Descriptor: "C.2.0" - Searchworks@Jio Institute Digital Library Search Results

151. A Survey on Honeypot Software and Data Analysis

Author: Nawrocki, Marcin, Wählisch, Matthias, Schmidt, Thomas C., Keil, Christian, and Schönfelder, Jochen
Subjects: Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture, C.2.0, C.2.2, C.2.3, C.2.6, D.4.6, K.6.5
Abstract: In this survey, we give an extensive overview on honeypots. This includes not only honeypot software but also methodologies to analyse honeypot data.
Published: 2016

152. Are wearable devices ready for HTTPS? Measuring the cost of secure communication protocols on wearable devices

Author: Kolamunna, Harini, Chauhan, Jagmohan, Hu, Yining, Thilakarathna, Kanchana, Perino, Diego, Makaroff, Dwight, and Seneviratne, Aruna
Subjects: Computer Science - Cryptography and Security, C.4, C.2.2, C.2.0
Abstract: The majority of available wearable devices require communication with Internet servers for data analysis and storage, and rely on a paired smartphone to enable secure communication. However, wearable devices are mostly equipped with WiFi network interfaces, enabling direct communication with the Internet. Secure communication protocols should then run on these wearables itself, yet it is not clear if they can be efficiently supported. In this paper, we show that wearable devices are ready for direct and secure Internet communication by means of experiments with both controlled and Internet servers. We observe that the overall energy consumption and communication delay can be reduced with direct Internet connection via WiFi from wearables compared to using smartphones as relays via Bluetooth. We also show that the additional HTTPS cost caused by TLS handshake and encryption is closely related to number of parallel connections, and has the same relative impact on wearables and smartphones.
Published: 2016

153. Passive Taxonomy of Wifi Clients using MLME Frame Contents

Author: Gentry, Denton and Pennarun, Avery
Subjects: Computer Science - Networking and Internet Architecture, C.2.0
Abstract: In supporting Wifi networks it is useful to identify the type of client device connecting to an AP. Knowing the type of client can guide troubleshooting steps, allow searches for known issues, or allow specific workarounds to be implemented in the AP. For support purposes a passive method which analyzes normal traffic is preferable to active methods, which often send obscure combinations of packet options which might trigger client bugs. We have developed a method of passive client identification which observes the contents of Wifi management frames including Probes and Association requests. We show that the management frames populated by modern Wifi chipsets and device drivers are quite distinguishable, making it possible in many cases to identify the model of the device. Supplementing information from the Wifi management frames with additional information from DHCP further extends the set of clients which can be distinguished., Comment: updated email addresses and added link to implementation of the mechanism (at the end of the paper)
Published: 2016

154. HEAP: Reliable Assessment of BGP Hijacking Attacks

Author: Schlamp, Johann, Holz, Ralph, Jacquemart, Quentin, Carle, Georg, and Biersack, Ernst W.
Subjects: Computer Science - Networking and Internet Architecture, Computer Science - Cryptography and Security, C.2.0, C.2.2, C.2.3, C.2.6
Abstract: The detection of BGP prefix hijacking attacks has been the focus of research for more than a decade. However, state-of-the-art techniques fall short of detecting more elaborate types of attack. To study such attacks, we devise a novel formalization of Internet routing, and apply this model to routing anomalies in order to establish a comprehensive attacker model. We use this model to precisely classify attacks and to evaluate their impact and detectability. We analyze the eligibility of attack tactics that suit an attacker's goals and demonstrate that related work mostly focuses on less impactful kinds of attacks. We further propose, implement and test the Hijacking Event Analysis Program (HEAP), a new approach to investigate hijacking alarms. Our approachis designed to seamlessly integrate with previous work in order to reduce the high rates of false alarms inherent to these techniques. We leverage several unique data sources that can reliably disprove malicious intent. First, we make use of an Internet Routing Registry to derive business or organisational relationships between the parties involved in an event. Second, we use a topology-based reasoning algorithm to rule out events caused by legitimate operational practice. Finally, we use Internet-wide network scans to identify SSL/TLS-enabled hosts, which helps to identify non-malicious events by comparing public keys prior to and during an event. In our evaluation, we prove the effectiveness of our approach, and show that day-to-day routing anomalies are harmless for the most part. More importantly, we use HEAP to assess the validity of publicly reported alarms. We invite researchers to interface with HEAP in order to cross-check and narrow down their hijacking alerts.
Published: 2016

155. Anarchy in Tor: Performance Cost of Decentralization

Author: Geddes, John, Schliep, Mike, and Hopper, Nicholas
Subjects: Computer Science - Cryptography and Security, C.2.0
Abstract: Like many routing protocols, the Tor anonymity network has decentralized path selection, in clients locally and independently choose paths. As a result, network resources may be left idle, leaving the system in a suboptimal state. This is referred to as the price of anarchy, where agents acting in their own self interest can make poor decisions when viewed in a global context. In this paper we explore the cost of anarchy in Tor by examining the potential performance increases that can be gained by centrally optimizing circuit and relay selection using global knowledge. In experiments with both offline and online algorithms, we show that centrally coordinated clients can achieve up to 75% higher bandwidth compared to traditional Tor. Drawing on these findings, we design and evaluate a decentralized version of our online algorithm, in which relays locally distribute information enabling clients to make smarter decisions locally and perform downloads 10-60% faster. Finally, we perform a privacy analysis of the decentralized algorithm against a passive and active adversary trying to reduce anonymity of clients and increase their view of the Tor network. We conclude that this decentralized algorithm does not enable new attacks, while providing significantly higher performance.
Published: 2016

156. PRI: Privacy Preserving Inspection of Encrypted Network Traffic

Author: Schiff, Liron and Schmid, Stefan
Subjects: Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture, C.2.0
Abstract: Traffic inspection is a fundamental building block of many security solutions today. For example, to prevent the leakage or exfiltration of confidential insider information, as well as to block malicious traffic from entering the network, most enterprises today operate intrusion detection and prevention systems that inspect traffic. However, the state-of-the-art inspection systems do not reflect well the interests of the different involved autonomous roles. For example, employees in an enterprise, or a company outsourcing its network management to a specialized third party, may require that their traffic remains confidential, even from the system administrator. Moreover, the rules used by the intrusion detection system, or more generally the configuration of an online or offline anomaly detection engine, may be provided by a third party, e.g., a security research firm, and can hence constitute a critical business asset which should be kept confidential. Today, it is often believed that accounting for these additional requirements is impossible, as they contradict efficiency and effectiveness. We in this paper explore a novel approach, called Privacy Preserving Inspection (PRI), which provides a solution to this problem, by preserving privacy of traffic inspection and confidentiality of inspection rules and configurations, and e.g., also supports the flexible installation of additional Data Leak Prevention (DLP) rules specific to the company.
Published: 2016

