Passive and Active Measurement: 24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023, Proceedings

Preface
Organization
Contents
VPNs and Infrastructure
Measuring the Performance of iCloud Private Relay
	1 Introduction
	2 Background and Related Work
		2.1 iCloud Private Relay Architecture
		2.2 Related Work
	3 Testbed and Dataset
		3.1 Throughput Measurements
		3.2 Bulk Downloads
		3.3 Web Measurements
	4 Results
		4.1 Throughput
		4.2 Bulk Download
		4.3 Web Browsing
	5 Discussion and Open Questions
		5.1 Overriding Routing
		5.2 Localization
		5.3 Cost
	6 Conclusions
	References
Characterizing the VPN Ecosystem in the Wild
	1 Introduction
	2 Background
		2.1 VPN Usage
		2.2 VPN Protocols
	3 Methodology
		3.1 VPN Server Detection
		3.2 TLS Analysis
		3.3 Fingerprinting
		3.4 VPN Traffic Analysis
		3.5 Ethical Considerations
	4 Active Measurements of the VPN Server Ecosystem
		4.1 Responsive Servers
		4.2 VPN Protocols
		4.3 Security Analysis
		4.4 Fingerprinting
		4.5 IPv6
	5 Passive VPN Traffic Analysis
	6 Discussion
	7 Related Work
	8 Conclusion
	References
Stranger VPNs: Investigating the Geo-Unblocking Capabilities of Commercial VPN Providers
	1 Introduction
	2 Background and Related Work
		2.1 Background
		2.2 Related Work
	3 Ecosystem
	4 Commercial VPN Provider Selection
	5 Methodology
		5.1 Geo-Unblocking IP Retrieval
		5.2 Testbed
		5.3 Geo-Unblocking Regions
	6 Results
		6.1 General Characterization of the Geo-Unblocking Ecosystem
		6.2 Specialized Networks/Hosting Providers
		6.3 Residential Proxies
		6.4 VPN Infrastructure Overlap
	7 Ethical Considerations
		7.1 Ecosystem
		7.2 VPN Provider Selection
		7.3 Methodology and Results
	8 Conclusion
	References
TLS
Exploring the Evolution of TLS Certificates
	1 Introduction
	2 Background
	3 Related Works
	4 Dataset and Methodology
		4.1 Datasets
		4.2 Validation Methodology
	5 Certificate Validity
		5.1 IPv4 Scanning
		5.2 Certificate Transparency
	6 Certificate Authorities
		6.1 IPv4 Scanning
		6.2 Certificate Transparency
	7 Host Networks
		7.1 IPv4 Scanning
		7.2 Certificate Transparency
	8 Evolution
	9 Discussion
	10 Conclusion
	A  Ethics
	References
Analysis of TLS Prefiltering for IDS Acceleration
	1 Introduction
	2 Related Work
		2.1 Software-only Solutions
		2.2 Hardware-Oriented Solutions
		2.3 Solutions Using SmartNICs/GPUs
		2.4 Traffic Bypass Solutions
		2.5 Proposed Solution
	3 TLS Traffic Analysis
	4 DPDK TLS Prefilter for TLS Traffic
		4.1 TLS Prefilter Internal Logic
		4.2 TLS Prefilter Architecture
	5 Results
		5.1 Analyzed Bypass Methods
		5.2 Throughput Measurements
		5.3 Detection Quality Analysis
	6 Conclusion
	References
DissecTLS: A Scalable Active Scanner for TLS Server Configurations, Capabilities, and TLS Fingerprinting
	1 Introduction
	2 Methodology
		2.1 Modeling the TLS Configuration on Servers
		2.2 Representing Multiple Observations of Extension Orders
		2.3 Implementation of DissecTLS
	3 Comparison of TLS Scanners and Their Ability to Detect Different TLS Stack Configurations on Servers
		3.1 Scanner Comparison in a Local Testbed
		3.2 Scanner Comparison on the Top 10k Toplist Domains
	4 Measurement Study on Top- and Blocklist Servers
		4.1 Fingerprinting C&C Servers
		4.2 Human-Readable TLS Server Configurations
	5 Related Work
	6 Discussion
	7 Conclusion
	A  Example DissecTLS Output
	B  Additional TLS Server Parameter Statistics
	References
Applications
A Measurement-Derived Functional Model for the Interaction Between Congestion Control and QoE in Video Conferencing
	1 Introduction
		1.1 Ethical Considerations
	2 Related Work
	3 Measurement Design
		3.1 Test Conditions
		3.2 Testbed
	4 Congestion Control Study
		4.1 Measurements
		4.2 Peer-to-Peer Mode Congestion Control
		4.3 SFU Mode Congestion Control
	5 Video Rate Control Study
		5.1 Measurements
		5.2 Peer-to-Peer Mode Video Rate Control
		5.3 SFU Mode Video Rate Control
	6 SFU with Multiple Users
		6.1 Experimental Setup
		6.2 Observations
	7 VCA Functional Models
		7.1 VCA Client
		7.2 VCA SFU
	8 Concluding Remarks
	A  Competition with TCP
	B  Video Subsampling Methods
	C  Zoom Video Rate Control under Different Latency Conditions
	References
Effects of Political Bias and Reliability on Temporal User Engagement with News Articles Shared on Facebook
	1 Introduction
	2 Methodology and Dataset
		2.1 News Article Selection and Bias/Reliability Labeling
		2.2 Preprocessing of News Articles
		2.3 Temporal User Engagement of Related Facebook Posts
		2.4 Time Partitioning
		2.5 Capturing Engagement Dynamics
		2.6 Dataset Summary
	3 Results
		3.1 High-level Analysis of the All Interactions Dynamics
		3.2 Temporal Dynamics of Different Interactions
		3.3 Outlet-Specific Results
	4 Prediction of the Maximum Interaction's Volume
	5 Related Work
	6 Limitations
	7 Ethical Considerations
	8 Conclusions
	A Appendix
		A.1 Procedure of Computing the Canonical Form of an Article Url
		A.2 Temporal Dynamics of the Other Forms of Interactions
		A.3 Temporal Dynamics of CNN and the New York Post and Reuters
	References
Measurement Tools
Efficient Continuous Latency Monitoring with eBPF
	1 Introduction
	2 Design and Implementation
	3 Results
		3.1 RTT Accuracy
		3.2 Monitoring Overhead
	4 Conclusion
	A Effects of Using TCP Timestamps to Infer RTT
	References
Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets
	1 Introduction
	2 Dataset and Methodology
		2.1 Utilized Data
		2.2 Methodology
	3 Results
		3.1 Universities' Cloud Usage: Team Cymru's Bulk Whois
		3.2 IP Attribution Comparison: BTTF Whois vs. Team Cymru
		3.3 Impact of BTTF Whois on Case-Study Analysis
	4 Discussion
		4.1 Lessons Learned for Research on Historic Datasets
		4.2 Limitations
		4.3 Future Work
	5 Conclusion
	A BTTF Whois Short Documentation
		A.1 Using BTTF Whois Manually
		A.2 Using BTTF Whois for Bulk Requests
		A.3 BTTF Whois JSON Data Structure
	References
Towards Diagnosing Accurately the Performance Bottleneck of Software-Based Network Function Implementation
