towards a secure zero-rating framework with three … · china mobile lost over 0.5 million/month...
TRANSCRIPT
![Page 1: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/1.jpg)
TOWARDS A SECURE ZERO-RATINGFRAMEWORK WITH THREE PARTIES
Authors: Zhiheng Liu, Zhen Zhang, Yinzhi Cao†, Zhaohan Xi, Shihao Jing and Humberto
La Roche ‡
Lehigh University, †Johns Hopkins University/Lehigh University, ‡Cisco System
![Page 2: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/2.jpg)
08/15/2018 @Zhen Zhang ([email protected]) 2
![Page 4: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/4.jpg)
08/15/2018 @Zhen Zhang ([email protected]) 4
![Page 5: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/5.jpg)
08/15/2018 @Zhen Zhang ([email protected]) 5
![Page 14: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/14.jpg)
08/15/2018 @Zhen Zhang ([email protected]) 14
Yes, Let’s fool the ISP…Launch free-riding attacks
Zero-rating Services
![Page 15: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/15.jpg)
Threat Model of Free-riding Attacks
08/15/2018 @Zhen Zhang ([email protected]) 15
ISP
Clients
Content Providers
![Page 16: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/16.jpg)
Threat Model of Free-riding Attacks
08/15/2018 @Zhen Zhang ([email protected]) 16
malicious
ISP
Clients
Content Providers
![Page 17: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/17.jpg)
Threat Model of Free-riding Attacks
08/15/2018 @Zhen Zhang ([email protected]) 17
malicious
ISP
ISP is benign/victimClients
Content Providers
![Page 18: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/18.jpg)
Threat Model of Free-riding Attacks
08/15/2018 @Zhen Zhang ([email protected]) 18
malicious
ISP
ISP is benign/victim
Zero-rated CPs arebenign/victim
Clients
Content Providers
![Page 19: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/19.jpg)
Threat Model of Free-riding Attacks
08/15/2018 @Zhen Zhang ([email protected]) 19
malicious
ISP
ISP is benign/victim
Zero-rated CPs arebenign/victim
Attacker can masquerade zero-rating CP
Clients
Content Providers
![Page 20: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/20.jpg)
Outline
▪ Introduction
▪ Free-riding Attacks
▪ System Design
▪ Formal Security Analysis
▪ Implementation
▪ Evaluation
▪ Conclusion
08/15/2018 @Zhen Zhang ([email protected]) 20
![Page 21: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/21.jpg)
Request Masquerade Attack on Industry System
▪ Masquerade request domain▪ HTTP: “Host” field [1]
▪ HTTPs: “SNI” field
08/15/2018 @Zhen Zhang ([email protected]) 21
ISP Network
Zero-rated domain list
www.attacker.com
Client[1] Kakhki, Arash Molavi, et al. "Bingeon under the microscope: Understanding T-Mobiles zero-rating implementation." Proceedings of the 2016 workshop on QoE-based Analysis and Management of Data Communication Networks. ACM, 2016.
![Page 22: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/22.jpg)
Request Masquerade Attack on Industry System
▪ Masquerade request domain▪ HTTP: “Host” field [1]
▪ HTTPs: “SNI” field
08/15/2018 @Zhen Zhang ([email protected]) 22
ISP Network
Zero-rated domain list
Request
srcIP, dstIP …
<data>SNI/Host:www.youtube.com
www.attacker.com
Client[1] Kakhki, Arash Molavi, et al. "Bingeon under the microscope: Understanding T-Mobiles zero-rating implementation." Proceedings of the 2016 workshop on QoE-based Analysis and Management of Data Communication Networks. ACM, 2016.
![Page 23: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/23.jpg)
Request Masquerade Attack on Industry System
▪ Masquerade request domain▪ HTTP: “Host” field [1]
▪ HTTPs: “SNI” field
08/15/2018 @Zhen Zhang ([email protected]) 23
ISP Network
Zero-rated domain list
Request
srcIP, dstIP …
<data>SNI/Host:www.youtube.com
Requestwww.attacker.com
Client[1] Kakhki, Arash Molavi, et al. "Bingeon under the microscope: Understanding T-Mobiles zero-rating implementation." Proceedings of the 2016 workshop on QoE-based Analysis and Management of Data Communication Networks. ACM, 2016.
