228 research outputs found
Recommended from our members
TOWARDS RELIABLE CIRCUMVENTION OF INTERNET CENSORSHIP
The Internet plays a crucial role in today\u27s social and political movements by facilitating the free circulation of speech, information, and ideas; democracy and human rights throughout the world critically depend on preserving and bolstering the Internet\u27s openness. Consequently, repressive regimes, totalitarian governments, and corrupt corporations regulate, monitor, and restrict the access to the Internet, which is broadly known as Internet \emph{censorship}. Most countries are improving the internet infrastructures, as a result they can implement more advanced censoring techniques. Also with the advancements in the application of machine learning techniques for network traffic analysis have enabled the more sophisticated Internet censorship. In this thesis, We take a close look at the main pillars of internet censorship, we will introduce new defense and attacks in the internet censorship literature.
Internet censorship techniques investigate users’ communications and they can decide to interrupt a connection to prevent a user from communicating with a specific entity. Traffic analysis is one of the main techniques used to infer information from internet communications. One of the major challenges to traffic analysis mechanisms is scaling the techniques to today\u27s exploding volumes of network traffic, i.e., they impose high storage, communications, and computation overheads. We aim at addressing this scalability issue by introducing a new direction for traffic analysis, which we call \emph{compressive traffic analysis}. Moreover, we show that, unfortunately, traffic analysis attacks can be conducted on Anonymity systems with drastically higher accuracies than before by leveraging emerging learning mechanisms. We particularly design a system, called \deepcorr, that outperforms the state-of-the-art by significant margins in correlating network connections. \deepcorr leverages an advanced deep learning architecture to \emph{learn} a flow correlation function tailored to complex networks. Also to be able to analyze the weakness of such approaches we show that an adversary can defeat deep neural network based traffic analysis techniques by applying statistically undetectable \emph{adversarial perturbations} on the patterns of live network traffic.
We also design techniques to circumvent internet censorship. Decoy routing is an emerging approach for censorship circumvention in which circumvention is implemented with help from a number of volunteer Internet autonomous systems, called decoy ASes. We propose a new architecture for decoy routing that, by design, is significantly stronger to rerouting attacks compared to \emph{all} previous designs. Unlike previous designs, our new architecture operates decoy routers only on the downstream traffic of the censored users; therefore we call it \emph{downstream-only} decoy routing. As we demonstrate through Internet-scale BGP simulations, downstream-only decoy routing offers significantly stronger resistance to rerouting attacks, which is intuitively because a (censoring) ISP has much less control on the downstream BGP routes of its traffic. Then, we propose to use game theoretic approaches to model the arms races between the censors and the censorship circumvention tools. This will allow us to analyze the effect of different parameters or censoring behaviors on the performance of censorship circumvention tools. We apply our methods on two fundamental problems in internet censorship.
Finally, to bring our ideas to practice, we designed a new censorship circumvention tool called \name. \name aims at increasing the collateral damage of censorship by employing a ``mass\u27\u27 of normal Internet users, from both censored and uncensored areas, to serve as circumvention proxies
Conflict detection in software-defined networks
The SDN architecture facilitates the flexible deployment of network functions. While promoting innovation, this architecture induces yet a higher chance of conflicts compared to conventional networks. The detection of conflicts in SDN is the focus of this work.
Restrictions of the formal analytical approach drive our choice of an experimental approach, in which we determine a parameter space and a methodology to perform experiments. We have created a dataset covering a number of situations occurring in SDN. The investigation of the dataset yields a conflict taxonomy composed of various classes organized in three broad types: local, distributed and hidden conflicts. Interestingly, hidden conflicts caused by side-effects of control applications‘ behaviour are completely new.
We introduce the new concept of multi-property set, and the ·r (“dot r”) operator for the effective comparison of SDN rules. With these capable means, we present algorithms to detect conflicts and develop a conflict detection prototype. The evaluation of the prototype justifies the correctness and the realizability of our proposed concepts and methodologies for classifying as well as for detecting conflicts.
Altogether, our work establishes a foundation for further conflict handling efforts in SDN, e.g., conflict resolution and avoidance. In addition, we point out challenges to be explored.
Cuong Tran won the DAAD scholarship for his doctoral research at the Munich Network Management Team, Ludwig-Maximilians-Universität München, and achieved the degree in 2022. He loves to do research on policy conflicts in networked systems, IP multicast and alternatives, network security, and virtualized systems. Besides, teaching and sharing are also among his interests
TORKAMELEON. IMPROVING TOR’S CENSORSHIP RESISTANCE WITH K-ANONYMIZATION MEDIA MORPHING COVERT INPUT CHANNELS
Anonymity networks such as Tor and other related tools are powerful means of increas-
ing the anonymity and privacy of Internet users’ communications. Tor is currently the
most widely used solution by whistleblowers to disclose confidential information and
denounce censorship measures, including violations of civil rights, freedom of expres-
sion, or guarantees of free access to information. However, recent research studies have
shown that Tor is vulnerable to so-called powerful correlation attacks carried out by
global adversaries or collaborative Internet censorship parties. In the Tor ”arms race”
scenario, we can see that as new censorship, surveillance, and deep correlation tools have
been researched, new, improved solutions for preserving anonymity have also emerged.