	1 Introduction
	2 Background
		2.1 NFs' Packet Processing Procedure
		2.2 Conventional Performance Diagnosis
	3 The Challenges and Requirements of NF Performance Diagnosis
		3.1 Performance Issues of NF Are Transitive.
		3.2 The Complexity of Modern NF Frameworks
		3.3 Performance Perturbation Is Unavoidable
	4 Overview
		4.1 Experiment Environment
		4.2 Evaluation Methods
	5 Performance Diagnosis Based on PMC
		5.1 The Principle of PMC-Based Performance Diagnosis
		5.2 The Capacity of Existing PMC-Based Performance Diagnosis Tools in NF Scenarios
	6 Performance Perturbation
		6.1 Performance Distribution Similarity
		6.2 Coefficient of Interference
		6.3 The Performance Perturbation of PMC-based Performance Diagnosis Tools
	7 Towards Accurate NF Performance Diagnosis
	8 Related Work
	9 Conclusions
	References
Network Performance
Evaluation of the ProgHW/SW Architectural Design Space of Bandwidth Estimation
	1 Introduction
	2 Motivation and Background
		2.1 Motivation
		2.2 Bandwidth Estimation Background
	3 Our Classification of Bandwidth Estimation Architectures
		3.1 IPD-based Architectural Classification
		3.2 ProgHW/SW Timing Context Analysis
	4 Implementation of Modules
		4.1 Preliminaries of FPGA
		4.2 Implementation Details
	5 Evaluation
		5.1 Evaluation Environments
		5.2 Evaluation of IPD-Modular Method
		5.3 Evaluation of ProgHW/SW Architectures
	6 Related Work
		6.1 Related Evaluations of Bandwidth Estimation
		6.2 Programmable Hardware Designs
	7 Conclusion
	References
An In-Depth Measurement Analysis of 5G mmWave PHY Latency and Its Impact on End-to-End Delay
