Private and censorship-resistant communication over public networks

Society’s increasing reliance on digital communication networks is creating unprecedented opportunities for wholesale surveillance and censorship. This thesis investigates the use of public networks such as the Internet to build robust, private communication systems that can resist monitoring and attacks by powerful adversaries such as national governments. We sketch the design of a censorship-resistant communication system based on peer-to-peer Internet overlays in which the participants only communicate directly with people they know and trust. This ‘friend-to-friend’ approach protects the participants’ privacy, but it also presents two significant challenges. The first is that, as with any peer-to-peer overlay, the users of the system must collectively provide the resources necessary for its operation; some users might prefer to use the system without contributing resources equal to those they consume, and if many users do so, the system may not be able to survive. To address this challenge we present a new game theoretic model of the problem of encouraging cooperation between selfish actors under conditions of scarcity, and develop a strategy for the game that provides rational incentives for cooperation under a wide range of conditions. The second challenge is that the structure of a friend-to-friend overlay may reveal the users’ social relationships to an adversary monitoring the underlying network. To conceal their sensitive relationships from the adversary, the users must be able to communicate indirectly across the overlay in a way that resists monitoring and attacks by other participants. We address this second challenge by developing two new routing protocols that robustly deliver messages across networks with unknown topologies, without revealing the identities of the communication endpoints to intermediate nodes or vice versa. The protocols make use of a novel unforgeable acknowledgement mechanism that proves that a message has been delivered without identifying the source or destination of the message or the path by which it was delivered. One of the routing protocols is shown to be robust to attacks by malicious participants, while the other provides rational incentives for selfish participants to cooperate in forwarding messages

Cooperative Data Backup for Mobile Devices

Les dispositifs informatiques mobiles tels que les ordinateurs portables, assistants personnels et téléphones portables sont de plus en plus utilisés. Cependant, bien qu'ils soient utilisés dans des contextes où ils sont sujets à des endommagements, à la perte, voire au vol, peu de mécanismes permettent d'éviter la perte des données qui y sont stockées. Dans cette thèse, nous proposons un service de sauvegarde de données coopératif pour répondre à ce problème. Cette approche tire parti de communications spontanées entre de tels dispositifs, chaque dispositif stockant une partie des données des dispositifs rencontrés. Une étude analytique des gains de cette approche en termes de sûreté de fonctionnement est proposée. Nous étudions également des mécanismes de stockage réparti adaptés. Les problèmes de coopération entre individus mutuellement suspicieux sont également abordés. Enfin, nous décrivons notre mise en oeuvre du service de sauvegarde coopérative. ABSTRACT : Mobile devices such as laptops, PDAs and cell phones are increasingly relied on but are used in contexts that put them at risk of physical damage, loss or theft. However, few mechanisms are available to reduce the risk of losing the data stored on these devices. In this dissertation, we try to address this concern by designing a cooperative backup service for mobile devices. The service leverages encounters and spontaneous interactions among participating devices, such that each device stores data on behalf of other devices. We first provide an analytical evaluation of the dependability gains of the proposed service. Distributed storage mechanisms are explored and evaluated. Security concerns arising from thecooperation among mutually suspicious principals are identified, and core mechanisms are proposed to allow them to be addressed. Finally, we present our prototype implementation of the cooperative backup servic

On Random Sampling for Compliance Monitoring in Opportunistic Spectrum Access Networks