![Page 24: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/24.jpg)
Request Masquerade Attack on Industry System
▪ Masquerade request domain▪ HTTP: “Host” field [1]
▪ HTTPs: “SNI” field
08/15/2018 @Zhen Zhang ([email protected]) 24
ISP Network
Zero-rated domain list
Request
srcIP, dstIP …
<data>SNI/Host:www.youtube.com
Requestwww.attacker.com
Client[1] Kakhki, Arash Molavi, et al. "Bingeon under the microscope: Understanding T-Mobiles zero-rating implementation." Proceedings of the 2016 workshop on QoE-based Analysis and Management of Data Communication Networks. ACM, 2016.
![Page 25: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/25.jpg)
Request Masquerade Attack on Industry System
▪ Masquerade request domain▪ HTTP: “Host” field [1]
▪ HTTPs: “SNI” field
08/15/2018 @Zhen Zhang ([email protected]) 25
ISP Network
Zero-rated domain list
Request
srcIP, dstIP …
<data>SNI/Host:www.youtube.com
Requestwww.attacker.com
Response
srcIP, dstIP …
<data>
Client[1] Kakhki, Arash Molavi, et al. "Bingeon under the microscope: Understanding T-Mobiles zero-rating implementation." Proceedings of the 2016 workshop on QoE-based Analysis and Management of Data Communication Networks. ACM, 2016.
![Page 26: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/26.jpg)
Response Modification Attack on Industry System
▪ Inject non-zero-rated content
08/15/2018 @Zhen Zhang ([email protected]) 26
ISP Network
Client
Request
srcIP, dstIP …
<data>SNI/Host: www.zero-rated.com
Response
srcIP, dstIP …
<data>
Zero-rated domain list
Zero-rated CP
![Page 27: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/27.jpg)
Response Modification Attack on Industry System
▪ Inject non-zero-rated content
08/15/2018 @Zhen Zhang ([email protected]) 27
ISP Network
Client
Request
srcIP, dstIP …
<data>SNI/Host: www.zero-rated.com
Response
srcIP, dstIP …
<data>
Response
srcIP, dstIP …
<modified-data>
Zero-rated domain list
Zero-rated CP
![Page 28: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/28.jpg)
Prototype Zero-Rating Systems
▪ Network Cookies [1]
▪ A malicious user can abuse the cookie.
▪ IP Whitelist-based Method [2]
▪ An attacker at the server side can abuse source IP address.
08/15/2018 @Zhen Zhang ([email protected]) 28
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
![Page 29: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/29.jpg)
Attacks on Network Cookies
▪ Network Cookies [1]
▪ A malicious user can abuse the cookie.
08/15/2018 @Zhen Zhang ([email protected]) 29
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
Client
ISP Network
Zero-rated CP
Charged CP
![Page 30: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/30.jpg)
Attacks on Network Cookies
▪ Network Cookies [1]
▪ A malicious user can abuse the cookie.
08/15/2018 @Zhen Zhang ([email protected]) 30
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
Client
ISP Network
Zero-rated CP
Charged CP
![Page 31: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/31.jpg)
Attacks on Network Cookies
▪ Network Cookies [1]
▪ A malicious user can abuse the cookie.
08/15/2018 @Zhen Zhang ([email protected]) 31
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
Client
ISP Network
Zero-rated CP
Charged CP
![Page 32: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/32.jpg)
Attacks on IP whitelist based system
▪ Facebook Zero [2]
▪ An attacker at the server side can abuse source IP address.
08/15/2018 @Zhen Zhang ([email protected]) 32
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
ISP Network
IP whitelist
Client
Zero-rated CP
Attacker CP
![Page 33: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/33.jpg)
Attacks on IP whitelist based system
▪ Facebook Zero [2]
▪ An attacker at the server side can abuse source IP address.