	1 Introduction
	2 Main Measurement Campaign and Challenges
	3 5G PHY Processing and Factors
	4 5G PHY-layer Latency: Best Cases
		4.1 Quantifying Best-Case PHY Latency
		4.2 Dissecting DL PHY Latency
		4.3 Dissecting UL PHY Latency
	5 Impact of Channel Conditions
		5.1 Understanding the Impact of ReTxs on TPhy
		5.2 Impact of CQI on TPhy and TPhy
	6 Impact of Mobility
		6.1 Impact of Mobility (No HOs) on TPhy
		6.2 Quantifying the Impact of HOs on TPhy
	7 E2E Application Latency
		7.1 Role of Server Placement
		7.2 Impact of CDRX on TPhy
		7.3 Impact of Packet Payload Size
	8 Related Work
	9 Discussion and Future Work
	10 Conclusion
	References
A Characterization of Route Variability in LEO Satellite Networks
	1 Introduction
	2 Background
		2.1 Overview of LEO Satellite Networks
		2.2 LEO Satellite Networks Topology
		2.3 Routing in LEO Satellites
	3 Study Setup
	4 Route Churn is Rife, Unnecessary, and Harmful
		4.1 Route Churn Is Rife
		4.2 Is Route Churn Necessary?
		4.3 Route Churn Can Be Harmful
	5 Understanding RTT Variability
		5.1 RTT Variability Exhibits Spatial Structure
		5.2 Building Blocks for Paths: ISLs and GSLs
		5.3 Darfur as a Case Study: Building Blocks in Action
	6 Does Deploying More Satellites Reduce Variability?
	7 Discussion
	8 Related Work
	9 Conclusion
	References
Topology
Improving the Inference of Sibling Autonomous Systems
	1 Introduction
	2 Background, Related Work, and Datasets
		2.1 Definitions of Organizations and Siblings
		2.2 Regional Internet Registries and Whois Databases
		2.3 Related Work
		2.4 PeeringDB and Other Data Sources
	3 Comparison Between Whois and CA2O
	4 Semi-manual Investigation
		4.1 Pool Detection
		4.2 Manual Labeling the Pools with Disagreements
		4.3 Two Pitfalls of Whois: The Causes of Inaccuracies
		4.4 Results of Investigation
		4.5 Manual Input of APNIC LIRs
		4.6 Reference Dataset
	5 Towards Automatically Improving Inferences
		5.1 Scope of Application
		5.2 Method Overview
		5.3 Data Preparation
		5.4 Graph Initialization
		5.5 Keyword Matching
		5.6 Cluster Discovery
		5.7 Evaluation
	6 Case Study: MOAS Event Analysis
	7 Discussion and Future Work
		7.1 Limitations of Our Methodology
		7.2 Interaction with Internet Operators
		7.3 Extension the Mappings for AS-Level Analysis
	8 Conclusion
	9 Ethics
	A  Information of RIR/NIR Whois
	B  Details of Keywords Function
	C  Manual Input Knowledge
		C.1  Manual Input Pools in Sect.4
		C.2  Manual Knowledge of admin-c in Sect.5
	References
A Global Measurement of Routing Loops on the Internet
	1 Introduction
	2 Experiment Design
		2.1 What Constitutes a Persistent Routing Loop?
		2.2 Which TTLs Should We Scan?
		2.3 How Fast Can We Probe?
		2.4 Can We Sample Subnets?
	3 Scanning Methodology
		3.1 Using Yarrp
		3.2 Vantage Points
	4 The Prevalence of Routing Loops
		4.1 How Many Routing Loops Are There?
		4.2 Are These Really Loops?
		4.3 Do These Loops Persist Across Time/Other Vantage Points?
		4.4 How Do Existing Datasets Compare?
		4.5 How Many Unique Routing Loops Are There?
		4.6 Are We Under Counting Loops?
	5 The Structure of Routing Loops
		5.1 What Causes These Loops?
		5.2 Where Are These Routing Loops?
		5.3 How Large are Routing Loops?
		5.4 How Many Loops Do /24 Subnets Experience?
		5.5 Which Addresses Have Routing Loops?
		5.6 Do These Loops Matter?
	6 Related Work
	7 Ethics
	8 Conclusion
	References
as2org+ : Enriching AS-to-Organization Mappings with PeeringDB*-12pt
	1 Introduction
