Tethering refers to the process of using a wireless phone, e.g. a smartphone, as modem to connect one or more computing device to the Internet. For example, an illustrative laptop computer may be communicatively coupled, i.e. tethered, to a smartphone—and the smartphone is used as a modem. The illustrative laptop computer may be tethered to the illustrative smartphone with an illustrative wired USB connection or an illustrative wireless Bluetooth connection or an illustrative wireless WiFi/Hotspot connection.
Communication Service Providers (CSPs), which are also referred to as “wireless Internet service providers,” need to identify when a subscriber tethering happening on their network. Typically, the CSP and subscriber enter into a contract to support tethering. Many wireless Internet service providers charge an additional fee for subscribers that connect to the Internet using their mobile devices because the tethered computing devices use more data than the mobile device uses.
Regretfully, many subscribers resort to unauthorized tethering by using “spoofing” applications to avoid the wireless Internet service provider tethering limits. Smartphone spoofing applications hide the subscriber's unauthorized tethering usage by “spoofing” the type of traffic that is presented to the network from the subscriber's smartphone. “Spoofing” refers to the process of enabling an unauthorized device to access a service, e.g. data plan to access Internet, by identifying the unauthorized device to be an authorized device.
Wireless Internet service providers have developed tools to detect the unauthorized tethering, however, these techniques do not work for IPv6 mobile networks.
Modern wireless Internet service providers are migrating from IPv4 to IPv6 mobile networks because of the need for additional IP addresses for wireless devices such as smartphone, IoT devices and other such wired and wireless devices accessing the Internet. Internet Protocol version 6 (IPv6) is the sixth revision to the Internet Protocol and the successor to Internet Protocol version 4 (IPv4). IPv6 functions similarly to IPv4 in that it provides the unique, numerical IP addresses necessary for Internet-enabled devices to communicate; however, IPv6 includes one major difference, namely, it utilizes 128-bit addresses.
Due to modern wireless Internet using IPv6 mobile network, it is challenging to detect unauthorized tethering because the TCP/IP stack for IPv6 is different from the TCP/IP stack for IPv4. More specifically, most solutions that detect unauthorized tethering rely on detecting an operating system signature presented in TCP/IP packets or based on a User-Agent field of HTTP traffic. These detection methods work only when the illustrative smartphone simply acts as a router/NAT for the tethered traffic or the HTTP User-Agent field is not modified.
Handset vendors and companies developing mobile operating systems have been improving their systems and methods to detect spoofing applications. For example, the handset vendors and companies developing mobile operating systems have been preventing spoofing applications from being installed on smartphones and handsets. Additionally, the handset vendors and companies developing mobile operating systems have been preventing spoofing application from making changes to the tethered traffic in an unexpected manner.
However, there continue to be various challenges for detecting unauthorized tethering. For example, if the tethered device (e.g. the laptop) modifies the User-Agent field of the HTTP traffic, then unauthorized tethering cannot be detected. Additionally, when spoofing application for unauthorized tethering are installed on the smartphone, the spoofing application can modify some of the IP header parameters such as TTL; and the unauthorized tethering cannot be detected. Furthermore, when the spoofing applications run a proxy server that initiates a TCP connection from the smartphone and makes the proxy server signature appear to be the same signature as the natively originated signatures, then the unauthorized tethering cannot be detected.
Thus, there is a need for a system and method that detects tethering to IPv6 mobile networks that can be managed and controlled by the wireless Internet service provider and that do not rely on handset vendors and companies that develop mobile operating systems.