oalib

Publish in OALib Journal

ISSN: 2333-9721

APC: Only $99

Submit

Any time

2017 ( 1 )

2015 ( 77 )

2014 ( 58 )

2013 ( 58 )

Custom range...

Search Results: 1 - 10 of 718 matches for " Nikita Borisov "
All listed articles are free for downloading (OA Articles)
Page 1 /718
Display every page Item
Securing Tor Tunnels under the Selective-DoS Attack
Anupam Das,Nikita Borisov
Computer Science , 2011,
Abstract: Anonymous communication systems are subject to selective denial-of-service (DoS) attacks. Selective DoS attacks lower anonymity as they force paths to be rebuilt multiple times to ensure delivery which increases the opportunity for more attack. In this paper we present a detection algorithm that filters out compromised communication channels for one of the most widely used anonymity networks, Tor. Our detection algorithm uses two levels of probing to filter out potentially compromised tunnels. We perform probabilistic analysis and extensive simulation to show the robustness of our detection algorithm. We also analyze the overhead of our detection algorithm and show that we can achieve satisfactory security guarantee for reasonable communication overhead (5% of the total available Tor bandwidth in the worst case). Real world experiments reveal that our detection algorithm provides good defense against selective DoS attack.
BotMosaic: Collaborative Network Watermark for Botnet Detection
Amir Houmansadr,Nikita Borisov
Computer Science , 2012,
Abstract: Recent research has made great strides in the field of detecting botnets. However, botnets of all kinds continue to plague the Internet, as many ISPs and organizations do not deploy these techniques. We aim to mitigate this state by creating a very low-cost method of detecting infected bot host. Our approach is to leverage the botnet detection work carried out by some organizations to easily locate collaborating bots elsewhere. We created BotMosaic as a countermeasure to IRC-based botnets. BotMosaic relies on captured bot instances controlled by a watermarker, who inserts a particular pattern into their network traffic. This pattern can then be detected at a very low cost by client organizations and the watermark can be tuned to provide acceptable false-positive rates. A novel feature of the watermark is that it is inserted collaboratively into the flows of multiple captured bots at once, in order to ensure the signal is strong enough to be detected. BotMosaic can also be used to detect stepping stones and to help trace back to the botmaster. It is content agnostic and can operate on encrypted traffic. We evaluate BotMosaic using simulations and a testbed deployment.
Octopus: A Secure and Anonymous DHT Lookup
Qiyan Wang,Nikita Borisov
Computer Science , 2012,
Abstract: Distributed Hash Table (DHT) lookup is a core technique in structured peer-to-peer (P2P) networks. Its decentralized nature introduces security and privacy vulnerabilities for applications built on top of them; we thus set out to design a lookup mechanism achieving both security and anonymity, heretofore an open problem. We present Octopus, a novel DHT lookup which provides strong guarantees for both security and anonymity. Octopus uses attacker identification mechanisms to discover and remove malicious nodes, severely limiting an adversary's ability to carry out active attacks, and splits lookup queries over separate anonymous paths and introduces dummy queries to achieve high levels of anonymity. We analyze the security of Octopus by developing an event-based simulator to show that the attacker discovery mechanisms can rapidly identify malicious nodes with low error rate. We calculate the anonymity of Octopus using probabilistic modeling and show that Octopus can achieve near-optimal anonymity. We evaluate Octopus's efficiency on Planetlab with 207 nodes and show that Octopus has reasonable lookup latency and manageable communication overhead.
PIRATTE: Proxy-based Immediate Revocation of ATTribute-based Encryption
Sonia Jahid,Nikita Borisov
Computer Science , 2012,
Abstract: Access control to data in traditional enterprises is typically enforced through reference monitors. However, as more and more enterprise data is outsourced, trusting third party storage servers is getting challenging. As a result, cryptography, specifically Attribute-based encryption (ABE) is getting popular for its expressiveness. The challenge of ABE is revocation. To address this challenge, we propose PIRATTE, an architecture that supports fine-grained access control policies and dynamic group membership. PIRATTE is built using attribute-based encryption; a key and novel feature of our architecture, however, is that it is possible to remove access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. We achieve this by introducing a proxy that participates in the decryption process and enforces revocation constraints. The proxy is minimally trusted and cannot decrypt ciphertexts or provide access to previously revoked users. We describe the PIRATTE construction and provide a security analysis along with performance evaluation.We also describe an architecture for online social network that can use PIRATTE, and prototype application of PIRATTE on Facebook.
