An Untold Story of Middleboxes in Cellular Networks
advertisement
An Untold Story of Middleboxes in Cellular Networks Zhaoguang Wang1 Zhiyun Qian1, Qiang Xu1, Z. Morley Mao1, Ming Zhang2 1University of Michigan 2Microsoft Research Background on cellular network Internet Cellular Core Network 5/29/2016 An untold story of middleboxes in cellular networks 2 Why carriers deploy middleboxes? Private IP Public IP Internet Cellular Core Network IP address 5/29/2016 An untold story of middleboxes in cellular networks 3 Problems with middleboxes P2P ? Smartphone energy cost ? Cellular Core Network Application performance ? 5/29/2016 An untold story of middleboxes in cellular networks Internet Policies ? 4 Challenges and solutions • Policies can be complex and proprietary √ Design a suite of end-to-end probes • Cellular carriers are diverse √ Publicly available client Android app • Implications of policies are not obvious √ Conduct controlled experiments 5/29/2016 An untold story of middleboxes in cellular networks 5 Related work • Internet middleboxes study – [Allman, IMC 03], [Medina, IMC 04] • NAT characterization and traversal – STUN[MacDonald et al.], [Guha and Francis, IMC 05] • Cellular network security – [Serror et al., WiSe 06], [Traynor et al., Usenix Security 07] • Cellular data network measurement – WindRider, [Huang et al., MobiSys 10] 5/29/2016 An untold story of middleboxes in cellular networks 6 Goals • Develop a tool that accurately infers the NAT and firewall policies in cellular networks • Understand the impact and implications – Application performance – Energy consumption – Network security 5/29/2016 An untold story of middleboxes in cellular networks 7 The NetPiculet measurement system NetPiculet Client NetPiculet Client Internet Cellular Core Network NetPiculet Server Policies … NetPiculet Client 5/29/2016 NetPiculet Client An untold story of middleboxes in cellular networks 8 Target policies in NetPiculet Firewall NAT 5/29/2016 IP spoofing TCP connection timeout Out-of-order packet buffering NAT mapping type Endpoint filtering TCP state tracking Filtering response Packet mangling An untold story of middleboxes in cellular networks 9 Target policies in NetPiculet Firewall NAT 5/29/2016 IP spoofing TCP connection timeout Out-of-order packet buffering NAT mapping type Endpoint filtering TCP state tracking Filtering response Packet mangling An untold story of middleboxes in cellular networks 10 Key findings Some carriers allow IP spoofing Create network vulnerability Some carriers time out idle connections aggressively Firewall Drain batteries of smartphones Some firewalls buffer out-of-order packet Degrade TCP performance NAT 5/29/2016 One NAT mapping linearly increases port # with time Classified as random in previous work An untold story of middleboxes in cellular networks 11 Diverse carriers studied • NetPiculet released in Jan. 2011 – 393 users from 107 cellular carriers in two weeks 2% 9% Europe 10% UMTS EVDO 91% Technology 5/29/2016 2% 43% 19% Asia North America South America Australia 24% Africa Continent An untold story of middleboxes in cellular networks 12 Outline 5/29/2016 1 • IP spoofing 2 • TCP connection timeout 3 • TCP out-of-order buffering 4 • NAT mapping An untold story of middleboxes in cellular networks 13 Outline 5/29/2016 1 • IP spoofing 2 • TCP connection timeout 3 • TCP out-of-order buffering 4 • NAT mapping An untold story of middleboxes in cellular networks 14 Why allowing IP spoofing is bad? DST_IP = 10.9.9.101 … Cellular Core Network Internet SRC_IP = 10.9.9.101 … 10.9.9.202 5/29/2016 10.9.9.101 An untold story of middleboxes in cellular networks 15 Test whether IP spoofing is allowed Internet SRC_IP = 10.9.9.202 Cellular Core Network NetPiculet PAYLOAD = 10.9.9.101 Client NetPiculet Server 10.9.9.101 Allow IP spoofing! 