dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7126
SUMware2
Premium Member
join:2002-05-21

1 edit

1 recommendation

SUMware2

Premium Member

Deep Packet Inspection Plan Defeats Encryption & Compression

From DailyTech
October 17, 2008 -
quote:
CopyRouter wants to silently stand between users and child pornography

Australian company Brilliant Digital Entertainment Ltd. – known formerly as Altnet – claims it can stop child pornography on the internet with CopyRouter, the new tool it is pitching (PDF) to ISPs and law enforcement agencies in the United States.

Brilliant Digital says CopyRouter sits in between an ISP’s subscribers and their internet connection, monitoring all data that passes through for illegal files defined by a hash list provided by law enforcement, copyright holders, or subscribers’ own submissions. CopyRouter uses deep packet inspection to peek inside the contents of connections, and Brilliant Digital says it can use this to monitor e-mail attachments, HTTP downloads, and peer-to-peer protocols like Gnutella or FastTrack.

When CopyRouter detects someone trying to download child pornography, it intercepts the connection and replaces the data in transit with an alternate file – presumably one provided by law enforcement. A PowerPoint presentation (PDF), given to a number of groups including AOL, the administration of New York Attorney General Andrew Cuomo, and the National Center for Missing and Exploited Children (NCMEC), portrays simulated examples where CopyRouter replaced a blacklisted file with a warning from law enforcement – denying the downloader the material he or she originally requested and adding the attempt, sans any information on who requested what, to a log file.

More importantly, Brilliant Digital claims CopyRouter is able to beat countermeasures. Connection handshakes that negotiate things like compression or encryption – common techniques that are sometimes used to fool deep packet inspection – are silently manipulated so that connection is actually read as plain text, unbeknownst to either party.

“We have been working on it for some time,” says Brilliant Digital’s Michael Speck, commercial manager for the company’s law enforcement products, in an interview with MSNBC. “We've been in negotiations with ISPs and law enforcement agencies and content owners.”

Before the company renamed itself to Brilliant Digital, it developed and led a variety of anti-piracy initiatives under the name Altnet; the hash-based filtering system it devised in CopyRouter appears to be the spiritual successor to a similar technology it pitched to music organizations in 2006.

Further back, the company published a controversial add-on packaged with file-sharing client KaZaA, of which some eventually labeled as spyware.

Both the anti-piracy tech and CopyRouter include numerous references to a “Global File Registry,” which Brilliant Digital intends to use as a private clearinghouse for hashcodes of contraband data. GlobalFileRegistry.com includes advertising text targeted at both music organizations such as the RIAA and law enforcement agencies such as the FBI.

One of the largest legal hurdles revolves around who compiles the hashlist. If the list is privately maintained, then ISPs have more freedom to report CopyRouter’s findings to the authorities, because its monitoring can be worked into subscriber agreements. If the government steps in at that stage, it could run afoul of U.S. communications and privacy laws, as well as the Constitution.
[some emphasis added]
Full story at above link.

Can software fool encryption schemes?
Encrypted files on the peer-to-peer network could not be decrypted by CopyRouter, but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file. The slide show calls this "special handling." This is done by changing the underlying protocol settings that establish how the sender and recipient exchange the file. This trickery, unknown to either the sender or recipient, would make it possible for CopyRouter to see the underlying files, calculate a hash value and compare the files to the list of illegal files, Brilliant Digital says.

swhx7
Premium Member
join:2006-07-23
Elbonia

1 recommendation

swhx7

Premium Member

If they're talking about a man-in-the-middle attack on SSL, I don't think it can work against anyone who's paying attention to certificates (unless the attacker is in cahoots with the certificate issuers or browser makers).

If anyone can confirm that the above is or is not correct, please post an explanation, because it's important.