08/15/2018 @Zhen Zhang ([email protected]) 33
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
ISP Network
IP whitelist
Client
Zero-rated CP
Attacker CP
![Page 34: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/34.jpg)
Attacks on IP whitelist based system
▪ Facebook Zero [2]
▪ An attacker at the server side can abuse source IP address.
08/15/2018 @Zhen Zhang ([email protected]) 34
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
ISP Network
IP whitelist
Client
Zero-rated CP
Attacker CP
srcIP of Zero-rated CP, ACK, Seq
![Page 35: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/35.jpg)
Attacks on IP whitelist based system
▪ Facebook Zero [2]
▪ An attacker at the server side can abuse source IP address.
08/15/2018 @Zhen Zhang ([email protected]) 35
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
ISP Network
IP whitelist
Client
Zero-rated CP
Attacker CP
srcIP of Zero-rated CP, ACK, Seq
![Page 36: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/36.jpg)
Attacks on IP whitelist based system
▪ Facebook Zero [2]
▪ An attacker at the server side can abuse source IP address.
08/15/2018 @Zhen Zhang ([email protected]) 36
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.[2] (2014, Dec.) Delivering zero-rated traffic. https://connect.limelight.com/blogs/limelight/2014/12/08/delivering-zero-rated-traffic
ISP Network
IP whitelist
Client
Zero-rated CP
Attacker CP
Victim
srcIP of Zero-rated CP, ACK, Seq
![Page 37: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/37.jpg)
Attacks on Zero-Rating Systems
T-Mobile
ChinaMobile
ChinaUnicom
UnitedWiFi
ORDWiFi
NetworkCookies [1]
IPWhitelist
Req-Mas ✕ ✕ N/A ✕ ✕ ✕ ✕
Res-Mod ✕ ✕ N/A ✕ ✕ ✕ ✕
Req-Mas ✕ N/A ✕ N/A ✕ ✕ ✕
Res-Mod ✕ N/A ✕ N/A ✕ ✕ ✕
08/15/2018 @Zhen Zhang ([email protected]) 37
: Unencrypted Traffic; : Encrypted Traffic; Req-Mas: Request Masquerade; Res-Mod: Response Modification
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.
![Page 38: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/38.jpg)
Impacts of free-riding attacks
▪ A major U.S. network carrier lost over 7 millions in a month [1]
▪ China Mobile lost over 0.5 million/month in one province.
▪ Filtering abnormal users , i.e., those consuming over 3 GB per month zero rating traffic
▪ Inspecting unencrypted data manually
▪ Results: found 71TB free-riding traffic
08/15/2018 @Zhen Zhang ([email protected]) 38
[1] (2017 global internet phenomena) spotlight: Zero-rating fraud. https://www.sandvine.com/hubfs/downloads/archive/2017-global-internet-phenomena-spotlight-zero-rating-fraud.pdf
![Page 39: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/39.jpg)
Outline
▪ Introduction
▪ Free-riding Attacks
▪ System Design
▪ Formal Security Analysis
▪ Implementation
▪ Evaluation
▪ Conclusion
08/15/2018 @Zhen Zhang ([email protected]) 39
![Page 40: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/40.jpg)
System Design: Overview
08/15/2018 @Zhen Zhang ([email protected]) 40
ISPNetwork
ContentProvider
ServerAgent
ISPAssistant
Client
![Page 41: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/41.jpg)
System Design: Overview
08/15/2018 @Zhen Zhang ([email protected]) 41
ISPNetwork
ContentProvider
ServerAgent
ISPAssistant
Control Plane
Client
![Page 42: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/42.jpg)
System Design: Overview
