Towards A Secure Zero-Rating Framework With Three Parties
PROCEEDINGS OF THE 27TH USENIX SECURITY SYMPOSIUM(2018)
摘要
Zero-rating services provide users with free access to contracted or affiliated Content Providers (CPs), but also incur new types of free-riding attacks. Specifically, a malicious user can masquerade a zero-rating CP or alter an existing zero-rating communication to evade charges enforced by the Internet Service Provider (ISP). According to our study, major commercial ISPs, such as T-Mobile, China Mobile, Boingo airport WiFi and United cabin WiFi, are all vulnerable to such free-riding attacks.In this paper, we propose a secure, backward compatible, zero-rating framework, called ZFREE which only allows network traffic authorized by the correct CP to be zero-rated. We perform a formal security analysis using ProVerif, and the results show that ZFREE is secure, i.e., preserving both packet integrity and CP server authenticity.We have implemented an open-source prototype of ZFREE available at this repository (https://github.com/zfree2018/ZFREE). A working demo is at this link (http://zfree.org/). Our evaluation shows that ZFREE is lightweight, scalable and secure.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络