38 research outputs found
Secure, Efficient and Privacy-aware Framework for Unstructured Peer-to-Peer Networks
Recently, the advances in Ubiquitous Computing networks and the increased computational power of network devices have led designers to create more flexible distributed network models using decentralised network management systems. Security, resilience and privacy issues within such distributed systems become more complicated while important tasks such as routing, service access and state management become increasingly challenging. Low-level protocols over ubiquitous decentralised systems, which provide autonomy to network nodes, have replaced the traditional client-server arrangements in centralised systems.
Small World networks represent a model that addresses many existing challenges within Ubiquitous Computing networks. Therefore, it is imperative to study the properties of Small World networks to help understanding, modelling and improving the performance, usability and resiliency of Ubiquitous Computing networks. Using the network infrastructure and trusted relationships in the Small World networks, this work proposes a framework to enhance security, resilience and trust within scalable Peer-to-Peer (P2P) networks. The proposed framework consists of three major components namely network-aware topology construction, anonymous global communication using community trust, and efficient search and broadcasting based on granularity and pro-active membership management.
We utilise the clustering co-efficient and conditional preferential attachment to propose a novel topology construction scheme that organises nodes into groups of trusted users to improve scalability. Network nodes communicate locally without advertising node identity at a global scale, which ensures user anonymity. The global communication is organised and facilitated by Service Centres to maintain security, privacy and integrity of member nodes. Service Centres are allocated using a novel leader election mechanism within unstructured scalable P2P networks. This allows providing fair and equitable access for existing and new nodes without having to make complex changes to the network topology. Moreover, the scale-free and clustering co-efficient characteristics of Small World networks help organising the network layout to maintain its balance in terms of the nodes distribution.
Simulation results show that the proposed framework ensures better scalability and membership management in unstructured P2P networks, and improves the performance of the search and broadcasting in terms of the average shortest path and control overhead while maintaining user anonymity and system resiliency
Design and Management of Collaborative Intrusion Detection Networks
In recent years network intrusions have become a severe threat to the privacy and safety of computer users. Recent cyber attacks compromise a large number of hosts to form botnets. Hackers not only aim at harvesting private data and identity information from compromised nodes, but also use the compromised nodes to launch attacks such as distributed denial-of-service (DDoS) attacks.
As a counter measure, Intrusion Detection Systems (IDS) are used to identify intrusions by comparing observable behavior against suspicious patterns.
Traditional IDSs monitor computer activities on a single host or network traffic in a sub-network. They do not have a global view of intrusions and are not effective in detecting fast spreading attacks, unknown, or new threats. In turn, they can achieve better detection accuracy through collaboration. An Intrusion Detection Network (IDN) is such a collaboration network allowing IDSs to exchange information with each other and to benefit from the collective knowledge and experience shared by others. IDNs enhance the overall accuracy of intrusion assessment as well as the ability to detect new intrusion types.
Building an effective IDN is however a challenging task. For example, adversaries may compromise some IDSs in the network and then leverage the compromised nodes to send false information, or even attack others in the network, which can compromise the efficiency of the IDN. It is, therefore, important for an IDN to detect and isolate malicious insiders. Another challenge is how to make efficient intrusion detection assessment based on the collective diagnosis from other IDSs. Appropriate selection of collaborators and incentive-compatible resource management in support of IDSs' interaction with others are also key challenges in IDN design.
To achieve efficiency, robustness, and scalability, we propose an IDN architecture and especially focus on the design of four of its essential components, namely, trust management, acquaintance management, resource management, and feedback aggregation. We evaluate our proposals and compare them with prominent ones in the literature and show their superiority using several metrics, including efficiency, robustness, scalability, incentive-compatibility, and fairness. Our IDN design provides guidelines for the deployment of a secure and scalable IDN where effective collaboration can be established between IDSs
Recommended from our members
Trust Management for P2P application in Delay Tolerant Mobile Ad-hoc Networks. An Investigation into the development of a Trust Management Framework for Peer to Peer File Sharing Applications in Delay Tolerant Disconnected Mobile Ad-hoc Networks.
