filter tech cp.ppt - msnmsnbcmedia.msn.com/i/msnbc/sections/news/pdfs/081016_copyrout… · ing...
TRANSCRIPT
GFR/CGFR/Cop
PProces
1Commercial in Confidence
R tpyRouter
flss flow
Revision 2.3
How do we stop thsuch as child pornsuch as child porn
enter our hompredators and tho
and engaand enga
2
he flow of illicit data ography which can ography which can
mes, encourage , gose that encourage age them?age them?
Who will take part in upcomenforceme
•Altnet / BDE–Providing Global File Registrylicenses.
Cisco•Cisco–Providing proven best of breewidely deployed SCE platformwidely deployed SCE platform
•Local ISP–Australian ISP where the pilotAustralian ISP where the pilot
3
ming commercial and law ent trials
y (GFR) technology and related
ed technology, based on their m.m.
t will take place.t will take place.
How does it all w
4
work together?
Law enforcemLaw enforcemThe CopyRouter detects and replaces from search results refereto files that are known to the police. This has a flow on effect:1- If user downloads the file, the file they get is one from the 2- The original files won't be available for download. Even if tg
does NOT download this file, the information about the origremoved for this search, which means...
3- Information about these files won't be propagated throughhost that is receiving this search result. But the files from po
4- Also, Browsing a host directly is treated in the same mannedi fil h i hi h ddirect user-to-user file exchange using this method.
GFR Copyrout
Reportreplac
5
replacsecur
ment overviewment overviewences
police.the user inal file has been
h the client olice would.er,severely limiting
terThe Internet
Gnutella Servers hosting replacement contentfrom Law Agencies.
All search results replaced by the SCE point to these servers.ts about traffic activity and
ements made are sent toements made are sent toe servers
Step 1 : Local ISP user ruP2P network, i.e., for Pret
What do you have with ‘'Prehot 15 wmv?hot 15.wmv?
SCE does not modi
6
uns a search (query) on teens sweet hot 15.wmv?
teens sweet
ify any packet.
Step 2a.: P2P clients on the net start replyingany files they may know containing ‘Preteens s'.Each query hit contains information about thto get the file from ( IP address and port num
Step 2.b : The SCE detects pand the application
7
back with search results (query hits), of sweet hot 15.wmv
he file (filehash, filename, etc) and where mber).
Here you go, we have all this....
ackets with P2P resultsn comes into action...
Law enforcement
Cleaned up search results
Law enforcement
Preteens sweet hot 15.wmvHash : {Hash-of-this-police-generated-video}Get it from IP-of-police-P2P Servers
Lolita - 33455233.jpgHash : {Hash-of-the-police-generated-image}Get it from IP-of-police-P2P serversGet it from IP of police P2P servers
8
overview – cont'd
Original search results
overview cont d
g
Preteens sweet hot 15.wmvHash : aaaaaaaaaaaaaaaaGet it from IP 1.2.3.4
Lolita - 33455233.jpgHash : bbbbbbbbbbbbbbbbGet it from IP 5.4.2.6
Law enforcemeLaw enforceme
– Search results scanned for k– When a hit happens, the inforeplaced with information aboreplaced with information aboLaw Enforcement agency.–When the user accesses the fO i ill h dl Operating system will handle –It is possible to target any fil
Images (jpg png bmp t• Images (jpg, png, bmp, t• Videos (avi, wmv, mov, x• Audio (mp3, wma, acc, o( p , , ,• Documents (doc, pdf, ppt• etc.
9
ent applicationent application
known, targeted hashes.ormation about the original file is out another file chosen by the out another file, chosen by the
file just downloaded, the h fil ll the file normally.e typestiff)tiff)xdiv) gg)gg)t)
Possible messaging when tWhen a user downloads a file that was replacedopen the file, their computer will handle it as anagency right in front of their eyes.
Download process over P2P...
10
these files are downloaded by the Law Enforcement agency and they
ny other file, putting the message from the
DRM Window in WMV
Messaging and dif
11
fferent file types...
The CopyRouter in its current implementation will handle the requirement of(LUT) which would be provided by Law enforcement agencies.The biggest differences are in the reporting needs : different destinations dif
Applications : Commercial in
SERVER_IP {Initial_agenSERVER_PORT {Initial_agFILE_EXT .jpgADD# Infringing Hash
The biggest differences are in the reporting needs : different destinations, difneed to determine which 'vendor' provided which information in the LUT, and
Any hits here will generate a 'red' report,which will be routed to the
police collector server ONLY g g2J35NKWJE6BXOFBVAXSLIOY2OIOPN45W3G6KWN6CXKJX2C5D2AB3T64BD55NHCJ5BGBGNTLNW6OX44TQOPDI6XBQ2CHX
police collector server ONLY. These reports contain full IP information.
P2P t
Not Found in LUT
Hit for FP
12
Law Ecollec
f Law enforcement agencies – we just need entries for the look-up table
fferent information (enforcement agencies may require IP info) We therefore
parallel to Law enforcement
ncy_Server_IP} {NumberOfServers}gency_Server_Port} {NumberOfPorts}
Replacement Hash File size Vendor
fferent information (enforcement agencies may require IP info). We therefore this is done by adding a new field to the LUT.
pYJFCQK64UO UFIRGOBOJNMPGY6SCBHO6P3D4D7QVFB7 853097 2CC6CGO3JGD UFIRGOBOJNMPGY6SCBHO6P3D4D7QVFB7 853097 2NDWPWVOHMK UFIRGOBOJNMPGY6SCBHO6P3D4D7QVFB7 853097 2XZH7CANE3J UFIRGOBOJNMPGY6SCBHO6P3D4D7QVFB7 853097 2
raffic between users
Enforcement Data ctor
Example of informExample of inform
These results were seen by the Cosmall network connection in a test small network connection in a test via the router as part of the normaThe red highlighted parts are the h
ll hi hli ht IP dd
13
yellow highlights are IP addresses.
mation generatedmation generated
pyrouter when installed on a very environment The results passed environment. The results passed al P2P traffic.hashes that could be targeted,
ReportinReportinFor each P2P search result seen, a on
server.
Th t t i i f ti bThese reports contain information abusers.
Report= reports : file seen.
The SCE will run in 'report-only modethis stage will be useful for:
Getting a baseline of P2P activity in
Creating a more targeted lookup ta
P2P traf
Reports from SCE
14
SCE
ng : SCEng : SCEne line report is sent to a reporting
b t th fil b t b t bout the files, but never about
e' for about a week. Data gathered in
n the network prior to the pilot.
able.
ffic between users
Special handlingSpecial handling
•Compression:Compression:–Some of the Query andcompressedcompressed–We change the compresession will be in plain tsession will be in plain t
E ti•Encryption–Some of the sessions a–We change the traffic thnegotiation so the sessi
15
g
g of P2P protocolg of P2P protocol
d Query Hits are normally
ession offer token so the texttext.
are normally encryptedhat holds the encryption ion will be in plain text.p
Global FileGlobal File•Interdicts proven illicit data on ap•Substitutes that illicit data with a•It does this without impact on cuIt does this without impact on cuperformance without effecting •World's best technology for disrugytrafficking•Protects your community regardy y gcriminals operate from
16
e Registrye Registryn automated basis.
an appropriate warning/noticeustomer experience or technicalustomer experience or technical privacy or customer integrityupting & defeating illicit data p g g
dless of where the cyber y
Thank
17Commercial in Confidence
k you!y
Revision 1.9.4