2,652 research outputs found
The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
In this paper, we analyze the evolution of Certificate Transparency (CT) over
time and explore the implications of exposing certificate DNS names from the
perspective of security and privacy. We find that certificates in CT logs have
seen exponential growth. Website support for CT has also constantly increased,
with now 33% of established connections supporting CT. With the increasing
deployment of CT, there are also concerns of information leakage due to all
certificates being visible in CT logs. To understand this threat, we introduce
a CT honeypot and show that data from CT logs is being used to identify targets
for scanning campaigns only minutes after certificate issuance. We present and
evaluate a methodology to learn and validate new subdomains from the vast
number of domains extracted from CT logged certificates.Comment: To be published at ACM IMC 201
An Empirical Study of the I2P Anonymity Network and its Censorship Resistance
Tor and I2P are well-known anonymity networks used by many individuals to
protect their online privacy and anonymity. Tor's centralized directory
services facilitate the understanding of the Tor network, as well as the
measurement and visualization of its structure through the Tor Metrics project.
In contrast, I2P does not rely on centralized directory servers, and thus
obtaining a complete view of the network is challenging. In this work, we
conduct an empirical study of the I2P network, in which we measure properties
including population, churn rate, router type, and the geographic distribution
of I2P peers. We find that there are currently around 32K active I2P peers in
the network on a daily basis. Of these peers, 14K are located behind NAT or
firewalls.
Using the collected network data, we examine the blocking resistance of I2P
against a censor that wants to prevent access to I2P using address-based
blocking techniques. Despite the decentralized characteristics of I2P, we
discover that a censor can block more than 95% of peer IP addresses known by a
stable I2P client by operating only 10 routers in the network. This amounts to
severe network impairment: a blocking rate of more than 70% is enough to cause
significant latency in web browsing activities, while blocking more than 90% of
peer IP addresses can make the network unusable. Finally, we discuss the
security consequences of the network being blocked, and directions for
potential approaches to make I2P more resistant to blocking.Comment: 14 pages, To appear in the 2018 Internet Measurement Conference
(IMC'18
Recommended from our members
Volumetric laser endomicroscopy and its application to Barrett's esophagus: results from a 1,000 patient registry.
Volumetric laser endomicroscopy (VLE) uses optical coherence tomography (OCT) for real-time, microscopic cross-sectional imaging. A US-based multi-center registry was constructed to prospectively collect data on patients undergoing upper endoscopy during which a VLE scan was performed. The objective of this registry was to determine usage patterns of VLE in clinical practice and to estimate quantitative and qualitative performance metrics as they are applied to Barrett's esophagus (BE) management. All procedures utilized the NvisionVLE Imaging System (NinePoint Medical, Bedford, MA) which was used by investigators to identify the tissue types present, along with focal areas of concern. Following the VLE procedure, investigators were asked to answer six key questions regarding how VLE impacted each case. Statistical analyses including neoplasia diagnostic yield improvement using VLE was performed. One thousand patients were enrolled across 18 US trial sites from August 2014 through April 2016. In patients with previously diagnosed or suspected BE (894/1000), investigators used VLE and identified areas of concern not seen on white light endoscopy (WLE) in 59% of the procedures. VLE imaging also guided tissue acquisition and treatment in 71% and 54% of procedures, respectively. VLE as an adjunct modality improved the neoplasia diagnostic yield by 55% beyond the standard of care practice. In patients with no prior history of therapy, and without visual findings from other technologies, VLE-guided tissue acquisition increased neoplasia detection over random biopsies by 700%. Registry investigators reported that VLE improved the BE management process when used as an adjunct tissue acquisition and treatment guidance tool. The ability of VLE to image large segments of the esophagus with microscopic cross-sectional detail may provide additional benefits including higher yield biopsies and more efficient tissue acquisition. Clinicaltrials.gov NCT02215291
Who let the trolls out? Towards understanding state-sponsored trolls
Recent evidence has emerged linking coordinated campaigns by state-sponsored actors to manipulate public opinion on the Web. Campaigns revolving around major political events are enacted via mission-focused ?trolls." While trolls are involved in spreading disinformation on social media, there is little understanding of how they operate, what type of content they disseminate, how their strategies evolve over time, and how they influence the Web's in- formation ecosystem. In this paper, we begin to address this gap by analyzing 10M posts by 5.5K Twitter and Reddit users identified as Russian and Iranian state-sponsored trolls. We compare the behavior of each group of state-sponsored trolls with a focus on how their strategies change over time, the different campaigns they embark on, and differences between the trolls operated by Russia and Iran. Among other things, we find: 1) that Russian trolls were pro-Trump while Iranian trolls were anti-Trump; 2) evidence that campaigns undertaken by such actors are influenced by real-world events; and 3) that the behavior of such actors is not consistent over time, hence detection is not straightforward. Using Hawkes Processes, we quantify the influence these accounts have on pushing URLs on four platforms: Twitter, Reddit, 4chan's Politically Incorrect board (/pol/), and Gab. In general, Russian trolls were more influential and efficient in pushing URLs to all the other platforms with the exception of /pol/ where Iranians were more influential. Finally, we release our source code to ensure the reproducibility of our results and to encourage other researchers to work on understanding other emerging kinds of state-sponsored troll accounts on Twitter.https://arxiv.org/pdf/1811.03130.pdfAccepted manuscrip
In the IP of the Beholder: Strategies for Active IPv6 Topology Discovery
Existing methods for active topology discovery within the IPv6 Internet
largely mirror those of IPv4. In light of the large and sparsely populated
address space, in conjunction with aggressive ICMPv6 rate limiting by routers,
this work develops a different approach to Internet-wide IPv6 topology mapping.