157. Open Mobile API: Accessing the UICC on Android Devices

Author: Roland, Michael and Hölzl, Michael
Subjects: Computer Science - Cryptography and Security, Computer Science - Operating Systems, C.2.0, C.3, C.5.3, D.2.7, D.4.6
Abstract: This report gives an overview of secure element integration into Android devices. It focuses on the Open Mobile API as an open interface to access secure elements from Android applications. The overall architecture of the Open Mobile API is described and current Android devices are analyzed with regard to the availability of this API. Moreover, this report summarizes our efforts of reverse engineering the stock ROM of a Samsung Galaxy S3 in order to analyze the integration of the Open Mobile API and the interface that is used to perform APDU-based communication with the UICC (Universal Integrated Circuit Card). It further provides a detailed explanation on how to integrate this functionality into CyanogenMod (an after-market firmware for Android devices)., Comment: University of Applied Sciences Upper Austria, JR-Center u'smile, Technical report, 76 pages, 12 figures
Published: 2016

158. DDoS Attacks in Cloud Computing: Issues, Taxonomy, and Future Directions

Author: Somani, Gaurav, Gaur, Manoj Singh, Sanghi, Dheeraj, Conti, Mauro, and Buyya, Rajkumar
Subjects: Computer Science - Cryptography and Security, C.2.0
Abstract: Security issues related to the cloud computing are relevant to various stakeholders for an informed cloud adoption decision. Apart from data breaches, the cyber security research community is revisiting the attack space for cloud-specific solutions as these issues affect budget, resource management, and service quality. Distributed Denial of Service (DDoS) attack is one such serious attack in the cloud space. In this paper, we present developments related to DDoS attack mitigation solutions in the cloud. In particular, we present a comprehensive survey with a detailed insight into the characterization, prevention, detection, and mitigation mechanisms of these attacks. Additionally, we present a comprehensive solution taxonomy to classify DDoS attack solutions. We also provide a comprehensive discussion on important metrics to evaluate various solutions. This survey concludes that there is a strong requirement of solutions, which are designed keeping utility computing models in mind. Accurate auto-scaling decisions, multi-layer mitigation, and defense using profound resources in the cloud, are some of the key requirements of the desired solutions. In the end, we provide a definite guideline on effective solution building and detailed solution requirements to help the cyber security research community in designing defense mechanisms. To the best of our knowledge, this work is a novel attempt to identify the need of DDoS mitigation solutions involving multi-level information flow and effective resource management during the attack., Comment: Published in Computer Communications, Volume 107, 2017, Eslevier
Published: 2015
Full Text: View/download PDF

159. Understanding Mobile Traffic Patterns of Large Scale Cellular Towers in Urban Environment

Author: Wang, Huandong, Xu, Fengli, Li, Yong, Zhang, Pengyu, and Jin, Depeng
Subjects: Computer Science - Networking and Internet Architecture, C.2.0, C.4
Abstract: Understanding mobile traffic patterns of large scale cellular towers in urban environment is extremely valuable for Internet service providers, mobile users, and government managers of modern metropolis. This paper aims at extracting and modeling the traffic patterns of large scale towers deployed in a metropolitan city. To achieve this goal, we need to address several challenges, including lack of appropriate tools for processing large scale traffic measurement data, unknown traffic patterns, as well as handling complicated factors of urban ecology and human behaviors that affect traffic patterns. Our core contribution is a powerful model which combines three dimensional information (time, locations of towers, and traffic frequency spectrum) to extract and model the traffic patterns of thousands of cellular towers. Our empirical analysis reveals the following important observations. First, only five basic time-domain traffic patterns exist among the 9,600 cellular towers. Second, each of the extracted traffic pattern maps to one type of geographical locations related to urban ecology, including residential area, business district, transport, entertainment, and comprehensive area. Third, our frequency-domain traffic spectrum analysis suggests that the traffic of any tower among the 9,600 can be constructed using a linear combination of four primary components corresponding to human activity behaviors. We believe that the proposed traffic patterns extraction and modeling methodology, combined with the empirical analysis on the mobile traffic, pave the way toward a deep understanding of the traffic patterns of large scale cellular towers in modern metropolis., Comment: To appear at IMC 2015
Published: 2015
Full Text: View/download PDF

160. Multiple Configurations LT Codes

Author: Tsai, Pei-Chuan, Chen, Chih-Ming, and Chen, Ying-ping
Subjects: Computer Science - Information Theory, E.4, H.1.1, C.2.0
Abstract: This paper introduces a new scheme of LT codes, named multiple configurations. In multiple configurations LT codes (MC-LT codes), multiple sets of output symbols are simultaneously provided to receivers for recovering the source data. Each receiver, without the need to send information back to the sender, is capable of receiving the output symbols generated by some configuration chosen according to its own decoding phase. Aiming at the broadcasting scenarios without feedback channels, the proposed MC-LT codes are shown to outperform the optimal pure LT codes at the cost of encoding and transmitting units. In this paper, the inspiration of MC-LT codes is presented, how MC-LT codes work is described by giving examples, in which the optimal pure LT codes are outperformed, and a practical design of MC-LT codes, which is analytically proved to have at least the same performance bound as the pure LT codes, is proposed. The results of numerical simulation experiments demonstrate that the proposed practical design of MC-LT codes can deliver better performance than the LT codes in comparison. In summary, this paper creates new potential research directions for LT codes, and MC-LT codes are a promising variant of LT codes, especially for broadcasting scenarios., Comment: 11 pages, 8 figures, 3 tables
Published: 2015

161. Proceedings of the 2nd OMNeT++ Community Summit, IBM Research - Zurich, Switzerland, September 3-4, 2015

Author: Förster, Anna, Minkenberg, Cyriel, Herrera, German Rodriguez, and Kirsche, Michael
Subjects: Computer Science - Performance, Computer Science - Networking and Internet Architecture, I.6, C.2.0, C.4, D.4.8
Abstract: This is the Proceedings of the 2nd OMNeT++ Community Summit, which was held at IBM Research - Zurich, Switzerland on September 3-4, 2015.
Published: 2015

162. Evaluation of Contactless Smartcard Antennas

Author: Roland, Michael and Hölzl, Michael
Subjects: Computer Science - Cryptography and Security, Computer Science - Computers and Society, C.2.0, C.3, H.5.2, K.6.5
Abstract: This report summarizes the results of our evaluation of antennas of contactless and dual interface smartcards and our ideas for user-switchable NFC antennas. We show how to disassemble smartcards with contactless capabilities in order to obtain the bare chip module and the bare antenna wire. We examine the design of various smartcard antennas and present concepts to render the contactless interface unusable. Finally, we present ideas and practical experiments to make the contactless interface switchable by the end-user., Comment: University of Applied Sciences Upper Austria, JR-Center u'smile, Technical report, 29 pages, 27 figures
Published: 2015