08/15/2018 @Zhen Zhang ([email protected]) 42
ISPNetwork
ContentProvider
ServerAgent
ISPAssistant
Control Plane
Client
![Page 43: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/43.jpg)
System Design: Overview
08/15/2018 @Zhen Zhang ([email protected]) 43
ISPNetwork
ContentProvider
ServerAgent
ISPAssistant
Mirrored traffic
Control Plane
Client
![Page 44: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/44.jpg)
System Design: Overview
08/15/2018 @Zhen Zhang ([email protected]) 44
ISPNetwork
ContentProvider
ServerAgent
ISPAssistant
Mirrored traffic
Control Plane
Mirror/redirect
Client
![Page 45: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/45.jpg)
System Design: Overview
08/15/2018 @Zhen Zhang ([email protected]) 45
ISPNetwork
ContentProvider
ServerAgent
ISPAssistant
Mirrored traffic
Control Plane
Mirror/redirectIf blocking mode
Client
![Page 46: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/46.jpg)
System Design: ISP Assistant
▪ Blocking/Non-Blocking Mode
▪ Accept hash values and match
08/15/2018 @Zhen Zhang ([email protected]) 46
Ctr
lPla
ne
Inte
rfac
e
ISPHashDB CPHashDB
ZFREE ISP Assistant
Integrity CheckHash
Engine
PacketParser
![Page 47: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/47.jpg)
System Design: ISP Assistant
▪ Blocking/Non-Blocking Mode
▪ Accept hash values and match
08/15/2018 @Zhen Zhang ([email protected]) 47
Ctr
lPla
ne
Inte
rfac
e
ISPHashDB CPHashDB
ZFREE ISP Assistant
Integrity CheckHash
Engine
PacketParser
ZFREEControl Plane ZFREE Server
Agents
![Page 48: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/48.jpg)
System Design: ISP Assistant
▪ Blocking/Non-Blocking Mode
▪ Accept hash values and match
08/15/2018 @Zhen Zhang ([email protected]) 48
Ctr
lPla
ne
Inte
rfac
e
ISPHashDB CPHashDB
ZFREE ISP Assistant
Integrity CheckHash
Engine
PacketParser
ZFREEControl Plane ZFREE Server
Agents
![Page 49: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/49.jpg)
System Design: ISP Assistant
▪ Blocking/Non-Blocking Mode
▪ Accept hash values and match
08/15/2018 @Zhen Zhang ([email protected]) 49
Ctr
lPla
ne
Inte
rfac
e
ISPHashDB CPHashDB
ZFREE ISP Assistant
Integrity CheckHash
Engine
PacketParser
ZFREEControl Plane ZFREE Server
Agents
ISP NetworkMirrored or redirectedtraffic
![Page 50: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/50.jpg)
System Design: ISP Assistant
▪ Blocking/Non-Blocking Mode
▪ Accept hash values and match
08/15/2018 @Zhen Zhang ([email protected]) 50
Ctr
lPla
ne
Inte
rfac
e
ISPHashDB CPHashDB
ZFREE ISP Assistant
Integrity CheckHash
Engine
PacketParser
ZFREEControl Plane ZFREE Server
Agents
ISP NetworkMirrored or redirectedtraffic
![Page 51: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/51.jpg)
System Design: ISP Assistant
▪ Blocking/Non-Blocking Mode
▪ Accept hash values and match
08/15/2018 @Zhen Zhang ([email protected]) 51
Ctr
lPla
ne
Inte
rfac
e
ISPHashDB CPHashDB
ZFREE ISP Assistant
Integrity CheckHash
Engine
PacketParser
ZFREEControl Plane ZFREE Server
Agents
ISP NetworkMirrored or redirectedtraffic
If Blocking Mode: send packets back
![Page 52: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/52.jpg)
System Design: ISP Assistant
▪ Blocking/Non-Blocking Mode
▪ Accept hash values and match
08/15/2018 @Zhen Zhang ([email protected]) 52
ChargingSystem
Ctr
lPla
ne
Inte
rfac
e
ISPHashDB CPHashDB
