A Privacy Evaluation of Nyx

For this project, I will be analyzing the privacy leakage in a certain DDoS mitigation system. Nyx has been shown both in simulation and over live internet traffic to mitigate the effects of DDoS without any cooperation from downstream ASes and without any modifications to current routing protocols. However it does this through BPG-poisoning, which can unintentionally advertise information. This project explores what the traffic from Nyx looks like and what information can be gathered from it. Specifically, Nyx works by defining a deployer/critical relationship whose traffic is moved to maintain even under DDoS circumstances, and I will be evaluating how often that relationship can be discovered. This project will analyze the privacy leakage in the Nyx DDoS mitigation system. Nyx\u27s effectiveness in rerouting critical traffic around congestion has been demonstrated both in simulation and in practice. Importantly, Nyx functions without cooperation from downstream ASes or modifications to current routing protocols. However, Nyx achieves routing based DDoS mitigation through BGP poisoning, which can unintentionally advertise information. This project will analyze Nyx\u27s BPG advertisements to evaluate its privacy implications. Specifically, this work studies whether an adversary can determine the critical relationship that the AS deploying Nyx has defined. We find that in the authors initial naive approach, finding this relationship is essentially trivial and an adversary can narrow down the critical relationship to a maximum of 4 out of 9,767 autonomous systems in the active internet topology. In their more complex approach found in we find that the critical relationship is more difficult to determine with significant accuracy, with our anonymity sets ranging from 3 to 7,788. This project then explores why that range is so large in an attempt to highlight how Nyx could become more privacy focused

ROVER: a DNS-based method to detect and prevent IP hijacks

2013 Fall.Includes bibliographical references.The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 16 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in February 2012, and an event that partially crippled Google in November 2012. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the Internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic. In this dissertation we propose ROVER (Route Origin VERification System), a novel and practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER exploits the reverse DNS for storing route origin data and provides a fail-safe, best effort approach to authentication. This approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. Our thesis is that ROVER systems can be deployed by a small number of institutions in an incremental fashion and still effectively thwart origin and sub-prefix IP hijacking despite non-participation by the majority of Autonomous System owners. We then present research results supporting this statement. We evaluate the effectiveness of ROVER using simulations on an Internet scale topology as well as with tests on real operational systems. Analyses include a study of IP hijack propagation patterns, effectiveness of various deployment models, critical mass requirements, and an examination of ROVER resilience and scalability

Development of a Graduate Course on the Transition to Internet Protocol Version 6

Internet and mobile connectivity has grown tremendously in the last few decades, creating an ever increasing demand for Internet Protocol (IP) addresses. The pool of Internet Protocol version 4 (IPv4) addresses, once assumed to be more than sufficient for every person on this planet, has reached its final stages of depletion. With The Internet Assigned Numbers Authority’s (IANA) global pools depleted, and four of the five Regional Internet Registries (RIR) pools down to the their last /8 block, the remaining addresses will not last very long. In order to ensure continuous growth of the internet in the foreseeable future, we would need a newer internet protocol, with a much larger address space. Specifically, with that goal in mind the Internet Protocol version 6 (IPv6) was designed about two decades ago. Over the years it has matured, and has proven that it could eventually replace the existing IPv4. This thesis presents the development a graduate level course on the transition to IPv6. The course makes an attempt at understanding how the new IPv6 protocol is different than the currently used IPv4 protocol. And also tries to emphasize on the options existing to facilitate a smooth transition of production networks from IPv4 to IPv6