163. Albatross: a Privacy-Preserving Location Sharing System

Author: Saldamli, Gokay, Chow, Richard, and Jin, Hongxia
Subjects: Computer Science - Cryptography and Security, C.2.0
Abstract: Social networking services are increasingly accessed through mobile devices. This trend has prompted services such as Facebook and Google+ to incorporate location as a de facto feature of user interaction. At the same time, services based on location such as Foursquare and Shopkick are also growing as smartphone market penetration increases. In fact, this growth is happening despite concerns (growing at a similar pace) about security and third-party use of private location information (e.g., for advertising). Nevertheless, service providers have been unwilling to build truly private systems in which they do not have access to location information. In this paper, we describe an architecture and a trial implementation of a privacy-preserving location sharing system called Albatross. The system protects location information from the service provider and yet enables fine-grained location-sharing. One main feature of the system is to protect an individual's social network structure. The pattern of location sharing preferences towards contacts can reveal this structure without any knowledge of the locations themselves. Albatross protects locations sharing preferences through protocol unification and masking. Albatross has been implemented as a standalone solution, but the technology can also be integrated into location-based services to enhance privacy., Comment: 12 Pages, Extended version of ASIACCS 2015 paper
Published: 2015

164. Implementation of a Stream Cipher Based on Bernoulli's Map

Author: Martinez-Gonzalez, Ricardo Francisco and Diaz-Mendez, Jose Alejandro
Subjects: Computer Science - Cryptography and Security, 94A60, 68P25, 14G50, C.2.0, G.3
Abstract: A stream cipher was implemented on a FPGA. The keystream, for some authors the most important element, was developed using an algorithm based on Bernoullis chaotic map. When dynamic systems are digitally implemented, a normal degradation appears and disturbs their behavior; for such reason, a mechanism was needed. The proposed mechanism gives a solution for degradation issue and its implementation is not complicated. Finally, the implemented cipher includes 8 stages and 2 pseudo-random number generators (PRNG), such cipher was tested using NIST testes. Once its designing stage, it was implemented using a developing FPGA board., Comment: 9 Pages, 6 Figures and 1 Table
Published: 2015

165. The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire

Author: Schlamp, Johann, Gustafsson, Josef, Wählisch, Matthias, Schmidt, Thomas C., and Carle, Georg
Subjects: Computer Science - Networking and Internet Architecture, Computer Science - Cryptography and Security, C.2.3, C.2.0
Abstract: The vulnerability of the Internet has been demonstrated by prominent IP prefix hijacking events. Major outages such as the China Telecom incident in 2010 stimulate speculations about malicious intentions behind such anomalies. Surprisingly, almost all discussions in the current literature assume that hijacking incidents are enabled by the lack of security mechanisms in the inter-domain routing protocol BGP. In this paper, we discuss an attacker model that accounts for the hijacking of network ownership information stored in Regional Internet Registry (RIR) databases. We show that such threats emerge from abandoned Internet resources (e.g., IP address blocks, AS numbers). When DNS names expire, attackers gain the opportunity to take resource ownership by re-registering domain names that are referenced by corresponding RIR database objects. We argue that this kind of attack is more attractive than conventional hijacking, since the attacker can act in full anonymity on behalf of a victim. Despite corresponding incidents have been observed in the past, current detection techniques are not qualified to deal with these attacks. We show that they are feasible with very little effort, and analyze the risk potential of abandoned Internet resources for the European service region: our findings reveal that currently 73 /24 IP prefixes and 7 ASes are vulnerable to be stealthily abused. We discuss countermeasures and outline research directions towards preventive solutions., Comment: Final version for TMA 2015
Published: 2014
Full Text: View/download PDF

166. CBM: A Crypto-Coded Modulation Scheme for Rate Information Concealing and Robustness Boosting

Author: Vo-Huu, Triet D. and Noubir, Guevara
Subjects: Computer Science - Cryptography and Security, C.2.0, C.2.1, E.4
Abstract: Exposing the rate information of wireless transmission enables highly efficient attacks that can severely degrade the performance of a network at very low cost. In this paper, we introduce an integrated solution to conceal the rate information of wireless transmissions while simultaneously boosting the resiliency against interference. The proposed solution is based on a generalization of Trellis Coded Modulation combined with Cryptographic Interleaving. We develop algorithms for discovering explicit codes for concealing any modulation in {BPSK, QPSK, 8-PSK, 16-QAM, 64-QAM}. We demonstrate that in most cases this modulation hiding scheme has the side effect of boosting resiliency by up to 8.5dB.
Published: 2014

167. Security Evaluation for Mail Distribution Systems

Author: Rizopoulos, Antonis S., Kallergis, Dimitrios N., and Prezerakos, George N.
Subjects: Computer Science - Cryptography and Security, Computer Science - Computers and Society, 68M12, C.2.0, C.2.2, D.4.6, H.3.4
Abstract: The security evaluation for Mail Distribution Systems focuses on certification and reliability of sensitive data between mail servers. The need to certify the information conveyed is a result of known weaknesses in the simple mail transfer protocol (SMTP). The most important consequence of these weaknesses is the possibility to mislead the recipient, which is achieved via spam (especially email spoofing). Email spoofing refers to alterations in the headers and/or the content of the message. Therefore, the authenticity of the message is compromised. Unfortunately, the broken link between certification and reliability of the information is unsolicited email (spam). Unlike the current practice of estimating the cost of spam, which prompts organizations to purchase and maintain appropriate anti-spam software, our approach offers an alternative perspective of the economic and moral consequences of unsolicited mail. The financial data provided in this paper show that spam is a major contributor to the financial and production cost of an organization, necessitating further attention. Additionally, this paper highlights the importance and severity of the weaknesses of the SMTP protocol, which can be exploited even with the use of simple applications incorporated within most commonly used Operating Systems (e.g. Telnet). As a consequence of these drawbacks Mail Distribution Systems need to be appropriate configured so as to provide the necessary security services to the users., Comment: 6 pages, eRA 5th International Scientific Conference, September 15-18 2010, Piraeus, Greece
Published: 2014

168. IP Tracing and Active Network Response

Author: Sobh, Tarek S. and Khalil, Awad H.
Subjects: Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture, C.2.0
Abstract: Active security is mainly concerned with performing one or more security functions when a host in a communication network is subject to an attack. Such security functions include appropriate actions against attackers. To properly afford active security actions a set of software subsystems should be integrated together so that they can automatically detect and appropriately address any vulnerability in the underlying network. This work presents integrated model for active security response model. The proposed model introduces Active Response Mechanism (ARM) for tracing anonymous attacks in the network back to their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed", source addresses. This paper presents within the proposed model two tracing approaches based on: 1.Sleepy Watermark Tracing (SWT) for unauthorized access attacks. 2.Probabilistic Packet Marking (PPM) in the network for Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. On the basis of the proposed model a cooperative network security tools such as firewall, intrusion detection system with IP tracing mechanism has been designed for taking a rapid active response against real IPs for attackers. The proposed model is able to detect network vulnerabilities, trace attack source IP and reconfigure the attacked subnetworks., Comment: 11 pages, 2 figures, 12th International Conference on Artificial Intelligence Applications (ICAIA 2004), Cairo, Egypt, February 18-20, 2004
Published: 2014

