134 research outputs found
Jornadas Nacionales de InvestigaciĂłn en Ciberseguridad: actas de las VIII Jornadas Nacionales de InvestigaciĂłn en ciberseguridad: Vigo, 21 a 23 de junio de 2023
Jornadas Nacionales de InvestigaciĂłn en Ciberseguridad (8ÂȘ. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernizaciĂłn tecnolĂłxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida
ENHANCING THE PERFORMANCE AND SECURITY OF ANONYMOUS COMMUNICATION NETWORKS
With the increasing importance of the Internet in our daily lives, the private information
of millions of users is prone to more security risks. Users data are collected
either for commercial purposes and sold by service providers to marketeers or political
purposes and used to track people by governments, or even for personal purposes by
hackers. Protecting online users privacy has become a more pressing matter over the
years. To this end, anonymous communication networks were developed to serve this
purpose.
Tors anonymity network is one of the most widely used anonymity networks online; it
consists of thousands of routers run by volunteers. Tor preserves the anonymity of its
users by relaying the traffic through a number of routers (called onion routers) forming
a circuit. Tor was mainly developed as a low-latency network to support interactive
applications such as web browsing and messaging applications. However, due to some
deficiencies in the original design of Tors network, the performance is affected to the
point that interactive applications cannot tolerate it. In this thesis, we attempt to address
a number of the performance-limiting issues in Tor networks design.
Several researches proposed changes in the transport design to eliminate the effect of these problems and improve the performance of Tors network. In our work, we propose
"QuicTor," an improvement to the transport layer of Tors network by using Googles
protocol "QUIC" instead of TCP. QUIC was mainly developed to eliminate TCPs latency
introduced from the handshaking delays and the head-of-line blocking problem.
We provide an empirical evaluation of our proposed design and compare it to two other
proposed designs, IMUX and PCTCP.We show that QuicTor significantly enhances the
performance of Tors network.
Tor was mainly developed as a low-latency network to support interactive web browsing
and messaging applications. However, a considerable percentage of Tor traffic
is consumed by bandwidth acquisitive applications such as BitTorrent. This results
in an unfair allocation of the available bandwidth and significant degradation in the
Quality-of-service (QoS) delivered to users. In this thesis, we present a QoS-aware deep
reinforcement learning approach for Tors circuit scheduling (QDRL). We propose a
design that coalesces the two scheduling levels originally presented in Tor and addresses
it as a single resource allocation problem. We use the QoS requirements of different
applications to set the weight of active circuits passing through a relay. Furthermore,
we propose a set of approaches to achieve the optimal trade-off between system fairness
and efficiency. We designed and implemented a reinforcement-learning-based scheduling
approach (TRLS), a convex-optimization-based scheduling approach (CVX-OPT),
and an average-rate-based proportionally fair heuristic (AR-PF). We also compared the
proposed approaches with basic heuristics and with the implemented scheduler in Tor.
We show that our reinforcement-learning-based approach (TRLS) achieved the highest QoS-aware fairness level with a resilient performance to the changes in an environment
with a dynamic nature, such as the Tor networ
Formal Foundations for Anonymous Communication
Mit jeder Online-TĂ€tigkeit hinterlassen wir digitale FuĂspuren. Unternehmen und Regierungen nutzen die privaten Informationen, die von den riesigen Datenmengen der Online-Spuren abgeleitet werden können, um ihre Nutzer und BĂŒger zu manipulieren. Als GegenmaĂnahme wurden anonyme Kommunikationsnetze vorgeschlagen. Diesen fehlen jedoch umfassende formale Grundlagen und folglich ist der Vergleich zwischen verschiedenen AnsĂ€tzen nur sehr eingeschrĂ€nkt möglich.
Mit einer gemeinsamen Grundlage zwischen allen Forschern und Entwicklern von anonymen Kommunikationsnetzen können MissverstĂ€ndnisse vermieden werden und die dringend benötigte Entwicklung von den Netzen wird beschleunigt. Mit Vergleichbarkeit zwischen den Lösungen, können die fĂŒr den jeweiligen Anwendungsfall optimalen Netze besser identifiziert und damit die Entwicklungsanstrengungen gezielter auf Projekte verteilt werden. Weiterhin ermöglichen formale Grundlagen und Vergleichbarkeit ein tieferes VerstĂ€ndnis fĂŒr die Grenzen und Effekte der eingesetzten Techniken zu erlangen.
