The government will totally control the people’s behavior over the internet by using the technology that won’t allow them to exercise their online privacy rights or personal freedom on the internet. One of the methods used by the restrictive government to block your online traffic is by using a system called DPI or Deep Packet Inspection.

What the DPI system is doing is that it will analyze the internet traffic that is coming through your ISP. It will identify your traffic type and either allow the traffic to reach the internet or block it. If you are using the regular ISP traffic, the system will allow you to access the internet, while if you are using the VPN traffic, the system can recognize it and block your connection from reaching the internet. This is an advanced traffic monitoring system installed by the restrictive government to prevent people from using private connections and force them to follow the government’s internet regulations.

Background

As TrueVPN focuses on security and privacy, It’s clear that DPI is a huge issue!
When talking about privacy and security, We must consider that DPI that performed by some countries for VPN blocking or any other political reason comes against user’s privacy.

Why we consider it as a huge privacy issue?
Alright, to answer that, we need to understand how Deep Packet Inspection works.

Well, Deep packet inspection evaluates the data part and the header of a packet that is transmitted through an inspection point, weeding out any non-compliance to protocol, spam, viruses, intrusions, and any other defined criteria to block the packet from passing through the inspection point.

Deep packet inspection can examine the content of messages and identify the specific application or service it comes from. In addition, filters can be programmed to look for and reroute network traffic from a specific Internet Protocol (IP) address range or a certain online service like Facebook.

So by looking to the image above, We can see that DPI acts like MITM Attacks, So the encrypted user’s traffic has to be decrypted to read its data then re-encrypt it again and re-send the encrypted data to the CA. So we MUST consider that this is a huge issue of user’s privacy.

HOW TRUEVPN SOLVED THE ISSUE?

Ok, At TrueVPN we believe deeply in security and user privacy, Every user has rights to privacy, because we believe that privacy is a human right and it should be respected.

All human beings have three lives: public, private, and secret.

Gabriel García Márquez

For a long while, TrueVPN was trying to solve this issue and bypassing DPI without redirecting user’s traffic or missing with CA. If you do not know what is that means, So you must have a little knowledge of Networking.

TRUEVPN RESEARCH

Based on our Research, We’ve developed an AI tool to analyze the ISP’s connection policies before establishing the connection, by performing that, we can check if the ISP blocks the used VPN protocol by the user or recently performed Deep Packet Inspection or Bandwidth Throttling based on analytics data. This tool is powered by Skytells’s latest AI, and its powerful enough to analyze these policies.

Of course these tools are deployed on TrueVPN’s iOS App for version 2.5 and later.

HOW IT WORKS?

When you Enable Policy Checks on TrueVPN, The app will perform some checks before establishing the VPN connection, And try to solve any detected issues regarding the ISP or the living country if possible.

Lets give it an example, Imagine of a user named Doe, lives in country X, while country X is performing a Deep Packet Inspection targeting VPN providers to crack em down, So, When the users opens the VPN app and taps connect, Here’s what’s going to happen in the background

1. User Taps or Clicks (Connect to a VPN)
2. The VPN app will choose the VPN protocol if it not set by user.
3. The App chooses iKEv2 or IPSec
4. The app begins to connect using IKEv2 or IPSec
5. The App receives connection timeout message

And here’s why, When the App tries to choose the protocol on the 2nd step, it doesn’t check if the protocol has an issue regarding VPN Blocking in the current location or not, so it may ends up with connection timeout if it fails to connect.

But, by using an analytics tools based on research such as Policy Checks Mechanisms TrueVPN will perform the following steps regarding the connection.

1. User Taps or Clicks on (Connect to a VPN)
2. TrueVPN performs some checks on user’s connection
3. If there’s an issue regarding the connection (See Image), The app tries to solve it first.
4. After solving the issue, The app will choose an obfuscated protocol
5. The app begins to connect using obfuscated protocol powered with proxy tunnel
6. The App receives success response from server.

So by performing that, TrueVPN will only use a custom obfuscated protocols when needed, and these protocols are empowered by proxy tunnel to prevent DPI detection, And finally the app can bypass the VPN Blocking.

POLICY CHECKS FAQs

Here are some answers related to this feature.

Is Policy Checks Feature Free?
Yes, This feature is free.

Should in use TrueVPN with Policy Checks?
If you’re living in a country cracks down VPN connectivity or recently performed DPI, You must enable this feature.

Will This Decrease or Increase Connection Speed?
Of course no, This feature are just a mechanisms, designed to perform some analytics on ISP and connection before you connect to a VPN.

Conclusion

If you live in one of the countries who have issues with VPN Providers and tries to crack them down by blocking VPN protocols or performing DPI, Then TrueVPN is your best choice, because the app can bypass that easily.