169. Prolonging the Hide-and-Seek Game: Optimal Trajectory Privacy for Location-Based Services

Author: Theodorakopoulos, George, Shokri, Reza, Troncoso, Carmela, Hubaux, Jean-Pierre, and Boudec, Jean-Yves Le
Subjects: Computer Science - Cryptography and Security, C.2.0
Abstract: Human mobility is highly predictable. Individuals tend to only visit a few locations with high frequency, and to move among them in a certain sequence reflecting their habits and daily routine. This predictability has to be taken into account in the design of location privacy preserving mechanisms (LPPMs) in order to effectively protect users when they continuously expose their position to location-based services (LBSs). In this paper, we describe a method for creating LPPMs that are customized for a user's mobility profile taking into account privacy and quality of service requirements. By construction, our LPPMs take into account the sequential correlation across the user's exposed locations, providing the maximum possible trajectory privacy, i.e., privacy for the user's present location, as well as past and expected future locations. Moreover, our LPPMs are optimal against a strategic adversary, i.e., an attacker that implements the strongest inference attack knowing both the LPPM operation and the user's mobility profile. The optimality of the LPPMs in the context of trajectory privacy is a novel contribution, and it is achieved by formulating the LPPM design problem as a Bayesian Stackelberg game between the user and the adversary. An additional benefit of our formal approach is that the design parameters of the LPPM are chosen by the optimization algorithm., Comment: Workshop on Privacy in the Electronic Society (WPES 2014)
Published: 2014

170. Proceedings of the 1st OMNeT++ Community Summit, Hamburg, Germany, September 2, 2014

Author: Förster, Anna, Sommer, Christoph, Steinbach, Till, and Wählisch, Matthias
Subjects: Computer Science - Performance, I.6, C.2.0, C.4, D.4.8
Abstract: This is the Proceedings of the 1st OMNeT++ Community Summit, which was held in Hamburg, Germany, September 2, 2014.
Published: 2014

171. Optimal Geo-Indistinguishable Mechanisms for Location Privacy

Author: Bordenabe, Nicolás E., Chatzikokolakis, Konstantinos, and Palamidessi, Catuscia
Subjects: Computer Science - Cryptography and Security, C.2.0, K.4.1
Abstract: We consider the geo-indistinguishability approach to location privacy, and the trade-off with respect to utility. We show that, given a desired degree of geo-indistinguishability, it is possible to construct a mechanism that minimizes the service quality loss, using linear programming techniques. In addition we show that, under certain conditions, such mechanism also provides optimal privacy in the sense of Shokri et al. Furthermore, we propose a method to reduce the number of constraints of the linear program from cubic to quadratic, maintaining the privacy guarantees and without affecting significantly the utility of the generated mechanism. This reduces considerably the time required to solve the linear program, thus enlarging significantly the location sets for which the optimal mechanisms can be computed., Comment: 13 pages
Published: 2014
Full Text: View/download PDF

172. A DDoS-Aware IDS Model Based on Danger Theory and Mobile Agents

Author: Zamani, Mahdi, Movahedi, Mahnush, Ebadzadeh, Mohammad, and Pedram, Hossein
Subjects: Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security, Computer Science - Multiagent Systems, C.2.1, C.2.2, I.2.11, C.2.0
Abstract: We propose an artificial immune model for intrusion detection in distributed systems based on a relatively recent theory in immunology called Danger theory. Based on Danger theory, immune response in natural systems is a result of sensing corruption as well as sensing unknown substances. In contrast, traditional self-nonself discrimination theory states that immune response is only initiated by sensing nonself (unknown) patterns. Danger theory solves many problems that could only be partially explained by the traditional model. Although the traditional model is simpler, such problems result in high false positive rates in immune-inspired intrusion detection systems. We believe using danger theory in a multi-agent environment that computationally emulates the behavior of natural immune systems is effective in reducing false positive rates. We first describe a simplified scenario of immune response in natural systems based on danger theory and then, convert it to a computational model as a network protocol. In our protocol, we define several immune signals and model cell signaling via message passing between agents that emulate cells. Most messages include application-specific patterns that must be meaningfully extracted from various system properties. We show how to model these messages in practice by performing a case study on the problem of detecting distributed denial-of-service attacks in wireless sensor networks. We conduct a set of systematic experiments to find a set of performance metrics that can accurately distinguish malicious patterns. The results indicate that the system can be efficiently used to detect malicious patterns with a high level of accuracy., Comment: 10 pages, 3 figure
Published: 2013

173. Machine Learning Techniques for Intrusion Detection

Author: Zamani, Mahdi and Movahedi, Mahnush
Subjects: Computer Science - Cryptography and Security, Computer Science - Learning, Computer Science - Networking and Internet Architecture, C.2.0, K.6.5
Abstract: An Intrusion Detection System (IDS) is a software that monitors a single or a network of computers for malicious activities (attacks) that are aimed at stealing or censoring information or corrupting network protocols. Most techniques used in today's IDS are not able to deal with the dynamic and complex nature of cyber attacks on computer networks. Hence, efficient adaptive methods like various techniques of machine learning can result in higher detection rates, lower false alarm rates and reasonable computation and communication costs. In this paper, we study several such schemes and compare their performance. We divide the schemes into methods based on classical artificial intelligence (AI) and methods based on computational intelligence (CI). We explain how various characteristics of CI techniques can be used to build efficient IDS., Comment: 11 pages
Published: 2013

174. Distributed firewalls and IDS interoperability checking based on a formal approach

Author: Karoui, Kamel, Ftima, Fakher Ben, and Ghezala, Henda Ben
Subjects: Computer Science - Networking and Internet Architecture, Computer Science - Cryptography and Security, C.2, C.2.0, C.2.1, C.2.3, D.2.12
Abstract: To supervise and guarantee a network security, the administrator uses different security components, such as firewalls, IDS and IPS. For a perfect interoperability between these components, they must be configured properly to avoid misconfiguration between them. Nevertheless, the existence of a set of anomalies between filtering rules and alerting rules, particularly in distributed multi-component architectures is very likely to degrade the network security. The main objective of this paper is to check if a set of security components are interoperable. A case study using a firewall and an IDS as examples will illustrate the usefulness of our approach., Comment: Security component, relevancy, misconfigurations detection, interoperability cheking, formal correction,formal verification, projection, IDS, Firewall
Published: 2013
Full Text: View/download PDF