Diese Arbeit liefert zuerst neue Erkenntnisse zu generellen Formalisierungen fĂŒr anonyme Kommunikation, bevor sie sich dann auf die praktisch am meisten verbreitete Technik konzentriert: Onion Routing und Mix Netzwerke. Als erstes wird die Vergleichbarkeit zwischen PrivatsphĂ€rezielen sichergestellt, indem sie formal definiert und miteinander verglichen werden. Dabei enteht eine umfangreiche Hierarchie von eindeutigen PrivatsphĂ€rezielen. Als zweites werden vorgeschlagene Netzwerke analysiert, um deren Grundbausteine zu identifizieren und deren Schutz als Auswirkung in der Hierarchy zu untersuchen.
Diese Grunlagen erlauben Konflikte und Schwachstellen in existierenden Arbeiten zu entdecken und aufzuklĂ€ren. Genauer zeigt sich damit, dass basierend of derselben informalen Definition verschieden stark schĂŒtzende formale Versionen entstanden sind. Weiterhin werden in dieser Arbeit die Notions genutzt um existierende Unmöglichkeitsresultate fĂŒr anonyme Kommunikation zu vergleichen. Dabei wird nicht nur die erste vollstĂ€ndige Sicht auf alle bekannten Schranken fĂŒr anonyme Kommunikationsnetze gegeben, sondern mit einem tiefgrĂŒndigen Ansatz werden die existierenden Schranken auch gestĂ€rkt und zu praktischen, dem Stand der Kunst entsprechenden Netzen in Bezug gesetzt. Letztlich konnten durch die generellen Betrachtungen von vorgeschlagenen Netzwerken und ihren Grundbausteinen, insbesondere auch Angriffe auf die vorherrschende Klasse von anonymen Kommunikationsnetzen gefunden werden: auf Onion Routing und Mix-Netzwerke.
Davon motiviert wurden als zweiter Teil dieser Arbeit die formalen Grundlagen und praktisch eingesetzten Lösungen for Onion Routing und Mix-Netzwerke untersucht. Dabei wurde festgestellt, dass die bereits erwĂ€hnten Angriffe teilweise auf eine fehlerhafte, aber weit verbreitete Beweisstrategie fĂŒr solche Netze zurĂŒckzufĂŒhren sind und es wurde eine sichere Beweisstrategie als deren Ersatz vorgeschlagen. Weiterhin wurde die neue Strategie fĂŒr ein vorgeschlagenes, aber bisher nicht weiter verwendetes Paketformat eingesetzt und dieses als sicher bewiesen. Dieses Paketformat unterstĂŒtzt allerdings keine RĂŒckantworten, was höchstwahrscheinlich der Grund ist, aus dem sich aktuelle Netze auf ein unsicheres Paketformat verlassen. Deshalb wurde im Rahmen dieser Arbeit eine konzeptuelle, sichere Lösung fĂŒr Onion Routing mit RĂŒckantworten entworfen.
Als weitere verwandte BeitrĂ€ge, zeigt die Arbeit Beziehungen von Teilen der generellen Ergebnisse fĂŒr anonyme Kommunikationsnetze zu Ă€hnlichen, aber bisher hauptsĂ€chlich getrennt betrachteten Forschungsbereichen, wie PrivatsphĂ€re auf der BitĂŒbertragungsschicht, Kontaktnachverfolgung und privatsphĂ€re-schĂŒtzenden, digitalen Bezahlsystemen
An Empirical Analysis of Privacy in Cryptocurrencies
Cryptocurrencies have emerged as an important technology over the past decade
and have, undoubtedly, become blockchainâs most popular application. Bitcoin has
been by far the most popular out of the thousands of cryptocurrencies that have been
created. Some of the features that made Bitcoin such a fascinating technology include
its transactions being made publicly available and permanently stored, and the
ability for anyone to have access. Despite this transparency, it was initially believed
that Bitcoin provides anonymity to its users, since it allowed them to transact using
a pseudonym instead of their real identity. However, a long line of research has
shown that this initial belief was false and that, given the appropriate tools, Bitcoin
transactions can indeed be traced back to the real-life entities performing them.
In this thesis, we perform a survey to examine the anonymity aspect of cryptocurrencies.
We start with early works that made first efforts on analysing how private
this new technology was. We analyse both from the perspective of a passive observer
with eyes only to the public immutable state of transactions, the blockchain,
as well as from an observer who has access to network layer information. We then
look into the projects that aimed to enhance the anonymity provided in cryptocurrencies
and also analyse the evidence of how much they succeeded in practice.
In the first part of our own contributions we present our own take on Bitcoinâs
anonymity, inspired by the research already in place. We manage to extend existing
heuristics and provide a novel methodology on measuring the confidence we have in
our anonymity metrics, instead of looking into the issue from a binary perspective,
as in previous research.
