16 research outputs found
TORKAMELEON. IMPROVING TOR’S CENSORSHIP RESISTANCE WITH K-ANONYMIZATION MEDIA MORPHING COVERT INPUT CHANNELS
Anonymity networks such as Tor and other related tools are powerful means of increas-
ing the anonymity and privacy of Internet users’ communications. Tor is currently the
most widely used solution by whistleblowers to disclose confidential information and
denounce censorship measures, including violations of civil rights, freedom of expres-
sion, or guarantees of free access to information. However, recent research studies have
shown that Tor is vulnerable to so-called powerful correlation attacks carried out by
global adversaries or collaborative Internet censorship parties. In the Tor ”arms race”
scenario, we can see that as new censorship, surveillance, and deep correlation tools have
been researched, new, improved solutions for preserving anonymity have also emerged.
In recent research proposals, unobservable encapsulation of IP packets in covert media
channels is one of the most promising defenses against such threat models. They leverage
WebRTC-based covert channels as a robust and practical approach against powerful traf-
fic correlation analysis. At the same time, these solutions are difficult to combat through
the traffic-blocking measures commonly used by censorship authorities.
In this dissertation, we propose TorKameleon, a censorship evasion solution de-
signed to protect Tor users with increased censorship resistance against powerful traffic
correlation attacks executed by global adversaries. The system is based on flexible K-
anonymization input circuits that can support TLS tunneling and WebRTC-based covert
channels before forwarding users’ original input traffic to the Tor network. Our goal
is to protect users from machine and deep learning correlation attacks between incom-
ing user traffic and observed traffic at different Tor network relays, such as middle and
egress relays. TorKameleon is the first system to implement a Tor pluggable transport
based on parameterizable TLS tunneling and WebRTC-based covert channels. We have
implemented the TorKameleon prototype and performed extensive validations to ob-
serve the correctness and experimental performance of the proposed solution in the Tor
environment. With these evaluations, we analyze the necessary tradeoffs between the
performance of the standard Tor network and the achieved effectiveness and performance
of TorKameleon, capable of preserving the required unobservability properties.Redes de anonimização como o Tor e soluções ou ferramentas semelhantes são meios
poderosos de aumentar a anonimidade e a privacidade das comunicações de utilizadores
da Internet . O Tor é atualmente a rede de anonimato mais utilizada por delatores para
divulgar informações confidenciais e denunciar medidas de censura tais como violações
de direitos civis e da liberdade de expressão, ou falhas nas garantias de livre acesso à
informação. No entanto, estudos recentes mostram que o Tor é vulnerável a adversários
globais ou a entidades que colaboram entre si para garantir a censura online. Neste
cenário competitivo e de jogo do “gato e do rato”, é possível verificar que à medida que
novas soluções de censura e vigilância são investigadas, novos sistemas melhorados para
a preservação de anonimato são também apresentados e refinados. O encapsulamento de
pacotes IP em túneis encapsulados em protocolos de media são uma das mais promissoras
soluções contra os novos modelos de ataque à anonimidade. Estas soluções alavancam
canais encobertos em protocolos de media baseados em WebRTC para resistir a poderosos
ataques de correlação de tráfego e a medidas de bloqueios normalmente usadas pelos
censores.
Nesta dissertação propomos o TorKameleon, uma solução desenhada para protoger
os utilizadores da rede Tor contra os mais recentes ataques de correlação feitos por um
modelo de adversário global. O sistema é baseado em estratégias de anonimização e
reencaminhamento do tráfego do utilizador através de K nós, utilizando também encap-
sulamento do tráfego em canais encobertos em túneis TLS ou WebRTC. O nosso objetivo
é proteger os utilizadores da rede Tor de ataques de correlação implementados através
de modelos de aprendizagem automática feitos entre o tráfego do utilizador que entra
na rede Tor e esse mesmo tráfego noutro segmento da rede, como por exemplo nos nós
de saída da rede. O TorKameleon é o primeiro sistema a implementar um Tor pluggable
transport parametrizável, baseado em túneis TLS ou em canais encobertos em protocolos
media. Implementamos um protótipo do sistema e realizamos uma extensa avalição expe-
rimental, inserindo a solução no ambiente da rede Tor. Com base nestas avaliações, anali-
zamos o tradeoff necessário entre a performance da rede Tor e a eficácia e a performance
obtida do TorKameleon, que garante as propriedades de preservação de anonimato
Recommended from our members
Cyberattacks and security of cloud computing: a complete guideline
Cloud computing is an innovative technique that offers shared resources for stock cache and server management. Cloud computing saves time and monitoring costs for any organization and turns technological solutions for large-scale systems into server-to-service frameworks. However, just like any other technology, cloud computing opens up many forms of security threats and problems. In this work, we focus on discussing different cloud models and cloud services, respectively. Next, we discuss the security trends in the cloud models. Taking these security trends into account, we move to security problems, including data breaches, data confidentiality, data access controllability, authentication, inadequate diligence, phishing, key exposure, auditing, privacy preservability, and cloud-assisted IoT applications. We then propose security attacks and countermeasures specifically for the different cloud models based on the security trends and problems. In the end, we pinpoint some of the futuristic directions and implications relevant to the security of cloud models. The future directions will help researchers in academia and industry work toward cloud computing security
An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector
The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes
Cyberattacks and Security of Cloud Computing: A Complete Guideline
