25 research outputs found
Real-time cross-layer design for large-scale flood detection and attack trace-back mechanism in IEEE 802.11 wireless mesh networks
IEEE 802.11 WMN is an emerging next generation low-cost multi-hop wireless broadband provisioning technology. It has the capability of integrating wired and wireless networks such as LANs, IEEE 802.11 WLANs, IEEE 802.16 WMANs, and sensor networks. This kind of integration: large-scale coverage, decentralised and multi-hop architecture, multi-radios, multi-channel assignments, ad hoc connectivity support the maximum freedom of users to join or leave the network from anywhere and at anytime has made the situation far more complex. As a result broadband resources are exposed to various kinds of security attacks, particularly DoS attacks
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Distributed Storage with Strong Data Integrity based on Blockchain Mechanisms
Master's thesis in Computer scienceA blockchain is a datastructure that is an append-only chain of blocks. Each
block contains a set of transaction and has a cryptographic link back to
its predecessor. The cryptographic link serves to protect the integrity of
the blockchain. A key property of blockchain systems is that it allows mu-
tually distrusting entities to reach consensus over a unique order in which
transactions are appended. The most common usage of blockchains is in
cryptocurrencies such as Bitcoin.
In this thesis we use blockchain technology to design a scalable architec-
ture for a storage system that can provide strong data integrity and ensure the
permanent availability of the data. We study recent literature in blockchain
and cryptography to identify the desired characteristics of such a system. In
comparison to similar systems, we are able to gain increased performance by
designing ours around a permissioned blockchain, allowing only a predefined
set of nodes to write to the ledger. A prototype of the system is built on top
of existing open-source software. An experimental evaluation using different
quorum sizes of the prototype is also presented
ZeroComm: Decentralized, Secure and Trustful Group Communication
In the context of computer networks, decentralization is a network architecture that distributes
both workload and control of a system among a set of coequal participants. Applications based
on such networks enhance trust involved in communication by eliminating the external author-
ities with self-interests, including governments and tech companies. The decentralized model
delegates the ownership of data to individual users and thus mitigates undesirable behaviours
such as harvesting personal information by external organizations. Consequently, decentral-
ization has been adopted as the key feature in the next generation of the Internet model which
is known as Web 3.0. DIDComm is a set of abstract protocols which enables secure messaging
with decentralization and thus serves for the realization of Web 3.0 networks. It standardizes
and transforms existing network applications to enforce secure, trustful and decentralized com-
munication. Prior work on DIDComm has only been restricted to pair-wise communication and
hence it necessitates a feasible strategy for adapting the Web 3.0 concepts in group-oriented
networks.
Inspired by the demand for a group communication model in Web 3.0, this study presents Zero-
Comm which preserves decentralization, security and trust throughout the fundamental opera-
tions of a group such as messaging and membership management. ZeroComm is built atop the
publisher-subscriber pattern which serves as a messaging architecture for enabling communi-
cation among multiple members based on the subjects of their interests. This is realized in our
implementation through ZeroMQ, a low-level network library that facilitates the construction
of advanced and distributed messaging patterns. The proposed solution leverages DIDComm
protocols to deliver safe communication among group members at the expense of performance
and efficiency. ZeroComm offers two different modes of group communication based on the
organization of relationships among members with a compromise between performance and
security. Our quantitative analysis shows that the proposed model performs efficiently for the
messaging operation whereas joining a group is a relatively exhaustive procedure due to the es-
tablishment of secure and decentralized relationships among members. ZeroComm primarily
serves as a low-level messaging framework but can be extended with advanced features such
as message ordering, crash recovery of members and secure routing of messages
Recommended from our members
Economic issues in distributed computing
