-
Back in control -- An extensible middle-box on your phone
Authors:
James Newman,
Abbas Razaghpanah,
Narseo Vallina-Rodriguez,
Fabian E. Bustamante,
Mark Allman,
Diego Perino,
Alessandro Finamore
Abstract:
The closed design of mobile devices -- with the increased security and consistent user interfaces -- is in large part responsible for their becoming the dominant platform for accessing the Internet. These benefits, however, are not without a cost. Their operation of mobile devices and their apps is not easy to understand by either users or operators. We argue for recovering transparency and contro…
▽ More
The closed design of mobile devices -- with the increased security and consistent user interfaces -- is in large part responsible for their becoming the dominant platform for accessing the Internet. These benefits, however, are not without a cost. Their operation of mobile devices and their apps is not easy to understand by either users or operators. We argue for recovering transparency and control on mobile devices through an extensible platform that can intercept and modify traffic before leaving the device or, on arrival, before it reaches the operating system. Conceptually, this is the same view of the traffic that a traditional middlebox would have at the far end of the first link in the network path. We call this platform ``middlebox zero'' or MBZ. By being on-board, MBZ also leverages local context as it processes the traffic and complements the network-wide view of standard middleboxes. We discuss the challenges of the MBZ approach, sketch a working design, and illustrate its potential with some concrete examples.
△ Less
Submitted 14 December, 2020;
originally announced December 2020.
-
The Era of TLS 1.3: Measuring Deployment and Use with Active and Passive Methods
Authors:
Ralph Holz,
Johanna Amann,
Abbas Razaghpanah,
Narseo Vallina-Rodriguez
Abstract:
TLS 1.3 marks a significant departure from previous versions of the Transport Layer Security protocol (TLS). The new version offers a simplified protocol flow, more secure cryptographic primitives, and new features to improve performance, among other things. In this paper, we conduct the first study of TLS 1.3 deployment and use since its standardization by the IETF. We use active scans to measure…
▽ More
TLS 1.3 marks a significant departure from previous versions of the Transport Layer Security protocol (TLS). The new version offers a simplified protocol flow, more secure cryptographic primitives, and new features to improve performance, among other things. In this paper, we conduct the first study of TLS 1.3 deployment and use since its standardization by the IETF. We use active scans to measure deployment across more than 275M domains, including nearly 90M country-code top-level domains. We establish and investigate the critical contribution that hosting services and CDNs make to the fast, initial uptake of the protocol. We use passive monitoring at two positions on the globe to determine the degree to which users profit from the new protocol and establish the usage of its new features. Finally, we exploit data from a widely deployed measurement app in the Android ecosystem to analyze the use of TLS 1.3 in mobile networks and in mobile browsers. Our study shows that TLS 1.3 enjoys enormous support even in its early days, unprecedented for any TLS version. However, this is strongly related to very few global players pushing it into the market and sustaining its growth.
△ Less
Submitted 6 August, 2019; v1 submitted 30 July, 2019;
originally announced July 2019.
-
ICLab: A Global, Longitudinal Internet Censorship Measurement Platform
Authors:
Arian Akhavan Niaki,
Shinyoung Cho,
Zachary Weinberg,
Nguyen Phong Hoang,
Abbas Razaghpanah,
Nicolas Christin,
Phillipa Gill
Abstract:
Researchers have studied Internet censorship for nearly as long as attempts to censor contents have taken place. Most studies have however been limited to a short period of time and/or a few countries; the few exceptions have traded off detail for breadth of coverage. Collecting enough data for a comprehensive, global, longitudinal perspective remains challenging. In this work, we present ICLab, a…
▽ More
Researchers have studied Internet censorship for nearly as long as attempts to censor contents have taken place. Most studies have however been limited to a short period of time and/or a few countries; the few exceptions have traded off detail for breadth of coverage. Collecting enough data for a comprehensive, global, longitudinal perspective remains challenging. In this work, we present ICLab, an Internet measurement platform specialized for censorship research. It achieves a new balance between breadth of coverage and detail of measurements, by using commercial VPNs as vantage points distributed around the world. ICLab has been operated continuously since late 2016. It can currently detect DNS manipulation and TCP packet injection, and overt "block pages" however they are delivered. ICLab records and archives raw observations in detail, making retrospective analysis with new techniques possible. At every stage of processing, ICLab seeks to minimize false positives and manual validation.
Within 53,906,532 measurements of individual web pages, collected by ICLab in 2017 and 2018, we observe blocking of 3,602 unique URLs in 60 countries. Using this data, we compare how different blocking techniques are deployed in different regions and/or against different types of content. Our longitudinal monitoring pinpoints changes in censorship in India and Turkey concurrent with political shifts, and our clustering techniques discover 48 previously unknown block pages. ICLab's broad and detailed measurements also expose other forms of network interference, such as surveillance and malware injection.
△ Less
Submitted 10 July, 2019; v1 submitted 9 July, 2019;
originally announced July 2019.
-
An Analysis of Pre-installed Android Software
Authors:
Julien Gamba,
Mohammed Rashed,
Abbas Razaghpanah,
Juan Tapiador,
Narseo Vallina-Rodriguez
Abstract:
The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the pre-installed apps on their devices. Yet, t…
▽ More
The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the pre-installed apps on their devices. Yet, the landscape of pre-installed software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large-scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third-party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.
△ Less
Submitted 7 May, 2019;
originally announced May 2019.
