Scalable and Anonymous Group Communication

Today\u27s Internet is not designed to protect the privacy of its users against network surveillance, and source and destination of any communication is easily exposed to third party observer. Tor, a volunteer-operated anonymity network, offers low-latency practical performance for unicast anonymous communication without central point of trust. However, Tor is known to be slow and it can not support group communication with scalable performance. Despite the extensive public interest in anonymous group communication, there is no system that provides anonymous group communication without central point of trust. This dissertation presents MTor, a low-latency anonymous group communication system. We construct MTor as an extension to Tor, allowing the construction of multi-source multicast trees on top of the existing Tor infrastructure. MTor does not depend on an external service (e.g., an IRC server or Google Hangouts) to broker the group communication, and avoids central points of failure and trust. MTor\u27s substantial bandwidth savings and graceful scalability enable new classes of anonymous applications that are currently too bandwidth-intensive to be viable through traditional unicast Tor communication---e.g., group file transfer, collaborative editing, streaming video, and real-time audio conferencing. We detail the design of MTor and then analyze its performance and anonymity. By simulating MTor in Shadow and TorPS using realistic models of the live Tor network\u27s topology and recent consensus records from the live Tor network, we show that MTor achieves 29% savings in network bandwidth and 73% reduction in transmission time as compared to the baseline approach for anonymous group communication among 20 group members. We also demonstrate that MTor scales gracefully with the number of group participants, and allows dynamic group composition over time. Importantly, as more Tor users switch to group communication, we show that the overall performance and bandwidth utilization for group communication improves. Finally, we discuss the anonymity implications of MTor and measure its resistance to traffic correlation attacks

Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks

Disertační práce se zabývá kryptografickými protokoly poskytující ochranu soukromí, které jsou určeny pro zabezpečení komunikačních a informačních systémů tvořících heterogenní sítě. Práce se zaměřuje především na možnosti využití nekonvenčních kryptografických prostředků, které poskytují rozšířené bezpečnostní požadavky, jako je například ochrana soukromí uživatelů komunikačního systému. V práci je stanovena výpočetní náročnost kryptografických a matematických primitiv na různých zařízeních, které se podílí na zabezpečení heterogenní sítě. Hlavní cíle práce se zaměřují na návrh pokročilých kryptografických protokolů poskytujících ochranu soukromí. V práci jsou navrženy celkově tři protokoly, které využívají skupinových podpisů založených na bilineárním párování pro zajištění ochrany soukromí uživatelů. Tyto navržené protokoly zajišťují ochranu soukromí a nepopiratelnost po celou dobu datové komunikace spolu s autentizací a integritou přenášených zpráv. Pro navýšení výkonnosti navržených protokolů je využito optimalizačních technik, např. dávkového ověřování, tak aby protokoly byly praktické i pro heterogenní sítě.The dissertation thesis deals with privacy-preserving cryptographic protocols for secure communication and information systems forming heterogeneous networks. The thesis focuses on the possibilities of using non-conventional cryptographic primitives that provide enhanced security features, such as the protection of user privacy in communication systems. In the dissertation, the performance of cryptographic and mathematic primitives on various devices that participate in the security of heterogeneous networks is evaluated. The main objectives of the thesis focus on the design of advanced privacy-preserving cryptographic protocols. There are three designed protocols which use pairing-based group signatures to ensure user privacy. These proposals ensure the protection of user privacy together with the authentication, integrity and non-repudiation of transmitted messages during communication. The protocols employ the optimization techniques such as batch verification to increase their performance and become more practical in heterogeneous networks.

The state of peer-to-peer network simulators

Networking research often relies on simulation in order to test and evaluate new ideas. An important requirement of this process is that results must be reproducible so that other researchers can replicate, validate and extend existing work. We look at the landscape of simulators for research in peer-to-peer (P2P) networks by conducting a survey of a combined total of over 280 papers from before and after 2007 (the year of the last survey in this area), and comment on the large quantity of research using bespoke, closed-source simulators. We propose a set of criteria that P2P simulators should meet, and poll the P2P research community for their agreement. We aim to drive the community towards performing their experiments on simulators that allow for others to validate their results

An Attribute-Based Anonymous Broadcast Encryption Scheme with Adaptive Security in the Standard Model

