Profound vision loss impairs psychological well-being in young and middle-aged individuals.

PurposeThe aim of this study was to evaluate the effects of profound vision loss on psychological well-being in adolescents, young adults, and middle-aged adults with regard to mood, interpersonal interactions, and career-related goals. In addition, we assessed the significance of the resources that may be used to enhance psychological well-being in cases of profound vision loss, and in particular, examined the utility of low vision aids and the role of the ophthalmologist as a provider of emotional support.MethodsA questionnaire was issued to individuals aged 13-65 years with profound vision loss resulting from Leber's hereditary optic neuropathy (LHON). Depression prevalence was evaluated with questions regarding major depressive disorder symptomatology. Participants appraised the effects of vision loss on their interpersonal interactions and career goals by providing an impact rating (IR) on a 21-point psychometric scale from -10 to +10. Social well-being index was defined as the average of interpersonal IR and career IR. Subjects were additionally asked about the use of low vision aids and sources of emotional support.ResultsA total of 103 participants (mean age =26.4±11.2 years at LHON diagnosis; mean ± standard deviation) completed the questionnaire. Nearly half (49.5%) met the depression criteria after vision loss. Negative impacts on interpersonal interactions (median IR = -5) and career goals (median IR = -6) were observed; both ratings were worse (P<0.001) for depressed versus nondepressed subjects. Older age at diagnosis corresponded to higher depression prevalence and increased incidence of negative interpersonal IR and career IR. Sixty-eight percent of subjects used electronic vision aids; controlling for age, social well-being index was higher among these individuals than for those who did not use electronic aids (P=0.03). Over half of the participants (52.4%) asserted that they derived emotional support from their ophthalmologist.ConclusionProfound vision loss in adolescents, young adults, and middle-aged adults is associated with significant negative psychological and psychosocial effects, which are influenced by age and use of electronic vision aids. Ophthalmologists, in addition to managing vision loss, may serve an important role in the emotional adaptation of these patients

OnionBots: Subverting Privacy Infrastructure for Cyber Attacks

Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots achieve a low diameter and a low degree and are robust to partitioning under node deletions. We developed a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and discuss a set of techniques that can enable subsequent waves of Super OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure

Adaptive Traffic Fingerprinting for Darknet Threat Intelligence

Darknet technology such as Tor has been used by various threat actors for organising illegal activities and data exfiltration. As such, there is a case for organisations to block such traffic, or to try and identify when it is used and for what purposes. However, anonymity in cyberspace has always been a domain of conflicting interests. While it gives enough power to nefarious actors to masquerade their illegal activities, it is also the cornerstone to facilitate freedom of speech and privacy. We present a proof of concept for a novel algorithm that could form the fundamental pillar of a darknet-capable Cyber Threat Intelligence platform. The solution can reduce anonymity of users of Tor, and considers the existing visibility of network traffic before optionally initiating targeted or widespread BGP interception. In combination with server HTTP response manipulation, the algorithm attempts to reduce the candidate data set to eliminate client-side traffic that is most unlikely to be responsible for server-side connections of interest. Our test results show that MITM manipulated server responses lead to expected changes received by the Tor client. Using simulation data generated by shadow, we show that the detection scheme is effective with false positive rate of 0.001, while sensitivity detecting non-targets was 0.016+-0.127. Our algorithm could assist collaborating organisations willing to share their threat intelligence or cooperate during investigations.Comment: 26 page

Second order isomorphism: A reinterpretation and its implications in brain and cognitive sciences

Shepard and Chipman's second order isomorphism describes how the brain may represent the relations in the world. However, a common interpretation of the theory can cause difficulties. The problem originates from the static nature of representations. In an alternative interpretation, I propose that we assign an active role to the internal representations and relations. It turns out that a collection of such active units can perform analogical tasks. The new interpretation is supported by the existence of neural circuits that may be implementing such a function. Within this framework, perception, cognition, and motor function can be understood under a unifying principle of analogy

An Empirical Study of the I2P Anonymity Network and its Censorship Resistance

Tor and I2P are well-known anonymity networks used by many individuals to protect their online privacy and anonymity. Tor's centralized directory services facilitate the understanding of the Tor network, as well as the measurement and visualization of its structure through the Tor Metrics project. In contrast, I2P does not rely on centralized directory servers, and thus obtaining a complete view of the network is challenging. In this work, we conduct an empirical study of the I2P network, in which we measure properties including population, churn rate, router type, and the geographic distribution of I2P peers. We find that there are currently around 32K active I2P peers in the network on a daily basis. Of these peers, 14K are located behind NAT or firewalls. Using the collected network data, we examine the blocking resistance of I2P against a censor that wants to prevent access to I2P using address-based blocking techniques. Despite the decentralized characteristics of I2P, we discover that a censor can block more than 95% of peer IP addresses known by a stable I2P client by operating only 10 routers in the network. This amounts to severe network impairment: a blocking rate of more than 70% is enough to cause significant latency in web browsing activities, while blocking more than 90% of peer IP addresses can make the network unusable. Finally, we discuss the security consequences of the network being blocked, and directions for potential approaches to make I2P more resistant to blocking.Comment: 14 pages, To appear in the 2018 Internet Measurement Conference (IMC'18