In the expanding spectrum marketplace, there has been a long term evolution towards more market€“oriented mechanisms, such as Opportunistic Spectrum Access (OSA), enabled through Cognitive Radio (CR) technology. However, the potential of CR technologies to revolutionize wireless communications, also introduces challenges based upon the potentially non€“deterministic CR behaviour in the Electrospace. While establishing and enforcing compliance to spectrum etiquette rules are essential to realization of successful OSA networks in the future, there has only been recent increased research activity into enforcement. This dissertation presents novel work on the spectrum monitoring aspect, which is crucial to effective enforcement of OSA. An overview of the challenges faced by current compliance monitoring methods is first presented. A framework is then proposed for the use of random spectral sampling techniques to reduce data collection complexity in wideband sensing scenarios. This approach is recommended as an alternative to Compressed Sensing (CS) techniques for wideband spectral occupancy estimation, which may be difficult to utilize in many practical congested scenarios where compliance monitoring is required. Next, a low€“cost computational approach to online randomized temporal sensing deployment is presented for characterization of temporal spectrum occupancy in cognitive radio scenarios. The random sensing approach is demonstrated and its performance is compared to CS€“based approach for occupancy estimation. A novel frame€“based sampling inversion technique is then presented for cases when it is necessary to track the temporal behaviour of individual CRs or CR networks. Parameters from randomly sampled Physical Layer Convergence Protocol (PLCP) data frames are used to reconstruct occupancy statistics, taking account of missed frames due to sampling design, sensor limitations and frame errors. Finally, investigations into the use of distributed and mobile spectrum sensing to collect spatial diversity to improve the above techniques are presented, for several common monitoring tasks in spectrum enforcement. Specifically, focus is upon techniques for achieving consensus in dynamic topologies such as in mobile sensing scenarios

Aerial Network Assistance Systems for Post-Disaster Scenarios : Topology Monitoring and Communication Support in Infrastructure-Independent Networks

Communication anytime and anywhere is necessary for our modern society to function. However, the critical network infrastructure quickly fails in the face of a disaster and leaves the affected population without means of communication. This lack can be overcome by smartphone-based emergency communication systems, based on infrastructure-independent networks like Delay-Tolerant Networks (DTNs). DTNs, however, suffer from short device-to-device link distances and, thus, require multi-hop routing or data ferries between disjunct parts of the network. In disaster scenarios, this fragmentation is particularly severe because of the highly clustered human mobility behavior. Nevertheless, aerial communication support systems can connect local network clusters by utilizing Unmanned Aerial Vehicles (UAVs) as data ferries. To facilitate situation-aware and adaptive communication support, knowledge of the network topology, the identification of missing communication links, and the constant reassessment of dynamic disasters are required. These requirements are usually neglected, despite existing approaches to aerial monitoring systems capable of detecting devices and networks. In this dissertation, we, therefore, facilitate the coexistence of aerial topology monitoring and communications support mechanisms in an autonomous Aerial Network Assistance System for infrastructure-independent networks as our first contribution. To enable system adaptations to unknown and dynamic disaster situations, our second contribution addresses the collection, processing, and utilization of topology information. For one thing, we introduce cooperative monitoring approaches to include the DTN in the monitoring process. Furthermore, we apply novel approaches for data aggregation and network cluster estimation to facilitate the continuous assessment of topology information and an appropriate system adaptation. Based on this, we introduce an adaptive topology-aware routing approach to reroute UAVs and increase the coverage of disconnected nodes outside clusters. We generalize our contributions by integrating them into a simulation framework, creating an evaluation platform for autonomous aerial systems as our third contribution. We further increase the expressiveness of our aerial system evaluation, by adding movement models for multicopter aircraft combined with power consumption models based on real-world measurements. Additionally, we improve the disaster simulation by generalizing civilian disaster mobility based on a real-world field test. With a prototypical system implementation, we extensively evaluate our contributions and show the significant benefits of cooperative monitoring and topology-aware routing, respectively. We highlight the importance of continuous and integrated topology monitoring for aerial communications support and demonstrate its necessity for an adaptive and long-term disaster deployment. In conclusion, the contributions of this dissertation enable the usage of autonomous Aerial Network Assistance Systems and their adaptability in dynamic disaster scenarios

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Cyber Security of Critical Infrastructures

