Black Hat: Security Researcher Unveils Network Neutrality Tool
During the Black Hat USA conference Wednesday, Kaminsky unveiled a free network neutrality tool that could help further the network neutrality cause by detecting when ISPs are deliberately favoring Web sites by either speeding up or slowing down traffic.
Kaminsky, who said that he plans to release the tool in the next several weeks, aims to give network neutrality advocates a tool to keep wayward ISPs in check.
The principle of network neutrality maintains that Internet service providers or governments impose no restrictions on users’ ability to access any Web site on the Internet or their use of any platform.
“The long and short of it is this, ISPs can do what they want,” he said. “I’m here to tell you whatever changes are done might as well be transparent, because we can certainly detect them with packet manipulation.”
Historically, that has been a challenging endeavor, due to the subtle and barely detectable difference in traffic speed from one carrier to another. Often those variations could be blamed on any number of factors, he said.
“It’s the subtle changes that concern me. Bing is fifty milliseconds slower than Google,” he said. “There’s a risk of deniable alterations to the way the Internet works. Things are worse, things are slower, but you can’t prove it.”
At least until now.
“How do you detect biased networks?” he said. “We have a way of making it so your net connections are making a connection from somewhere else.”
At its core, the tool, known as n00ter, short for “neutral router,” operates like a virtual private network, VPN, which funnels the network connection through a secure proxy to another device running on a different network.
Similarly, n00ter proxies traffic and masks the source in order evaluate when ISPs are favoring one service or Web site over another by spoofing the traffic from that site to a user.
“Just like a VPN, when the server sends traffic back to the client, it’s out in the open, it’s totally visible and unencrypted,” Kaminsky said. “I falsify the source of the traffic as if there were no router.”
The proxied traffic is then compared with a normal connection to the site in order to spot any artificial changes in speed.
“Something on my ISP has a bias. We’re left with one cause, and that’s pretty much it,” Kaminsky said. “The end game here is that it’s impossible to make a filter that N00ter can’t detect.”
Kaminsky said that he wasn’t out to target any particular ISP with the tool or “embarrass anyone.”
“I’m just trying to give ammunition to engineers outside of ISPs,” he said. “We engineers want policy that reflects reality, so we have to bundle up reality in a way policy makers can understand."