Security is essential to communication between entities in the internet. Delay tolerant and disconnected Mobile Ad Hoc Networks (MANET) are a class of networks characterized by high end-to-end path latency and frequent end-to-end disconnections and are often termed as challenged networks. In these networks nodes are sparsely populated and without the existence of a central server, acquiring global information is difficult and impractical if not impossible and therefore traditional security schemes proposed for MANETs cannot be applied. This thesis reports trust management schemes for peer to peer (P2P) application in delay tolerant disconnected MANETs. Properties of a profile based file sharing application are analyzed and a framework for structured P2P overlay over delay tolerant disconnected MANETs is proposed. The framework is implemented and tested on J2ME based smart phones using Bluetooth communication protocol. A light weight Content Driven Data Propagation Protocol (CDDPP) for content based data delivery in MANETs is presented. The CDDPP implements a user profile based content driven P2P file sharing application in disconnected MANETs. The CDDPP protocol is further enhanced by proposing an adaptive opportunistic multihop content based routing protocol (ORP). ORP protocol considers the store-carry-forward paradigm for multi-hop packet delivery in delay tolerant MANETs and allows multi-casting to selected number of nodes. Performance of ORP is compared with a similar autonomous gossiping (A/G) protocol using simulations. This work also presents a framework for trust management based on dynamicity aware graph re-labelling system (DA-GRS) for trust management in mobile P2P applications. The DA-GRS uses a distributed algorithm to identify trustworthy nodes and generate trustable groups while isolating misleading or untrustworthy nodes. Several simulations in various environment settings show the effectiveness of the proposed framework in creating trust based communities. This work also extends the FIRE distributed trust model for MANET applications by incorporating witness based interactions for acquiring trust ratings. A witness graph building mechanism in FIRE+ is provided with several trust building policies to identify malicious nodes and detect collusive behaviour in nodes. This technique not only allows trust computation based on witness trust ratings but also provides protection against a collusion attack. Finally, M-trust, a light weight trust management scheme based on FIRE+ trust model is presented
SocialLink: a Social Network Based Trust System for P2P File Sharing Systems
In peer-to-peer (P2P) file sharing systems, many autonomous peers without preexisting trust relationships share files with each other. Due to their open environment and distributed structure, these systems are vulnerable to the significant impact from selfish and misbehaving nodes. Free-riding, whitewash, collusion and Sybil attacks are common and serious threats, which severely harm non-malicious users and degrade the system performance. Many trust systems were proposed for P2P file sharing systems to encourage cooperative behaviors and punish non-cooperative behaviors. However, querying reputation values usually generates latency and overhead for every user. To address this problem, a social network based trust system (i.e., SocialTrust) was proposed that enables nodes to first request files from friends without reputation value querying since social friends are trustable, and then use trust systems upon friend querying failure when a node\u27s friends do not have its queried file. However, trust systems and SocialTrust cannot effectively deal with free-riding, whitewash, collusion and Sybil attacks. To handle these problems, in this thesis, we introduce a novel trust system, called SocialLink, for P2P file sharing systems. By enabling nodes to maintain personal social network with trustworthy friends, SocialLink encourages nodes to directly share files between friends without querying reputations and hence reduces reputation querying cost. To guarantee the quality of service (QoS) of file provisions from non-friends, SocialLink establishes directionally weighted links from the server to the client with successful file transaction history to constitute a weighted transaction network , in which the link weight is the size of the transferred file. In this way, SocialLink prevents potential fraudulent transactions (i.e., low-QoS file provision) and encourages nodes to contribute files to non-friends. By constraining the connections between malicious nodes and non-malicious nodes in the weighted transaction network, SocialLink mitigates the adverse effect from whitewash, collusion and Sybil attacks. By simulating experiments, we demonstrate that SocialLink efficiently saves querying cost, reduces free-riding, and prevents damage from whitewash, collusion and Sybil attacks
Models, services and security in modern online social networks
Modern online social networks have revolutionized the world the same way the radio and the plane did, crossing geographical and time boundaries, not without problems, more can be learned, they can still change our world and that their true worth is still a question for the future
Enhancing trustability in MMOGs environments
Massively Multiplayer Online Games (MMOGs; e.g., World of Warcraft), virtual worlds
(VW; e.g., Second Life), social networks (e.g., Facebook) strongly demand for more
autonomic, security, and trust mechanisms in a way similar to humans do in the real
life world. As known, this is a difficult matter because trusting in humans and organizations
depends on the perception and experience of each individual, which is difficult to
quantify or measure. In fact, these societal environments lack trust mechanisms similar
to those involved in humans-to-human interactions. Besides, interactions mediated
by compute devices are constantly evolving, requiring trust mechanisms that keep the
pace with the developments and assess risk situations.
