CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 09 PHILLIPA GILL – STONY BROOK UNIVERSITY.

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

Enabling Secure Internet Access with ISA Server
Freedom of Speech (Part 3)
Web Filtering and Deep Packet Inspection Artyom Churilin Tallinn University of Technology 2011.
CCNA – Network Fundamentals
CSE534 – Fundamentals of Computer Networks Lecture 16: Traffic Shaping + Net Neutrality Created by P. Gill Spring 2014, updated Spring 2015.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Censorship Traditionally: Deletion of materials that the gorvernment or media considers to be objectionable Internet censorship often just blocks access.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Mgt 20600: IT Management & Applications Telecommuncations and Networks Tuesday March 28, 2006.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Computer Networks IGCSE ICT Section 4.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Norman SecureSurf Protect your users when surfing the Internet.
Managing Client Access
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
1 26-Aug-15 Addressing the network using IPv4 Lecture # 2 Engr. Orland G. Basas Prepared by: Engr. Orland G. Basas IT Lecturer.
CSI315 Lecture 1 WEEK 1. The Internet A world-wide network of millions of computers connected to share information and communication. The interconnected.
Business Computing 550 Lesson 4. Fundamentals of Information Systems, Fifth Edition Chapter 4 Telecommunications, the Internet, Intranets, and Extranets.
The Internet, World Wide Web, and Computer Communication.
Connecting one computer to another computer creates a network.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.
Web Mastering Module Internet Fundamentals. What is the Internet? –Global network of networks –Communicating using same set of rules (protocols/languages)
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
MCHS The Internet and Its Uses Working at a Small-to-Medium Business or ISP – Chapter 1.
1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.
CS 4001Mary Jean Harrold1 Class 24 ŸFreedom of speech in cyberspace ŸAssign ŸAssignment 8—due today ŸTerm paper—due 11/20.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department INTRODUCTION TO COMPUTER NETWORKS Dr. Abdelhamid.
Heidi Duchaine CSC /1/12. Societal Topics Weeks 7 and 8 Internet Regulation: In some societies around the globe, governments are regulating internet.
David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
1 Lecture # 21 Evolution of Internet. 2 Circuit switching network This allows the communication circuits to be shared among users. E.g. Telephone exchange.
The Domain Name System and DNS Blocking Malcolm Hutty Head of Public Affairs, LINX February 2011.
Internet Architecture and Governance
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 10 PHILLIPA GILL – STONY BROOK UNIVERSITY.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 08 PHILLIPA GILL – STONY BROOK UNIVERSITY.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 12.
Principles of Information Systems, Sixth Edition 1 The Internet, Intranets, and Extranets Chapter 7.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
Web Technologies Lecture 1 The Internet and HTTP.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
Component 4: Introduction to Information and Computer Science Unit 7: Networks & Networking Lecture 1 This material was developed by Oregon Health & Science.
2.2 Interfacing Computers MR JOSEPH TAN CHOO KEE TUESDAY 1330 TO 1530
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
NT1210 Introduction to Networking
CS 590B/690B DETECTING NETWORK INTERFERENCE (FALL 2016) PROF. PHILLIPA GILL UNIVERSITY OF MASSACHUSETTS -- AMHERST LECTURE 02 ACKS: SLIDES BASED ON MATERIAL.
CS590/690B Detecting network interference (Fall 2016)
Fundamentals of Information Systems, Sixth Edition
The Internet and Its Uses
CONNECTING TO THE INTERNET
CS590B690B Detecting network interference
Introduction to Networking
CS590B/690B Detecting Network Interference Spring 2018
Unit 27: Network Operating Systems
CISC103 Web Development Basics: Web site:
Firewalls Jiang Long Spring 2002.
COS 561: Advanced Computer Networks
AbbottLink™ - IP Address Overview
Presentation transcript:

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 09 PHILLIPA GILL – STONY BROOK UNIVERSITY

WHERE WE ARE Administrative note: - no class next week - week after Tuesday lecture given by Nick Weaver! Last time: Different censorship measurement platforms Questions?

HANDS ON ACTIVITY FROM LAST TIME Installing/testing OONI Trying differentiation detector app Any successes? Questions?