5/29/2016 An untold story of middleboxes in cellular networks 16 4 out of 60 carriers allow IP spoofing IP spoofing should be disabled 7% Allow Disallow 93% 5/29/2016 An untold story of middleboxes in cellular networks 17 Outline 5/29/2016 1 • IP spoofing 2 • TCP connection timeout 3 • TCP out-of-order buffering 4 • NAT mapping An untold story of middleboxes in cellular networks 18 Why short TCP timeout timers are bad? Internet Cellular Core Network KEEP-ALIVE KEEP-ALIVE 5/29/2016 Terminate Idle TCP Connection An untold story of middleboxes in cellular networks 19 Measure the TCP timeout timer Time = 010 5 min min Yes! NetPiculet Client Internet Cellular Core Network NetPiculet Server IsIsalive? alive? 5min 5min < Timer < < Timer 10min 5/29/2016 An untold story of middleboxes in cellular networks 20 Short timers identified in a few carriers 4 carriers set timers less than 5 minutes < 5 min 5% 5 - 10 min 10% 10 -20 min 8% > 30 min 66% 5/29/2016 20 - 30 min 11% An untold story of middleboxes in cellular networks 21 Short timers drain your batteries • Assume a long-lived TCP connection, a battery of 1350mAh • How much battery on keep-alive messages in one day? 20% 5 min 5/29/2016 An untold story of middleboxes in cellular networks 22 Outline 5/29/2016 1 • IP spoofing 2 • TCP connection timeout 3 • TCP out-of-order buffering 4 • NAT mapping An untold story of middleboxes in cellular networks 23 TCP out-of-order packet buffering Packet 6 1 2 3 4 5 NetPiculet Client Internet Cellular Core Network NetPiculet Server Buffering out-of-order packets 5/29/2016 An untold story of middleboxes in cellular networks 24 Fast Retransmit cannot be triggered Degrade TCP performance! 2 1 RTO 5/29/2016 An untold story of middleboxes in cellular networks 25 TCP performance degradation • Evaluation methodology – Emulate 3G environment using WiFi – 400 ms RTT, loss rate 1% +44% 5/29/2016 Longer downloading time More energy consumption 26 Outline 5/29/2016 1 • IP spoofing 2 • TCP connection timeout 3 • TCP out-of-order buffering 4 • NAT mapping An untold story of middleboxes in cellular networks 27 NAT mapping is critical for NAT traversal Use NAT mapping type for port prediction P2P B A NAT 1 5/29/2016 NAT 2 An untold story of middleboxes in cellular networks 28 What is NAT mapping type? • NAT mapping type defines how the NAT assign external port to each connection 12 TCP connections … NAT 5/29/2016 An untold story of middleboxes in cellular networks 29 Behavior of a new NAT mapping type • Creates TCP connections to the server with random intervals • Record the observed source port on server NOT random! Treated as random by existing traversal techniques Thus impossible to predict port Port prediction is feasible 5/29/2016 An untold story of middleboxes in cellular networks 30 Lessons learned IP spoofing creates security vulnerability IP spoofing should be disabled Small TCP timeout timers waste user device energy Firewall Timer should be longer than 30 minutes Out-of-order packet buffering hurts TCP performance Consider interaction with application carefully NAT 5/29/2016 One NAT mapping linearly increases port # with time Port prediction is feasible An untold story of middleboxes in cellular networks 31 Conclusion • We built NetPiculet, a tool that can accurately infer NAT and firewall policies in the cellular networks • NetPiculet has been wildly deployed in hundreds of carriers around the world • We demonstrated the negative impact of the network policies and make improvement suggestions 5/29/2016 An untold story of middleboxes in cellular networks 32 zgw@umich.edu http://mobiperf.com 5/29/2016 An untold story of middleboxes in cellular networks 33
