A see-saw cat-and-mousegame looms
Network researchers in Italy published a paper in IEEE Communications last month on " Detection of Encrypted Tunnels across Network Boundaries" (pdf) that might lead to technical means for those wanting to censor Internet traffic - think authoritarian governments (cough, China) and Peer-to-Peer (P2P) throttling Internet Service Providers (ISPs) - to target particular user sessions for " management" even if they are encrypted.
With opportunistic networking technology vendors having recently gotten into deep packet inspection to serve some high-handed ISPs' desire to throttle or suppress certain types of network traffic loads, and some Internet users starting to turn to encryption of network sessions to thwart them, this could become the next front in an evolving see-saw struggle over network neutality.
The scientists said they developed a statistical technique that can identify what types of network traffic Secure Shell (SSH) encrypted sessions are tunneling. Their method uses Bayesian analysis of packet sizes and transmission intervals. They claim it can determine with 99 per cent accuracy whether a specific SSH session is tunneling another network protocol rather than plain text such as operating system shell commands and text editing.
They also said that their Bayesian network traffic classifier was able to detect the type of protocol that was being encrypted and tunneled, that is, either P2P file transfers, POP and SMTP email messages, or HTTP website pages, with close to 90 per cent accuracy.
Their initial implementation has several limitations that would make it impractical for application as a generalised network censorship, er... management, facility. It can only detect tunneled SSH sessions established through servers that they control. It can handle only one type of SSH authentication. And it requires that the SSH session doesn't employ traffic compression. However, these limitations can likely be overcome with further work.
As one commenter noted, "If perfected this technology could be used by ISPs to block or throttle even encrypted P2P traffic."
However, as he then went on to say, "...it would probably be easy to create a tunneling mechanism which thwarts their detection attempts. Knowing that they use packet size and inter packet intervals you could easily manipulate these to match whatever protocol type you wanted."
Then also, traffic analysis of packet source(s) might be capable of identifying some types of P2P file transfers. Some P2P bit-torrent protocol traffic, for example, might be easily identified by its characteristic of having several network traffic sources simultaneously.
A lot of effort and money could be sunk into such a cat-and-mouse game between Internet users and the network infrastructure vendors, all to no one's eventual benefit in the event neither side ever really completely wins.
At the end of the day, that's a good argument to support the view that network neutrality is the only truly sane overarching principle that should be enforced to govern the Internet.