ZFREE ISP Assistant
Integrity CheckHash
Engine
PacketParser
ZFREEControl Plane ZFREE Server
Agents
ISP NetworkMirrored or redirectedtraffic
If Blocking Mode: send packets back
![Page 53: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/53.jpg)
System Design: Server Agent
▪ Get network traffic through port mirror
▪ Real-time/Batch hash report
08/15/2018 @Zhen Zhang ([email protected]) 53
CP Hash Module
ZFREE Server Agent
Ctr
lPla
ne
Inte
rfac
e HashEngine
PacketParser
![Page 54: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/54.jpg)
System Design: Server Agent
▪ Get network traffic through port mirror
▪ Real-time/Batch hash report
08/15/2018 @Zhen Zhang ([email protected]) 54
CP Hash Module
ZFREE Server Agent
Ctr
lPla
ne
Inte
rfac
e HashEngine
PacketParser
CPNetwork
Mirror trafficfrom zero-rating servers
![Page 55: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/55.jpg)
System Design: Server Agent
▪ Get network traffic through port mirror
▪ Real-time/Batch hash report
08/15/2018 @Zhen Zhang ([email protected]) 55
CP Hash Module
ZFREE Server Agent
Ctr
lPla
ne
Inte
rfac
e HashEngine
PacketParser
CPNetwork
Mirror trafficfrom zero-rating servers
![Page 56: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/56.jpg)
System Design: Server Agent
▪ Get network traffic through port mirror
▪ Real-time/Batch hash report
08/15/2018 @Zhen Zhang ([email protected]) 56
CP Hash ModuleReal-time
ZFREE Server Agent
Ctr
lPla
ne
Inte
rfac
e HashEngine
PacketParser
CPNetwork
Mirror trafficfrom zero-rating servers
![Page 57: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/57.jpg)
System Design: Server Agent
▪ Get network traffic through port mirror
▪ Real-time/Batch hash report
08/15/2018 @Zhen Zhang ([email protected]) 57
CP Hash ModuleReal-time
ZFREE Server Agent
Ctr
lPla
ne
Inte
rfac
e
Hash Queue
HashEngine
PacketParser
CPNetwork
Mirror trafficfrom zero-rating servers
![Page 58: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/58.jpg)
System Design: Server Agent
▪ Get network traffic through port mirror
▪ Real-time/Batch hash report
08/15/2018 @Zhen Zhang ([email protected]) 58
CP Hash ModuleReal-time
Batch
ZFREE Server Agent
Ctr
lPla
ne
Inte
rfac
e
Hash Queue
HashEngine
PacketParser
CPNetwork
Mirror trafficfrom zero-rating servers
![Page 59: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/59.jpg)
System Design: Server Agent
▪ Get network traffic through port mirror
▪ Real-time/Batch hash report
08/15/2018 @Zhen Zhang ([email protected]) 59
CP Hash ModuleReal-time
Batch
ZFREE Server Agent
Ctr
lPla
ne
Inte
rfac
e
Hash Queue
HashEngine
PacketParser
CPNetwork
Mirror trafficfrom zero-rating servers
ZFreeControl Plane
![Page 60: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/60.jpg)
Outline
▪ Introduction
▪ Free-riding Attacks
▪ System Design
▪ Formal Security Analysis
▪ Implementation
▪ Evaluation
▪ Conclusion
08/15/2018 @Zhen Zhang ([email protected]) 60
![Page 61: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/61.jpg)
Formal Security Analysis
▪ Using ProVerif
08/15/2018 @Zhen Zhang ([email protected]) 61
Goals NetworkCookies[1]
IP Whitelist ZFree
Packet Integrity ✕ ✕ ✕ ✕ ✓ ✓
CP Authenticity ✕ ✕ ✕ ✕ ✓ ✓
Data Secrecy ✕ ✓ ✕ ✓ ✕ ✓
[1] Yiakoumis, Yiannis, Sachin Katti, and Nick McKeown. "Neutral net neutrality." Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 2016.