If they mean changing 'https' to 'http' or otherwise interfering with the key-exchange, there ought to be laws prohibiting this, with criminal penalties.

nwrickert
Mod
join:2004-09-04
Geneva, IL

nwrickert

Mod

..., I don't think it can work against anyone who's paying attention to certificates ...
Yes, I agree with your assessment.
If they mean changing 'https' to 'http' or otherwise interfering with the key-exchange, ...
That was my assessment as to what they seemed to be implying.
dave
Premium Member
join:2000-05-04
not in ohio

dave to SUMware2

Premium Member

to SUMware2

security by obscurity

It seems that all I need to do to transmit my secret content to you is to XOR the secret content with, say, the King James Bible, and transmit the result to you. You'd know a priori that stuff coming from me needs to be XORd with the King James Bible.

This is security by obscurity. If something like this works, it works under these circumstances because there are only two of us doing this, and it's probably not worth the effort of an ISP trying to focus on just two people. It doesn't scale, because as soon as too many people know the secret knowledge, it's bound to get out.

For the mathematically-inclined, it's also amusing to consider where the naughty stuff goes to. I say it is equally inherent in the data I transmit and in the King James Bible.

Guspaz
Guspaz
MVM
join:2001-11-05
Montreal, QC

Guspaz to SUMware2

MVM

to SUMware2

Re: Deep Packet Inspection Plan Defeats Encryption & Compression

"sits in between an ISP’s subscribers and their internet connection"

That would be on the subscribers' computer or router, and I doubt consumers would willingly subscribe to a service that requires censoring software be installed on their home equipment. Consumer-class routing hardware doesn't have the muscle to perform this class of attack, so the ISPs would either have to take a huge hit with expensive custom hardware to deploy in customer homes, or install software on their computers.
dave
Premium Member
join:2000-05-04
not in ohio

1 edit

dave

Premium Member

said by Guspaz:

That would be on the subscribers' computer or router,
That all depends on where you think "the internet" starts.

The ISP almost certainly doesn't think the Internet starts at your house. They think that they have a connection from your house to some stuff that they own, which eventually connects to a big fat pipe which has "the internet" at its other end.

So, anywhere upstream of where the connection leaves your house, and before the big fat pipe, is where the filtering will happen.

(Grammatically, "their" refers to "ISP", in the sentence you quoted).

manofsnow
@verizon.net

manofsnow to SUMware2

Anon

to SUMware2


So just give them what they want....feed...feed and feed some more.....clog that "pipe" so badly that "joe the plumber" becomes a billionair. It was done in the late 60's and 70's until their systems became worthless.

BD is a known crapware vendor......an should be viewed as such.....in desperation and corruption...government officials are turning to it for self-serving purposes......if the news reports really want Stories they should look real deep into those governement official's present and future dealings...stay on them like white on rice.......an watch to see how many are "dirty".
No sane person would or could believe this is about child porn...its about control...profits.
......their "system" is very easily corrupted....that only the feeble minded agencies would buy into it. Hell it doesn't cost then a red cent...tax payers will pay to have themselfs monitored...how ironic.
Stop P2P and force the public to purchase from the Big Three.

Ozne
@optusnet.com.au

Ozne to SUMware2

Anon

to SUMware2
Using hash signatures to detect images is moronic. It is trivial to change the signature of a jpeg image without even remotely changing its appearance.

therube
join:2004-11-11
Randallstown, MD

therube

Member

Agreed.
I thought the same when I read this post, Full disk drive hash analysis = 4th amendment search.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to SUMware2

Premium Member

to SUMware2
It can't touch Bit Torrent users.

»torrentfreak.com/isp-lev ··· -081028/

Anonymous_
Anonymous
Premium Member
join:2004-06-21
127.0.0.1

2 edits

Anonymous_ to therube

Premium Member

to therube
said by therube:

Agreed.
I thought the same when I read this post, Full disk drive hash analysis = 4th amendment search.
one could just use a RAMdrive and over wirte the data on it very fast

i can over right the data on my ram Quick

it would only take 1/4th of a second @ 6.4GB/s

if i had DDR 3 i can overwirte at 20GB/s +

that is were i store my pirated movies