Systemization of Pluggable Transports for Censorship Resistance

An increasing number of countries implement Internet censorship at different scales and for a variety of reasons. In particular, the link between the censored client and entry point to the uncensored network is a frequent target of censorship due to the ease with which a nation-state censor can control it. A number of censorship resistance systems have been developed thus far to help circumvent blocking on this link, which we refer to as link circumvention systems (LCs). The variety and profusion of attack vectors available to a censor has led to an arms race, leading to a dramatic speed of evolution of LCs. Despite their inherent complexity and the breadth of work in this area, there is no systematic way to evaluate link circumvention systems and compare them against each other. In this paper, we (i) sketch an attack model to comprehensively explore a censor's capabilities, (ii) present an abstract model of a LC, a system that helps a censored client communicate with a server over the Internet while resisting censorship, (iii) describe an evaluation stack that underscores a layered approach to evaluate LCs, and (iv) systemize and evaluate existing censorship resistance systems that provide link circumvention. We highlight open challenges in the evaluation and development of LCs and discuss possible mitigations.Comment: Content from this paper was published in Proceedings on Privacy Enhancing Technologies (PoPETS), Volume 2016, Issue 4 (July 2016) as "SoK: Making Sense of Censorship Resistance Systems" by Sheharbano Khattak, Tariq Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch and Ian Goldberg (DOI 10.1515/popets-2016-0028

DEMO: integrating MPC in big data workflows

Secure multi-party computation (MPC) allows multiple parties to perform a joint computation without disclosing their private inputs. Many real-world joint computation use cases, however, involve data analyses on very large data sets, and are implemented by software engineers who lack MPC knowledge. Moreover, the collaborating parties -- e.g., several companies -- often deploy different data analytics stacks internally. These restrictions hamper the real-world usability of MPC. To address these challenges, we combine existing MPC frameworks with data-parallel analytics frameworks by extending the Musketeer big data workflow manager [4]. Musketeer automatically generates code for both the sensitive parts of a workflow, which are executed in MPC, and the remainder of the computation, which runs on scalable, widely-deployed analytics systems. In a prototype use case, we compute the Herfindahl-Hirschman Index (HHI), an index of market concentration used in antitrust regulation, on an aggregate 156GB of taxi trip data over five transportation companies. Our implementation computes the HHI in about 20 minutes using a combination of Hadoop and VIFF [1], while even "mixed mode" MPC with VIFF alone would have taken many hours. Finally, we discuss future research questions that we seek to address using our approach

Evaluation of resistive-plate-chamber-based TOF-PET applied to in-beam particle therapy monitoring

Particle therapy is a highly conformal radiotherapy technique which reduces the dose deposited to the surrounding normal tissues. In order to fully exploit its advantages, treatment monitoring is necessary to minimize uncertainties related to the dose delivery. Up to now, the only clinically feasible technique for the monitoring of therapeutic irradiation with particle beams is Positron Emission Tomography (PET). In this work we have compared a Resistive Plate Chamber (RPC)-based PET scanner with a scintillation-crystal-based PET scanner for this application. In general, the main advantages of the RPC-PET system are its excellent timing resolution, low cost, and the possibility of building large area systems. We simulated a partial-ring scannerbeam monitoring, which has an intrinsically low positron yield compared to diagnostic PET. In addition, for in-beam PET there is a further data loss due to the partial ring configuration. In order to improve the performance of the RPC-based scanner, an improved version of the RPC detector (modifying the thickness of the gas and glass layers), providing a larger sensitivity, has been simulated and compared with an axially extended version of the crystal-based device. The improved version of the RPC shows better performance than the prototype, but the extended version of the crystal-based PET outperforms all other options. based on an RPC prototype under construction within the Fondazione per Adroterapia Oncologica (TERA). For comparison with the crystal-based PET scanner we have chosen the geometry of a commercially available PET scanner, the Philips Gemini TF. The coincidence time resolution used in the simulations takes into account the current achievable values as well as expected improvements of both technologies. Several scenarios (including patient data) have been simulated to evaluate the performance of different scanners. Initial results have shown that the low sensitivity of the RPC hampers its application to hadro

De-ossifying the Internet Transport Layer : A Survey and Future Perspectives

ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.Peer reviewedPublisher PD

Linux XIA: an interoperable meta network architecture to crowdsource the future Internet

With the growing number of proposed clean-slate redesigns of the Internet, the need for a medium that enables all stakeholders to participate in the realization, evaluation, and selection of these designs is increasing. We believe that the missing catalyst is a meta network architecture that welcomes most, if not all, clean-state designs on a level playing field, lowers deployment barriers, and leaves the final evaluation to the broader community. This paper presents Linux XIA, a native implementation of XIA [12] in the Linux kernel, as a candidate. We first describe Linux XIA in terms of its architectural realizations and algorithmic contributions. We then demonstrate how to port several distinct and unrelated network architectures onto Linux XIA. Finally, we provide a hybrid evaluation of Linux XIA at three levels of abstraction in terms of its ability to: evolve and foster interoperation of new architectures, embed disparate architectures inside the implementation’s framework, and maintain a comparable forwarding performance to that of the legacy TCP/IP implementation. Given this evaluation, we substantiate a previously unsupported claim of XIA: that it readily supports and enables network evolution, collaboration, and interoperability—traits we view as central to the success of any future Internet architecture.This research was supported by the National Science Foundation under awards CNS-1040800, CNS-1345307 and CNS-1347525