We adopt randomized probing techniques in order to distribute probing load,
minimize the effects of rate limiting, and probe at higher rates. Second, we
extensively analyze the efficiency and efficacy of various IPv6 hitlists and
target generation methods when used for topology discovery, and synthesize new
target lists based on our empirical results to provide both breadth (coverage
across networks) and depth (to find potential subnetting). Employing our
probing strategy, we discover more than 1.3M IPv6 router interface addresses
from a single vantage point. Finally, we share our prober implementation,
synthesized target lists, and discovered IPv6 topology results
Multilevel MDA-Lite Paris Traceroute
Since its introduction in 2006-2007, Paris Traceroute and its Multipath
Detection Algorithm (MDA) have been used to conduct well over a billion IP
level multipath route traces from platforms such as M-Lab. Unfortunately, the
MDA requires a large number of packets in order to trace an entire topology of
load balanced paths between a source and a destination, which makes it
undesirable for platforms that otherwise deploy Paris Traceroute, such as RIPE
Atlas. In this paper we present a major update to the Paris Traceroute tool.
Our contributions are: (1) MDA-Lite, an alternative to the MDA that
significantly cuts overhead while maintaining a low failure probability; (2)
Fakeroute, a simulator that enables validation of a multipath route tracing
tool's adherence to its claimed failure probability bounds; (3) multilevel
multipath route tracing, with, for the first time, a Traceroute tool that
provides a router-level view of multipath routes; and (4) surveys at both the
IP and router levels of multipath routing in the Internet, showing, among other
things, that load balancing topologies have increased in size well beyond what
has been previously reported as recently as 2016. The data and the software
underlying these results are publicly available.Comment: Preprint. To appear in Proc. ACM Internet Measurement Conference 201
Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists
Network measurements are an important tool in understanding the Internet. Due
to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not
possible for IPv6. In recent years, several studies have proposed the use of
target lists of IPv6 addresses, called IPv6 hitlists.
In this paper, we show that addresses in IPv6 hitlists are heavily clustered.
We present novel techniques that allow IPv6 hitlists to be pushed from quantity
to quality. We perform a longitudinal active measurement study over 6 months,
targeting more than 50 M addresses. We develop a rigorous method to detect
aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining
to about half of our target addresses. Using entropy clustering, we group the
entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform
client measurements by leveraging crowdsourcing.
To encourage reproducibility in network measurement research and to serve as
a starting point for future IPv6 studies, we publish source code, analysis
tools, and data.Comment: See https://ipv6hitlist.github.io for daily IPv6 hitlists, historical
data, and additional analyse
On the Origins of Memes by Means of Fringe Web Communities
Internet memes are increasingly used to sway and manipulate public opinion.
This prompts the need to study their propagation, evolution, and influence
across the Web. In this paper, we detect and measure the propagation of memes
across multiple Web communities, using a processing pipeline based on
perceptual hashing and clustering techniques, and a dataset of 160M images from
2.6B posts gathered from Twitter, Reddit, 4chan's Politically Incorrect board
(/pol/), and Gab, over the course of 13 months. We group the images posted on
fringe Web communities (/pol/, Gab, and The_Donald subreddit) into clusters,
annotate them using meme metadata obtained from Know Your Meme, and also map
images from mainstream communities (Twitter and Reddit) to the clusters.
Our analysis provides an assessment of the popularity and diversity of memes
in the context of each community, showing, e.g., that racist memes are
extremely common in fringe Web communities. We also find a substantial number
of politics-related memes on both mainstream and fringe Web communities,
supporting media reports that memes might be used to enhance or harm
politicians. Finally, we use Hawkes processes to model the interplay between
Web communities and quantify their reciprocal influence, finding that /pol/
substantially influences the meme ecosystem with the number of memes it
produces, while \td has a higher success rate in pushing them to other
communities.Comment: A shorter version of this paper appears in the Proceedings of 18th
ACM Internet Measurement Conference (IMC 2018). This is the full versio
- …