EXPOSING PARTICLE PARALLELISM IN THE XGC PIC CODE BY EXPLOITING GPU MEMORY HIERARCHY Stephen

EXPOSING PARTICLE PARALLELISM IN THE XGC PIC CODE BY EXPLOITING GPU MEMORY HIERARCHY Stephen Abbott, March 26 2018 ACKNOWLEDGEMENTS Collaborators: Oak Ridge Nation Laboratory- Ed DAzevedo NVIDIA - Peng Wang Princeton Plasma Physics

376 views • 19 slides
The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engineering Amro

The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engineering Amro

The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engineering Amro Abdelgawad / REcon 2016 line46_1: mov ecx, [esp] nop nop mov dl, 0xe9 test edx, edx mov byte [ecx], dl The Remote Metamorphic Engine xor eax, 0

683 views • 50 slides

More recommend