Modelling and Design of Resilient Networks under Challenges

Communication networks, in particular the Internet, face a variety of challenges that can disrupt our daily lives resulting in the loss of human lives and significant financial costs in the worst cases. We define challenges as external events that trigger faults that eventually result in service failures. Understanding these challenges accordingly is essential for improvement of the current networks and for designing Future Internet architectures. This dissertation presents a taxonomy of challenges that can help evaluate design choices for the current and Future Internet. Graph models to analyse critical infrastructures are examined and a multilevel graph model is developed to study interdependencies between different networks. Furthermore, graph-theoretic heuristic optimisation algorithms are developed. These heuristic algorithms add links to increase the resilience of networks in the least costly manner and they are computationally less expensive than an exhaustive search algorithm. The performance of networks under random failures, targeted attacks, and correlated area-based challenges are evaluated by the challenge simulation module that we developed. The GpENI Future Internet testbed is used to conduct experiments to evaluate the performance of the heuristic algorithms developed

Flexible network management in software defined wireless sensor networks for monitoring application systems

Wireless Sensor Networks (WSNs) are the commonly applied information technologies of modern networking and computing platforms for application-specific systems. Today’s network computing applications are faced with high demand of reliable and powerful network functionalities. Hence, efficient network performance is central to the entire ecosystem, more especially where human life is a concern. However, effective management of WSNs remains a challenge due to problems supplemental to them. As a result, WSNs application systems such as in monitored environments, surveillance, aeronautics, medicine, processing and control, tend to suffer in terms of capacity to support compute intensive services due to limitations experienced on them. A recent technology shift proposes Software Defined Networking (SDN) for improving computing networks as well as enhancing network resource management, especially for life guarding systems. As an optimization strategy, a software-oriented approach for WSNs, known as Software Defined Wireless Sensor Network (SDWSN) is implemented to evolve, enhance and provide computing capacity to these resource constrained technologies. Software developmental strategies are applied with the focus to ensure efficient network management, introduce network flexibility and advance network innovation towards the maximum operation potential for WSNs application systems. The need to develop WSNs application systems which are powerful and scalable has grown tremendously due to their simplicity in implementation and application. Their nature of design serves as a potential direction for the much anticipated and resource abundant IoT networks. Information systems such as data analytics, shared computing resources, control systems, big data support, visualizations, system audits, artificial intelligence (AI), etc. are a necessity to everyday life of consumers. Such systems can greatly benefit from the SDN programmability strategy, in terms of improving how data is mined, analysed and committed to other parts of the system for greater functionality. This work proposes and implements SDN strategies for enhancing WSNs application systems especially for life critical systems. It also highlights implementation considerations for designing powerful WSNs application systems by focusing on system critical aspects that should not be disregarded when planning to improve core network functionalities. Due to their inherent challenges, WSN application systems lack robustness, reliability and scalability to support high computing demands. Anticipated systems must have greater capabilities to ubiquitously support many applications with flexible resources that can be easily accessed. To achieve this, such systems must incorporate powerful strategies for efficient data aggregation, query computations, communication and information presentation. The notion of applying machine learning methods to WSN systems is fairly new, though carries the potential to enhance WSN application technologies. This technological direction seeks to bring intelligent functionalities to WSN systems given the characteristics of wireless sensor nodes in terms of cooperative data transmission. With these technological aspects, a technical study is therefore conducted with a focus on WSN application systems as to how SDN strategies coupled with machine learning methods, can contribute with viable solutions on monitoring application systems to support and provide various applications and services with greater performance. To realize this, this work further proposes and implements machine learning (ML) methods coupled with SDN strategies to; enhance sensor data aggregation, introduce network flexibility, improve resource management, query processing and sensor information presentation. Hence, this work directly contributes to SDWSN strategies for monitoring application systems.Thesis (PhD)--University of Pretoria, 2018.National Research Foundation (NRF)Telkom Centre of ExcellenceElectrical, Electronic and Computer EngineeringPhDUnrestricte

Thermosensitive chitosan-based hydrogels for extrusion-based bioprinting and injectable scaffold for articular tissue engineering

