70 research outputs found
Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
The IoT (Internet of Things) technology has been widely adopted in recent
years and has profoundly changed the people's daily lives. However, in the
meantime, such a fast-growing technology has also introduced new privacy
issues, which need to be better understood and measured. In this work, we look
into how private information can be leaked from network traffic generated in
the smart home network. Although researchers have proposed techniques to infer
IoT device types or user behaviors under clean experiment setup, the
effectiveness of such approaches become questionable in the complex but
realistic network environment, where common techniques like Network Address and
Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic
analysis using traditional methods (e.g., through classical machine-learning
models) is much less effective under those settings, as the features picked
manually are not distinctive any more. In this work, we propose a traffic
analysis framework based on sequence-learning techniques like LSTM and
leveraged the temporal relations between packets for the attack of device
identification. We evaluated it under different environment settings (e.g.,
pure-IoT and noisy environment with multiple non-IoT devices). The results
showed our framework was able to differentiate device types with a high
accuracy. This result suggests IoT network communications pose prominent
challenges to users' privacy, even when they are protected by encryption and
morphed by the network gateway. As such, new privacy protection methods on IoT
traffic need to be developed towards mitigating this new issue
Tor Circuit Fingerprinting: Attacks and Defenses
Στην παρούσα διπλωματική εργασία θα μελετήσουμε το δίκτυο ανωνυμίας tor και την διαρροή ιδιωτικότητας μέσω fingerprinting attacks εστιάζοντας στο κομμάτι των hidden services που παρέχει το tor. Το tor είναι το μεγαλύτερο και πιο χρησιμοποιούμενο σύστημα ανωνυμίας, σχεδιασμένο κατά ρεαλιστικών σύγχρονων αντιπάλων. Σε πρόσφατες έρευνες έχει παρουσιαστεί η επιτυχία fingerprinting επιθέσεων ενάντια στο tor μέσω την ανάλυσης της ροής των δεδομένων που παράγονται κατά την διάρκεια της ανώνυμης επικοινωνίας.
Η online ανωνυμία και ιδιωτικότητα επιτυγχάνεται με την παρουσία θορύβου στο δίκτυο, αναγκάζοντας τον επιτιθέμενο να μην είναι σε θέση να ξεχωρίσει και κατηγοριοποιήσει την κίνηση του δικτύου όταν και εφόσον είναι σε θέση να την παρατηρήσει. Μελετώντας προηγούμενες έρευνες, θα παρουσιάσουμε ότι τέτοιες επιθέσεις είναι εφικτές ακόμα και όταν το traffic σε application layer επίπεδο είναι ομοιόμορφο χωρίς ιδιαίτερα patterns που μπορούν να οδηγήσουν τον επιτιθέμενο σε άμεσα συμπεράσματα.
Σε συνδυασμό με την ανάλυση των επιθέσεων προτείνουμε και αξιολογούμε κάποια defenses που μπορούν να εφαρμοστούν στην ροή της επικοινωνίας και βασίζονται στο ήδη υλοποιημένο defense framework του tor.This thesis studies tor anonymity network circuit fingerprinting problem focusing on the hidden services scope. Tor is the largest and most-used deployed anonymity system, designed against realistic modern adversaries. In recent researches, it has been proved that fingerprint Tor’s circuits is possible, simply by capturing and analyzing traffic traces.
Online anonymity and privacy has been based on confusing the adversary by reating indistinguishable network elements. We study the circuit fingerprinting problem, isolating it from website fingerprinting, and revisit previous findings in this model, showing that accurate attacks are possible even when the application-layer traffic is identical.
We propose a defense against circuit fingerprinting, using a generic adaptive padding framework that has already been implemented on Tor. We thoroughly evaluate the defense, discovering new subtle fingerprints, but also showing the effectiveness of the defense
Short Paper: Blockcheck the Typechain
Recent efforts have sought to design new smart contract programming languages that make writing blockchain programs safer. But programs on the blockchain are beholden only to the safety properties enforced by the blockchain itself: even the strictest language-only properties can be rendered moot on a language-oblivious blockchain due to inter-contract interactions. Consequently, while safer languages are a necessity, fully realizing their benefits necessitates a language-aware redesign of the blockchain itself. To this end, we propose that the blockchain be viewed as a typechain: a chain of typed programs-not arbitrary blocks-that are included iff they typecheck against the existing chain. Reaching consensus, or blockchecking, validates typechecking in a byzantine fault-tolerant manner. Safety properties traditionally enforced by a runtime are instead enforced by a type system with the aim of statically capturing smart contract correctness. To provide a robust level of safety, we contend that a typechain must minimally guarantee (1) asset linearity and liveness, (2) physical resource availability, including CPU and memory, (3) exceptionless execution, or no early termination, (4) protocol conformance, or adherence to some state machine, and (5) inter-contract safety, including reentrancy safety. Despite their exacting nature, typechains are extensible, allowing for rich libraries that extend the set of verified properties. We expand on typechain properties and present examples of real-world bugs they prevent
- …