In recent research proposals, unobservable encapsulation of IP packets in covert media
channels is one of the most promising defenses against such threat models. They leverage
WebRTC-based covert channels as a robust and practical approach against powerful traf-
fic correlation analysis. At the same time, these solutions are difficult to combat through
the traffic-blocking measures commonly used by censorship authorities.
In this dissertation, we propose TorKameleon, a censorship evasion solution de-
signed to protect Tor users with increased censorship resistance against powerful traffic
correlation attacks executed by global adversaries. The system is based on flexible K-
anonymization input circuits that can support TLS tunneling and WebRTC-based covert
channels before forwarding users’ original input traffic to the Tor network. Our goal
is to protect users from machine and deep learning correlation attacks between incom-
ing user traffic and observed traffic at different Tor network relays, such as middle and
egress relays. TorKameleon is the first system to implement a Tor pluggable transport
based on parameterizable TLS tunneling and WebRTC-based covert channels. We have
implemented the TorKameleon prototype and performed extensive validations to ob-
serve the correctness and experimental performance of the proposed solution in the Tor
environment. With these evaluations, we analyze the necessary tradeoffs between the
performance of the standard Tor network and the achieved effectiveness and performance
of TorKameleon, capable of preserving the required unobservability properties.Redes de anonimização como o Tor e soluções ou ferramentas semelhantes são meios
poderosos de aumentar a anonimidade e a privacidade das comunicações de utilizadores
da Internet . O Tor é atualmente a rede de anonimato mais utilizada por delatores para
divulgar informações confidenciais e denunciar medidas de censura tais como violações
de direitos civis e da liberdade de expressão, ou falhas nas garantias de livre acesso à
informação. No entanto, estudos recentes mostram que o Tor é vulnerável a adversários
globais ou a entidades que colaboram entre si para garantir a censura online. Neste
cenário competitivo e de jogo do “gato e do rato”, é possível verificar que à medida que
novas soluções de censura e vigilância são investigadas, novos sistemas melhorados para
a preservação de anonimato são também apresentados e refinados. O encapsulamento de
pacotes IP em túneis encapsulados em protocolos de media são uma das mais promissoras
soluções contra os novos modelos de ataque à anonimidade. Estas soluções alavancam
canais encobertos em protocolos de media baseados em WebRTC para resistir a poderosos
ataques de correlação de tráfego e a medidas de bloqueios normalmente usadas pelos
censores.
Nesta dissertação propomos o TorKameleon, uma solução desenhada para protoger
os utilizadores da rede Tor contra os mais recentes ataques de correlação feitos por um
modelo de adversário global. O sistema é baseado em estratégias de anonimização e
reencaminhamento do tráfego do utilizador através de K nós, utilizando também encap-
sulamento do tráfego em canais encobertos em túneis TLS ou WebRTC. O nosso objetivo
é proteger os utilizadores da rede Tor de ataques de correlação implementados através
de modelos de aprendizagem automática feitos entre o tráfego do utilizador que entra
na rede Tor e esse mesmo tráfego noutro segmento da rede, como por exemplo nos nós
de saída da rede. O TorKameleon é o primeiro sistema a implementar um Tor pluggable
transport parametrizável, baseado em túneis TLS ou em canais encobertos em protocolos
media. Implementamos um protótipo do sistema e realizamos uma extensa avalição expe-
rimental, inserindo a solução no ambiente da rede Tor. Com base nestas avaliações, anali-
zamos o tradeoff necessário entre a performance da rede Tor e a eficácia e a performance
obtida do TorKameleon, que garante as propriedades de preservação de anonimato
INTER-ENG 2020
These proceedings contain research papers that were accepted for presentation at the 14th International Conference Inter-Eng 2020 ,Interdisciplinarity in Engineering, which was held on 8–9 October 2020, in Târgu Mureș, Romania. It is a leading international professional and scientific forum for engineers and scientists to present research works, contributions, and recent developments, as well as current practices in engineering, which is falling into a tradition of important scientific events occurring at Faculty of Engineering and Information Technology in the George Emil Palade University of Medicine, Pharmacy Science, and Technology of Târgu Mures, Romania. The Inter-Eng conference started from the observation that in the 21st century, the era of high technology, without new approaches in research, we cannot speak of a harmonious society. The theme of the conference, proposing a new approach related to Industry 4.0, was the development of a new generation of smart factories based on the manufacturing and assembly process digitalization, related to advanced manufacturing technology, lean manufacturing, sustainable manufacturing, additive manufacturing, and manufacturing tools and equipment. The conference slogan was “Europe’s future is digital: a broad vision of the Industry 4.0 concept beyond direct manufacturing in the company”
Understanding and Advancing the Status Quo of DDoS Defense
Two decades after the first distributed denial-of-service (DDoS) attack, the Internet remains challenged by DDoS attacks as they evolve. Not only is the scale of attacks larger than ever, but they are also harder to detect and mitigate. Nevertheless, the Internet's fundamental design, based on which machines are free to send traffic to any other machines, remains the same. This thesis reinvestigates the prior DDoS defense solutions to find less studied but critical issues in existing defense solutions. It proposes solutions to improve the input, design, and evaluation of DDoS defense. Specifically, we show why DDoS defense systems need a better view of the Internet's traffic at the autonomous system (AS) level. We use a novel attack to expose the inefficiencies in the existing defense systems. Finally, we reason why a defense solution needs a sound empirical evaluation and provide a framework that mimics real-world networks to facilitate DDoS defense evaluation.