TODAY Case Study: Iran Background on filtering in Iran (ONI report) Private addresses used within Iran (Anderson 2012) Dimming the Internet (Anderson 2013) Web censorship in Iran (Pseudonymous + Halderman 2013) Case Study: Pakistan Background (ONI report) Pakistan YouTube hijacking (Renesys) Web censorship in Pakistan (Nabi, 2013) c0245c5c937c5dedcca3f1764ecc9b2f.r43.cf2.rackcdn.com/12387-foci13- nabi.pdfhttp://0b4af6cdc2f0c c0245c5c937c5dedcca3f1764ecc9b2f.r43.cf2.rackcdn.com/12387-foci13- nabi.pdf Netsweeper in Pakistan (Citizen Lab report)

BACKGROUND Limited freedom of speech in Iran grounded in their constitution Limits on topics ranging from religion, immorality, and politics State has well established mechanisms for policing traditional media (e.g., print, radio, TV) Internet, initially offered a place for people to express their viewpoints away from the state controls Internet use in Iran grows from <1M users to ~23M users Fastest growth in the middle east at that time As early as 2001 government began asserting control over Internet access in the country Commercial ISPs in Iran are required to connect via the state- controlled Telecommunication Company of Iran (TCI)

CONFLICTING GOALS Desire to encourage economic IT developments … … but also rein in free speech Fourth Five Year Development Plan called for 1.5 M high speed Internet connections worldwide … but in 2006 Ministry of Communication and Information Technology issues an order forbidding home Internet connectivity of > 128 kbps  There were oppositions to the 128kbps rule but it remains in place Researchers, faculty and university students are exempt from the restrictions upon providing documentation Initially censorship implemented via IP blocking by individual ISPs, gradually replaced by centralized censorship by TCI Redirects users to (an address owned by the censor)

MORE RECENTLY 2012: Supreme leader establishes Supreme Council of Cyberspace which controls three government bodies associated with censorship: Committee for determining offensive contents, located at internet.ir and peyvandha.ir which controls censorship policies. They are responsible for updating lists of censored Web sites and enforcing Internet communication policies Iran cyber police (FATA police) Responsible for prosecuting users involved in illegal Internet activities Revolutionary guard cyber defense command, (Iran Cyber Army) responsible for defending Iran against cyber attacks and implementing countermeasures Also, the “Fifth Five Year Development Plan” mandates development of national information network Many fears of complete blocking of external content

CAMPAIGN FOR NATIONAL INTERNET Head of MICT and other gov’t officials create public campaign extolling virtues of creating such a network: A genuinely halal network aimed at Muslims on an ethical and moral level – Ali Agha-Mohammadi A national internet can be very effective to protect the country’s information and the people’s security – Esmail Ahmadi Moghaddam Usage of private IPs within the country could indicate a desire to go in this direction But usage of these addresses is not particularly new Observed as far back as 2010 (Anderson 2012)

FILTERING IN IRAN AT A GLANCE

NETWORKING 101: RFC 1918 IP addresses on the Internet need to be globally unique IANA: Internet Assigned Numbers Authority is responsible for ensuring this Since IP addresses are finite and not all hosts need to be globally accessible, three blocks of IP addresses were reserved for local/private use /8 (16 M addresses) /12 (1 M addresses) /16 (65 K addresses) These IP addresses/routing information for them should not be propagated between networks ISPs should filter them (according to RFC) Commonly used for NAT (ie., multiplexing a single public IP address across many clients)

THE HIDDEN INTERNET OF IRAN Anderson 2012 – Reading on Web page Points of observation: 2 hosts in Tehran (1 connecting via AS ITC and 1 connecting via Institute for Research in Fundamental Sciences (AS 6736)) Collection of Web proxies within the country that these hosts connect to to test accessibility Proxies with both internal + external IP addresses Potential shortcomings The two hosts may be subject to localized censorship by network owners Testing of censorship could lead to reactions from the censor

ILLUSTRATION OF ABNORMAL TRACEROUTES

MEASURING THE INTERNAL NETWORK Many techniques… DNS (fig 6); says it is an server with hostname Webmail.isfidc.com. Running dig on this address gives us the external address for this server Can use regional Internet registries to figure out which organization is using the address Another way to figure out internal IP ownership: Spoof a ping to the internal address from an external host When the external host receives the reply the external address mapped to the internal host will be revealed

