Deep packet inspection role in censorship and security

Edward G. | June 05, 2020

Deep packet inspection is a double-edged sword. While some label its application as intrusive, others claim that it offers a variety of security benefits. The term has many variations: information extraction, IX, complete packet inspection, or simply DPI. In short, deep packet inspection refers to the detailed analysis of data transmitted over a computer network. Others call this process network packet filtering, but such explanations are not exactly beginner-friendly. What is a packet? Why is the evaluation of its content necessary? We will explore all these aspects and aim to give you a comprehensive overview.

What is a packet?

You know what a typical packet is: a container for storing products or other goods. In terms of networking, a packet consists of user and control information. The internet works by dividing all your online activities into packets. Yes, that includes your emails, connection to websites, and other actions you perform. These small units of data consist of headers and payloads, indicating the origin of the packet and its destination.

Usually, the analysis of these packets includes only the packet filtering. While it examines the structure of the network traffic, deep packet inspection has more intrusive undertones. It goes that extra mile and investigates the content of the packets.

What is DPI?

Deep packet inspection is the process of reviewing the content of packets to determine their final destination. This check goes beyond the traditional packet filtering, and we have the perfect example to illustrate the difference.

Imagine that you sent a package to your friend. At the postal office, employees look at the labels to check the sender, receiver, and the destination address. This simple checkup is packet filtering. However, when we enter the deep packet inspection territory, we see that the analysis becomes more thorough. The employees will open your package to check the objects inside.

Hence, deep packet inspection takes an additional step to ensure that packets comply with regulations and are safe to reach the recipient. In some cases, people implement DPI to make sure that the format of data is correct. Additionally, deep packet inspection guarantees that the transmitted packets do not contain malware or viruses. So, the reasons for applying this inspection can side with security.

However, the intrusive nature of deep packet inspection makes it the perfect technology for monitoring and spying on people. In 2019, Russia introduced a new law requiring ISPs to install network equipment for deep packet inspection. While masked as a last resort in case of severe cybersecurity threats, specialists highlighted another reason. The law will complicate access to the internet and allow the Russian government to censor content directly.

Use cases of deep packet inspection

To prevent crimes. It is one of the justifiable applications of deep packet inspection. ISPs (Internet Service Providers) can monitor file sharing and prevent the distribution of child pornography or illegally-obtained content.
To enhance network security. Deep packet inspection can be the weapon used against malicious attacks and intrusions. This procedure works better than anti-virus software since it detects the malicious traffic before it reaches devices. Additionally, DPI can prevent the denial of service attacks, which can be very devastating to enterprises.
To show personalized ads. If your ISP performs deep packet inspection, the organization will likely sell the gathered data to marketers. No surprise here: some countries allow ISPs to do this. Even if data mining and selling are legal, it does not mean that users should be pleased with it. It is yet another example of a gross privacy violation that happens right under our noses.
To reinforce censorship and tracking. Even though deep packet inspection is not an entirely legal activity, government entities apply this procedure. They perform DPI to prevent citizens from accessing the content deemed inappropriate. For instance, the Chinese government uses DPI to track the country’s network traffic. As a result, they can block access to political and controversial websites.
To prevent data leaks. Employees continuously exchange information. However, con artists can impersonate executives to access confidential data. Hence, deep packet inspection can guarantee that specific information does not leave the internal network.
To perform traffic shaping. You can define traffic-shaping policies to reinforce bandwidth control. ISPs frequently do this to prioritize certain online activities over others. Hence, your file-sharing might be slower at times, while other processes work as usual.

How to go round deep packet inspection?

There can be many reasons why deep packet inspection is not your cup of tea. First of all, the fact that ISPs or other entities can read the content of packets is a gross privacy violation. Secondly, this procedure can diminish performance since it requires extensive processing power.

Of course, the main issue here is that enterprises, governments, and ISPs can constantly monitor users and establish strict boundaries. Luckily, the market is full of software that encrypts web traffic and makes it time-consuming to abuse. For instance, deep packet inspection won’t work on devices that use a VPN. Entities will only get access to the encrypted content of packets. Hence, it is doubtful that they will invest resources to decrypt them. While there are legitimate reasons for applying deep packet inspection, it is mostly an intrusive practice that empowers surveillance and internet censorship.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.

Tags:

dpi