In broadcast encryption schemes, a distribution center broadcasts an encrypted message to a subset $S$ chosen from a universe of receivers and only the intended users are able to decrypt the message. Most broadcast encryption schemes do not provide anonymity and the identities of target receivers are sent in plaintext. However, in several applications, the authorized users\u27 identities has the same sensitivity as the message itself. YRL, is an anonymous attribute-based broadcast encryption scheme with linear computation, communication and storage overheads in the number of attributes. In this paper, we first propose an attack on the YRL scheme and show that unfortunately the unauthorized receivers can also decrypt the broadcasted message. Next, we propose the Improved-YRL scheme and prove that it achieves anonymity and semantic security under adaptive corruptions in the chosen ciphertext setting. The proof is provided using the dual system encryption technique and is based on three complexity assumptions in composite order bilinear maps. The Improved-YRL scheme is a step forward in solving the long-standing problem of secure and low overhead anonymous broadcast encryption

Optimizing on-demand resource deployment for peer-assisted content delivery

Increasingly, content delivery solutions leverage client resources in exchange for services in a pee-to-peer (P2P) fashion. Such peer-assisted service paradigm promises significant infrastructure cost reduction, but suffers from the unpredictability associated with client resources, which is often exhibited as an imbalance between the contribution and consumption of resources by clients. This imbalance hinders the ability to guarantee a minimum service fidelity of these services to clients especially for real-time applications where content can not be cached. In this thesis, we propose a novel architectural service model that enables the establishment of higher fidelity services through (1) coordinating the content delivery to efficiently utilize the available resources, and (2) leasing the least additional cloud resources, available through special nodes (angels) that join the service on-demand, and only if needed, to complement the scarce resources available through clients. While the proposed service model can be deployed in many settings, this thesis focuses on peer-assisted content delivery applications, in which the scarce resource is typically the upstream capacity of clients. We target three applications that require the delivery of real-time as opposed to stale content. The first application is bulk-synchronous transfer, in which the goal of the system is to minimize the maximum distribution time - the time it takes to deliver the content to all clients in a group. The second application is live video streaming, in which the goal of the system is to maintain a given streaming quality. The third application is Tor, the anonymous onion routing network, in which the goal of the system is to boost performance (increase throughput and reduce latency) throughout the network, and especially for clients running bandwidth-intensive applications. For each of the above applications, we develop analytical models that efficiently allocate the already available resources. They also efficiently allocate additional on-demand resource to achieve a certain level of service. Our analytical models and efficient constructions depend on some simplifying, yet impractical, assumptions. Thus, inspired by our models and constructions, we develop practical techniques that we incorporate into prototypical peer-assisted angel-enabled cloud services. We evaluate these techniques through simulation and/or implementation

Optimizing on-demand resource deployment for peer-assisted content delivery (PhD thesis)

Increasingly, content delivery solutions leverage client resources in exchange for service in a peer-to-peer (P2P) fashion. Such peer-assisted service paradigms promise significant infrastructure cost reduction, but suffer from the unpredictability associated with client resources, which is often exhibited as an imbalance between the contribution and consumption of resources by clients. This imbalance hinders the ability to guarantee a minimum service fidelity of these services to the clients. In this thesis, we propose a novel architectural service model that enables the establishment of higher fidelity services through (1) coordinating the content delivery to optimally utilize the available resources, and (2) leasing the least additional cloud resources, available through special nodes (angels) that join the service on-demand, and only if needed, to complement the scarce resources available through clients. While the proposed service model can be deployed in many settings, this thesis focuses on peer-assisted content delivery applications, in which the scarce resource is typically the uplink capacity of clients. We target three applications that require the delivery of fresh as opposed to stale content. The first application is bulk-synchronous transfer, in which the goal of the system is to minimize the maximum distribution time -- the time it takes to deliver the content to all clients in a group. The second application is live streaming, in which the goal of the system is to maintain a given streaming quality. The third application is Tor, the anonymous onion routing network, in which the goal of the system is to boost performance (increase throughput and reduce latency) throughout the network, and especially for bandwidth-intensive applications. For each of the above applications, we develop mathematical models that optimally allocate the already available resources. They also optimally allocate additional on-demand resource to achieve a certain level of service. Our analytical models and efficient constructions depend on some simplifying, yet impractical, assumptions. Thus, inspired by our models and constructions, we develop practical techniques that we incorporate into prototypical peer-assisted angel-enabled cloud services. We evaluate those techniques through simulation and/or implementation. (Major Advisor: Azer Bestavros