RESULTS OF MAPPING

DIMMING THE INTERNET Anderson 2013 (Reading on Web page) Performance degradation to limit free flow of information Relation to network neutrality discussions? Data reused from NDT tool (client initiated network performance tests run against servers hosted by Measurement Lab (MLab)). NDT integrated into uTorrent Focus on: RTT Packet Loss Network-limited time ratio (where client has sent as much traffic as it can and needs to wait for ACKs before sending more) Network throughput

AGGREGATING MEASUREMENTS National ISP/AS + IP prefixes Control groups (grouping users with similar performance) Using median country-level throughput (based on highest performing measurement for each client on a given day) they find two extended periods of degradation Nov – Aug (77% decrease) Oct – Nov (69% decrease) Corroboration with reports: “The Internet in Iran is Crawling, Conveniently, Right Before Planned Protests” Suspected events around holidays, protests, disruption of Google services

EXAMPLE PLOT

READING PRESENTATION Pseudonymous + Halderman

TODAY Case Study: Iran Background on filtering in Iran (ONI report) Private addresses used within Iran (Anderson 2012) Dimming the Internet (Anderson 2013) Web censorship in Iran (Pseudonymous + Halderman 2013) Case Study: Pakistan Background (ONI report) Pakistan YouTube hijacking (Renesys) Web censorship in Pakistan (Nabi, 2013) c0245c5c937c5dedcca3f1764ecc9b2f.r43.cf2.rackcdn.com/12387-foci13- nabi.pdfhttp://0b4af6cdc2f0c c0245c5c937c5dedcca3f1764ecc9b2f.r43.cf2.rackcdn.com/12387-foci13- nabi.pdf Netsweeper in Pakistan (Citizen Lab report)

INTERNET IN PAKISTAN ~130 ISPs: Wateen, Paknet, Linkdotnet, Comsats, Cybernet Wateen roll out of WiMAX in 2007 made Pakistan the first country with nationwide WiMAX coverage Largest Internet eXchange Point (IXP) in the country (as of 2009) was the Pakistan Internet Exchange (PIE) subsidiary of PTCL (gov’t owned ISP) PIE has three main nodes: Karachi, Lahore and Islamabad + operates two submarine cables (South East Asia – Middle East – Western Europe: SEA-ME-WE 3 and SEA-ME-WE 4) In 2009, ISPs no longer had to connect via PTCL and could choose third party providers Second major company in Pakistan Internet market is TransWorld Owns and operates Pakistan’s first and only privately owned submarine fiber optic cable system (TW1) TW1 has capacity of 1.28 TB more than necessary for the nation

INTERNET FILTERING IN PAKISTAN Filtering regulated by the Pakistan Telecom Authority (PTA) and Federal Investigation Agency (FIA) directed by the government, supreme court, and Ministry of IT (MoIT) – MoIT created the Inter Ministerial Committee for the Evaluation of Web sites (IMCEW) responsible for monitoring and blocking Web pages Directives about what to block pass from these government agencies to ISPs for implementation Wide publicity of censorship in Pakistan because of collateral damage 2006: attempt to block 12 sites with cartoons of Mohammad resulted in blocking the entire Blogspot domain for 2 months 2008: accidentally taking YouTube offline for hours 2010: blocking of Facebook, YouTube, Flickr, Wikipedia on “Draw Mohammad Day”

INTERNET FILTERING IN PAKISTAN (2) 2012: Gov’t solicits proposals for a country-wide URL filtering and blocking system including: Filtering at domain level, subfolder level, individual files Blocking individual IPs or whole address ranges Remote network monitoring via SNMP, configuration via HTTP/HTTPS Operation at L2 and L3 Modularity: stand alone hardware that can block up to 50M URLs with <1ms latency Later in 2012: indefinite ban on YouTube in response to a movie. Impact felt on other Google services with common IP addresses

HISTORY LESSON YouTube Pakistan Telecom Pakistan Telecom “The Internet” Telnor Pakistan Telnor Pakistan Aga Khan University Aga Khan University Multinet Pakistan Multinet Pakistan I’m YouTube: IP / 22 I’m YouTube: IP / : Pakistan uses BGP messages to filter traffic February 2008 : Pakistan Telecom hijacks YouTube

HISTORY LESSON Here’s what should have happened…. YouTube Pakistan Telecom Pakistan Telecom “The Internet” Telnor Pakistan Telnor Pakistan Aga Khan University Aga Khan University Multinet Pakistan Multinet Pakistan I’m YouTube: IP / 22 I’m YouTube: IP / 22 X Hijack + drop packets going to YouTube Block your own customers.