Critical infrastructures are vital assets for public safety, economic welfare, and the national security of countries. The vulnerabilities of critical infrastructures have increased with the widespread use of information technologies. As Critical National Infrastructures are becoming more vulnerable to cyber-attacks, their protection becomes a significant issue for organizations as well as nations. The risks to continued operations, from failing to upgrade aging infrastructure or not meeting mandated regulatory regimes, are considered highly significant, given the demonstrable impact of such circumstances. Due to the rapid increase of sophisticated cyber threats targeting critical infrastructures with significant destructive effects, the cybersecurity of critical infrastructures has become an agenda item for academics, practitioners, and policy makers. A holistic view which covers technical, policy, human, and behavioural aspects is essential to handle cyber security of critical infrastructures effectively. Moreover, the ability to attribute crimes to criminals is a vital element of avoiding impunity in cyberspace. In this book, both research and practical aspects of cyber security considerations in critical infrastructures are presented. Aligned with the interdisciplinary nature of cyber security, authors from academia, government, and industry have contributed 13 chapters. The issues that are discussed and analysed include cybersecurity training, maturity assessment frameworks, malware analysis techniques, ransomware attacks, security solutions for industrial control systems, and privacy preservation methods

Incentive-driven QoS in peer-to-peer overlays

A well known problem in peer-to-peer overlays is that no single entity has control over the software, hardware and configuration of peers. Thus, each peer can selfishly adapt its behaviour to maximise its benefit from the overlay. This thesis is concerned with the modelling and design of incentive mechanisms for QoS-overlays: resource allocation protocols that provide strategic peers with participation incentives, while at the same time optimising the performance of the peer-to-peer distribution overlay. The contributions of this thesis are as follows. First, we present PledgeRoute, a novel contribution accounting system that can be used, along with a set of reciprocity policies, as an incentive mechanism to encourage peers to contribute resources even when users are not actively consuming overlay services. This mechanism uses a decentralised credit network, is resilient to sybil attacks, and allows peers to achieve time and space deferred contribution reciprocity. Then, we present a novel, QoS-aware resource allocation model based on Vickrey auctions that uses PledgeRoute as a substrate. It acts as an incentive mechanism by providing efficient overlay construction, while at the same time allocating increasing service quality to those peers that contribute more to the network. The model is then applied to lagsensitive chunk swarming, and some of its properties are explored for different peer delay distributions. When considering QoS overlays deployed over the best-effort Internet, the quality received by a client cannot be adjudicated completely to either its serving peer or the intervening network between them. By drawing parallels between this situation and well-known hidden action situations in microeconomics, we propose a novel scheme to ensure adherence to advertised QoS levels. We then apply it to delay-sensitive chunk distribution overlays and present the optimal contract payments required, along with a method for QoS contract enforcement through reciprocative strategies. We also present a probabilistic model for application-layer delay as a function of the prevailing network conditions. Finally, we address the incentives of managed overlays, and the prediction of their behaviour. We propose two novel models of multihoming managed overlay incentives in which overlays can freely allocate their traffic flows between different ISPs. One is obtained by optimising an overlay utility function with desired properties, while the other is designed for data-driven least-squares fitting of the cross elasticity of demand. This last model is then used to solve for ISP profit maximisation

SpiNNaker - A Spiking Neural Network Architecture

20 years in conception and 15 in construction, the SpiNNaker project has delivered the world’s largest neuromorphic computing platform incorporating over a million ARM mobile phone processors and capable of modelling spiking neural networks of the scale of a mouse brain in biological real time. This machine, hosted at the University of Manchester in the UK, is freely available under the auspices of the EU Flagship Human Brain Project. This book tells the story of the origins of the machine, its development and its deployment, and the immense software development effort that has gone into making it openly available and accessible to researchers and students the world over. It also presents exemplar applications from ‘Talk’, a SpiNNaker-controlled robotic exhibit at the Manchester Art Gallery as part of ‘The Imitation Game’, a set of works commissioned in 2016 in honour of Alan Turing, through to a way to solve hard computing problems using stochastic neural networks. The book concludes with a look to the future, and the SpiNNaker-2 machine which is yet to come