9 research outputs found
An Empirical Analysis of Privacy in Cryptocurrencies
Cryptocurrencies have emerged as an important technology over the past decade
and have, undoubtedly, become blockchain’s most popular application. Bitcoin has
been by far the most popular out of the thousands of cryptocurrencies that have been
created. Some of the features that made Bitcoin such a fascinating technology include
its transactions being made publicly available and permanently stored, and the
ability for anyone to have access. Despite this transparency, it was initially believed
that Bitcoin provides anonymity to its users, since it allowed them to transact using
a pseudonym instead of their real identity. However, a long line of research has
shown that this initial belief was false and that, given the appropriate tools, Bitcoin
transactions can indeed be traced back to the real-life entities performing them.
In this thesis, we perform a survey to examine the anonymity aspect of cryptocurrencies.
We start with early works that made first efforts on analysing how private
this new technology was. We analyse both from the perspective of a passive observer
with eyes only to the public immutable state of transactions, the blockchain,
as well as from an observer who has access to network layer information. We then
look into the projects that aimed to enhance the anonymity provided in cryptocurrencies
and also analyse the evidence of how much they succeeded in practice.
In the first part of our own contributions we present our own take on Bitcoin’s
anonymity, inspired by the research already in place. We manage to extend existing
heuristics and provide a novel methodology on measuring the confidence we have in
our anonymity metrics, instead of looking into the issue from a binary perspective,
as in previous research.
In the second part we provide the first full-scale empirical work on measuring anonymity in a cryptocurrency that was built with privacy guarantees, based on a
very well established cryptography, Zcash. We show that just building a tool which
provides anonymity in theory is very different than the privacy offered in practice
once users start to transact with it.
Finally, we look into a technology that is not a cryptocurrency itself but is built
on top of Bitcoin, thus providing a so-called layer 2 solution, the Lightning network.
Again, our measurements showed some serious privacy concerns of this technology,
some of which were novel and highly applicable
Data Storage and Dissemination in Pervasive Edge Computing Environments
Nowadays, smart mobile devices generate huge amounts of data in all sorts of gatherings.
Much of that data has localized and ephemeral interest, but can be of great use if shared
among co-located devices. However, mobile devices often experience poor connectivity,
leading to availability issues if application storage and logic are fully delegated to a
remote cloud infrastructure. In turn, the edge computing paradigm pushes computations
and storage beyond the data center, closer to end-user devices where data is generated
and consumed. Hence, enabling the execution of certain components of edge-enabled
systems directly and cooperatively on edge devices.
This thesis focuses on the design and evaluation of resilient and efficient data storage
and dissemination solutions for pervasive edge computing environments, operating with
or without access to the network infrastructure. In line with this dichotomy, our goal can
be divided into two specific scenarios. The first one is related to the absence of network
infrastructure and the provision of a transient data storage and dissemination system
for networks of co-located mobile devices. The second one relates with the existence of
network infrastructure access and the corresponding edge computing capabilities.
First, the thesis presents time-aware reactive storage (TARS), a reactive data storage
and dissemination model with intrinsic time-awareness, that exploits synergies between
the storage substrate and the publish/subscribe paradigm, and allows queries within a
specific time scope. Next, it describes in more detail: i) Thyme, a data storage and dis-
semination system for wireless edge environments, implementing TARS; ii) Parsley, a
flexible and resilient group-based distributed hash table with preemptive peer relocation
and a dynamic data sharding mechanism; and iii) Thyme GardenBed, a framework
for data storage and dissemination across multi-region edge networks, that makes use of
both device-to-device and edge interactions.
The developed solutions present low overheads, while providing adequate response
times for interactive usage and low energy consumption, proving to be practical in a
variety of situations. They also display good load balancing and fault tolerance properties.Resumo
Hoje em dia, os dispositivos móveis inteligentes geram grandes quantidades de dados
em todos os tipos de aglomerações de pessoas. Muitos desses dados têm interesse loca-
lizado e efêmero, mas podem ser de grande utilidade se partilhados entre dispositivos
co-localizados. No entanto, os dispositivos móveis muitas vezes experienciam fraca co-
nectividade, levando a problemas de disponibilidade se o armazenamento e a lógica das
aplicações forem totalmente delegados numa infraestrutura remota na nuvem. Por sua
vez, o paradigma de computação na periferia da rede leva as computações e o armazena-
mento para além dos centros de dados, para mais perto dos dispositivos dos utilizadores
finais onde os dados são gerados e consumidos. Assim, permitindo a execução de certos
componentes de sistemas direta e cooperativamente em dispositivos na periferia da rede.
