5 research outputs found
FilteredWeb: A Framework for the Automated Search-Based Discovery of Blocked URLs
Various methods have been proposed for creating and maintaining lists of
potentially filtered URLs to allow for measurement of ongoing internet
censorship around the world. Whilst testing a known resource for evidence of
filtering can be relatively simple, given appropriate vantage points,
discovering previously unknown filtered web resources remains an open
challenge.
We present a new framework for automating the process of discovering filtered
resources through the use of adaptive queries to well-known search engines. Our
system applies information retrieval algorithms to isolate characteristic
linguistic patterns in known filtered web pages; these are then used as the
basis for web search queries. The results of these queries are then checked for
evidence of filtering, and newly discovered filtered resources are fed back
into the system to detect further filtered content.
Our implementation of this framework, applied to China as a case study, shows
that this approach is demonstrably effective at detecting significant numbers
of previously unknown filtered web pages, making a significant contribution to
the ongoing detection of internet filtering as it develops.
Our tool is currently deployed and has been used to discover 1355 domains
that are poisoned within China as of Feb 2017 - 30 times more than are
contained in the most widely-used public filter list. Of these, 759 are outside
of the Alexa Top 1000 domains list, demonstrating the capability of this
framework to find more obscure filtered content. Further, our initial analysis
of filtered URLs, and the search terms that were used to discover them, gives
further insight into the nature of the content currently being blocked in
China.Comment: To appear in "Network Traffic Measurement and Analysis Conference
2017" (TMA2017
reclaimID: Secure, Self-Sovereign Identities using Name Systems and Attribute-Based Encryption
In this paper we present reclaimID: An architecture that allows users to
reclaim their digital identities by securely sharing identity attributes
without the need for a centralised service provider. We propose a design where
user attributes are stored in and shared over a name system under user-owned
namespaces. Attributes are encrypted using attribute-based encryption (ABE),
allowing the user to selectively authorize and revoke access of requesting
parties to subsets of his attributes. We present an implementation based on the
decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE
using type-1 pairings. To show the practicality of our implementation, we
carried out experimental evaluations of selected implementation aspects
including attribute resolution performance. Finally, we show that our design
can be used as a standard OpenID Connect Identity Provider allowing our
implementation to be integrated into standard-compliant services.Comment: 12 page