Deep packet inspection is also used to decide if a particular packet is redirected to another destination. In short, deep packet inspection is able to locate, detect, categorize, block, or reroute packets that have specific code or data payloads that are not detected, located, categorized, blocked, or redirected by conventional packet filtering. Unlike plain packet filtering, deep packet inspection goes beyond examining packet headers.

HOW DEEP PACKET INSPECTION WORKS?

Deep packet inspection is a form of packet filtering usually carried out as a function of your firewall. It is applied at the Open Systems Interconnection’s application layer.

Deep packet inspection evaluates the contents of a packet that is going through a checkpoint. Using rules that are assigned by you, your Internet service provider, or the network or systems administrator, deep packet inspection determines what to do with these packets in real time.

Deep packet inspection is able to check the contents of these packets and then figure out where it came from, such as the service or application that sent it. In addition, it can work with filters in order to find and redirect network traffic from an online service, such as Twitter or Facebook, or from a particular IP address.

DPI VS. CONVENTIONAL PACKET FILTERING

Conventional packet filtering only reads the header information of each packet. This was a basic approach that was less sophisticated than the modern approach to packet filtering largely due to the technology limitations at the time. Firewalls had very little processing power, and it was not enough to handle large volumes of packets. In other words, conventional packet filtering was similar to reading the title of a book, without awareness or evaluation of the content inside the cover.

With the advent of new technologies, deep packet inspection became feasible. As it became more thorough and complete, it became more comparable to picking up a book, cracking it open, and reading it from cover to cover.

USE CASES FOR DPI

There are several uses for deep packet inspection. It can act as both an intrusion detection system or a combination of intrusion prevention and intrusion detection. It can identify specific attacks that your firewall, intrusion prevention, and intrusion detection systems cannot adequately detect.

If your organization has users who are using their laptops for work, then deep packet inspection is vital in preventing worms, spyware, and viruses from getting into your corporate network. Furthermore, using deep packet inspection is based on rules and policies defined by you, allowing your network to detect if there are prohibited uses of approved applications.

Deep packet inspection is also used by network managers to help ease the flow of network traffic. For instance, if you have a high priority message, you can use deep packet inspection to enable high-priority information to pass through immediately, ahead of other lower priority messages. You can also prioritize packets that are mission-critical, ahead of ordinary browsing packets. If you have problems with peer-to-peer downloads, you can use deep packet inspection to throttle or slow down the rate of data transfer. DPI can also be used to enhance the capabilities of ISPs to prevent the exploitation of IoT devices in DDOS attacks by blocking malicious requests from devices.

Mobile service operators and other similar service providers also use deep packet inspection to tailor-fit their offerings to individual subscribers allowing them to differentiate data usage as “all you can eat,” wall garden, or value added. Record labels and other copyright holders can also request ISPs to block their content from being downloaded illegally – a process achieved through deep packet inspection.

Other times, deep packet inspection is used to serve targeted advertising to users, lawful interception, and policy enforcement. Deep packet inspection can also prevent some types of buffer overflow attacks. 

Lastly, deep packet inspection can help you prevent anybody from leaking information, such as when e-mailing a confidential file. Instead of being able to successfully send out a file, the user will instead receive information on how to get the necessary permission and clearance to send it.

As with other technologies, deep packet inspection can also be used for less than admirable purposes, such as eavesdropping and censorship. In fact, the Chinese government has been known to use deep packet inspection to monitor the country’s network traffic and censor some content and sites that are harmful to their interests. This is how China has been able to block out pornography, religious information, materials concerning political dissent, and even popular websites such as Wikipedia, Google, and Facebook.

While DPI has many potential use cases, it can easily detect the recipient or sender of the content that it monitors, so there are some concerns around privacy. This is primarily a concern when DPI is used in the context of marketing and advertising, through monitoring the behavior of users and selling browsing and other data to marketing or advertising companies.

DEEP PACKET INSPECTION TECHNIQUES

Two primary types of products utilize deep packet inspection: firewalls that have implemented features of IDS, such as content inspection, and IDS systems that aim to protect the network rather than focus only on detecting attacks. Some of the main techniques used for deep packet inspection include:

● Pattern or signature matching – One approach to using firewalls that have adopted IDS features, pattern or signature matching, analyzes each packet against a database of known network attacks. The downside to this approach is that it’s effective only for known attacks, and not for attacks that have yet to be discovered.
● Protocol anomaly – Another approach to using firewalls with IDS features, protocol anomaly uses a “default deny” approach, which is a key security principle. Using this technique, protocol definitions are used to determine which content should be allowed. This differs from the approach of simply allowing all content that doesn’t match the signatures database, as occurs in the case of pattern or signature matching. The primary benefit of protocol anomaly is that it offers protection against unknown attacks.
● IPS solutions – Some IPS solutions implement DPI technologies. These solutions have similar functionality to in-line IDS, although they have the ability to block detected attacks in real-time. One of the biggest challenges in using this technique is the risk of false positives, which can be mitigated to some extent through the creation of conservative policies.