textOn the Internet, one of the essential characteristics of electronic commerce is the integration of large-scale computer networks and business practices. Commercial servers are connected through open and complex communication technologies, and online consumers access the services with virtually unpredictable behavior. Both of them as well as the e-Commerce infrastructure are vulnerable to cyber attacks. Among the various network security problems, the Distributed Denial-of-Service (DDoS) attack is a unique example to illustrate the risk of commercial network applications. Using a massive junk traffic, literally anyone on the Internet can launch a DDoS attack to flood and shutdown an eCommerce website. Cooperative technological solutions for Distributed Denial-of-Service (DDoS) attacks are already available, yet organizations in the best position to implement them lack incentive to do so, and the victims of DDoS attacks cannot find effective methods to motivate the organizations. Chapter 1 discusses two components of the technological solutions to DDoS attacks: cooperative filtering and cooperative traffic smoothing by caching, and then analyzes the broken incentive chain in each of these technological solutions. As a remedy, I propose usage-based pricing and Capacity Provision Networks, which enable victims to disseminate enough incentive along attack paths to stimulate cooperation against DDoS attacks. Chapter 2 addresses possible Distributed Denial-of-Service (DDoS) attacks toward the wireless Internet including the Wireless Extended Internet, the Wireless Portal Network, and the Wireless Ad Hoc network. I propose a conceptual model for defending against DDoS attacks on the wireless Internet, which incorporates both cooperative technological solutions and economic incentive mechanisms built on usage-based fees. Cost-effectiveness is also addressed through an illustrative implementation scheme using Policy Based Networking (PBN). By investigating both technological and economic difficulties in defense of DDoS attacks which have plagued the wired Internet, our aim here is to foster further development of wireless Internet infrastructure as a more secure and efficient platform for mobile commerce. To avoid centralized resources and performance bottlenecks, online peer-to-peer communities and online social network have become increasingly popular. In particular, the recent boost of online peer-to-peer communities has led to exponential growth in sharing of user-contributed content which has brought profound changes to business and economic practices. Understanding the dynamics and sustainability of such peer-to-peer communities has important implications for business managers. In Chapter 3, I explore the structure of online sharing communities from a dynamic process perspective. I build an evolutionary game model to capture the dynamics of online peer-to-peer communities. Using online music sharing data collected from one of the IRC Channels for over five years, I empirically investigate the model which underlies the dynamics of the music sharing community. Our empirical results show strong support for the evolutionary process of the community. I find that the two major parties in the community, namely sharers and downloaders, are influencing each other in their dynamics of evolvement in the community. These dynamics reveal the mechanism through which peer-to-peer communities sustain and thrive in a constant changing environment.Information, Risk, and Operations Management (IROM
The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia
Conference Foreword
The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in âInternet of Thingsâ protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference
Private and censorship-resistant communication over public networks
Societyâs increasing reliance on digital communication networks is creating unprecedented opportunities for wholesale
surveillance and censorship. This thesis investigates the use of public networks such as the Internet to build
robust, private communication systems that can resist monitoring and attacks by powerful adversaries such as national
governments.
We sketch the design of a censorship-resistant communication system based on peer-to-peer Internet overlays in which
the participants only communicate directly with people they know and trust. This âfriend-to-friendâ approach protects
the participantsâ privacy, but it also presents two significant challenges. The first is that, as with any peer-to-peer
overlay, the users of the system must collectively provide the resources necessary for its operation; some users might
prefer to use the system without contributing resources equal to those they consume, and if many users do so, the
system may not be able to survive.
To address this challenge we present a new game theoretic model of the problem of encouraging cooperation between
selfish actors under conditions of scarcity, and develop a strategy for the game that provides rational incentives for
cooperation under a wide range of conditions.
The second challenge is that the structure of a friend-to-friend overlay may reveal the usersâ social relationships to
an adversary monitoring the underlying network. To conceal their sensitive relationships from the adversary, the
users must be able to communicate indirectly across the overlay in a way that resists monitoring and attacks by other
participants.
We address this second challenge by developing two new routing protocols that robustly deliver messages across
networks with unknown topologies, without revealing the identities of the communication endpoints to intermediate
nodes or vice versa. The protocols make use of a novel unforgeable acknowledgement mechanism that proves that a
message has been delivered without identifying the source or destination of the message or the path by which it was
delivered. One of the routing protocols is shown to be robust to attacks by malicious participants, while the other
provides rational incentives for selfish participants to cooperate in forwarding messages