In VW/MMOGs, it is widely recognized that users develop trust relationships from their
in-world interactions with others. However, these trust relationships end up not being
represented in the data structures (or databases) of such virtual worlds, though they
sometimes appear associated to reputation and recommendation systems. In addition,
as far as we know, the user is not provided with a personal trust tool to sustain his/her
decision making while he/she interacts with other users in the virtual or game world.
In order to solve this problem, as well as those mentioned above, we propose herein a
formal representation of these personal trust relationships, which are based on avataravatar
interactions. The leading idea is to provide each avatar-impersonated player
with a personal trust tool that follows a distributed trust model, i.e., the trust data is
distributed over the societal network of a given VW/MMOG.
Representing, manipulating, and inferring trust from the user/player point of view certainly
is a grand challenge. When someone meets an unknown individual, the question
is “Can I trust him/her or not?”. It is clear that this requires the user to have access to
a representation of trust about others, but, unless we are using an open source VW/MMOG,
it is difficult —not to say unfeasible— to get access to such data. Even, in an open
source system, a number of users may refuse to pass information about its friends, acquaintances,
or others. Putting together its own data and gathered data obtained from
others, the avatar-impersonated player should be able to come across a trust result
about its current trustee. For the trust assessment method used in this thesis, we use
subjective logic operators and graph search algorithms to undertake such trust inference
about the trustee. The proposed trust inference system has been validated using
a number of OpenSimulator (opensimulator.org) scenarios, which showed an accuracy
increase in evaluating trustability of avatars.
Summing up, our proposal aims thus to introduce a trust theory for virtual worlds, its
trust assessment metrics (e.g., subjective logic) and trust discovery methods (e.g.,
graph search methods), on an individual basis, rather than based on usual centralized
reputation systems. In particular, and unlike other trust discovery methods, our methods
run at interactive rates.MMOGs (Massively Multiplayer Online Games, como por exemplo, World of Warcraft),
mundos virtuais (VW, como por exemplo, o Second Life) e redes sociais (como por exemplo,
Facebook) necessitam de mecanismos de confiança mais autónomos, capazes de
assegurar a segurança e a confiança de uma forma semelhante à que os seres humanos
utilizam na vida real. Como se sabe, esta não é uma questão fácil. Porque confiar em
seres humanos e ou organizações depende da percepção e da experiência de cada indivíduo,
o que é difícil de quantificar ou medir à partida. Na verdade, esses ambientes
sociais carecem dos mecanismos de confiança presentes em interacções humanas presenciais.
Além disso, as interacções mediadas por dispositivos computacionais estão em
constante evolução, necessitando de mecanismos de confiança adequados ao ritmo da
evolução para avaliar situações de risco.
Em VW/MMOGs, é amplamente reconhecido que os utilizadores desenvolvem relações
de confiança a partir das suas interacções no mundo com outros. No entanto, essas relações
de confiança acabam por não ser representadas nas estruturas de dados (ou bases
de dados) do VW/MMOG específico, embora às vezes apareçam associados à reputação
e a sistemas de reputação. Além disso, tanto quanto sabemos, ao utilizador não lhe
é facultado nenhum mecanismo que suporte uma ferramenta de confiança individual
para sustentar o seu processo de tomada de decisão, enquanto ele interage com outros
utilizadores no mundo virtual ou jogo. A fim de resolver este problema, bem como
os mencionados acima, propomos nesta tese uma representação formal para essas relações
de confiança pessoal, baseada em interacções avatar-avatar. A ideia principal
é fornecer a cada jogador representado por um avatar uma ferramenta de confiança
pessoal que segue um modelo de confiança distribuída, ou seja, os dados de confiança
são distribuídos através da rede social de um determinado VW/MMOG.