X-Vine: Secure and Pseudonymous Routing Using Social Networks
Prateek Mittal,Matthew Caesar,Nikita Borisov
Computer Science , 2011,
Abstract: Distributed hash tables suffer from several security and privacy vulnerabilities, including the problem of Sybil attacks. Existing social network-based solutions to mitigate the Sybil attacks in DHT routing have a high state requirement and do not provide an adequate level of privacy. For instance, such techniques require a user to reveal their social network contacts. We design X-Vine, a protection mechanism for distributed hash tables that operates entirely by communicating over social network links. As with traditional peer-to-peer systems, X-Vine provides robustness, scalability, and a platform for innovation. The use of social network links for communication helps protect participant privacy and adds a new dimension of trust absent from previous designs. X-Vine is resilient to denial of service via Sybil attacks, and in fact is the first Sybil defense that requires only a logarithmic amount of state per node, making it suitable for large-scale and dynamic settings. X-Vine also helps protect the privacy of users social network contacts and keeps their IP addresses hidden from those outside of their social circle, providing a basis for pseudonymous communication. We first evaluate our design with analysis and simulations, using several real world large-scale social networking topologies. We show that the constraints of X-Vine allow the insertion of only a logarithmic number of Sybil identities per attack edge; we show this mitigates the impact of malicious attacks while not affecting the performance of honest nodes. Moreover, our algorithms are efficient, maintain low stretch, and avoid hot spots in the network. We validate our design with a PlanetLab implementation and a Facebook plugin.
Non-blind watermarking of network flows
Amir Houmansadr,Negar Kiyavash,Nikita Borisov
Computer Science , 2012,
Abstract: Linking network flows is an important problem in intrusion detection as well as anonymity. Passive traffic analysis can link flows but requires long periods of observation to reduce errors. Active traffic analysis, also known as flow watermarking, allows for better precision and is more scalable. Previous flow watermarks introduce significant delays to the traffic flow as a side effect of using a blind detection scheme; this enables attacks that detect and remove the watermark, while at the same time slowing down legitimate traffic. We propose the first non-blind approach for flow watermarking, called RAINBOW, that improves watermark invisibility by inserting delays hundreds of times smaller than previous blind watermarks, hence reduces the watermark interference on network flows. We derive and analyze the optimum detectors for RAINBOW as well as the passive traffic analysis under different traffic models by using hypothesis testing. Comparing the detection performance of RAINBOW and the passive approach we observe that both RAINBOW and passive traffic analysis perform similarly good in the case of uncorrelated traffic, however, the RAINBOW detector drastically outperforms the optimum passive detector in the case of correlated network flows. This justifies the use of non-blind watermarks over passive traffic analysis even though both approaches have similar scalability constraints. We confirm our analysis by simulating the detectors and testing them against large traces of real network flows.
Multi-Flow Attacks Against Network Flow Watermarks: Analysis and Countermeasures
Negar Kiyavash,Amir Houmansadr,Nikita Borisov
Computer Science , 2012,
Abstract: In this paper, we analyze several recent schemes for watermarking network flows that are based on splitting the flow into timing intervals. We show that this approach creates time-dependent correlations that enable an attack that combines multiple watermarked flows. Such an attack can easily be mounted in nearly all applications of network flow watermarking, both in anonymous communication and stepping stone detection. The attack can be used to detect the presence of a watermark, recover the secret parameters, and remove the watermark from a flow. The attack can be effective even if different flows are marked with different values of a watermark. We analyze the efficacy of our attack using a probabilistic model and a Markov-Modulated Poisson Process (MMPP) model of interactive traffic. We also implement our attack and test it using both synthetic and real-world traces, showing that our attack is effective with as few as 10 watermarked flows. Finally, we propose possible countermeasures to defeat the multi-flow attack.