175. Multi-Source Multi-Path HTTP (mHTTP): A Proposal

Author: Kim, Juhoon, Khalili, Ramin, Feldmann, Anja, Chen, Yung-Chih, and Towsley, Don
Subjects: Computer Science - Networking and Internet Architecture, C.2.0, C.4.0
Abstract: Today, most devices have multiple network interfaces. Coupled with wide-spread replication of popular content at multiple locations, this provides substantial path diversity in the Internet. We propose Multi-source Multipath HTTP, mHTTP, which takes advantage of all existing types of path diversity in the Internet. mHTTP needs only client-side but not server-side or network modifications as it is a receiver-oriented mechanism. Moreover, the modifications are restricted to the socket interface. Thus, no changes are needed to the applications or to the kernel. As mHTTP relies on HTTP range requests, it is specific to HTTP which accounts for more than 60% of the Internet traffic. We implement mHTTP and study its performance by conducting measurements over a testbed and in the wild. Our results show that mHTTP indeed takes advantage of all types of path diversity in the Internet, and that it is a viable alternative to Multipath TCP for HTTP traffic. mHTTP decreases download times for large objects up to 50%, whereas it does no harm to small object downloads., Comment: 12 pages
Published: 2013

176. Blind and robust images watermarking based on wavelet and edge insertion

Author: Razafindradina, Henri Bruno and Karim, Attoumani Mohamed
Subjects: Computer Science - Multimedia, Computer Science, K.6.5, C.2.0, D.4.6
Abstract: This paper gives a new scheme of watermarking technique related to insert the mark by adding edge in HH sub-band of the host image after wavelet decomposition. Contrary to most of the watermarking algorithms in wavelet domain, our method is blind and results show that it is robust against the JPEG and GIF compression, histogram and spectrum spreading, noise adding and small rotation. Its robustness against compression is better than others watermarking algorithms reported in the literature. The algorithm is flexible because its capacity or robustness can be improved by modifying some parameters., Comment: 8 pages
Published: 2013

177. Ensuring High-Quality Randomness in Cryptographic Key Generation

Author: Corrigan-Gibbs, Henry, Mu, Wendy, Boneh, Dan, and Ford, Bryan
Subjects: Computer Science - Cryptography and Security, C.2.0, C.2.2, E.3
Abstract: The security of any cryptosystem relies on the secrecy of the system's secret keys. Yet, recent experimental work demonstrates that tens of thousands of devices on the Internet use RSA and DSA secrets drawn from a small pool of candidate values. As a result, an adversary can derive the device's secret keys without breaking the underlying cryptosystem. We introduce a new threat model, under which there is a systemic solution to such randomness flaws. In our model, when a device generates a cryptographic key, it incorporates some random values from an entropy authority into its cryptographic secrets and then proves to the authority, using zero-knowledge-proof techniques, that it performed this operation correctly. By presenting an entropy-authority-signed public-key certificate to a third party (like a certificate authority or SSH client), the device can demonstrate that its public key incorporates randomness from the authority and is therefore drawn from a large pool of candidate values. Where possible, our protocol protects against eavesdroppers, entropy authority misbehavior, and devices attempting to discredit the entropy authority. To demonstrate the practicality of our protocol, we have implemented and evaluated its performance on a commodity wireless home router. When running on a home router, our protocol incurs a 2.1x slowdown over conventional RSA key generation and it incurs a 4.4x slowdown over conventional EC-DSA key generation., Comment: This is an extended and corrected version of a paper which appeared in the proceedings of the 2013 ACM Conference on Computer and Communications Security (CCS). This version corrects an error in the proceedings version of the DSA protocol and accompanying security proof. This version also contains the full proof of security for the RSA protocol
Published: 2013

178. Conscript Your Friends into Larger Anonymity Sets with JavaScript

Author: Corrigan-Gibbs, Henry and Ford, Bryan
Subjects: Computer Science - Cryptography and Security, K.4.1, C.2.0
Abstract: We present the design and prototype implementation of ConScript, a framework for using JavaScript to allow casual Web users to participate in an anonymous communication system. When a Web user visits a cooperative Web site, the site serves a JavaScript application that instructs the browser to create and submit "dummy" messages into the anonymity system. Users who want to send non-dummy messages through the anonymity system use a browser plug-in to replace these dummy messages with real messages. Creating such conscripted anonymity sets can increase the anonymity set size available to users of remailer, e-voting, and verifiable shuffle-style anonymity systems. We outline ConScript's architecture, we address a number of potential attacks against ConScript, and we discuss the ethical issues related to deploying such a system. Our implementation results demonstrate the practicality of ConScript: a workstation running our ConScript prototype JavaScript client generates a dummy message for a mix-net in 81 milliseconds and it generates a dummy message for a DoS-resistant DC-net in 156 milliseconds., Comment: An abbreviated version of this paper will appear at the WPES 2013 workshop
Published: 2013

179. The complexity of resolving conflicts on MAC

Author: Vaya, Shailesh
Subjects: Computer Science - Data Structures and Algorithms, F.2.0, G.0, G.2, C.2.5, C.2.0
Abstract: We consider the fundamental problem of multiple stations competing to transmit on a multiple access channel (MAC). We are given $n$ stations out of which at most $d$ are active and intend to transmit a message to other stations using MAC. All stations are assumed to be synchronized according to a time clock. If $l$ stations node transmit in the same round, then the MAC provides the feedback whether $l=0$, $l=2$ (collision occurred) or $l=1$. When $l=1$, then a single station is indeed able to successfully transmit a message, which is received by all other nodes. For the above problem the active stations have to schedule their transmissions so that they can singly, transmit their messages on MAC, based only on the feedback received from the MAC in previous round. For the above problem it was shown in [Greenberg, Winograd, {\em A Lower bound on the Time Needed in the Worst Case to Resolve Conflicts Deterministically in Multiple Access Channels}, Journal of ACM 1985] that every deterministic adaptive algorithm should take $\Omega(d (\lg n)/(\lg d))$ rounds in the worst case. The fastest known deterministic adaptive algorithm requires $O(d \lg n)$ rounds. The gap between the upper and lower bound is $O(\lg d)$ round. It is substantial for most values of $d$: When $d = $ constant and $d \in O(n^{\epsilon})$ (for any constant $\epsilon \leq 1$, the lower bound is respectively $O(\lg n)$ and O(n), which is trivial in both cases. Nevertheless, the above lower bound is interesting indeed when $d \in$ poly($\lg n$). In this work, we present a novel counting argument to prove a tight lower bound of $\Omega(d \lg n)$ rounds for all deterministic, adaptive algorithms, closing this long standing open question.}, Comment: Xerox internal report 27th July; 7 pages
Published: 2013

180. Cryptocat: Adopting Accessibility and Ease of Use as Security Properties

Author: Kobeissi, Nadim and Breault, Arlo
Subjects: Computer Science - Cryptography and Security, Computer Science - Computers and Society, C.2.0, E.3
Abstract: Cryptocat is a Free and Open Source Software (FL/OSS) browser extension that makes use of web technologies in order to provide easy to use, accessible, encrypted instant messaging to the general public. We aim to investigate how to best leverage the accessibility and portability offered by web technologies in order to allow encrypted instant messaging an opportunity to better permeate on a social level. We have found that encrypted communications, while in many cases technically well-implemented, suffer from a lack of usage due to their being unappealing and inaccessible to the "average end-user". Our position is that accessibility and ease of use must be treated as security properties. Even if a cryptographic system is technically highly qualified, securing user privacy is not achieved without addressing the problem of accessibility. Our goal is to investigate the feasibility of implementing cryptographic systems in highly accessible mediums, and to address the technical and social challenges of making encrypted instant messaging accessible and portable., Comment: Working Draft
Published: 2013