Some limitations exist with these and other DPI techniques, although vendors offer solutions aiming to eliminate the practical and architectural challenges through various means. Additionally, DPI solutions are now offering a range of other complimentary technologies such as VPNs, malware analysis, anti-spam filtering, URL filtering, and other technologies, providing more comprehensive network protection.

CHALLENGES OF DPI

No technology is perfect, and deep packet inspection is no exception. It has three distinct weaknesses:

1. Deep packet inspection is very effective in preventing attacks such as denial of service attacks, buffer overflow attacks, and even some forms of malware. But it can also be used to create similar attacks. 

2. Deep packet inspection can make your current firewall and other security software you use more complicated and harder to manage. You need to be sure that you constantly update and revise deep packet inspection policies to ensure continued effectiveness.

3. Deep packet inspection can slow down your network by dedicating resources for your firewall to be able to handle the processing load.

Aside from privacy concerns and the inherent limitations of deep packet inspection, some concerns have arisen due to the use of HTTPS certificates and even VPNs with privacy tunneling. Some firewalls are now offering HTTPS inspections, which would decrypt the HTTPS-protected traffic and determine whether the content is permitted to pass through. However, deep packet inspection continues to be a valuable practice for purposes ranging from performance management to network analytics, forensics, and enterprise security.

GOVERNMENTAL USE OF DPI

In addition to using DPI for the security of their own networks, governments in North America, Europe, and Asia use DPI for various purposes such as surveillance and censorship.
Many of these programs are classified.

United States

FCC adopts Internet CALEA requirements: The FCC, pursuant to its mandate from the U.S. Congress, and in line with the policies of most countries worldwide, has required that all telecommunication providers, including Internet services, be capable of supporting the execution of a court order to provide real-time communication forensics of specified users. In 2006, the FCC adopted new Title 47, Subpart Z, rules requiring Internet Access Providers to meet these requirements. DPI was one of the platforms essential to meeting this requirement and has been deployed for this purpose throughout the U.S.

China

The Chinese government uses Deep Packet Inspection to monitor and censor network traffic and content that it claims is harmful to Chinese citizens or state interests. This material includes pornography, information on religion, and political dissent. 
Chinese network ISPs use DPI to see if there is any sensitive keyword going through their network. If so, the connection will be cut. People within China often find themselves blocked while accessing Web sites containing content related to Taiwanese and Tibetan independence, Falun Gong, the Dalai Lama, the Tiananmen Square protests and massacre of 1989, political parties that oppose that of the ruling Communist party, or a variety of anti-Communist movements  as those materials were signed as DPI sensitive keywords already. China previously blocked all VoIP traffic in and out of their country but many available VOIP applications now function in China. Voice traffic in Skype is unaffected, although text messages are subject to filtering, and messages containing sensitive material, such as curse-words, are simply not delivered, with no notification provided to either participant in the conversation. China also blocks visual media sites such as YouTube.com and various photography and blogging sites.

Iran

The Iranian government purchased a system, reportedly for deep packet inspection, in 2008 from Nokia Siemens Networks (NSN) (a joint venture Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cell telephone company), now NSN is Nokia Solutions and Networks, according to a report in the Wall Street Journal in June, 2009, quoting NSN spokesperson Ben Roome. According to unnamed experts cited in the article, the system enables authorities to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes.

Russian Federation

DPI is not yet mandated in Russia. Federal Law №139 enforces blocking websites on the Russian Internet blacklist using IP filtering, but does not force ISPs into analyzing the data part of packets. Yet some ISPs still use different DPI solutions to implement blacklisting. For 2019, the governmental agency Roskomnadzor is planning a nationwide rollout of DPI after a pilot project in one of the country’s regions, at an estimated cost of 20 billion roubles (US$300M).

Singapore

The city state reportedly employs deep packet inspection of Internet traffic.

Syria

The state reportedly employs deep packet inspection of Internet traffic, to analyze and block unallowed transit.

Malaysia

The incumbent Malaysian Government, headed by Barisan Nasional, was said to be using DPI against a political opponent during the run-up to the 13th general elections held on 5 May 2013.

The purpose of DPI, in this instance, was to block and/or hinder access to selected websites, e.g. Facebook accounts, blogs and news portals.

Egypt

Since 2015, Egypt reportedly started to join the list which was constantly being denied by the Egyptian National Telecom Regulatory Authority (NTRA) officials. However, it came to news when the country decided to block the encrypted messaging app Signal as announced by the application’s developer.

In April 2017, all VOIP applications including FaceTime, Facebook Messenger, Viber, Whatsapp calls and Skype have been all blocked in the country.