Esta tese foca-se no desenho e avaliação de soluções resilientes e eficientes para arma-
zenamento e disseminação de dados em ambientes pervasivos de computação na periferia
da rede, operando com ou sem acesso à infraestrutura de rede. Em linha com esta dico-
tomia, o nosso objetivo pode ser dividido em dois cenários específicos. O primeiro está
relacionado com a ausência de infraestrutura de rede e o fornecimento de um sistema
efêmero de armazenamento e disseminação de dados para redes de dispositivos móveis
co-localizados. O segundo diz respeito à existência de acesso à infraestrutura de rede e
aos recursos de computação na periferia da rede correspondentes.
Primeiramente, a tese apresenta armazenamento reativo ciente do tempo (ARCT), um
modelo reativo de armazenamento e disseminação de dados com percepção intrínseca
do tempo, que explora sinergias entre o substrato de armazenamento e o paradigma pu-
blicação/subscrição, e permite consultas num escopo de tempo específico. De seguida,
descreve em mais detalhe: i) Thyme, um sistema de armazenamento e disseminação de
dados para ambientes sem fios na periferia da rede, que implementa ARCT; ii) Pars-
ley, uma tabela de dispersão distribuída flexível e resiliente baseada em grupos, com
realocação preventiva de nós e um mecanismo de particionamento dinâmico de dados; e
iii) Thyme GardenBed, um sistema para armazenamento e disseminação de dados em
redes multi-regionais na periferia da rede, que faz uso de interações entre dispositivos e
com a periferia da rede.
As soluções desenvolvidas apresentam baixos custos, proporcionando tempos de res-
posta adequados para uso interativo e baixo consumo de energia, demonstrando serem
práticas nas mais diversas situações. Estas soluções também exibem boas propriedades de balanceamento de carga e tolerância a faltas
Challenges and Open Questions of Machine Learning in Computer Security
This habilitation thesis presents advancements in machine learning for computer security,
arising from problems in network intrusion detection and steganography.
The thesis put an emphasis on explanation of traits shared by steganalysis, network intrusion
detection, and other security domains, which makes these domains different from
computer vision, speech recognition, and other fields where machine learning is typically
studied. Then, the thesis presents methods developed to at least partially solve the identified
problems with an overall goal to make machine learning based intrusion detection
system viable. Most of them are general in the sense that they can be used outside intrusion
detection and steganalysis on problems with similar constraints.
A common feature of all methods is that they are generally simple, yet surprisingly
effective. According to large-scale experiments they almost always improve the prior art,
which is likely caused by being tailored to security problems and designed for large volumes
of data.
Specifically, the thesis addresses following problems:
anomaly detection with low computational and memory complexity such that efficient
processing of large data is possible;
multiple-instance anomaly detection improving signal-to-noise ration by classifying
larger group of samples;
supervised classification of tree-structured data simplifying their encoding in neural
networks;
clustering of structured data;
supervised training with the emphasis on the precision in top p% of returned data;
and finally explanation of anomalies to help humans understand the nature of anomaly
and speed-up their decision.
Many algorithms and method presented in this thesis are deployed in the real intrusion
detection system protecting millions of computers around the globe
Recommended from our members
Forensic and Management Challenges in Wireless and Mobile Network Environment
The Internet recently passed an historic inflection point, with the number of broadband wireless/mobile devices surpassing the number of wired PCs and servers connected to the Internet. Smartphones, laptops, tablets, machine-to-machine (M2M) devices, and other portable devices have penetrated our daily lives. According to Cisco, by 2018, wired devices will account for only 39% of IP traffic, with the remaining traffic produced by wireless/mobile devices. This proliferation of wireless/mobile devices is profoundly changing many of the characteristics of network applications, protocols, and operation, and posing fundamental challenges to the Internet architecture. In light of this new trend, this thesis focuses on forensic and mobility-management challenges in wireless/mobile network environments.
The first half of this thesis addresses two network-forensic challenges that arise due to the broadcast nature of wireless communications. In the first network-forensic challenge, we develop a mechanism to detect anomalous forwarding behaviors such as packet dropping, and packet reordering, and to identify the source of forwarding-behavior attacks that can disrupt a wireless ad hoc network. Our mechanism employs witness nodes that can overhear transmissions made by nearby wireless network nodes. In the second challenge, we investigate a method for gathering network-based evidence, based on constraints imposed by current U.S. law, for remotely disambiguating a sender\u27s network access type (wired versus wireless); such a technique could be used to determine that a sender is connected physically to a network inside a building. We discuss several factors that might affect our classification results and identify the scenarios in which residential network access type can be accurately determined.
