AIMS Workshop - CAIDA, February 2016 The ICSI Haystack A Platform for Hybrid Mobile Measurements in the Wild Narseo Vallina-Rodriguez In collaboration with: S. Sundaresan, C. Kreibich, M. Allman, V. Paxson (ICSI/UC Berkeley) A. Razaghpanah, P. Gill (Stony Brook University)
How much do we know about the mobile ecosystem? 2
The mobile jigsaw IPv6 LTE Privacy QUIC NAT CDNs Apps WiFi ACTIVE Users MEASUREMENTS 3G MVNO Security Performance Proxies Ads DNS TLS CGNs 3
The mobile jigsaw IPv6 LTE Privacy QUIC NAT CDNs Apps WiFi STATIC AND DYNAMIC ANALYSIS Users 3G MVNO Security Performance Proxies Ads DNS TLS CGNs 4
The mobile jigsaw IPv6 LTE Privacy QUIC NAT CDNs Apps WiFi INSTRUMENTED PHONES Users 3G MVNO (root access) Security Performance Proxies Ads DNS TLS CGNs 5
The mobile jigsaw IPv6 LTE Privacy QUIC NAT CDNs Apps WiFi ISP Users TRACES 3G MVNO Security Performance Proxies Ads DNS TLS CGNs 6
The mobile jigsaw IPv6 LTE Privacy QUIC NAT CDNs Apps WiFi VPN AND Users PROXY TRACES 3G MVNO Security Performance Proxies Ads DNS TLS CGNs 7
TRADE- OFFS! 8
The ideal mobile measurements platform: Real-world operation Comprehensiveness Local operation Large scale 9
The ICSI Haystack A user-centric, and on-device measurements platform that intercepts and studies network traffic and app activity in user space 10
Max throughput: ~55 Mbps Schematic view of Haystack Extra latency < 1-4 ms Battery overhead: 2-9 % Contextualized Anonymized traffic analysis reports (IRB) Traffic Analyzer (off-path) Optional TLS DB @ ICSI interception Java sockets! 😢 i.e., no-packet level traces TLS Forwarder Proxy App traffic tun Default interface GW Raw Internet packets
A easy-to-deploy tool for mobile users! 12
The user engagement challenge 13
Technical details and performance evaluation: 14
Ongoing and Future Research Directions 15
We are [mostly] in the dark about how mobile apps behave in ANY network! “ I love working for the NSA, but if I’d wanted to snoop on people’s most intimate information, I’d have become an app developer! ” http://www.robcottingham.ca/
Provides DPI and generates accurate behavioral signatures and how? Who do apps talk to, what do they talk about, New-generation analytics and ad networks use TLS! % of Apps Allows users to stay in control of their traffic 10 20 30 40 0 graph.facebook.com crashlytics.com google.com googleapis.com doubleclick.net flurry.com gstatic.com googlesyndication.com amazonaws.com scorecardresearch.com 17 googletagmanager.com amazon − adsystem.com mixpanel.com googleusercontent.com mopub.com google − analytics.com cloudfront.net twitter.com facebook.com twimg.com
Performance evaluation: Real-world DNS Median 𝞔 (t App -t tcpdump ) ( 𝞶 s) StdDev 𝞔 (t App -t tcpdump ) ( 𝞶 s) App JavaApp 1,254 658 Haystack 1,211 303 Can measure contextualized “ real-world ” traffic performance Enables reactive measurements [ Allman+Paxson, PAM 2008 ] 18
Community feedback: What are your reactions both as users and researchers? • How can we improve app usability and mobile transparency? • What are the most challenging, worrying and urging aspects • of mobile systems? Visit: www.haystack.com 19
Recommend
More recommend