Pisces: Anonymous Communication Using Social Networks
Prateek Mittal,Matthew Wright,Nikita Borisov
Computer Science , 2012,
Abstract: The architectures of deployed anonymity systems such as Tor suffer from two key problems that limit user's trust in these systems. First, paths for anonymous communication are built without considering trust relationships between users and relays in the system. Second, the network architecture relies on a set of centralized servers. In this paper, we propose Pisces, a decentralized protocol for anonymous communications that leverages users' social links to build circuits for onion routing. We argue that such an approach greatly improves the system's resilience to attackers. A fundamental challenge in this setting is the design of a secure process to discover peers for use in a user's circuit. All existing solutions for secure peer discovery leverage structured topologies and cannot be applied to unstructured social network topologies. In Pisces, we discover peers by using random walks in the social network graph with a bias away from highly connected nodes to prevent a few nodes from dominating the circuit creation process. To secure the random walks, we leverage the reciprocal neighbor policy: if malicious nodes try to exclude honest nodes during peer discovery so as to improve the chance of being selected, then honest nodes can use a tit-for-tat approach and reciprocally exclude the malicious nodes from their routing tables. We describe a fully decentralized protocol for enforcing this policy, and use it to build the Pisces anonymity system. Using theoretical modeling and experiments on real-world social network topologies, we show that (a) the reciprocal neighbor policy mitigates active attacks that an adversary can perform, (b) our decentralized protocol to enforce this policy is secure and has low overhead, and (c) the overall anonymity provided by our system significantly outperforms existing approaches.
Fingerprinting Smart Devices Through Embedded Acoustic Components
Anupam Das,Nikita Borisov,Matthew Caesar
Computer Science , 2014,
Abstract: The widespread use of smart devices gives rise to both security and privacy concerns. Fingerprinting smart devices can assist in authenticating physical devices, but it can also jeopardize privacy by allowing remote identification without user awareness. We propose a novel fingerprinting approach that uses the microphones and speakers of smart phones to uniquely identify an individual device. During fabrication, subtle imperfections arise in device microphones and speakers which induce anomalies in produced and received sounds. We exploit this observation to fingerprint smart devices through playback and recording of audio samples. We use audio-metric tools to analyze and explore different acoustic features and analyze their ability to successfully fingerprint smart devices. Our experiments show that it is even possible to fingerprint devices that have the same vendor and model; we were able to accurately distinguish over 93% of all recorded audio clips from 15 different units of the same model. Our study identifies the prominent acoustic features capable of fingerprinting devices with high success rate and examines the effect of background noise and other variables on fingerprinting accuracy.
Exploring Ways To Mitigate Sensor-Based Smartphone Fingerprinting
Anupam Das,Nikita Borisov,Matthew Caesar
Computer Science , 2015,
Abstract: Modern smartphones contain motion sensors, such as accelerometers and gyroscopes. These sensors have many useful applications; however, they can also be used to uniquely identify a phone by measuring anomalies in the signals, which are a result from manufacturing imperfections. Such measurements can be conducted surreptitiously in the browser and can be used to track users across applications, websites, and visits. We analyze techniques to mitigate such device fingerprinting either by calibrating the sensors to eliminate the signal anomalies, or by adding noise that obfuscates the anomalies. To do this, we first develop a highly accurate fingerprinting mechanism that combines multiple motion sensors and makes use of (inaudible) audio stimulation to improve detection. We then collect measurements from a large collection of smartphones and evaluate the impact of calibration and obfuscation techniques on the classifier accuracy.
Page 1 /718
Display every page Item


Home
Copyright © 2008-2017 Open Access Library. All rights reserved.