HISTORY LESSON But here’s what Pakistan ended up doing… YouTube Pakistan Telecom Pakistan Telecom “The Internet” Telnor Pakistan Telnor Pakistan Aga Khan University Aga Khan University Multinet Pakistan Multinet Pakistan I’m YouTube: IP / 22 I’m YouTube: IP / 22 Pakistan Telecom Pakistan Telecom No, I’m YouTube! IP / 24 No, I’m YouTube! IP / 24

HOW IS THIS POSSIBLE? Pakistan Telecom connected to the rest of the Internet via the PCCW network This network did not validate the message sent by Pakistan Telecom …and proceeded to pass it on to its neighbors who also accepted it Worse yet, the route announced by Pakistan was more specific than the route announced by YouTube Pakistan announced /24 YouTube announced /22 No easy way for networks on the Internet to validate messages Direct provider has more of a chance since they should know the prefixes that their customers will be announcing (in theory)

THE ANATOMY OF WEB CENSORSHIP IN PAKISTAN Testing a list of blocked sites which is publicly available ~300 URLs Whittled down from 500 because some sites were offline, duplicates etc. VPN terminating in the US was used to ensure that the sites were indeed up and were being blocked in Pakistan Procedure (for each URL) Perform DNS lookup on local + 3 rd party DNS server Try to open a connection to the IP Test for URL-keyword filtering (append the URL to Google.com). Expected result is a 404 not found if not -> censorship HTTP request to the site Tests performed on 5 networks (2 University, 2 Home, 1 cellular)

RESULTS

O PAKISTAN, WE STAND ON GUARD FOR THEE Citizen Lab report on Netsweeper being used in Pakistan (title is reference to a line in the Canadian national anthem) After Pakistan solicited proposals for their filtering system an advocacy group (Access) started a petition calling on technology companies to announce that they would not bid on the project. Several major IT companies supported the petition 5 declined to comment: Huawei, ZTE, Blue Coat, McAfee, & Netsweeper In previous ONI research block pages with company logos were common, but over time this decreased

BACKGROUND: NETSWEEPER Canadian-based provider of Web content filtering + threat management products Used for state-sanctioned censorship in several countries: Qatar, UAE, Kuwait, and Yemen Enables bulk filtering on specific categories (e.g., Adult, Entertainment, Information) + specific URLs and custom categories These URL lists are central to their business Web site boards 5B categorized URLs and 10M URL categorization requests per day

HOW CITIZEN LAB LOCATED NETSWEEPER Searched using to find the IP of Netsweeper installations in Pakistanwww.shodanhq.com E.g., search for URL paths like /webadmindeny Located the IP:

ON THE SAME IP…

OK … BUT IS THIS CENSORSHIP? Netsweeper could be used in a corporate setting as opposed to at the national level Many user reports of seeing the same block page that Netsweeper generates on multiple ISPs More IPs in PTCL found hosting Netsweeper

IN COUNTRY TESTING To validate online reports The Citizen Lab ran tests to confirm Web page accessed in Pakistan + Toronto, results manually compared List of 1465 URLs tested Observed a mix of DNS and blockpage blocking <iframe src=" ?dpid=1&dpruleid=78&cat=104&ttl=0&groupname=PTCL2&policyname=PTCL2- policy&username=MMBB-9-WLL &userip=X.X.X.X&connectionip= &nsphostname=X& protocol=policyprocessor&dplanguage=-&url=X"width="100%"height="100%" frameborder=0>

HANDS ON ACTIVITY Look at the Netsweeper testing page: Run wireshark while doing the “test” Look at the HTTP connections it makes How might we use a page like this to measure censorship? What might make this hard? Search for webadmin/deny to find Netsweeper devices around the world.

HANDS ON ACTIVITY RIPEstat page for AS 12880: Try looking up other Iranian networks NDT data in Google ctype=l&strail=false&bcs=d&nselm=h&met_y=download_through put&scale_y=lin&ind_y=false&rdim=country&idim=country:364&i fdim=country&ind=false OOKLA Speed test: type=l&met_y=avg_download_speed