Challenges in Net Neutrality Violation Detection: A Case Study of Wehe Tool and Improvements

TL;DR

This paper examines the challenges in detecting net neutrality violations, critiques the Wehe tool's limitations, and proposes an improved method using SNI parameter adjustments for more accurate HTTPS traffic classification.

Contribution

It identifies weaknesses in Wehe's detection mechanism and introduces a novel approach using TLS SNI modification to enhance violation detection accuracy.

Findings

Wehe's replay traffic is often misclassified by middleboxes.

Adjusting the SNI parameter improves traffic classification accuracy.

The proposed method offers a more realistic detection of neutrality violations.

Abstract

We consider the problem of detecting deliberate traffic discrimination on the Internet. Given the complex nature of the Internet, detection of deliberate discrimination is not easy to detect, and tools developed so far suffer from various limitations. We study challenges in detecting the violations (focusing on the HTTPS traffic) and discuss possible mitigation approaches. We focus on `Wehe,' the most recent tool developed to detect net-neutrality violations. Wehe hosts traffic from all services of interest in a common server and replays them to mimic the behavior of the traffic from original servers. Despite Wehe's vast utility and possible influences over policy decisions, its mechanisms are not yet validated by others. In this work, we highlight critical weaknesses in Wehe where its replay traffic is not being correctly classified as intended services by the network middleboxes. We validate this observation using a commercial traffic shaper. We propose a new method in which the SNI parameter is set appropriately in the initial TLS handshake to overcome this weakness. Using commercial traffic shapers, we validate that SNI makes the replay traffic gets correctly classified as the intended traffic by the middleboxes. Our new approach thus provides a more realistic method for detecting neutrality violations of HTTPS traffic.