In the second part we provide the first full-scale empirical work on measuring anonymity in a cryptocurrency that was built with privacy guarantees, based on a
very well established cryptography, Zcash. We show that just building a tool which
provides anonymity in theory is very different than the privacy offered in practice
once users start to transact with it.
Finally, we look into a technology that is not a cryptocurrency itself but is built
on top of Bitcoin, thus providing a so-called layer 2 solution, the Lightning network.
Again, our measurements showed some serious privacy concerns of this technology,
some of which were novel and highly applicable
Digital behaviours and cognitions of individuals convicted of online child pornography offences
BACKGROUND:
Modern Child Sexual Exploitation Material (CSEM) offences predominantly occur within a technological ecosystem. The behaviours and cognitions of CSEM offenders influence, and are influenced by, their choice of facilitative technologies that form that ecosystem.
OBJECTIVES:
This thesis will review the prior research on cognitive distortions present in and technology usage by CSEM offenders, and present a new theory, Lawless Space Theory (LST), to explain those interactions. The cognitions and technical behaviours of previously convicted CSEM offenders will be examined in a psychosocial context and recommendations for deterrence, investigative, and treatment efforts made.
PARTICIPANTS AND SETTING:
Data was collected using an online survey collected from two samples, one from a reference population of the general public (n=524) and one from a population of previously convicted CSEM offenders (n=78), both of which were composed of adults living in the United States.
METHODS:
Two reviews were conducted using a PRISMA methodology - a systematic review of the cognitive distortions of CSEM offenders and an integrative review of their technology usage. A theoretical basis for LST was developed, and then seven investigations of the survey data were conducted evaluating the publicâs endorsement of lawless spaces; the publicâs perceptions of CSEM offenders; the self-perceptions of CSEM offenders; the suicidality of the offender sample; the use of technology and countermeasures by the offender sample; the collecting and viewing behaviours of the offender sample; and the idiographic profiles of the offender sample.
RESULTS:
The reviews found that the endorsement of traditional child contact offender cognitive distortions by CSEM offenders was low, and that they continued to use technology beyond its normative lifecycle. LST was developed to explain these behaviours, and the view of the Internet as generally lawless was endorsed by the reference and offender samples. The public sample showed biased beliefs that generally overestimated the prevalence of, and risk associated with, CSEM offending when compared to the offender sample. Offenders were found to have viewed investigators as having a lack of understanding and compassion, and they exhibited very high suicidal ideation following their interaction with law enforcement. Offenders exhibited similar technical abilities and lower technophilia than the reference sample, chose technologies to both reduce psychological strain and for utility purposes, and many exhibited cyclic deletions of their collections as part of a guilt/shame cycle.
CONCLUSIONS AND IMPLICATIONS:
Understanding CSEM offendersâ technological behaviours and cognitions can inform more effective investigative, deterrence, and treatment efforts. Law enforcement showing compassion during investigations may generate more full disclosures while facilitating offender engagement with resources to reduce suicidality. Deterrence efforts focused on establishing capable guardianship and reducing perceived lawlessness provide the potential to reduce offending. Treatment of criminogenic needs for the majority of CSEM offenders is not supported by evidence, but non-criminogenic treatment warrants broader consideration
Recommended from our members
Design and Implementation of Algorithms for Traffic Classification
Traffic analysis is the practice of using inherent characteristics of a network flow such as timings, sizes, and orderings of the packets to derive sensitive information about it. Traffic analysis techniques are used because of the extensive adoption of encryption and content-obfuscation mechanisms, making it impossible to infer any information about the flows by analyzing their content. In this thesis, we use traffic analysis to infer sensitive information for different objectives and different applications. Specifically, we investigate various applications: p2p cryptocurrencies, flow correlation, and messaging applications. Our goal is to tailor specific traffic analysis algorithms that best capture network trafficâs intrinsic characteristics in those applications for each of these applications. Also, the objective of traffic analysis is different for each of these applications. Specifically, in Bitcoin, our goal is to evaluate Bitcoin trafficâs resilience to blocking by powerful entities such as governments and ISPs. Bitcoin and similar cryptocurrencies play an important role in electronic commerce and other trust-based distributed systems because of their significant advantage over traditional currencies, including open access to global e-commerce. Therefore, it is essential to
