Presentation is loading. Please wait.

Presentation is loading. Please wait.

Studying Transnational Routing Detours through Surveillance States

Published byLee Watson Modified over 6 years ago

Similar presentations

Presentation on theme: "Studying Transnational Routing Detours through Surveillance States"— Presentation transcript:

1 Studying Transnational Routing Detours through Surveillance States
Annie Edmundson, Roya Ensafi, Nick Feamster, Jennifer Rexford Princeton University RIPE 73 October 24th-28th, 2016

2 Characterizing and Avoiding Routing Detours
Characterizing detours Which countries are Internet paths to popular destinations currently traversing? Does local traffic leave the country? To where? Nick: Maybe a different title… it’s direct, but a bit boring. Still could use a different title. Graphic is a little bit choppy/bitmapped. Avoiding detours Can end-users avoid certain countries to popular destinations? Can end-users keep more local traffic local?

3 Current State of Surveillance
Talking points: -current countries are doing surveillance – at different levels of intensity -countries are reacting to other countries conducting surveillance – i.e. Brazil -we focused on these 5 countries because… Surveillance States Reactions against Surveillance Studied Countries

4 Characterizing and Avoiding Routing Detours
Characterizing detours Which countries are Internet paths to popular destinations currently traversing? Does local traffic leave the country? To where? The most common destination and transit country among all five countries studied is the United States. Nick: Maybe a different title… it’s direct, but a bit boring. Still could use a different title. Graphic is a little bit choppy/bitmapped. Avoiding detours Can end-users avoid certain countries to popular destinations? Can end-users keep more local traffic local?

5 Measurement Study: Experiment
2. Extract 3rd party domains Domains & 3rd Party Domains Alexa Top 100 Domains 1. Connect to VPNs and curl VPNs 3. DNS queries Talking points: -walk through the study procedure using the animations Weird to have the flow chart go left to right and then right to left. Maybe make two rows, each going left to right, if you need more space. RIPE Atlas 4. Collect DNS responses Traceroutes Domain: IPs 5. Traceroute to all IPs RIPE Atlas

6 Where are popular domains hosted?
77.4% of paths that start in Brazil terminate in the United States Talking points: -first we looked at where paths were ending -explain what each fraction represents -discuss the United States row – about half (or more) paths originating in each country end in the US

7 Which countries are on the path to popular domains?
84.4% of paths that start in Brazil have the United States on the path Talking points: -then we looked at the whole path (not just endpoints) -explain what each fraction represents -discuss US row -discuss Great Britain row

8 Characterizing and Avoiding Routing Detours
Characterizing detours Which countries are Internet paths to popular destinations currently traversing? Does local traffic leave the country? To where? Despite having large IXPs, Brazil and Netherlands paths often trombones to the United States. Nick: Maybe a different title… it’s direct, but a bit boring. Still could use a different title. Graphic is a little bit choppy/bitmapped. Avoiding detours Can end-users avoid certain countries to popular destinations? Can end-users keep more local traffic local?

9 Netherlands: Where is local traffic going?
Talking point: -we looked at local traffic for the studied countries – explain tromboning -point out US and Great Britain – both surveillance states -show map of Europe with shaded countries to show/explain tromboning is due to geographic closeness (except for US)

10 Brazil: Where is local traffic going?
Talking points: -local traffic and tromboning paths for brazil -point out US -show news article title about growth of IXPs in Brazil (and there is *still* tromboning to the US)

11 Kenya: Where is local traffic going?
Talking points: -local traffic/tromboning Kenyan traffic -point out GB and US -show fiber map and proposals on building IXPs (to explain/motivate tromboning traffic)

12 Characterizing Routing Detours: Summary
Routing detours often transit surveillance states – especially the United States Local traffic doesn’t always stay local Talking points: -summarize results from previous slides -raise new question about avoidance Is it possible to avoid certain countries by tunneling traffic through relays?

13 Characterizing and Avoiding Routing Detours
Characterizing detours Which countries are Internet paths to popular destinations currently traversing? Does local traffic leave the country? To where? Nick: Maybe a different title… it’s direct, but a bit boring. Still could use a different title. Graphic is a little bit choppy/bitmapped. Yes, but it’s more difficult to avoid the United States than it is to avoid any other country. Avoiding detours Can end-users avoid certain countries to popular destinations? Can end-users keep more local traffic local?