La bio-impression est une forme avancée de fabrication additive qui permet de créer des structures 3D vivantes (contenant des cellules) et de créer des modèles 3D de tissus ou, à plus long terme, des tissus implantables pour remplacer les tissus ou organes malades ou endommagés. La bio-impression connaît une croissance rapide mais doit faire face à plusieurs défis. L'un d'entre eux consiste à trouver des matériaux extrudables contenant des cellules (appelée bioencres) qui combinent toutes les propriétés requises. Les hydrogels de chitosan thermosensibles qui forment des solutions à température ambiante mais gélifient rapidement à la température du corps sont d’intéressants candidats comme bioencre mais à ce jour il n'y a pas encore eu de résultats convaincants démontrant leur potentiel. De plus, les méthodes rhéologiques permettant de prédire leur imprimabilité font toujours défaut. L'objectif général de ce doctorat était d'étudier et optimiser les hydrogels thermosensibles à base de chitosan fabriqué avec un mélange de deux bases faibles, (bêta-glycérophosphate et hydrogénocarbonate de sodium) pour la bio-impression par extrusion, notamment pour l'ingénierie des tissus articulaires. Nous avons tout d’abord développé une approche rhéologique pour évaluer leur potentiel en tant que bioencres. Les cinétiques de gélification à température ambiante et du corps ont été caractérisées. Puis les essais de viscosité et de récupération ont été adaptés pour prendre en compte l’absence de stabilité des gels. La fidélité de forme et les propriétés mécaniques des structures imprimées ont également été caractérisées en fonction du taux de cisaillement appliqué et les résultats corrélés avec les données rhéologiques. Nous avons démontré qu'il était possible d'imprimer une structure avec une fidélité et une maniabilité adéquate; cependant, une concentration élevée de chitosan (3%p/v) est nécessaire, ce qui entraîne un taux de mortalité élevé des cellules, tandis que réduire la concentration à 2%p/v entraîne une très mauvaise fidélité de la forme. Nous avons surmonté ces limites en utilisant une approche basée sur la bio-impression FRESH (Freeform reversible embedding of suspended hydrogel). Un bain de support chaud a été conçu afin de soutenir les structures bioprintées et d'améliorer la thermoréticulation du chitosan pendant l'impression. Cette approche augmente drastiquement la fidélité et les propriétés mécaniques des structures imprimées avec une concentration de chitosane (2% p/v) adaptée à l'encapsulation de cellules. ii Enfin, nous avons étudié l'impact du chargement de particules de bioverre osteoconducteurs dans ces hydrogels thermosensibles, en vue de leur utilisation pour la fabrication de tissus osseux minéralisés. Les propriétés mécaniques et la cytocompatibilité in vitro étant affectées de manière négative par l'ajout de bioglass, notre stratégie a consisté à concentrer le bioverre sous forme de microbilles, puis incorporer ces microbilles dans l'hydrogel à base de chitosan chargé de cellules. Cette nouvelle stratégie a permis d'améliorer considérablement les propriétés mécaniques et la viabilité des cellules. Cet hydrogel bioactif hybride n’est pas utilisable comme bioencre, mais il est injectable et pourrait être utilisé comme matrice injectable pour la régénération de défauts osseux. Cependant, il reste encore beaucoup d’optimisation à faire pour la bio-impression de tissus de gradient complexes.Bioprinting is an advanced method that enables to engineer living 3D structures mimicking the tissue complexity found in-vivo. It allows to create 3D tissues to study drugs/biological mechanisms, also, in longer-term, implantable tissue to replace diseased/damaged body tissues/organs. Bioprinting is growing rapidly but faces several challenges. One of them is to find ideal bioinks which combine all the required properties. Hydrogels are generally used since cells require an aqueous environment. But it is very challenging to stack hydrogels into a 3D structure because hydrogels are weak by nature and cannot support the structure without collapsing. Among the potential candidates are thermosensitive chitosan hydrogels which form solutions at room temperature but rapidly gel at body temperature. However, their potential in bioprinting has not been yet studied. Moreover, comprehensive rheological methods to predict their printability are still missing. The general objective of this Ph.D. was to study and optimize the thermosensitive chitosan-based hydrogels for extrusion-based bioprinting and injectable scaffold for articular tissue engineering. The first objective was to develop a rheological approach to study printability of these time- and temperature-dependent hydrogels and assess their potential as bioinks. Chitosan-based physical hydrogels prepared by combining chitosan acidic solution with weak bases like beta-glycerophosphate and sodium-hydrogen-carbonate were studied. Gelation kinetics, shear-thinning viscosity as a function of shear rate corresponding to that applied during printing, and recovery tests were performed. The resolution and mechanical properties were characterized as a function of applied shear rate and results were correlated with rheological data. This work allowed us to determine the best chitosan hydrogel formulation for 3Dprinting and compare it with conventionally used bioink, alginate/gelatin. This methodology can also be useful for other temperature- and time-dependent materials. We demonstrated that printing structures with adequate fidelity and handability using chitosan-based hydrogels was feasible; however, a high concentration (3%w/v) was required, leading to high mortality rate of encapsulated cells. Decreasing chitosan concentration resulted in poor shape fidelity. The second objective was therefore to develop a method using Freeform reversible embedding of suspended hydrogel (FRESH) bioprinting to overcome these limitations. A warm support bath was designed to support chitosan-based bioprinted structures and enhance chitosan thermo-crosslinking during printing. This approach iv drastically increases the fidelity and mechanical properties of structures printed with low concentration chitosan (2%w/v) suitable for cell encapsulation. Lastly, we studied the impact of loading bioglass particles into such thermosensitive hydrogels for potential bone-mineralized tissue repair, which could promote bone ingrowth through osteoconductivity. The mechanical properties and in-vitro cytocompatibility are affected adversely by bioglass addition. A new strategy was implemented to encapsulate bioglass within chitosan-based microbeads, then incorporate these microbeads in the cell-laden chitosan-based hydrogel. This strategy improved mechanical properties and cell viability. This hybrid hydrogel could be used to form an injectable cell-loaded scaffold. The bioactive microbeads were freezable, increasing their potential for clinical applications. We demonstrated the potential of the thermosensitive chitosan-based hydrogels for bioprinting, especially with the FRESH approach. This opens interesting avenues toward tissue engineering. However, much works still remain to be done before bioprinting complex gradient tissues