the consumers and the industry to have reliable access to their Bitcoin assets. We also examine stepping stone attacks for flow correlation. A stepping stone is a host that an attacker uses to relay her traffic to hide her identity. We introduce two fingerprinting systems, TagIt and FINN. TagIt embeds a secret fingerprint into the flows by moving the packets to specific time intervals. However, FINN utilizes DNNs to embed the fingerprint by changing the inter-packet delays (IPDs) in the flow. In messaging applications, we analyze the WhatsApp messaging service to determine if traffic leaks any sensitive information such as membersâ identity in a particular conversation to the adversaries who watch their encrypted traffic. These messaging applicationsâ privacy is essential because these services provide an environment to dis- cuss politically sensitive subjects, making them a target to government surveillance and censorship in totalitarian countries. We take two technical approaches to design our traffic analysis techniques. The increasing use of DNN-based classifiers inspires our first direction: we train DNN classifiers to perform some specific traffic analysis task. Our second approach is to inspect and model the shape of traffic in the target application and design a statistical classifier for the expected shape of traffic. DNN- based methods are useful when the network is complex, and the trafficâs underlying noise is not linear. Also, these models do not need a meticulous analysis to extract the features. However, deep learning techniques need a vast amount of training data to work well. Therefore, they are not beneficial when there is insufficient data avail- able to train a generalized model. On the other hand, statistical methods have the advantage that they do not have training overhead
A decision-making model to guide securing blockchain deployments
Satoshi Nakamoto, the pseudo-identity accredit with the paper that sparked the implementation of Bitcoin, is famously quoted as remarking, electronically of course, that âIf you donât believe it or donât get it, I donât have time to try and convince you, sorryâ (Tsapis, 2019, p. 1). What is noticeable, 12 years after the famed Satoshi paper that initiated Bitcoin (Nakamoto, 2008), is that blockchain at the very least has staying power and potentially wide application. A lesser known figure Marc Kenisberg, founder of Bitcoin Chaser which is one of the many companies formed around the Bitcoin ecosystem, summarised it well saying ââŠBlockchain is the tech - Bitcoin is merely the first mainstream manifestation of its potentialâ (Tsapis, 2019, p. 1). With blockchain still trying to reach its potential and still maturing on its way towards a mainstream technology the main question that arises for security professionals is how do I ensure we do it securely? This research seeks to address that question by proposing a decision-making model that can be used by a security professional to guide them through ensuring appropriate security for blockchain deployments. This research is certainly not the first attempt at discussing the security of the blockchain and will not be the last, as the technology around blockchain and distributed ledger technology is still rapidly evolving. What this research does try to achieve is not to delve into extremely specific areas of blockchain security, or get bogged down in technical details, but to provide a reference framework that aims to cover all the major areas to be considered. The approach followed was to review the literature regarding blockchain and to identify the main security areas to be addressed. It then proposes a decision-making model and tests the model against a fictitious but relevant real-world example. It concludes with learnings from this research. The reader can be the judge, but the model aims to be a practical valuable resource to be used by any security professional, to navigate the security aspects logically and understandably when being involved in a blockchain deployment. In contrast to the Satoshi quote, this research tries to convince the reader and assist him/her in understanding the security choices related to every blockchain deployment.Thesis (MSc) -- Faculty of Science, Computer Science, 202
Architecting a Blockchain-Based Framework for the Internet of Things
Traditionally, Internet-of-Things (IoT) solutions are based on centralized infrastructures, which necessitate high-end servers for handling and transferring data. Centralized solutions incur high costs associated to maintaining centralized servers, and do not provide built-in guarantees against security threats and trust issues. Therefore, it is an essential research problem to mitigate the aforementioned problems by developing new methods for IoT decentralisation.
In recent years, blockchain technology, the underlying technology of Bitcoin, has attracted research interest as the potential missing link towards building a truly decentralized, trustless and secure environment for the IoT. Nevertheless, employing blockchain in the IoT has significant issues and challenges, related to scalability since all transactions logged in a blockchain undergo a decentralized consensus process.
This thesis presents the design and implementation of a blockchain-based decentralized IoT framework that can leverage the inherent security characteristics of blockchains, while addressing the challenges associated with developing such a framework. This decentralized IoT framework aims to employ blockchains in combination with other peer-to-peer mechanisms to provide: access control; secure IoT data transfer; peer-to-peer data-sharing business models; and secure end-to-end IoT communications, without depending upon a centralized intermediary for authentication or data handling.
This framework uses a multi-tiered blockchain architecture with a control-plane/data-plane split, in that the bulk data is transferred through peer-to-peer data transfer mechanisms, and blockchains are used to enforce terms and conditions and store relevant timestamped metadata. Implementations of the blockchain-based framework have been presented in a multitude of use-cases, to observe the framework's viability and adaptability in real-world scenarios. These scenarios involved traceability in supply chains, IoT data monetization and security in end-to-end communications.With all the potential applications of the blockchain-based framework within the IoT, this thesis takes a step towards the goal of a truly decentralized IoT
- âŠ