	2 Motivation and Challenges
	3 Challenges and Opportunities with PeeringDB
		3.1 PDB for AS2Orgs Mapping
		3.2 Opportunities Using PeeringDB
	4 Methodology
		4.1 Feature Extraction
		4.2 Filters
		4.3 Manual Inspection
		4.4 Data Consolidation
	5 Effectiveness of Cluster Extraction Methods
	6 Evaluating a PDB-Based Inferencing
		6.1 Unique Contribution of Features
		6.2 The Aggressive Approach
		6.3 Simple Rules, Complex Rules and Both Combined
		6.4 Reporting Unregistered Siblings
		6.5 Removing Upstream Providers
		6.6 Grouping Scattered Sibling Information
	7 as2org+ : Enriching the AS2Org Dataset with PeeringDB
		7.1 Enhancing AS2Org
		7.2 Reshaping Large Transit Organizations
		7.3 Impact in Hypergiant Organizations
	8 Related Work
	9 Conclusions and Future Directions
	A  Example of a aka Reporting Siblings
	B  Examples of the aka Feature Extraction
	C  Example of Lack of Trust in Reported Data
	D  Example of a Network Reporting Transit Connectivity
	References
RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data Planes*-12pt
	1 Introduction
	2 Background
	3 RPKI Beacons
		3.1 Beacon Methodology
		3.2 ROA Toggling
		3.3 Data Collection
	4 Eleven Months in the Life of RPKI Beacons
		4.1 ROA Creation Delay
		4.2 End to End ROA Deletion Delay
	5 A Bird's-Eye View of RPKI ROA Delay
		5.1 Topology Dependence
		5.2 Delay Analysis from Historical Data
		5.3 ROA Anatomy
	6 Discussion
	7 Related Work
	8 Conclusion
	A  Appendix
		A.1  Data Plane Availability in IPv6
		A.2  BGP Update Delay after ARIN Fix
		A.3  Reproducibility
	References
Security and Privacy
Intercept and Inject: DNS Response Manipulation in the Wild*-12pt
	1 Introduction
	2 Manipulating Root DNS Traffic
		2.1 Background on DNS Root Server System
		2.2 Previous Route Leaks
		2.3 November 2021: Mexico Event
	3 Characterizing DNS Manipulation in the Wild
		3.1 Measurement Setup
		3.2 The Guangzhou K-Root Instance
		3.3 Injected Responses
		3.4 Identifying Injectors
		3.5 Participating Probes
		3.6 Factors Driving DNS Manipulation
		3.7 Limitations
	4 Countermeasures
	5 Ethical Considerations
	6 Related Work
	7 Conclusions
	References
A First Look at Brand Indicators for Message Identification (BIMI)
	1 Introduction
	2 Background
		2.1 DNS-Based Email Security Mechanisms
		2.2 BIMI Specifications
	3 Measurement Method
		3.1 Target Domain Names
		3.2 Data Collection Methodology
	4 Understanding BIMI in the Wild
		4.1 Adoption of BIMI
		4.2 Correlations Between BIMI and Other DNS-Based Email Security Mechanisms
		4.3 Attacks Exploiting BIMI
	5 Incorrect BIMI Configurations
		5.1 BIMI Record
		5.2 Brand Logo Image
		5.3 VMC
		5.4 Violation of DMARC Policy
	6 Discussion
		6.1 Current Status of BIMI
		6.2 Limitations
		6.3 Possibility of Registering Fake Logos
		6.4 Ethical Considerations
	7 Related Work
	8 Conclusion
	A BIMI Implementations of Major Mail User Agents
	B Categorization of Domain Names Adopting BIMI
	References
A Second Look at DNS QNAME Minimization*-12pt
	1 Introduction
	2 Background and Related Work
		2.1 The Domain Name System
		2.2 Query Name Minimization
		2.3 Related Work
	3 Active Measurements
		3.1 Resolver Adoption over Time
		3.2 Adoption by Open Resolvers
	4 Passive Measurements
		4.1 Method
		4.2 Results
	5 Controlled Experiments
		5.1 Method
		5.2 Results
	6 Discussion
		6.1 Analysis of the Results
		6.2 Improvements of Measurements Methods
		6.3 Qmin Depth Limitation
	7 Conclusion
	References
DNS
How Ready is DNS for an IPv6-Only World?
