1,013 research outputs found
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
Path Selection for Quantum Repeater Networks
Quantum networks will support long-distance quantum key distribution (QKD)
and distributed quantum computation, and are an active area of both
experimental and theoretical research. Here, we present an analysis of
topologically complex networks of quantum repeaters composed of heterogeneous
links. Quantum networks have fundamental behavioral differences from classical
networks; the delicacy of quantum states makes a practical path selection
algorithm imperative, but classical notions of resource utilization are not
directly applicable, rendering known path selection mechanisms inadequate. To
adapt Dijkstra's algorithm for quantum repeater networks that generate
entangled Bell pairs, we quantify the key differences and define a link cost
metric, seconds per Bell pair of a particular fidelity, where a single Bell
pair is the resource consumed to perform one quantum teleportation. Simulations
that include both the physical interactions and the extensive classical
messaging confirm that Dijkstra's algorithm works well in a quantum context.
Simulating about three hundred heterogeneous paths, comparing our path cost and
the total work along the path gives a coefficient of determination of 0.88 or
better.Comment: 12 pages, 8 figure
A Survey of Methods for Encrypted Traffic Classification and Analysis
With the widespread use of encrypted data transport network traffic encryption is becoming a standard nowadays. This presents a challenge for traffic measurement, especially for analysis and anomaly detection methods which are dependent on the type of network traffic. In this paper, we survey existing approaches for classification and analysis of encrypted traffic. First, we describe the most widespread encryption protocols used throughout the Internet. We show that the initiation of an encrypted connection and the protocol structure give away a lot of information for encrypted traffic classification and analysis. Then, we survey payload and feature-based classification methods for encrypted traffic and categorize them using an established taxonomy. The advantage of some of described classification methods is the ability to recognize the encrypted application protocol in addition to the encryption protocol. Finally, we make a comprehensive comparison of the surveyed feature-based classification methods and present their weaknesses and strengths.Ĺ ifrovánĂ sĂĹĄovĂ©ho provozu se v dnešnĂ dobÄ› stalo standardem. To pĹ™inášà vysokĂ© nároky na monitorovánĂ sĂĹĄovĂ©ho provozu, zejmĂ©na pak na analĂ˝zu provozu a detekci anomáliĂ, kterĂ© jsou závislĂ© na znalosti typu sĂĹĄovĂ©ho provozu. V tomto ÄŤlánku pĹ™inášĂme pĹ™ehled existujĂcĂch zpĹŻsobĹŻ klasifikace a analĂ˝zy šifrovanĂ©ho provozu. Nejprve popisujeme nejrozšĂĹ™enÄ›jšà šifrovacĂ protokoly, a ukazujeme, jakĂ˝m zpĹŻsobem lze zĂskat informace pro analĂ˝zu a klasifikaci šifrovanĂ©ho provozu. NáslednÄ› se zabĂ˝váme klasifikaÄŤnĂmi metodami zaloĹľenĂ˝mi na obsahu paketĹŻ a vlastnostech sĂĹĄovĂ©ho provozu. Tyto metody klasifikujeme pomocĂ zavedenĂ© taxonomie. VĂ˝hodou nÄ›kterĂ˝ch popsanĂ˝ch klasifikaÄŤnĂch metod je schopnost rozeznat nejen šifrovacĂ protokol, ale takĂ© šifrovanĂ˝ aplikaÄŤnĂ protokol. Na závÄ›r porovnáváme silnĂ© a slabĂ© stránky všech popsanĂ˝ch klasifikaÄŤnĂch metod
Toward Open and Programmable Wireless Network Edge
Increasingly, the last hop connecting users to their enterprise and home networks is wireless. Wireless is becoming ubiquitous not only in homes and enterprises but in public venues such as coffee shops, hospitals, and airports. However, most of the publicly and privately available wireless networks are proprietary and closed in operation. Also, there is little effort from industries to move forward on a path to greater openness for the requirement of innovation. Therefore, we believe it is the domain of university researchers to enable innovation through openness. In this thesis work, we introduce and defines the importance of open framework in addressing the complexity of the wireless network. The Software Defined Network (SDN) framework has emerged as a popular solution for the data center network. However, the promise of the SDN framework is to make the network open, flexible and programmable. In order to deliver on the promise, SDN must work for all users and across all networks, both wired and wireless. Therefore, we proposed to create new modules and APIs to extend the standard SDN framework all the way to the end-devices (i.e., mobile devices, APs). Thus, we want to provide an extensible and programmable abstraction of the wireless network as part of the current SDN-based solution. In this thesis work, we design and develop a framework, weSDN (wireless extension of SDN), that extends the SDN control capability all the way to the end devices to support client-network interaction capabilities and new services. weSDN enables the control-plane of wireless networks to be extended to mobile devices and allows for top-level decisions to be made from an SDN controller with knowledge of the network as a whole, rather than device centric configurations. In addition, weSDN easily obtains user application information, as well as the ability to monitor and control application flows dynamically. Based on the weSDN framework, we demonstrate new services such as application-aware traffic management, WLAN virtualization, and security management
Separation of SSL protocol phases across process boundaries
Secure Sockets Layer is the de-facto standard used in the industry today for secure communications through web sites. An SSL connection is established by performing a Handshake, which is followed by the Record phase. While the SSL Handshake is computationally intensive and can cause of bottlenecks on an application server, the Record phase can cause similar bottlenecks while encrypting large volumes of data.
SSL Accelerators have been used to improve the performance of SSL-based application servers. These devices are expensive, complex to configure and inflexible to customizations. By separating the SSL Handshake and the Record phases into separate software processes, high availability and throughput can be achieved using open-source software and platforms. The delegation of the SSL Record phase to a separate process by transfer of necessary cryptographic information was achieved. Load tests conducted, showed gains with the separation of the Handshake and Record phases at nominal data sizes and the approach provides flexibility for enhancements to be carried out for performance improvements at higher data sizes
Recommended from our members
Securing autonomous networks through virtual closure
The increasing autonomy of Mobile Ad Hoc Networks (MANETs) has enabled a great many large-scale unguided missions, such as agricultural planning, conservation and similar surveying tasks. Commercial and military institutions have expressed great interest in such ventures, raising the question of security as the application of such systems in potentially hostile environments. Preventing theft, disruption or destruction of such MANETs through cyber-attacks has become a focus for many researchers as a result. Virtual Private Networks (VPNs) have been shown to enhance the security of Mobile Ad hoc Networks (MANETs). VPNs do not normally support broadcast communication, reducing their effectiveness in high-traffic MANETs which have many broadcast communication requirements. To support routing, broadcast updates and efficient MANET communication a Virtual Closed Network (VCN) architecture is proposed. By supporting private, secure communication in unicast, multicast and broadcast modes, VCNs provide an efficient alternative to VPNs when securing MANETs. Comparative analysis of the set-up and security overheads of VCN and VPN approaches is provided between OpenVPN, IPsec, Virtual Private LAN Service (VPLS), and the proposed VCN solution: Security Using Pre-Existing Routing for MANETs (SUPERMAN)
- …