Check out all the on-demand sessions from the Intelligent Security Summit here.
Dan Kaminsky’s job is making the internet safer and less vulnerable to hacking attacks. His knowledge about computer security and past talks at security events have earned him widespread respect among the security community. Now the researcher is coding some interesting technology that could propel him into the center of the net neutrality debate.
Kaminsky calls his invention Nooter (a contraction of the phrase “neutral router”). It is a sort of lie-detector test for internet service providers (ISPs). Nooter will be able to send traffic along different paths and determine whether or not your ISP is deliberately slowing some of your internet traffic, such as data from file-sharing web sites.
Kaminsky (pictured with his 88-year-old grandmother, who bakes cookies for the people who attend Kaminsky’s talks) said in two separate talks at the Black Hat and Defcon security conferences in Las Vegas that he has figured out how to make the hidden traffic policies of ISPs more transparent to everyday internet users. ISPs generally say they don’t slow down certain traffic because that would make them run afoul of the principle of net neutrality, where the companies that are the backbone of the internet adopt a neutral position on content. Like the old common carrier telephone companies, these ISPs aren’t liable for the content traveling through their broadband networks if they treat it all equally.
Yet the motivations of ISPs are complex, and for the most part net neutrality is not a legal requirement. If law enforcers say that child pornographers are shipping illegal pictures through their networks, the ISPs are obliged to shut them down. Some ISPs are surreptitiously redirecting some traffic, such as search queries, to merchant sites that may pay them for the referrals. And some ISPs, such as cable companies that own movie content (i.e. Comcast) are motivated to slow traffic related to Bittorrent services and other sites that let you download pirated movies. They’re routinely accused of secretly setting policies that slow down the delivery of content that they don’t like, while keeping other content moving fast.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
This is where Nooter comes in. Kaminsky says that it will test the speed of the delivery when the web destination is clearly visible to the ISP and the speed of the delivery of the same content when the web destination is hidden from the ISP. The result will be a clear indication of what the ISP is doing to your traffic.
“What happens if my ISP is messing with me?” Kaminsky said. “I can tunnel around it. What if it is subtle? We will always be able to know if an ISP is changing your traffic.”
As an example, he said, you will be able to find out if your ISP cares whether you use Microsoft’s Xbox Live online gaming service or Sony’s PlayStation Network. Nooter would be able to discover whether an ISP is slowing down traffic to either site for any reason, Kaminsky said.
Nooter could be available in a couple of weeks or so.
This kind of technology is what Kaminsky is known for. In 2008, he found a flaw in the DNS (the domain name system, which serves as the internet’s address book) that threatened the integrity of the whole internet. Last year, he was part of a team that was so trusted that he got a key to reboot the internet if a catastrophic failure shuts it down.
Kaminsky admitted he was making big claims but he tried to explain how Nooter works, using both software and some hardware that he pulled together. He warned that any ISPs who have set policies to throttle traffic to web sites should stop doing so now, unless they want to be discovered and “be on the front page of a newspaper.”
Normally, internet traffic requests go from the user’s machine through a network router to the internet service provider, which then fetches the requested web site from the rest of the internet. Kaminsky says everyone fears “a magic box” exists within the ISP that contains policies such as, “if the user goes to a torrent site, then slow the transfer of bits to a crawl until the user decides not to do that.”
“Policies can be anything,” Kaminsky said. “They can alter content and you won’t know. If Bing is 50 milliseconds slower than Google at searching, you won’t know why. Maybe it is because Google uses better hosting or routers or servers.”
Since many things can affect the speed of internet traffic, it’s hard to pinpoint an ISP’s role in slowing it down. That gives ISPs “plausible deniability” when they are accused of violating Net Neutrality principles.
But if Nooter determines that traffic to one particular web site is faster one way than another, based on whether the ISP knows about the destination site or not, then “you found a biased network,” Kaminsky said.
The use of encryption is how the Nooter device can see inside what is going on with an ISP. If you send encrypted requests for a web site, the ISP can’t where it’s going and it just passes it through at normal data rates. If the speed of unencrypted requests are slower, then you have to wonder why. When Kaminsky told that to the crowd in the huge Penn & Teller theater at the Rio Hotel in Las Vegas at Defcon, he got a roar of applause. Kaminsky said he can even identify which leg, or hop, of an internet request is the part where the policy is put into effect and the traffic is slowed down.
“Either way, Nooter wins,” he said. “Biased policies might as well be transparent because I am going to find them. That is the end game.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.