The second half of this thesis takes a more global and network-level point of view on mobility management and delves into a clean-state approach to designing a future Internet architecture that considers mobility as a first-order property. Before discussing architectural design issues, we present a measurement and modeling study of user transitioning among points of attachment to today\u27s Internet. These transitions could result from a user\u27s physical mobility or a stationary ``multi-homed user\u27s changing his/her devices or NICs. This research provides insights and implications regarding control-plane workload for a mobility-management architecture. Our measurement results to date show that users spend the majority of their time attached to a small number of networks, and that a surprisingly large number of users access two networks contemporaneously. In the last part of our thesis research, we design techniques for efficiently handling group mobility in the context of the MobilityFirst architecture; MobilityFirst uses flat, globally unique names, binding a flat name to its network location via a logically centralized name- and location-resolution server. Using the empirical model from our measurement study as well as more abstract models of group mobility, we evaluate our group mobility management techniques
Detection of unsolicited web browsing with clustering and statistical analysis
Unsolicited web browsing denotes illegitimate accessing or processing web content. The harmful activity varies from extracting e-mail information to downloading entire website for duplication. In addition, computer criminals prevent legitimate users from gaining access to websites by implementing a denial of service attack with high-volume legitimate traffic. These offences are accomplished by preprogrammed machines that avoid rate-dependent intrusion detection systems. Therefore, it is assumed in this thesis that the only difference between a legitimate and malicious web session is in the intention rather than physical characteristics or network-layer information. As a result, the main aim of this research has been to provide a method of malicious intention detection. This has been accomplished by two-fold process. Initially, to discover most recent and popular transitions of lawful users, a clustering method has been introduced based on entropy minimisation. In principle, by following popular transitions among the web objects, the legitimate users are placed in low-entropy clusters, as opposed to the undesired hosts whose transitions are uncommon, and lead to placement in high-entropy clusters. In addition, by comparing distributions of sequences of requests generated by the actual and malicious users across the clusters, it is possible to discover whether or not a website is under attack. Secondly, a set of statistical measurements have been tested to detect the actual intention of browsing hosts. The intention classification based on Bayes factors and likelihood analysis have provided the best results. The combined approach has been validated against actual web traces (i.e. datasets), and generated promising results
Approximate algorithms for efficient indexing, clustering, and classification in Peer-to-peer networks
[no abstract
Solving key design issues for massively multiplayer online games on peer-to-peer architectures
Massively Multiplayer Online Games (MMOGs) are increasing in both popularity and
scale on the Internet and are predominantly implemented by Client/Server architectures.
While such a classical approach to distributed system design offers many benefits, it suffers
from significant technical and commercial drawbacks, primarily reliability and scalability
costs. This realisation has sparked recent research interest in adapting MMOGs
to Peer-to-Peer (P2P) architectures.
This thesis identifies six key design issues to be addressed by P2P MMOGs, namely
interest management, event dissemination, task sharing, state persistency, cheating mitigation,
and incentive mechanisms. Design alternatives for each issue are systematically
compared, and their interrelationships discussed. How well representative P2P MMOG
architectures fulfil the design criteria is also evaluated. It is argued that although P2P
MMOG architectures are developing rapidly, their support for task sharing and incentive
mechanisms still need to be improved.
The design of a novel framework for P2P MMOGs, Mediator, is presented. It employs a
self-organising super-peer network over a P2P overlay infrastructure, and addresses the
six design issues in an integrated system. The Mediator framework is extensible, as it
supports flexible policy plug-ins and can accommodate the introduction of new superpeer
roles. Key components of this framework have been implemented and evaluated
with a simulated P2P MMOG.
As the Mediator framework relies on super-peers for computational and administrative
tasks, membership management is crucial, e.g. to allow the system to recover from
super-peer failures. A new technology for this, namely Membership-Aware Multicast
with Bushiness Optimisation (MAMBO), has been designed, implemented and evaluated.
It reuses the communication structure of a tree-based application-level multicast
to track group membership efficiently. Evaluation of a demonstration application shows
i
that MAMBO is able to quickly detect and handle peers joining and leaving. Compared
to a conventional supervision architecture, MAMBO is more scalable, and yet incurs
less communication overheads. Besides MMOGs, MAMBO is suitable for other P2P
applications, such as collaborative computing and multimedia streaming.
This thesis also presents the design, implementation and evaluation of a novel task
mapping infrastructure for heterogeneous P2P environments, Deadline-Driven Auctions
(DDA). DDA is primarily designed to support NPC host allocation in P2P MMOGs, and
specifically in the Mediator framework. However, it can also support the sharing of computational
and interactive tasks with various deadlines in general P2P applications. Experimental
and analytical results demonstrate that DDA efficiently allocates computing
resources for large numbers of real-time NPC tasks in a simulated P2P MMOG with approximately
1000 players. Furthermore, DDA supports gaming interactivity by keeping
the communication latency among NPC hosts and ordinary players low. It also supports
flexible matchmaking policies, and can motivate application participants to contribute
resources to the system