Deanonymisation techniques for Tor and Bitcoin

This thesis is devoted to low-resource off-path deanonymisation techniques for two popular systems, Tor and Bitcoin. Tor is a software and an anonymity network which in order to confuse an observer encrypts and re-routes traffic over random pathways through several relays before it reaches the destination. Bitcoin is a distributed payment system in which payers and payees can hide their identities behind pseudonyms (public keys) of their choice. The estimated number of daily Tor users is 2,000,000 which makes it arguable the most used anonymity network. Bitcoin is the most popular cryptocurrency with market capitalization about 3.5 billion USD. In the first part of the thesis we study the Tor network. At the beginning we show how to remotely find out which Tor relays are connected. This effectively allows for an attacker to reduce Tor users' anonymity by ruling out impossible paths in the network. Later we analyze the security of Tor Hidden Services. We look at them from different attack perspectives and provide a systematic picture of what information can be obtained with very inexpensive means. We expose flaws both in the design and implementation of Tor Hidden Services that allow an attacker to measure the popularity of arbitrary hidden services, efficiently collect hidden service descriptors (and thus get a global picture of all hidden services in Tor), take down hidden services and deanonymize hidden services. In the second part we study Bitcoin anonymity. We describe a generic method to deanonymize a significant fraction of Bitcoin users and correlate their pseudonyms with their public IP addresses. We discover that using Bitcoin through Tor not only provides limited level of anonymity but also exposes the user to man-in-the middle attacks in which an attacker controls which Bitcoin blocks and transactions the user is aware of. We show how to fingerprint Bitcoin users by setting an "address cookie" on their computers. This can be used to correlate the same user across different sessions, even if he uses Tor, hidden-services or multiple proxies. Finally, we describe a new anonymous decentralized micropayments scheme in which clients do not pay services with electronic cash directly but submit proof of work shares which the services can resubmit to a crypto-currency mining pool. Services credit users with tickets that can later be used to purchases enhanced services

ACTIVE TECHNIQUES FOR REVEALING AND ANALYZING THE SECURITY OF HIDDEN SERVERS

In the last years we have witnessed a boom in the use of techniques and tools that provide anonymity. Such techniques and tools are used by clients that want their communication to stay anonymous or to access censored content, as well as by administrators to hide the location of their servers. All those activities can be easily performed with the support of an anonymity network. An important component of an anonymity network is the hidden server, a machine whose IP address is kept secret. Such hidden servers are the target of research in this thesis. More specifically, we focus on different types of hidden servers used in the Tor anonymity network. Tor hidden services (HSes) are anonymous services hosted in the Tor Network. The HS itself is a hidden server because users that connect to it are not aware of its IP address, and thus its location. Another equally important kind of hidden servers are Tor bridges. Bridges are entry nodes of the Tor Network, whose IP address is not publicly disclosed to avoid blocking traffic towards them. Bridges are meant to be used by clients that connect from countries where governments perform selective filtering over the contents that users can access, and for this reason governments try to block connections to those nodes. In this thesis we develop novel approaches and we implement them into techniques to analyze the security and reveal the location of hidden servers. This thesis comprises two parts, one dealing with HSes and the other one with bridges. In the first part of the thesis, we develop a novel active approach for recovering the IP address of hidden servers that are used for hosting HSes. To this end, we design, implement, and evaluate a tool called Caronte that explores the content and configuration of a hidden service to automatically identify location leaks. Later those leaks are leveraged for trying to unveil the IP address of the hidden service. Our approach differs from previous ones, because Caronte does not rely on flaws in the Tor protocol and assumes an open-world model, i.e., it does not require a list of candidate servers known in advance. A final validation iistep guarantees that all the candidates that are false positives (i.e., they are not hosting the hidden service) are discarded. We demonstrate Caronte by running it on real HSes and successfully deanonymizing over 100 of them. In the second part of the thesis we perform the first systematic study of the Tor bridge infrastructure. Our study covers both the public bridge infrastructure available to all Tor users, and the previously unreported private bridge infrastructure, comprising private nodes for the exclusive use of those who know about their existence. Our analysis of the public infrastructure is twofold. First, we examine the security implications of the public data accessible from the CollecTor service. This service collects and publishes detailed information and statistics about core elements of the Tor Network. Despite the fact that CollecTor anonymizes sensitive data (e.g., IP or emails of bridge owners) prior to its publication, we identify several pieces of information that may be detrimental for the security of public bridges. Then, we measure security relevant properties of public bridges, including their lifetime and how often they change IP and port. Our results show how the public bridge ecosystem with clients is stable and those bridges rarely change their IP address. This has consequences for the current blocking policies that governments are using to restrict access to the anonymity network, because more aggressive strategies could be adopted. We also show how the presence of multiple transport protocols could harm bridge anonymity (since the adversary becomes able to identify the bridge through the weakest protocol). To study the private bridge infrastructure, we use an approach to discover 694 private bridges on the Internet and a novel technique, that leverages additional services running on bridges, to track bridges across IP changes. During this process, we identify the existence of infrastructures that use private proxies to forward traffic to backend bridges or relays. Finally, we discuss the security implications of our findings