181. A Formal Approach To Firewalls Testing Techniques

Author: Barabanov, Alexander, Markov, Alexey, and Tsirlov, Valentin
Subjects: Computer Science - Cryptography and Security, Computer Science - Software Engineering, 68N30, C.2.0, G.4, K.7.3
Abstract: Traditional technologies of firewall testing are overlooked. A new formalized approach is presented. Recommendations on optimization of test procedures are given., Comment: Keywords: information security, firewall, security analysis, test procedures, conformance evaluation, security certification, performance optimization
Published: 2013

182. The Formal Metabasis For Conformity Assessment of Information Security Software and Hardware

Author: Barabanov, Alexander, Grishin, Maxim, and Markov, Alexey
Subjects: Computer Science - Cryptography and Security, 68N30, C.2.0, G.4, K.7.3
Abstract: An approach to the development of security test procedures for information security controls is presented. The recommendations for optimizing the test procedure are obtained, Comment: Keywords: information security, information protection, information security tools, certification, conformity assessment, security testing
Published: 2013

183. Hang With Your Buddies to Resist Intersection Attacks

Author: Wolinsky, David Isaac, Syta, Ewa, and Ford, Bryan
Subjects: Computer Science - Cryptography and Security, C.2.0
Abstract: Some anonymity schemes might in principle protect users from pervasive network surveillance - but only if all messages are independent and unlinkable. Users in practice often need pseudonymity - sending messages intentionally linkable to each other but not to the sender - but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms., Comment: 15 pages, 8 figures
Published: 2013
Full Text: View/download PDF

184. Network Access Control Technology - Proposition to contain new security challenges

Author: Lakbabi, Abdelmajid, Orhanou, Ghizlane, and Hajji, Said El
Subjects: Computer Science - Cryptography and Security, D.4.6, C.2.0
Abstract: Traditional products working independently are no longer sufficient, since threats are continually gaining in complexity, diversity and performance; In order to proactively block such threats we need more integrated information security solution. To achieve this objective, we will analyze a real-world security platform, and focus on some key components Like, NAC, Firewall, and IPS/IDS then study their interaction in the perspective to propose a new security posture that coordinate and share security information between different network security components, using a central policy server that will be the NAC server or the PDP (the Policy Decision Point), playing an orchestration role as a central point of control. Finally we will conclude with potential research paths that will impact NAC technology evolution., Comment: 7 pages, 7 figures
Published: 2013
Full Text: View/download PDF

185. Source Code Analysis to Remove Security Vulnerabilities in Java Socket Programs: A Case Study

Author: Meghanathan, Natarajan
Subjects: Computer Science - Cryptography and Security, C.2.0
Abstract: This paper presents the source code analysis of a file reader server socket program (connection-oriented sockets) developed in Java, to illustrate the identification, impact analysis and solutions to remove five important software security vulnerabilities, which if left unattended could severely impact the server running the software and also the network hosting the server. The five vulnerabilities we study in this paper are: (1) Resource Injection, (2) Path Manipulation, (3) System Information Leak, (4) Denial of Service and (5) Unreleased Resource vulnerabilities. We analyze the reason why each of these vulnerabilities occur in the file reader server socket program, discuss the impact of leaving them unattended in the program, and propose solutions to remove each of these vulnerabilities from the program. We also analyze any potential performance tradeoffs (such as increase in code size and loss of features) that could arise while incorporating the proposed solutions on the server program. The proposed solutions are very generic in nature, and can be suitably modified to correct any such vulnerabilities in software developed in any other programming language. We use the Fortify Source Code Analyzer to conduct the source code analysis of the file reader server program, implemented on a Windows XP virtual machine with the standard J2SE v.7 development kit., Comment: 16 pages, 16 figures
Published: 2013
Full Text: View/download PDF

186. Design, Implementation, and Operation of a Mobile Honeypot

Author: Wählisch, Matthias, Vorbach, André, Keil, Christian, Schönfelder, Jochen, Schmidt, Thomas C., and Schiller, Jochen H.
Subjects: Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture, C.2.6, C.2.0, C.4
Abstract: Mobile nodes, in particular smartphones are one of the most relevant devices in the current Internet in terms of quantity and economic impact. There is the common believe that those devices are of special interest for attackers due to their limited resources and the serious data they store. On the other hand, the mobile regime is a very lively network environment, which misses the (limited) ground truth we have in commonly connected Internet nodes. In this paper we argue for a simple long-term measurement infrastructure that allows for (1) the analysis of unsolicited traffic to and from mobile devices and (2) fair comparison with wired Internet access. We introduce the design and implementation of a mobile honeypot, which is deployed on standard hardware for more than 1.5 years. Two independent groups developed the same concept for the system. We also present preliminary measurement results.
Published: 2013

187. Geo-Indistinguishability: Differential Privacy for Location-Based Systems

Author: Andrés, Miguel E., Bordenabe, Nicolás E., Chatzikokolakis, Konstantinos, and Palamidessi, Catuscia
Subjects: Computer Science - Cryptography and Security, C.2.0, K.4.1
Abstract: The growing popularity of location-based systems, allowing unknown/untrusted servers to easily collect huge amounts of information regarding users' location, has recently started raising serious privacy concerns. In this paper we study geo-indistinguishability, a formal notion of privacy for location-based systems that protects the user's exact location, while allowing approximate information - typically needed to obtain a certain desired service - to be released. Our privacy definition formalizes the intuitive notion of protecting the user's location within a radius r with a level of privacy that depends on r, and corresponds to a generalized version of the well-known concept of differential privacy. Furthermore, we present a perturbation technique for achieving geo-indistinguishability by adding controlled random noise to the user's location. We demonstrate the applicability of our technique on a LBS application. Finally, we compare our mechanism with other ones in the literature. It turns our that our mechanism offers the best privacy guarantees, for the same utility, among all those which do not depend on the prior., Comment: 15 pages
Published: 2012
Full Text: View/download PDF

188. Efficient Computer Network Anomaly Detection by Changepoint Detection Methods

Author: Tartakovsky, Alexander G., Polunchenko, Aleksey S., and Sokolov, Grigory
Subjects: Statistics - Applications, 62L10, 62P30, C.2.0, J.2
Abstract: We consider the problem of efficient on-line anomaly detection in computer network traffic. The problem is approached statistically, as that of sequential (quickest) changepoint detection. A multi-cyclic setting of quickest change detection is a natural fit for this problem. We propose a novel score-based multi-cyclic detection algorithm. The algorithm is based on the so-called Shiryaev-Roberts procedure. This procedure is as easy to employ in practice and as computationally inexpensive as the popular Cumulative Sum chart and the Exponentially Weighted Moving Average scheme. The likelihood ratio based Shiryaev-Roberts procedure has appealing optimality properties, particularly it is exactly optimal in a multi-cyclic setting geared to detect a change occurring at a far time horizon. It is therefore expected that an intrusion detection algorithm based on the Shiryaev-Roberts procedure will perform better than other detection schemes. This is confirmed experimentally for real traces. We also discuss the possibility of complementing our anomaly detection algorithm with a spectral-signature intrusion detection system with false alarm filtering and true attack confirmation capability, so as to obtain a synergistic system., Comment: 7 pages, 6 figures, to appear in "IEEE Journal of Selected Topics in Signal Processing"
Published: 2012
Full Text: View/download PDF