Representar, manipular e inferir a confiança do ponto de utilizador/jogador, é certamente
um grande desafio. Quando alguém encontra um indivíduo desconhecido, a
pergunta é “Posso confiar ou não nele?”. É claro que isto requer que o utilizador tenha
acesso a uma representação de confiança sobre os outros, mas, a menos que possamos
usar uma plataforma VW/MMOG de código aberto, é difícil — para não dizer impossível
— obter acesso aos dados gerados pelos utilizadores. Mesmo em sistemas de código
aberto, um número de utilizadores pode recusar partilhar informações sobre seus amigos,
conhecidos, ou sobre outros. Ao juntar seus próprios dados com os dados obtidos de
outros, o utilizador/jogador representado por um avatar deve ser capaz de produzir uma
avaliação de confiança sobre o utilizador/jogador com o qual se encontra a interagir.
Relativamente ao método de avaliação de confiança empregue nesta tese, utilizamos
lógica subjectiva para a representação da confiança, e também operadores lógicos da
lógica subjectiva juntamente com algoritmos de procura em grafos para empreender
o processo de inferência da confiança relativamente a outro utilizador. O sistema de
inferência de confiança proposto foi validado através de um número de cenários Open-Simulator (opensimulator.org), que mostrou um aumento na precisão na avaliação da
confiança de avatares.
Resumindo, a nossa proposta visa, assim, introduzir uma teoria de confiança para mundos
virtuais, conjuntamente com métricas de avaliação de confiança (por exemplo, a
lógica subjectiva) e em métodos de procura de caminhos de confiança (com por exemplo,
através de métodos de pesquisa em grafos), partindo de uma base individual, em
vez de se basear em sistemas habituais de reputação centralizados. Em particular, e ao
contrário de outros métodos de determinação do grau de confiança, os nossos métodos
são executados em tempo real
Recommended from our members
Trust Computational Models for Mobile Ad Hoc Networks. Recommendation Based Trustworthiness Evaluation using Multidimensional Metrics to Secure Routing Protocol in Mobile Ad Hoc Networks.
Distributed systems like e-commerce and e-market places, peer-to-peer networks, social networks, and mobile ad hoc networks require cooperation among the participating entities to guarantee the formation and sustained existence of network services. The reliability of interactions among anonymous entities is a significant issue in such environments. The distributed entities establish connections to interact with others, which may include selfish and misbehaving entities and result in bad experiences. Therefore, trustworthiness evaluation using trust management techniques has become a significant issue in securing these environments to allow entities decide on the reliability and trustworthiness of other entities, besides it helps coping with defection problems and stimulating entities to cooperate. Recent models on evaluating trustworthiness in distributed systems have heavily focused on assessing trustworthiness of entities and isolate misbehaviours based on single trust metrics. Less effort has been put on the investigation of the subjective nature and differences in the way trustworthiness is perceived to produce a composite multidimensional trust metrics to overcome the limitation of considering single trust metric. In the light of this context, this thesis concerns the evaluation of entities’ trustworthiness by the design and investigation of trust metrics that are computed using multiple properties of trust and considering environment.
Based on the concept of probabilistic theory of trust management technique, this thesis models trust systems and designs cooperation techniques to evaluate trustworthiness in mobile ad hoc networks (MANETs). A recommendation based trust model with multi-parameters filtering algorithm, and multidimensional metric based on social and QoS trust model are proposed to secure MANETs. Effectiveness of each of these models in evaluating trustworthiness and discovering misbehaving nodes prior to interactions, as well as their influence on the network performance has been investigated. The results of investigating both the trustworthiness evaluation and the network performance are promising.Ministry of Higher Education in Libya and the Libyan Cultural Attaché bureau in Londo