	1 Introduction
	2 Broken IPv6 Zone Delegation
		2.1 Background: DNS Zone Delegation
		2.2 Reasons for Broken IPv6 Delegation
	3 Datasets and Methodology
		3.1 DNS Dataset: Farsight SIE
		3.2 Domain Classification
		3.3 Misconfiguration Identification
		3.4 Active Measurement Methodology
		3.5 Ethical Considerations
	4 Results
		4.1 Dataset Overview
		4.2 IPv6 Resolution in DNS over Time
		4.3 IPv6 Resolution Failure Types
		4.4 Centralization and IPv6 Readiness
		4.5 Resolvability and Responsiveness of NS in Active Measurements
	5 Discussion
		5.1 The Impact of Centralization
		5.2 IPv6 DNS Resolution and the Web
		5.3 Implications for Future Research
		5.4 Limitations
	6 Related Work
		6.1 IPv6 Adoption and Readiness
		6.2 DNS and DNS Misconfiguration Studies
		6.3 Summary
	7 Conclusion
	A DNS Resolution Overview
	B IPv6 only Resolution Failures
	C Zones Without IPv6 Resolution per NS set
	References
TTL Violation of DNS Resolvers in the Wild
	1 Introduction
	2 Background and Related Work
		2.1 Related Work
		2.2 BrightData
	3 TTL Extension in the Wild
		3.1 Methodology
		3.2 Results
		3.3 Cross-validation
		3.4 Macroscopic Analysis
		3.5 Impact of TTL Extension: Case Study of CDNs
	4 TTL Violation in DNSSEC
	5 Concluding Discussion
	References
Operational Domain Name Classification: From Automatic Ground Truth Generation to Adaptation to Missing Values
	1 Introduction
	2 Background and Related Work
		2.1 Data and Feature Selection
		2.2 Feature Importance
		2.3 Ground Truth
		2.4 COMAR System
	3 Methodology
		3.1 Automated Generation of Ground Truth
		3.2 Feature Selection
		3.3 Measuring the Extent of Missing Values
		3.4 Handling Missing Values with Multiple Models
		3.5 Performance Evaluation
		3.6 Feature Importance
		3.7 Ethical Considerations
	4 Classification Results
		4.1 Analysis of the Selected Features
	5 Conclusions and Future Work
	A  Machine Learning Metrics
	B  Scatter Plots of Probability Changes
	References
Web
A First Look at Third-Party Service Dependencies of Web Services in Africa
	1 Introduction
	2 Preliminaries
		2.1 Dependency Metrics
		2.2 Taxonomy of Websites
		2.3 Research Questions
	3 Dataset
	4 Methodology
		4.1 Limitations
	5 Findings
		5.1 Third-Party Dependencies
	6 Provider Concentration
	7 Discussion
	8 Related Work
	9 Conclusion
	10 Availability
	References
Exploring the Cookieverse: A Multi-Perspective Analysis of Web Cookies
	1 Introduction
	2 Background
		2.1 Privacy Laws Regarding Web Tracking
		2.2 Web Privacy Measurement Platforms
	3 Data Collection and Approach
		3.1 Location Diversity and Target Websites
		3.2 Automated Banner Detection and Interaction
		3.3 Cookie Classification
		3.4 OpenWPM Measurement Setup
		3.5 Ethical Considerations
	4 Effect of Cookie Banners
	5 Impact of Geographical Location
	6 Website Cookie Consistency
	7 Landing vs. Inner Pages
	8 Mobile vs. Desktop
	9 Impact of CCPA
	10 Discussion
	11 Related Work
	12 Conclusion
	A  HTML Elements Not Part of Cookie Banners
	B  Corpus of Words Used for Banner Interaction
	C  Comparison With Priv-Accept Web Crawler
	References
Quantifying User Password Exposure to Third-Party CDNs
	1 Introduction
	2 Background
		2.1 HTTPS on CDNs
		2.2 Countermeasures in Practice
	3 Threat Model
	4 Method
	5 Password Exposure
		5.1 Distribution over Rankings
		5.2 Distribution over CDN Providers
		5.3 Distribution over Website Categories
	6 Countermeasures
		6.1 Client-Side Encryption and CDN Bypassing
		6.2 Possible Countermeasures
	7 Discussion and Future Work
	8 Related Work
	9 Conclusion
	References
Author Index