189. Data Shapes and Data Transformations

Author: Hausenblas, Michael, Villazon-Terrazas, Boris, and Cyganiak, Richard
Subjects: Computer Science - Databases, C.2.0, C.2.1, C.2.4, D.2.11, D.2.12, D.3.3, E.2, H.2.1, H.2.3, H.3
Abstract: Nowadays, information management systems deal with data originating from different sources including relational databases, NoSQL data stores, and Web data formats, varying not only in terms of data formats, but also in the underlying data model. Integrating data from heterogeneous data sources is a time-consuming and error-prone engineering task; part of this process requires that the data has to be transformed from its original form to other forms, repeating all along the life cycle. With this report we provide a principled overview on the fundamental data shapes tabular, tree, and graph as well as transformations between them, in order to gain a better understanding for performing said transformations more efficiently and effectively., Comment: 9 pages
Published: 2012

190. Securing Your Transactions: Detecting Anomalous Patterns In XML Documents

Author: Menahem, Eitan, Schclar, Alon, Rokach, Lior, and Elovici, Yuval
Subjects: Computer Science - Cryptography and Security, Computer Science - Learning, C.2.0, K.4.4, I.2.6
Abstract: XML transactions are used in many information systems to store data and interact with other systems. Abnormal transactions, the result of either an on-going cyber attack or the actions of a benign user, can potentially harm the interacting systems and therefore they are regarded as a threat. In this paper we address the problem of anomaly detection and localization in XML transactions using machine learning techniques. We present a new XML anomaly detection framework, XML-AD. Within this framework, an automatic method for extracting features from XML transactions was developed as well as a practical method for transforming XML features into vectors of fixed dimensionality. With these two methods in place, the XML-AD framework makes it possible to utilize general learning algorithms for anomaly detection. Central to the functioning of the framework is a novel multi-univariate anomaly detection algorithm, ADIFA. The framework was evaluated on four XML transactions datasets, captured from real information systems, in which it achieved over 89% true positive detection rate with less than a 0.2% false positive rate., Comment: Journal version (14 pages)
Published: 2012

191. Bridge the Gap: Measuring and Analyzing Technical Data for Social Trust between Smartphones

Author: Trapp, Sebastian, Wählisch, Matthias, and Schiller, Jochen
Subjects: Computer Science - Networking and Internet Architecture, Computer Science - Human-Computer Interaction, Computer Science - Social and Information Networks, C.2.0
Abstract: Mobiles are nowadays the most relevant communication devices in terms of quantity and flexibility. Like in most MANETs ad-hoc communication between two mobile phones requires mutual trust between the devices. A new way of establishing this trust conducts social trust from technically measurable data (e.g., interaction logs). To explore the relation between social and technical trust, we conduct a large-scale survey with more than 217 Android users and analyze their anonymized call and message logs. We show that a reliable a priori trust value for a mobile system can be derived from common social communication metrics.
Published: 2012

192. Detecting Spammers via Aggregated Historical Data Set

Author: Menahem, Eitan and Puzis, Rami
Subjects: Computer Science - Cryptography and Security, Computer Science - Learning, C.2.0, H.4.3
Abstract: The battle between email service providers and senders of mass unsolicited emails (Spam) continues to gain traction. Vast numbers of Spam emails are sent mainly from automatic botnets distributed over the world. One method for mitigating Spam in a computationally efficient manner is fast and accurate blacklisting of the senders. In this work we propose a new sender reputation mechanism that is based on an aggregated historical data-set which encodes the behavior of mail transfer agents over time. A historical data-set is created from labeled logs of received emails. We use machine learning algorithms to build a model that predicts the \emph{spammingness} of mail transfer agents in the near future. The proposed mechanism is targeted mainly at large enterprises and email service providers and can be used for updating both the black and the white lists. We evaluate the proposed mechanism using 9.5M anonymized log entries obtained from the biggest Internet service provider in Europe. Experiments show that proposed method detects more than 94% of the Spam emails that escaped the blacklist (i.e., TPR), while having less than 0.5% false-alarms. Therefore, the effectiveness of the proposed method is much higher than of previously reported reputation mechanisms, which rely on emails logs. In addition, the proposed method, when used for updating both the black and white lists, eliminated the need in automatic content inspection of 4 out of 5 incoming emails, which resulted in dramatic reduction in the filtering computational load., Comment: This is a conference version of the HDS research. 13 pages 10 figures
Published: 2012

193. Identifying Discriminating Network Motifs in YouTube Spam

Author: O'Callaghan, Derek, Harrigan, Martin, Carthy, Joe, and Cunningham, Pádraig
Subjects: Computer Science - Social and Information Networks, C.2.0, H.3.5
Abstract: Like other social media websites, YouTube is not immune from the attention of spammers. In particular, evidence can be found of attempts to attract users to malicious third-party websites. As this type of spam is often associated with orchestrated campaigns, it has a discernible network signature, based on networks derived from comments posted by users to videos. In this paper, we examine examples of different YouTube spam campaigns of this nature, and use a feature selection process to identify network motifs that are characteristic of the corresponding campaign strategies. We demonstrate how these discriminating motifs can be used as part of a network motif profiling process that tracks the activity of spam user accounts over time, enabling the process to scale to larger networks., Comment: 8 pages, 5 figures. arXiv admin note: significant text overlap with arXiv:1201.3783
Published: 2012

194. Modeling Internet-Scale Policies for Cleaning up Malware

Author: Hofmeyr, Steven, Moore, Tyler, Forrest, Stephanie, Edwards, Benjamin, and Stelle, George
Subjects: Computer Science - Networking and Internet Architecture, Computer Science - Cryptography and Security, Computer Science - Multiagent Systems, K.5.5, K.6.m, C.2.0
Abstract: An emerging consensus among policy makers is that interventions undertaken by Internet Service Providers are the best way to counter the rising incidence of malware. However, assessing the suitability of countermeasures at this scale is hard. In this paper, we use an agent-based model, called ASIM, to investigate the impact of policy interventions at the Autonomous System level of the Internet. For instance, we find that coordinated intervention by the 0.2%-biggest ASes is more effective than uncoordinated efforts adopted by 30% of all ASes. Furthermore, countermeasures that block malicious transit traffic appear more effective than ones that block outgoing traffic. The model allows us to quantify and compare positive externalities created by different countermeasures. Our results give an initial indication of the types and levels of intervention that are most cost-effective at large scale., Comment: 22 pages, 9 Figures, Presented at the Tenth Workshop on the Economics of Information Security, Jun 2011
Published: 2012