Cloud computing is an innovative technique that offers shared resources for stock cache and server management. Cloud computing saves time and monitoring costs for any organization and turns technological solutions for large-scale systems into server-to-service frameworks. However, just like any other technology, cloud computing opens up many forms of security threats and problems. In this work, we focus on discussing different cloud models and cloud services, respectively. Next, we discuss the security trends in the cloud models. Taking these security trends into account, we move to security problems, including data breaches, data confidentiality, data access controllability, authentication, inadequate diligence, phishing, key exposure, auditing, privacy preservability, and cloud-assisted IoT applications. We then propose security attacks and countermeasures specifically for the different cloud models based on the security trends and problems. In the end, we pinpoint some of the futuristic directions and implications relevant to the security of cloud models. The future directions will help researchers in academia and industry work toward cloud computing security
Fuzzy Logic
The capability of Fuzzy Logic in the development of emerging technologies is introduced in this book. The book consists of sixteen chapters showing various applications in the field of Bioinformatics, Health, Security, Communications, Transportations, Financial Management, Energy and Environment Systems. This book is a major reference source for all those concerned with applied intelligent systems. The intended readers are researchers, engineers, medical practitioners, and graduate students interested in fuzzy logic systems
Mobile Edge Computing
This is an open access book. It offers comprehensive, self-contained knowledge on Mobile Edge Computing (MEC), which is a very promising technology for achieving intelligence in the next-generation wireless communications and computing networks. The book starts with the basic concepts, key techniques and network architectures of MEC. Then, we present the wide applications of MEC, including edge caching, 6G networks, Internet of Vehicles, and UAVs. In the last part, we present new opportunities when MEC meets blockchain, Artificial Intelligence, and distributed machine learning (e.g., federated learning). We also identify the emerging applications of MEC in pandemic, industrial Internet of Things and disaster management. The book allows an easy cross-reference owing to the broad coverage on both the principle and applications of MEC. The book is written for people interested in communications and computer networks at all levels. The primary audience includes senior undergraduates, postgraduates, educators, scientists, researchers, developers, engineers, innovators and research strategists
Wide spectrum attribution: Using deception for attribution intelligence in cyber attacks
Modern cyber attacks have evolved considerably. The skill level required to conduct
a cyber attack is low. Computing power is cheap, targets are diverse and plentiful.
Point-and-click crimeware kits are widely circulated in the underground economy, while
source code for sophisticated malware such as Stuxnet is available for all to download
and repurpose. Despite decades of research into defensive techniques, such as firewalls,
intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful
cyber attacks continues to increase, as does the number of vulnerabilities identified.
Measures to identify perpetrators, known as attribution, have existed for as long as there
have been cyber attacks. The most actively researched technical attribution techniques
involve the marking and logging of network packets. These techniques are performed
by network devices along the packet journey, which most often requires modification of
existing router hardware and/or software, or the inclusion of additional devices. These
modifications require wide-scale infrastructure changes that are not only complex and
costly, but invoke legal, ethical and governance issues. The usefulness of these techniques
is also often questioned, as attack actors use multiple stepping stones, often innocent
systems that have been compromised, to mask the true source. As such, this thesis
identifies that no publicly known previous work has been deployed on a wide-scale basis
in the Internet infrastructure.
This research investigates the use of an often overlooked tool for attribution: cyber de-
ception. The main contribution of this work is a significant advancement in the field of
deception and honeypots as technical attribution techniques. Specifically, the design and
implementation of two novel honeypot approaches; i) Deception Inside Credential Engine
(DICE), that uses policy and honeytokens to identify adversaries returning from different
origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive
honeynet framework that uses actor-dependent triggers to modify the honeynet envi-
ronment, to engage the adversary, increasing the quantity and diversity of interactions.
The two approaches are based on a systematic review of the technical attribution litera-
ture that was used to derive a set of requirements for honeypots as technical attribution
techniques. Both approaches lead the way for further research in this field
Security and Privacy for Modern Wireless Communication Systems
The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks
Cybersecurity and the Digital Health: An Investigation on the State of the Art and the Position of the Actors
Cybercrime is increasingly exposing the health domain to growing risk. The push towards a strong connection of citizens to health services, through digitalization, has undisputed advantages. Digital health allows remote care, the use of medical devices with a high mechatronic and IT content with strong automation, and a large interconnection of hospital networks with an increasingly effective exchange of data. However, all this requires a great cybersecurity commitment—a commitment that must start with scholars in research and then reach the stakeholders. New devices and technological solutions are increasingly breaking into healthcare, and are able to change the processes of interaction in the health domain. This requires cybersecurity to become a vital part of patient safety through changes in human behaviour, technology, and processes, as part of a complete solution. All professionals involved in cybersecurity in the health domain were invited to contribute with their experiences. This book contains contributions from various experts and different fields. Aspects of cybersecurity in healthcare relating to technological advance and emerging risks were addressed. The new boundaries of this field and the impact of COVID-19 on some sectors, such as mhealth, have also been addressed. We dedicate the book to all those with different roles involved in cybersecurity in the health domain