In an article presented on CIO, independent network security researcher Erik Hjelmvik takes a closer look at network neutrality and protocol discrimination. Hjelmvik says the Internet would be a better place if it treated all packets equal, but ISPs can discriminate against certain protocols, forcing the need for protocol obfuscation. Such obfuscation of measurable protocol properties inhibits the ability for researchers to measure trends and usage of various protocols and applications on the Internet, but P2P file sharing applications such as Vuze, uTorrent, Skype and eMule introduced protocol obfuscation techniques to avoid being fingerprinted by the port independent traffic classification methods.
“The concept of protocol obfuscation implies that measurable properties of the network traffic, such as deterministic packet sizes and byte sequences, are concealed/clouded so that they appear random. The obfuscation of payload data is typically achieved by employing encryption, and flow properties are obfuscated by adding random sized paddings to the payload. These obfuscation techniques do not always provide sufficient protection against traffic shaping. In the technical report titled “Breaking and Improving Protocol Obfuscation” Wolfgang John and I show how even P2P applications that employ protocol obfuscation are identifiable with statistical measurements. The obfuscated protocols used by BitTorrent and eDonkey P2P file sharing applications can for example be identified by measuring packet sizes and directions of the first packets in a TCP session.”