195. A Frame Rate Optimization Framework For Improving Continuity In Video Streaming

Author: Tan, Evan and Chou, Chun Tung
Subjects: Computer Science - Networking and Internet Architecture, Computer Science - Multimedia, C.2.0, H.5.1
Abstract: This paper aims to reduce the prebuffering requirements, while maintaining continuity, for video streaming. Current approaches do this by making use of adaptive media playout (AMP) to reduce the playout rate. However, this introduces playout distortion to the viewers and increases the viewing latency. We approach this by proposing a frame rate optimization framework that adjusts both the encoder frame generation rate and the decoder playout frame rate. Firstly, we model this problem as the joint adjustment of the encoder frame generation interval and the decoder playout frame interval. This model is used with a discontinuity penalty virtual buffer to track the accumulated difference between the receiving frame interval and the playout frame interval. We then apply Lyapunov optimization to the model to systematically derive a pair of decoupled optimization policies. We show that the occupancy of the discontinuity penalty virtual buffer is correlated to the video discontinuity and that this framework produces a very low playout distortion in addition to a significant reduction in the prebuffering requirements compared to existing approaches. Secondly, we introduced a delay constraint into the framework by using a delay accumulator virtual buffer. Simulation results show that the the delay constrained framework provides a superior tradeoff between the video quality and the delay introduced compared to the existing approach. Finally, we analyzed the impact of delayed feedback between the receiver and the sender on the optimization policies. We show that the delayed feedbacks have a minimal impact on the optimization policies.
Published: 2011

196. Probabilistic Analysis of Onion Routing in a Black-box Model

Author: Feigenbaum, Joan, Johnson, Aaron, and Syverson, Paul
Subjects: Computer Science - Cryptography and Security, C.2.0, C.2.4, K.4.1, G.3
Abstract: We perform a probabilistic analysis of onion routing. The analysis is presented in a black-box model of anonymous communication in the Universally Composable framework that abstracts the essential properties of onion routing in the presence of an active adversary that controls a portion of the network and knows all a priori distributions on user choices of destination. Our results quantify how much the adversary can gain in identifying users by exploiting knowledge of their probabilistic behavior. In particular, we show that, in the limit as the network gets large, a user u's anonymity is worst either when the other users always choose the destination u is least likely to visit or when the other users always choose the destination u chooses. This worst-case anonymity with an adversary that controls a fraction b of the routers is shown to be comparable to the best-case anonymity against an adversary that controls a fraction \surdb., Comment: Extended abstract appeared in Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society (WPES 2007)
Published: 2011

197. Effectiveness and detection of denial of service attacks in Tor

Author: Danner, Norman, DeFabbia-Kane, Sam, Krizanc, Danny, and Liberatore, Marc
Subjects: Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture, C.2.0, K.4.1
Abstract: Tor is currently one of the more popular systems for anonymizing near real-time communications on the Internet. Recently, Borisov et al. proposed a denial of service based attack on Tor (and related systems) that significantly increases the probability of compromising the anonymity provided. In this paper, we analyze the effectiveness of the attack using both an analytic model and simulation. We also describe two algorithms for detecting such attacks, one deterministic and proved correct, the other probabilistic and verified in simulation., Comment: Author-prepared journal version
Published: 2011
Full Text: View/download PDF

198. Securing Tor Tunnels under the Selective-DoS Attack

Author: Das, Anupam and Borisov, Nikita
Subjects: Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture, C.2.0, C.2.4
Abstract: Anonymous communication systems are subject to selective denial-of-service (DoS) attacks. Selective DoS attacks lower anonymity as they force paths to be rebuilt multiple times to ensure delivery which increases the opportunity for more attack. In this paper we present a detection algorithm that filters out compromised communication channels for one of the most widely used anonymity networks, Tor. Our detection algorithm uses two levels of probing to filter out potentially compromised tunnels. We perform probabilistic analysis and extensive simulation to show the robustness of our detection algorithm. We also analyze the overhead of our detection algorithm and show that we can achieve satisfactory security guarantee for reasonable communication overhead (5% of the total available Tor bandwidth in the worst case). Real world experiments reveal that our detection algorithm provides good defense against selective DoS attack.
Published: 2011

199. Multifaceted Faculty Network Design and Management: Practice and Experience Report

Author: Assels, Michael J., Echtner, Dana, Spanner, Michael, Mokhov, Serguei A., Carrière, François, and Taveroff, Manny
Subjects: Computer Science - Networking and Internet Architecture, Computer Science - Cryptography and Security, C.2.0, C.2.3, C.2.1, C.2.5, C.2.6
Abstract: We report on our experience on multidimensional aspects of our faculty's network design and management, including some unique aspects such as campus-wide VLANs and ghosting, security and monitoring, switching and routing, and others. We outline a historical perspective on certain research, design, and development decisions and discuss the network topology, its scalability, and management in detail; the services our network provides, and its evolution. We overview the security aspects of the management as well as data management and automation and the use of the data by other members of the IT group in the faculty., Comment: 19 pages, 11 figures, TOC and index; a short version presented at C3S2E'11; v6: more proofreading, index, TOC, references
Published: 2011
Full Text: View/download PDF

200. Location Cheating: A Security Challenge to Location-based Social Network Services

Author: He, Wenbo, Liu, Xue, and Ren, Mai
Subjects: Computer Science - Social and Information Networks, Computer Science - Cryptography and Security, C.2.0
Abstract: Location-based mobile social network services such as foursquare and Gowalla have grown exponentially over the past several years. These location-based services utilize the geographical position to enrich user experiences in a variety of contexts, including location-based searching and location-based mobile advertising. To attract more users, the location-based mobile social network services provide real-world rewards to the user, when a user checks in at a certain venue or location. This gives incentives for users to cheat on their locations. In this report, we investigate the threat of location cheating attacks, find the root cause of the vulnerability, and outline the possible defending mechanisms. We use foursquare as an example to introduce a novel location cheating attack, which can easily pass the current location verification mechanism (e.g., cheater code of foursquare). We also crawl the foursquare website. By analyzing the crawled data, we show that automated large scale cheating is possible. Through this work, we aim to call attention to location cheating in mobile social network services and provide insights into the defending mechanisms., Comment: 10 pages, 8 figures, accepted by the 31st International Conference on Distributed Computing Systems (ICDCS 2011)
Published: 2011

Searchworks

Select search scope, currently: Articles Catalog books, media & more in Jio Institute collections Articles journal articles & other e-resources

Search

Search Constraints

Refine your results

Search Limiters

Topic

Publication Year Range

Language

Publication Type

Journal

Database

Publisher

735 results on '"C.2.0"'

Search Results

Catalog

Select search scope, currently: Articles

Catalog

books, media & more in Jio Institute collections

Articles

journal articles & other e-resources