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Content-Aware Multimedia Communications

The demands for fast, economic and reliable dissemination of multimedia information are steadily growing within our society. While people and economy increasingly rely on communication technologies, engineers still struggle with their growing complexity. Complexity in multimedia communication originates from several sources. The most prominent is the unreliability of packet networks like the Internet. Recent advances in scheduling and error control mechanisms for streaming protocols have shown that the quality and robustness of multimedia delivery can be improved significantly when protocols are aware of the content they deliver. However, the proposed mechanisms require close cooperation between transport systems and application layers which increases the overall system complexity. Current approaches also require expensive metrics and focus on special encoding formats only. A general and efficient model is missing so far. This thesis presents efficient and format-independent solutions to support cross-layer coordination in system architectures. In particular, the first contribution of this work is a generic dependency model that enables transport layers to access content-specific properties of media streams, such as dependencies between data units and their importance. The second contribution is the design of a programming model for streaming communication and its implementation as a middleware architecture. The programming model hides the complexity of protocol stacks behind simple programming abstractions, but exposes cross-layer control and monitoring options to application programmers. For example, our interfaces allow programmers to choose appropriate failure semantics at design time while they can refine error protection and visibility of low-level errors at run-time. Based on some examples we show how our middleware simplifies the integration of stream-based communication into large-scale application architectures. An important result of this work is that despite cross-layer cooperation, neither application nor transport protocol designers experience an increase in complexity. Application programmers can even reuse existing streaming protocols which effectively increases system robustness.Der Bedarf unsere Gesellschaft nach kostengünstiger und zuverlässiger Kommunikation wächst stetig. Während wir uns selbst immer mehr von modernen Kommunikationstechnologien abhängig machen, müssen die Ingenieure dieser Technologien sowohl den Bedarf nach schneller Einführung neuer Produkte befriedigen als auch die wachsende Komplexität der Systeme beherrschen. Gerade die Übertragung multimedialer Inhalte wie Video und Audiodaten ist nicht trivial. Einer der prominentesten Gründe dafür ist die Unzuverlässigkeit heutiger Netzwerke, wie z.B.~dem Internet. Paketverluste und schwankende Laufzeiten können die Darstellungsqualität massiv beeinträchtigen. Wie jüngste Entwicklungen im Bereich der Streaming-Protokolle zeigen, sind jedoch Qualität und Robustheit der Übertragung effizient kontrollierbar, wenn Streamingprotokolle Informationen über den Inhalt der transportierten Daten ausnutzen. Existierende Ansätze, die den Inhalt von Multimediadatenströmen beschreiben, sind allerdings meist auf einzelne Kompressionsverfahren spezialisiert und verwenden berechnungsintensive Metriken. Das reduziert ihren praktischen Nutzen deutlich. Außerdem erfordert der Informationsaustausch eine enge Kooperation zwischen Applikationen und Transportschichten. Da allerdings die Schnittstellen aktueller Systemarchitekturen nicht darauf vorbereitet sind, müssen entweder die Schnittstellen erweitert oder alternative Architekturkonzepte geschaffen werden. Die Gefahr beider Varianten ist jedoch, dass sich die Komplexität eines Systems dadurch weiter erhöhen kann. Das zentrale Ziel dieser Dissertation ist es deshalb, schichtenübergreifende Koordination bei gleichzeitiger Reduzierung der Komplexität zu erreichen. Hier leistet die Arbeit zwei Beträge zum aktuellen Stand der Forschung. Erstens definiert sie ein universelles Modell zur Beschreibung von Inhaltsattributen, wie Wichtigkeiten und Abhängigkeitsbeziehungen innerhalb eines Datenstroms. Transportschichten können dieses Wissen zur effizienten Fehlerkontrolle verwenden. Zweitens beschreibt die Arbeit das Noja Programmiermodell für multimediale Middleware. Noja definiert Abstraktionen zur Übertragung und Kontrolle multimedialer Ströme, die die Koordination von Streamingprotokollen mit Applikationen ermöglichen. Zum Beispiel können Programmierer geeignete Fehlersemantiken und Kommunikationstopologien auswählen und den konkreten Fehlerschutz dann zur Laufzeit verfeinern und kontrolliere