CC*IIE Networking Infrastructure - NSF Award #1440646 Project Description

CC*IIE Networking Infrastructure: Accelerating science, translational research, and collaboration at the University of Pittsburgh through the implementation of network upgrades

Security Implications of Insecure DNS Usage in the Internet

The Domain Name System (DNS) provides domain-to-address lookup-services used by almost all internet applications. Because of this ubiquitous use of the DNS, attacks against the DNS have become more and more critical. However, in the past, studies of DNS security have been mostly conducted against individual protocols and applications. In this thesis, we perform the first comprehensive evaluation of DNS-based attacks against a wide range of internet applications, ranging from time-synchronisation via NTP over internet resource management to security mechanisms. We show how to attack those applications by exploiting various weaknesses in the DNS. These attacks are based on both, already known weaknesses which are adapted to new attacks, as well as previously unknown attack vectors which have been found during the course of this thesis. We evaluate our attacks and provide the first taxonomy of DNS applications, to show how adversaries can systematically develop attacks exploiting the DNS. We analyze the attack surface created by our attacks in the internet and find that a significant number of applications and systems can be attacked. We work together with the developers of the vulnerable applications to develop patches and general countermeasures which can be applied by various parties to block our attacks. We also provide conceptual insights into the root causes allowing our attacks to help with the development of new applications and standards. The findings of this thesis are published in in 4 full-paper publications and 2 posters at international academic conferences. Additionally, we disclose our finding to developers which has lead to the registration of 8 Common Vulnerabilities and Exposures identifiers (CVE IDs) and patches in 10 software implementations. To raise awareness, we also presented our findings at several community meetings and via invited articles