Investigating End-to-End Integrity Violations in Internet Traffic
10 Pages Posted: 3 Apr 2017 Last revised: 15 Aug 2017
Date Written: March 30, 2017
Internet applications are commonly implemented with the implicit assumption that network traffic is transported across the Internet without modification and without having application-level data being monitored; we refer to this end-to-end integrity. Put simply, most applications assume that the data they send will be received intact by the host they are communicating with (barring transient errors and normal packet loss). This expectation is encoded in the Federal Communications Commission (FCC) Open Internet Order, which states that Internet Service Providers (ISPs) should not impose “unreasonable interference” with customers’ network traffic. However, it is increasingly common for ISPs to deploy middleboxes that silently manipulate customers’ traffic in ways that impact security, privacy, and integrity.
This paper describes a methodology to test for such end-to-end modifications, as well as evidence of multiple ISPs that modify customers’ traffic in-flight. We use a HTTP/S proxy service with millions of end hosts in residential networks to study the behavior of over 14K networks worldwide. Using this system, we route benign traffic via over 1.2M hosts in these networks to test for end-to-end integrity. We find end- to-end integrity violations including hijacking of certain DNS responses—often sending users to pages with advertisements—by AT&T, Verizon, and Cox Communications (as well as a number of non-US ISPs). We also find content injection in web pages—often adding trackers or advertisements to web pages or censoring content—by a number of non-US ISPs as well. Worse, we find evidence that a number of hosts’ web requests are being monitored, suggesting that subscriber browsing data is being shared with third parties.
Given the increasing amounts of critical and privacy-sensitive information that is exchanged online, we recommend that regulators leverage active auditing technologies to inform and enforce current and future policies. Our methodology can be deployed with low overhead and is scalable to millions of hosts and
Keywords: End-To-End Integrity, Middleboxes, Privacy
Suggested Citation: Suggested Citation