8,794 research outputs found
Systemization of Pluggable Transports for Censorship Resistance
An increasing number of countries implement Internet censorship at different
scales and for a variety of reasons. In particular, the link between the
censored client and entry point to the uncensored network is a frequent target
of censorship due to the ease with which a nation-state censor can control it.
A number of censorship resistance systems have been developed thus far to help
circumvent blocking on this link, which we refer to as link circumvention
systems (LCs). The variety and profusion of attack vectors available to a
censor has led to an arms race, leading to a dramatic speed of evolution of
LCs. Despite their inherent complexity and the breadth of work in this area,
there is no systematic way to evaluate link circumvention systems and compare
them against each other. In this paper, we (i) sketch an attack model to
comprehensively explore a censor's capabilities, (ii) present an abstract model
of a LC, a system that helps a censored client communicate with a server over
the Internet while resisting censorship, (iii) describe an evaluation stack
that underscores a layered approach to evaluate LCs, and (iv) systemize and
evaluate existing censorship resistance systems that provide link
circumvention. We highlight open challenges in the evaluation and development
of LCs and discuss possible mitigations.Comment: Content from this paper was published in Proceedings on Privacy
Enhancing Technologies (PoPETS), Volume 2016, Issue 4 (July 2016) as "SoK:
Making Sense of Censorship Resistance Systems" by Sheharbano Khattak, Tariq
Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch and Ian Goldberg
(DOI 10.1515/popets-2016-0028
Before the consummation what? On the role of the semiotic economy of seduction
The cultural practice of flirtation has been multifariously scrutinized in
various disciplines including sociology, psychology, psychoanalysis and
literary studies. This paper frames the field of flirtation in Bourdieuian terms,
while focusing narrowly on the semiotic economy that is defining of this
cultural field. Moreover, seduction, as a uniquely varied form of discourse
that is responsible for producing the cultural field of flirtation, is posited as
the missing link for understanding why flirtation may be a peculiar case of
non-habitus, contrary to the received notion of cultural field as set of goaloriented
practices and actionable habituses. This argument is pursued by
highlighting the endemic traits of ambivalence and constant reversibility of
signs or multimodal semiotic constellations in the discourse of seduction,
while seeking to demonstrate that seduction, and by implication the cultural
field of flirtation, does not necessarily partake of a teleological framework
that is geared towards the consummation of sexual desire. This thesis is
illustrated by recourse to a scene from the blockbuster ‘Hitch’
PRE+: dual of proxy re-encryption for secure cloud data sharing service
With the rapid development of very large, diverse, complex, and distributed datasets generated from internet transactions, emails, videos, business information systems, manufacturing industry, sensors and internet of things etc., cloud and big data computation have emerged as a cornerstone of modern applications. Indeed, on the one hand, cloud and big data applications are becoming a main driver for economic growth. On the other hand, cloud and big data techniques may threaten people and enterprises’ privacy and security due to ever increasing exposure of their data to massive access. In this paper, aiming at providing secure cloud data sharing services in cloud storage, we propose a scalable and controllable cloud data sharing framework for cloud users (called: Scanf). To this end, we introduce a new cryptographic primitive, namely, PRE+, which can be seen as the dual of traditional proxy re-encryption (PRE) primitive. All the traditional PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that this is not the only way to generate the re-encryption keys, the encrypter also has the ability to generate re-encryption keys. Based on this observation, we construct a new PRE+ scheme, which is almost the same as the traditional PRE scheme except the re-encryption keys generated by the encrypter. Compared with PRE, our PRE+ scheme can easily achieve the non-transferable property and message-level based fine-grained delegation. Thus our Scanf framework based on PRE+ can also achieve these two properties, which is very important for users of cloud storage sharing service. We also roughly evaluate our PRE+ scheme’s performance and the results show that our scheme is efficient and practica for cloud data storage applications.Peer ReviewedPostprint (author's final draft
On the Security of the (F)HMQV Protocol
International audienceThe HMQV protocol is under consideration for IEEE P1363 standardization. We provide a complementary analysis of the HMQV protocol. Namely, we point a Key Compromise Impersonation (KCI) attack showing that the two and three pass HMQV protocols cannot achieve their security goals. Next, we revisit the FHMQV building blocks, design and security arguments; we clarify the security and efficiency separation between HMQV and FHMQV, showing the advantages of FH-MQV over HMQV
Solving key design issues for massively multiplayer online games on peer-to-peer architectures
Massively Multiplayer Online Games (MMOGs) are increasing in both popularity and
scale on the Internet and are predominantly implemented by Client/Server architectures.
While such a classical approach to distributed system design offers many benefits, it suffers
from significant technical and commercial drawbacks, primarily reliability and scalability
costs. This realisation has sparked recent research interest in adapting MMOGs
to Peer-to-Peer (P2P) architectures.