Anonymity Protection and Access Control in Mobile Network Environment

abstract: Wireless communication technologies have been playing an important role in modern society. Due to its inherent mobility property, wireless networks are more vulnerable to passive attacks than traditional wired networks. Anonymity, as an important issue in mobile network environment, serves as the first topic that leads to all the research work presented in this manuscript. Specifically, anonymity issue in Mobile Ad hoc Networks (MANETs) is discussed with details as the first section of research. To thoroughly study on this topic, the presented work approaches it from an attacker's perspective. Under a perfect scenario, all the traffic in a targeted MANET exhibits the communication relations to a passive attacker. However, localization errors pose a significant influence on the accuracy of the derived communication patterns. To handle such issue, a new scheme is proposed to generate super nodes, which represent the activities of user groups in the target MANET. This scheme also helps reduce the scale of monitoring work by grouping users based on their behaviors. The first part of work on anonymity in MANET leads to the thought on its major cause. The link-based communication pattern is a key contributor to the success of the traffic analysis attack. A natural way to circumvent such issue is to use link-less approaches. Information Centric Networking (ICN) is a typical instance of such kind. Its communication pattern is able to overcome the anonymity issue with MANET. However, it also comes with its own shortcomings. One of them is access control enforcement. To tackle this issue, a new naming scheme for contents transmitted in ICN networks is presented. This scheme is based on a new Attribute-Based Encryption (ABE) algorithm. It enforces access control in ICN with minimum requirements on additional network components. Following the research work on ABE, an important function, delegation, exhibits a potential security issue. In traditional ABE schemes, Ciphertext-Policy ABE (CP-ABE), a user is able to generate a subset of authentic attribute key components for other users using delegation function. This capability is not monitored or controlled by the trusted third party (TTP) in the cryptosystem. A direct threat caused from this issue is that any user may intentionally or unintentionally lower the standards for attribute assignments. Unauthorized users/attackers may be able to obtain their desired attributes through a delegation party instead of directly from the TTP. As the third part of work presented in this manuscript, a three-level delegation restriction architecture is proposed. Furthermore, a delegation restriction scheme following this architecture is also presented. This scheme allows the TTP to have full control on the delegation function of all its direct users.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Secure Multi-Purpose Wireless Sensor Networks

Wireless sensor networks (WSNs) were made possible around the late 1990s by industry scale availability of small and energy efficient microcontrollers and radio interfaces. Application areas for WSNs range from agriculture to health care and emergency response scenarios. Depending on the scenario a sensor network can span from some rooms to an area of several square miles in size and so the number of sensor nodes can vary from a fistful of nodes to hundreds or thousands. Sensor nodes are composed from a set of building blocks: processing, communication, sensing/actuating and a power supply. The power supply is usually a battery pack. Especially these limited energy resources make it tremendously important to save resources to achieve a long lifetime. Today’s WSNs are usually planned and developed to satisfy only one application, and they are controlled by a single user. But, with the Internet of Things approaching, more and more sensor networks will be used for multiple tasks simultaneously and are reaching larger sizes. As sensor networks grow it becomes mandatory to localize traffic, both for energy conservation as well as security. Additionally, the broadcast medium of the wireless channel of WSNs allows an adversary all sorts of attacks, like eavesdropping, replaying messages, and denial of service attacks. In large or unattended networks it is even possible to physically attack the hardware of a sensor node to gain access to its firmware and cryptographic keys. In this work we propose the Scopes Framework and the security enhancement Sec- Scopes. The Scopes Framework introduces dynamic partitioning of a WSN with support for multiple in-network tasks. SecScopes enables secure access control, key exchange and communication. The partitioning is done by a scoping mechanism which allows the dynamic defini- tion of subsets of sensor nodes. The Scopes Framework supports in-network tasks by managing network connections for each task, and allowing the selection of efficient routing algorithms. To allows access control on a partition of the network we introduce attribute-based encryption in sensor networks. Secure key exchange is also based on this encryption scheme. To secure communication more efficient symmetric cryptography is employed. With the Scopes Framework we provide a modular and flexible architecture that can be adjusted to the needs of different scenarios. We present a detailed evaluation of the performance of the framework and compare and discuss the results for the different stages of the framework. The results of the evaluation show the general feasibility of the approach, in spite of the adverse resource constraints