-
A Churn for the Better: Localizing Censorship using Network-level Path Churn and Network Tomography
Authors:
Shinyoung Cho,
Rishab Nithyanand,
Abbas Razaghpanah,
Phillipa Gill
Abstract:
Recent years have seen the Internet become a key vehicle for citizens around the globe to express political opinions and organize protests. This fact has not gone unnoticed, with countries around the world repurposing network management tools (e.g., URL filtering products) and protocols (e.g., BGP, DNS) for censorship. However, repurposing these products can have unintended international impact, w…
▽ More
Recent years have seen the Internet become a key vehicle for citizens around the globe to express political opinions and organize protests. This fact has not gone unnoticed, with countries around the world repurposing network management tools (e.g., URL filtering products) and protocols (e.g., BGP, DNS) for censorship. However, repurposing these products can have unintended international impact, which we refer to as "censorship leakage". While there have been anecdotal reports of censorship leakage, there has yet to be a systematic study of censorship leakage at a global scale. In this paper, we combine a global censorship measurement platform (ICLab) with a general-purpose technique -- boolean network tomography -- to identify which AS on a network path is performing censorship. At a high-level, our approach exploits BGP churn to narrow down the set of potential censoring ASes by over 95%. We exactly identify 65 censoring ASes and find that the anomalies introduced by 24 of the 65 censoring ASes have an impact on users located in regions outside the jurisdiction of the censoring AS, resulting in the leaking of regional censorship policies.
△ Less
Submitted 23 June, 2017;
originally announced June 2017.
-
Tracking the Trackers: Towards Understanding the Mobile Advertising and Tracking Ecosystem
Authors:
Narseo Vallina-Rodriguez,
Srikanth Sundaresan,
Abbas Razaghpanah,
Rishab Nithyanand,
Mark Allman,
Christian Kreibich,
Phillipa Gill
Abstract:
Third-party services form an integral part of the mobile ecosystem: they allow app developers to add features such as performance analytics and social network integration, and to monetize their apps by enabling user tracking and targeted ad delivery. At present users, researchers, and regulators all have at best limited understanding of this third-party ecosystem. In this paper we seek to shrink t…
▽ More
Third-party services form an integral part of the mobile ecosystem: they allow app developers to add features such as performance analytics and social network integration, and to monetize their apps by enabling user tracking and targeted ad delivery. At present users, researchers, and regulators all have at best limited understanding of this third-party ecosystem. In this paper we seek to shrink this gap. Using data from users of our ICSI Haystack app we gain a rich view of the mobile ecosystem: we identify and characterize domains associated with mobile advertising and user tracking, thereby taking an important step towards greater transparency. We furthermore outline our steps towards a public catalog and census of analytics services, their behavior, their personal data collection processes, and their use across mobile apps.
△ Less
Submitted 26 October, 2016; v1 submitted 22 September, 2016;
originally announced September 2016.
-
Exploring the Design Space of Longitudinal Censorship Measurement Platforms
Authors:
Abbas Razaghpanah,
Anke Li,
Arturo Filastò,
Rishab Nithyanand,
Vasilis Ververis,
Will Scott,
Phillipa Gill
Abstract:
Despite the high perceived value and increasing severity of online information controls, a data-driven understanding of the phenomenon has remained elusive. In this paper, we consider two design points in the space of Internet censorship measurement with particular emphasis on how they address the challenges of locating vantage points, choosing content to test, and analyzing results. We discuss th…
▽ More
Despite the high perceived value and increasing severity of online information controls, a data-driven understanding of the phenomenon has remained elusive. In this paper, we consider two design points in the space of Internet censorship measurement with particular emphasis on how they address the challenges of locating vantage points, choosing content to test, and analyzing results. We discuss the trade offs of decisions made by each platform and show how the resulting data provides complementary views of global censorship. Finally, we discuss lessons learned and open challenges discovered through our experiences.
△ Less
Submitted 29 October, 2016; v1 submitted 6 June, 2016;
originally announced June 2016.
-
Haystack: A Multi-Purpose Mobile Vantage Point in User Space
Authors:
Abbas Razaghpanah,
Narseo Vallina-Rodriguez,
Srikanth Sundaresan,
Christian Kreibich,
Phillipa Gill,
Mark Allman,
Vern Paxson
Abstract:
Despite our growing reliance on mobile phones for a wide range of daily tasks, their operation remains largely opaque. A number of previous studies have addressed elements of this problem in a partial fashion, trading off analytic comprehensiveness and deployment scale. We overcome the barriers to large-scale deployment (e.g., requiring rooted devices) and comprehensiveness of previous efforts by…
▽ More
Despite our growing reliance on mobile phones for a wide range of daily tasks, their operation remains largely opaque. A number of previous studies have addressed elements of this problem in a partial fashion, trading off analytic comprehensiveness and deployment scale. We overcome the barriers to large-scale deployment (e.g., requiring rooted devices) and comprehensiveness of previous efforts by taking a novel approach that leverages the VPN API on mobile devices to design Haystack, an in-situ mobile measurement platform that operates exclusively on the device, providing full access to the device's network traffic and local context without requiring root access. We present the design of Haystack and its implementation in an Android app that we deploy via standard distribution channels. Using data collected from 450 users of the app, we exemplify the advantages of Haystack over the state of the art and demonstrate its seamless experience even under demanding conditions. We also demonstrate its utility to users and researchers in characterizing mobile traffic and privacy risks.
△ Less
Submitted 29 October, 2016; v1 submitted 5 October, 2015;
originally announced October 2015.