This thesis identifies six key design issues to be addressed by P2P MMOGs, namely
interest management, event dissemination, task sharing, state persistency, cheating mitigation,
and incentive mechanisms. Design alternatives for each issue are systematically
compared, and their interrelationships discussed. How well representative P2P MMOG
architectures fulfil the design criteria is also evaluated. It is argued that although P2P
MMOG architectures are developing rapidly, their support for task sharing and incentive
mechanisms still need to be improved.
The design of a novel framework for P2P MMOGs, Mediator, is presented. It employs a
self-organising super-peer network over a P2P overlay infrastructure, and addresses the
six design issues in an integrated system. The Mediator framework is extensible, as it
supports flexible policy plug-ins and can accommodate the introduction of new superpeer
roles. Key components of this framework have been implemented and evaluated
with a simulated P2P MMOG.
As the Mediator framework relies on super-peers for computational and administrative
tasks, membership management is crucial, e.g. to allow the system to recover from
super-peer failures. A new technology for this, namely Membership-Aware Multicast
with Bushiness Optimisation (MAMBO), has been designed, implemented and evaluated.
It reuses the communication structure of a tree-based application-level multicast
to track group membership efficiently. Evaluation of a demonstration application shows
i
that MAMBO is able to quickly detect and handle peers joining and leaving. Compared
to a conventional supervision architecture, MAMBO is more scalable, and yet incurs
less communication overheads. Besides MMOGs, MAMBO is suitable for other P2P
applications, such as collaborative computing and multimedia streaming.
This thesis also presents the design, implementation and evaluation of a novel task
mapping infrastructure for heterogeneous P2P environments, Deadline-Driven Auctions
(DDA). DDA is primarily designed to support NPC host allocation in P2P MMOGs, and
specifically in the Mediator framework. However, it can also support the sharing of computational
and interactive tasks with various deadlines in general P2P applications. Experimental
and analytical results demonstrate that DDA efficiently allocates computing
resources for large numbers of real-time NPC tasks in a simulated P2P MMOG with approximately
1000 players. Furthermore, DDA supports gaming interactivity by keeping
the communication latency among NPC hosts and ordinary players low. It also supports
flexible matchmaking policies, and can motivate application participants to contribute
resources to the system
It's about THYME: On the design and implementation of a time-aware reactive storage system for pervasive edge computing environments
This work was partially supported by Fundacao para a Ciencia e a Tecnologia (FCT-MCTES) through project DeDuCe (PTDC/CCI-COM/32166/2017), NOVA LINCS UIDB/04516/2020, and grant SFRH/BD/99486/2014; and by the European Union through project LightKone (grant agreement n. 732505).Nowadays, smart mobile devices generate huge amounts of data in all sorts of gatherings. Much of that data has localized and ephemeral interest, but can be of great use if shared among co-located devices. However, mobile devices often experience poor connectivity, leading to availability issues if application storage and logic are fully delegated to a remote cloud infrastructure. In turn, the edge computing paradigm pushes computations and storage beyond the data center, closer to end-user devices where data is generated and consumed, enabling the execution of certain components of edge-enabled systems directly and cooperatively on edge devices. In this article, we address the challenge of supporting reliable and efficient data storage and dissemination among co-located wireless mobile devices without resorting to centralized services or network infrastructures. We propose THYME, a novel time-aware reactive data storage system for pervasive edge computing environments, that exploits synergies between the storage substrate and the publish/subscribe paradigm. We present the design of THYME and elaborate a three-fold evaluation, through an analytical study, and both simulation and real world experimentations, characterizing the scenarios best suited for its use. The evaluation shows that THYME allows the notification and retrieval of relevant data with low overhead and latency, and also with low energy consumption, proving to be a practical solution in a variety of situations.publishersversionpublishe
Privacy as a Public Good
Privacy is commonly studied as a private good: my personal data is mine to protect and control, and yours is yours. This conception of privacy misses an important component of the policy problem. An individual who is careless with data exposes not only extensive information about herself, but about others as well. The negative externalities imposed on nonconsenting outsiders by such carelessness can be productively studied in terms of welfare economics. If all relevant individuals maximize private benefit, and expect all other relevant individuals to do the same, neoclassical economic theory predicts that society will achieve a suboptimal level of privacy. This prediction holds even if all individuals cherish privacy with the same intensity. As the theoretical literature would have it, the struggle for privacy is destined to become a tragedy.
But according to the experimental public-goods literature, there is hope. Like in real life, people in experiments cooperate in groups at rates well above those predicted by neoclassical theory. Groups can be aided in their struggle to produce public goods by institutions, such as communication, framing, or sanction. With these institutions, communities can manage public goods without heavy-handed government intervention. Legal scholarship has not fully engaged this problem in these terms. In this Article, we explain why privacy has aspects of a public good, and we draw lessons from both the theoretical and the empirical literature on public goods to inform the policy discourse on privacy
- …