This dissertation includes published and unpublished co-authored materials
Applied Methuerstic computing
For decades, Applied Metaheuristic Computing (AMC) has been a prevailing optimization technique for tackling perplexing engineering and business problems, such as scheduling, routing, ordering, bin packing, assignment, facility layout planning, among others. This is partly because the classic exact methods are constrained with prior assumptions, and partly due to the heuristics being problem-dependent and lacking generalization. AMC, on the contrary, guides the course of low-level heuristics to search beyond the local optimality, which impairs the capability of traditional computation methods. This topic series has collected quality papers proposing cutting-edge methodology and innovative applications which drive the advances of AMC
Knowledge Networks. From centralized To decentralized
Organization (of the book) : Networks. Knowledge. Pleasure
Recent Advances in Indoor Localization Systems and Technologies
Despite the enormous technical progress seen in the past few years, the maturity of indoor localization technologies has not yet reached the level of GNSS solutions. The 23 selected papers in this book present the recent advances and new developments in indoor localization systems and technologies, propose novel or improved methods with increased performance, provide insight into various aspects of quality control, and also introduce some unorthodox positioning methods
Applied Metaheuristic Computing
For decades, Applied Metaheuristic Computing (AMC) has been a prevailing optimization technique for tackling perplexing engineering and business problems, such as scheduling, routing, ordering, bin packing, assignment, facility layout planning, among others. This is partly because the classic exact methods are constrained with prior assumptions, and partly due to the heuristics being problem-dependent and lacking generalization. AMC, on the contrary, guides the course of low-level heuristics to search beyond the local optimality, which impairs the capability of traditional computation methods. This topic series has collected quality papers proposing cutting-edge methodology and innovative applications which drive the advances of AMC
Using honeypots to trace back amplification DDoS attacks
In today’s interconnected world, Denial-of-Service attacks can cause great harm by simply rendering a target system or service inaccessible. Amongst the most powerful and widespread DoS attacks are amplification attacks, in which thousands of vulnerable servers are tricked into reflecting and amplifying attack traffic. However, as these attacks inherently rely on IP spoofing, the true attack source is hidden. Consequently, going after the offenders behind these attacks has so far been deemed impractical. This thesis presents a line of work that enables practical attack traceback supported by honeypot reflectors. To this end, we investigate the tradeoffs between applicability, required a priori knowledge, and traceback granularity in three settings. First, we show how spoofed attack packets and non-spoofed scan packets can be linked using honeypot-induced fingerprints, which allows attributing attacks launched from the same infrastructures as scans. Second, we present a classifier-based approach to trace back attacks launched from booter services after collecting ground-truth data through self-attacks. Third, we propose to use BGP poisoning to locate the attacking network without prior knowledge and even when attack and scan infrastructures are disjoint. Finally, as all of our approaches rely on honeypot reflectors, we introduce an automated end-to-end pipeline to systematically find amplification vulnerabilities and synthesize corresponding honeypots.In der heutigen vernetzten Welt können Denial-of-Service-Angriffe große Schäden verursachen, einfach indem sie ihr Zielsystem unerreichbar machen. Zu den stärksten und verbreitetsten DoS-Angriffen zählen Amplification-Angriffe, bei denen tausende verwundbarer Server missbraucht werden, um Angriffsverkehr zu reflektieren und zu verstärken. Da solche Angriffe jedoch zwingend gefälschte IP-Absenderadressen nutzen, ist die wahre Angriffsquelle verdeckt. Damit gilt die Verfolgung der Täter bislang als unpraktikabel. Diese Dissertation präsentiert eine Reihe von Arbeiten, die praktikable Angriffsrückverfolgung durch den Einsatz von Honeypots ermöglicht. Dazu untersuchen wir das Spannungsfeld zwischen Anwendbarkeit, benötigtem Vorwissen, und Rückverfolgungsgranularität in drei Szenarien. Zuerst zeigen wir, wie gefälschte Angriffs- und ungefälschte Scan-Datenpakete miteinander verknüpft werden können. Dies ermöglicht uns die Rückverfolgung von Angriffen, die ebenfalls von Scan-Infrastrukturen aus durchgeführt wurden. Zweitens präsentieren wir einen Klassifikator-basierten Ansatz um Angriffe durch Booter-Services mittels vorher durch Selbstangriffe gesammelter Daten zurückzuverfolgen. Drittens zeigen wir auf, wie BGP Poisoning genutzt werden kann, um ohne weiteres Vorwissen das angreifende Netzwerk zu ermitteln. Schließlich präsentieren wir einen automatisierten Prozess, um systematisch Schwachstellen zu finden und entsprechende Honeypots zu synthetisieren
- …