Quantifying Nations Exposure to Traffic Observation and Selective Tampering

TL;DR

This paper introduces the CTI metric to quantify how much nations' internet traffic depends on a few Autonomous Systems, revealing significant exposure to observation or tampering, especially in countries reliant on submarine cables and state-owned ASes.

Contribution

The paper presents the novel CTI metric for assessing national exposure to traffic observation and tampering, validated with high accuracy in multiple countries.

Findings

32 nations have over 40% of traffic exposed to a single AS

Submarine cable operators and state-owned ASes are key players in national transit ecosystems

83% validation accuracy with in-country operators

Abstract

Almost all popular Internet services are hosted in a select set of countries, forcing other nations to rely on international connectivity to access them. We infer instances where traffic towards a large portion of a country is serviced by a small number of Autonomous Systems, and, therefore, may be exposed to observation or selective tampering. We introduce the Country-level Transit Influence (CTI) metric to quantify the significance of a given AS on the international transit service of a particular country. By studying the CTI values for the top ASes in each country, we find that 32 nations have transit ecosystems that render them particularly exposed, with traffic destined to over 40% of their IP addresses privy to a single AS. In the nations where we are able to validate our findings with in-country operators, we obtain 83% accuracy on average. In the countries we examine, CTI reveals two classes of networks that play a particularly prominent role: submarine cable operators and state-owned ASes.