7,754 research outputs found
Content Censorship in the InterPlanetary File System
The InterPlanetary File System (IPFS) is currently the largest decentralized
storage solution in operation, with thousands of active participants and
millions of daily content transfers. IPFS is used as remote data storage for
numerous blockchain-based smart contracts, Non-Fungible Tokens (NFT), and
decentralized applications.
We present a content censorship attack that can be executed with minimal
effort and cost, and that prevents the retrieval of any chosen content in the
IPFS network. The attack exploits a conceptual issue in a core component of
IPFS, the Kademlia Distributed Hash Table (DHT), which is used to resolve
content IDs to peer addresses. We provide efficient detection and mitigation
mechanisms for this vulnerability. Our mechanisms achieve a 99.6\% detection
rate and mitigate 100\% of the detected attacks with minimal signaling and
computational overhead. We followed responsible disclosure procedures, and our
countermeasures are scheduled for deployment in the future versions of IPFS.Comment: 15 pages (including references), 15 figures. Accepted to be published
at the Network and Distributed System Security (NDSS) Symposium 202
Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs
Binary code analysis allows analyzing binary code without having access to
the corresponding source code. A binary, after disassembly, is expressed in an
assembly language. This inspires us to approach binary analysis by leveraging
ideas and techniques from Natural Language Processing (NLP), a rich area
focused on processing text of various natural languages. We notice that binary
code analysis and NLP share a lot of analogical topics, such as semantics
extraction, summarization, and classification. This work utilizes these ideas
to address two important code similarity comparison problems. (I) Given a pair
of basic blocks for different instruction set architectures (ISAs), determining
whether their semantics is similar or not; and (II) given a piece of code of
interest, determining if it is contained in another piece of assembly code for
a different ISA. The solutions to these two problems have many applications,
such as cross-architecture vulnerability discovery and code plagiarism
detection. We implement a prototype system INNEREYE and perform a comprehensive
evaluation. A comparison between our approach and existing approaches to
Problem I shows that our system outperforms them in terms of accuracy,
efficiency and scalability. And the case studies utilizing the system
demonstrate that our solution to Problem II is effective. Moreover, this
research showcases how to apply ideas and techniques from NLP to large-scale
binary code analysis.Comment: Accepted by Network and Distributed Systems Security (NDSS) Symposium
201
ANDaNA: Anonymous Named Data Networking Application
Content-centric networking -- also known as information-centric networking
(ICN) -- shifts emphasis from hosts and interfaces (as in today's Internet) to
data. Named data becomes addressable and routable, while locations that
currently store that data become irrelevant to applications.
Named Data Networking (NDN) is a large collaborative research effort that
exemplifies the content-centric approach to networking. NDN has some innate
privacy-friendly features, such as lack of source and destination addresses on
packets. However, as discussed in this paper, NDN architecture prompts some
privacy concerns mainly stemming from the semantic richness of names. We
examine privacy-relevant characteristics of NDN and present an initial attempt
to achieve communication privacy. Specifically, we design an NDN add-on tool,
called ANDaNA, that borrows a number of features from Tor. As we demonstrate
via experiments, it provides comparable anonymity with lower relative overhead.Comment: NDSS 2012 - Proceedings of the Network and Distributed System
Security Symposium, San Diego, California, US
- …