3,556 research outputs found
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
FairLedger: A Fair Blockchain Protocol for Financial Institutions
Financial institutions are currently looking into technologies for
permissioned blockchains. A major effort in this direction is Hyperledger, an
open source project hosted by the Linux Foundation and backed by a consortium
of over a hundred companies. A key component in permissioned blockchain
protocols is a byzantine fault tolerant (BFT) consensus engine that orders
transactions. However, currently available BFT solutions in Hyperledger (as
well as in the literature at large) are inadequate for financial settings; they
are not designed to ensure fairness or to tolerate selfish behavior that arises
when financial institutions strive to maximize their own profit.
We present FairLedger, a permissioned blockchain BFT protocol, which is fair,
designed to deal with rational behavior, and, no less important, easy to
understand and implement. The secret sauce of our protocol is a new
communication abstraction, called detectable all-to-all (DA2A), which allows us
to detect participants (byzantine or rational) that deviate from the protocol,
and punish them. We implement FairLedger in the Hyperledger open source
project, using Iroha framework, one of the biggest projects therein. To
evaluate FairLegder's performance, we also implement it in the PBFT framework
and compare the two protocols. Our results show that in failure-free scenarios
FairLedger achieves better throughput than both Iroha's implementation and PBFT
in wide-area settings
Strategies and challenges to facilitate situated learning in virtual worlds post-Second Life
Virtual worlds can establish a stimulating environment to support a situated learning approach in which students simulate a task within a safe environment. While in previous years Second Life played a major role in providing such a virtual environment, there are now more and more alternative—often OpenSim-based—solutions deployed within the educational community. By drawing parallels to social networks, we discuss two aspects: how to link individually hosted virtual worlds together in order to implement context for immersion and how to identify and avoid “fake” avatars so people behind these avatars can be held accountable for their actions
- …