14 Country Avoidance Country Avoidance = fraction of paths that do not pass through Country X Talking points: -explain why we need a metric for avoidance -explain intuition behind metric -walk through example/animation to compute country avoidance value 1/3 2/3 Relay Path without Relay Path with Relay

15 Avoidance Study: Experiment
Client to Relay Path: 1. Connect to VPNs 2. Traceroute to relay IPs Traceroutes VPNs Relays Relay to Server Path: Talking points: -walk through study procedure 1. ssh to relays 2. Traceroute to all IPs Domain: IPs Traceroutes Relays

16 Can clients avoid countries more often?
Yes – many countries are almost completely avoidable for the top 100 domains Talking points: -discuss high level findings -point out United States (no relays) -point out United States (with relays) and emphasize the increase in avoidance, but also emphasize that the avoidance with relays is lower for US than for other countries -point out Mauritius and South Africa – explain that it is due to fiber -point out South Africa avoidance remains same because client->relays paths all have ZA on them -point out increase in avoidance for Mauritius

17 Characterizing and Avoiding Routing Detours
Characterizing detours Which countries are Internet paths to popular destinations currently traversing? Does local traffic leave the country? To where? Nick: Maybe a different title… it’s direct, but a bit boring. Still could use a different title. Graphic is a little bit choppy/bitmapped. Tromboning Brazilian paths decreased from 13.2% to 9.7%. Avoiding detours Can end-users avoid certain countries to popular destinations? Can end-users keep more local traffic local?

18 System: Routing Around Nation-States
Developed an overlay network that: Provides country avoidance Is usable Is scalable

19 System: Routing Around Nation-States
Relays act as web proxies + conduct measurements Oracle triggers RIPE Atlas probes to conduct measurements Clients use PAC file to select appropriate relay for avoiding a country

20 Future Work Connectivity within a country
Relationship between IXPs and nation state routing Country avoidance based on IPv4 vs. IPv6 connectivity Talking points: -discuss each bullet

21 Conclusion Paths commonly traverse known surveillance states – 84% of paths from Brazil traverse the United States Relays can help prevent routing detours, but some of the more prominent surveillance states are the least avoidable Tromboning Brazilian paths decreased from 13.2% to 9.7% with relays. Talking points: -discuss each bullet -point out full write up on webpage Full write-up and more data at: ransom.cs.princeton.edu

Download ppt "Studying Transnational Routing Detours through Surveillance States"

Similar presentations

IPv4 Run Out and Transitioning to IPv6 Marco Hogewoning Trainer, RIPE NCC.

IPv4 Run Out and Transitioning to IPv6 Marco Hogewoning Trainer, RIPE NCC.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.

Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
1 Web Content Delivery Reading: Section 9.2.2 and 9.4.3 COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
Internet Basics.

Internet Basics.
Domain Name Services And IP Addressing. Domain Name Services Domain name is a way to identify and locate computers connected to the Internet. No two organizations.

Domain Name Services And IP Addressing. Domain Name Services Domain name is a way to identify and locate computers connected to the Internet. No two organizations.
The Hardware Behind the Internet A virtual tour. Pictorial View of the Internet Backbone The “Internet Backbone” refers to the principal data routes between.

The Hardware Behind the Internet A virtual tour. Pictorial View of the Internet Backbone The “Internet Backbone” refers to the principal data routes between.
Chap 10 Routing and Addressing Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology

Chap 10 Routing and Addressing Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Lecturer: Ghadah Aldehim

Lecturer: Ghadah Aldehim
Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.

Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.
Chapter 3 How to build a network?. 2 Objectives What is a Network? IP Addresses Key Components of a Network (NIC) Factors in Designing a Network.

Chapter 3 How to build a network?. 2 Objectives What is a Network? IP Addresses Key Components of a Network (NIC) Factors in Designing a Network.
A View from the Stoep: Tracking the evolution of local hosting in ZA and beyond Joe Abley, Director of Architecture Jim Cowie, Chief Scientist iWeek 2015.

A View from the Stoep: Tracking the evolution of local hosting in ZA and beyond Joe Abley, Director of Architecture Jim Cowie, Chief Scientist iWeek 2015.
1 The Research on Analyzing Time- Series Data and Anomaly Detection in Internet Flow Yoshiaki HARADA Graduate School of Information Science and Electrical.

1 The Research on Analyzing Time- Series Data and Anomaly Detection in Internet Flow Yoshiaki HARADA Graduate School of Information Science and Electrical.
BGP topics to be discussed in the next few weeks: –Excessive route update –Routing instability –BGP policy issues –BGP route slow convergence problem –Interaction.

BGP topics to be discussed in the next few weeks: –Excessive route update –Routing instability –BGP policy issues –BGP route slow convergence problem –Interaction.
Vytautas Valancius, Nick Feamster, Akihiro Nakao, and Jennifer Rexford.

Vytautas Valancius, Nick Feamster, Akihiro Nakao, and Jennifer Rexford.
SDX: A Software-Defined Internet eXchange Jennifer Rexford Princeton University

SDX: A Software-Defined Internet eXchange Jennifer Rexford Princeton University
The Domain Name System and DNS Blocking Malcolm Hutty Head of Public Affairs, LINX February 2011.

The Domain Name System and DNS Blocking Malcolm Hutty Head of Public Affairs, LINX February 2011.

Similar presentations

Ads by Google