20th International Conference On Cryptology And Network Security (CANS 2021)
Fietkau J, Runge D, Seifert JP.
With free-riding attacks against zero-rated services, an attacker can avoid expenses by transmitting wrongly labeled zero-rated network traffic. Previous research has shown that free-riding attacks can affect network quality and increase costs when applied on a large scale. Hence, various solutions have been proposed to protect networks against this growing threat. While these protections can cure some of the symptoms, they do not solve the underlying issue. In this paper, we argue that secure web services with high bandwidth requirements combined with zero-rating can increase the chances of free-riding attacks. Therefore we show how tunnel-based free-riding attacks can be designed and implemented for secure services, such as instant messaging, cloud storage, and video chats. Furthermore, we evaluate these tunnels in terms of usability and performance and judge their feasibility. In addition, we also discuss the existing countermeasures and how they can be improved. As part of our work, we want to point out that free-riding attacks are a self-imposed problem created by Internet Service Providers that try to create artificial walls within a system that is free and open by design, such as the Internet. To counter this issue, we publish the created tools to support those that are opposed to any form of zero-rating, censorship, and other forms of traffic discrimination.