/ : Unencrypted/Encrypted data plane communication
![Page 62: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/62.jpg)
Outline
▪ Introduction
▪ Free-riding Attacks
▪ System Design
▪ Formal Security Analysis
▪ Implementation
▪ Evaluation
▪ Conclusion
08/15/2018 @Zhen Zhang ([email protected]) 62
![Page 63: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/63.jpg)
Implementation
▪ ZFree Prototype: 1,890 Lines of Code (LoC):▪ 1,100 LoC for ISP assistant
▪ 790 LoC for Server Agent
▪ LTE network (ns3)
▪ WiFi network (Mininet)
▪ Formal verification code: 1,680 LoC
08/15/2018 @Zhen Zhang ([email protected]) 63
![Page 64: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/64.jpg)
Outline
▪ Introduction
▪ Free-riding Attacks
▪ System Design
▪ Formal Security Analysis
▪ Implementation
▪ Evaluation
▪ Conclusion
08/15/2018 @Zhen Zhang ([email protected]) 64
![Page 65: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/65.jpg)
Evaluation: Environment Setup
▪ Airplane WiFi: Mininet-WiFi
▪ 120 User Equipments (UEs)
▪ Two Access Points (AP)
▪ 30 Mbps
08/15/2018 @Zhen Zhang ([email protected]) 65
AP 1 AP 2
ServerAgent
ISPAssistant
Central Router as ISP CP
![Page 66: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/66.jpg)
Evaluation: Environment Setup
▪ LTE network: ns3
▪ 1,200 UEs, two base stations (BSs)
▪ UE moving at speed 10-120km/h
08/15/2018 @Zhen Zhang ([email protected]) 66
ISPNetwork
Server AgentISP Assistant
ChargingSystem
BS1 BS2
CP
![Page 67: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/67.jpg)
Evaluation: Environment Setup
▪ LTE network: ns3
▪ 1,200 UEs, two base stations (BSs)
▪ UE moving at speed 10-120km/h
08/15/2018 @Zhen Zhang ([email protected]) 67
ISPNetwork
Server AgentISP Assistant
ChargingSystem
BS1 BS2
CP
![Page 68: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/68.jpg)
Evaluation: Page Loading Time Overhead is Ignorable
08/15/2018 @Zhen Zhang ([email protected]) 68
▪ Metric: Loading Time
▪ Content Provider as Network Proxy
▪ Top 500 Alexa websites
![Page 70: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/70.jpg)
Evaluation: ZFree is Scalable
08/15/2018 @Zhen Zhang ([email protected]) 70
▪ Cellular Network:Bandwidth 150Mbps
![Page 72: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/72.jpg)
Evaluation: ZFree is Secure
▪ ZFree is robust against:▪ Request Masquerade attack
▪ Response Modification attack
▪ TCP retransmission-based attacks [1]
08/15/2018 @Zhen Zhang ([email protected]) 72
[1] Go, Younghwan, et al. "Gaining control of cellular traffic accounting by spurious TCP retransmission." Network and Distributed System Security (NDSS) Symposium 2014. Internet Society, 2014.
![Page 73: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/73.jpg)
Outline
▪ Introduction
▪ Free-riding Attacks
▪ System Design
▪ Formal Security Analysis
▪ Implementation
▪ Evaluation
▪ Conclusion
08/15/2018 @Zhen Zhang ([email protected]) 73
![Page 74: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/74.jpg)
Conclusion
▪ We launch free-riding attacks against real-world zero-rating services.
▪ We propose and implement ZFree, a secure, backward compatible,scalable zero-rating framework.
▪ We formally prove that ZFree is secure.
▪ Our evaluation results show that ZFree incurs ignorable overhead andis scalable.
08/15/2018 @Zhen Zhang ([email protected]) 74
![Page 75: TOWARDS A SECURE ZERO-RATING FRAMEWORK WITH THREE … · China Mobile lost over 0.5 million/month in one province. Filtering abnormal users , i.e., those consuming over 3 GB per month](https://reader036.vdocuments.net/reader036/viewer/2022070901/5f4a82e33f5127482c7d2744/html5/thumbnails/75.jpg)
Thank You! Questions?
08/15/2018 @Zhen Zhang ([email protected]) 75
▪ Source Code: https://github.com/zfree2018/ZFREE
▪ Online Demo: http://www.zfree.org