Search CORE

3,694 research outputs found

Prochlo: Strong Privacy for Analytics in the Crowd

Author: Abadi M.
Abadi M.
Abadi M.
Avent B.
Bellare M.
Bulck J. V.
Buse R. P. L.
Chen R.
Corrigan-Gibbs H.
Dang H.
Denning D. E. R.
Dinh T. T. A.
Dwork
Lee S.
Maniatis P.
Ohrimenko O.
Ravindranath L.
Roy I.
Saltzer J. H.
Viega J.
Wang T.
Warner
Zheng W.
Publication venue: 'Association for Computing Machinery (ACM)'
Publication date: 02/10/2017
Field of study

The large-scale monitoring of computer users' software activities has become commonplace, e.g., for application telemetry, error reporting, or demographic profiling. This paper describes a principled systems architecture---Encode, Shuffle, Analyze (ESA)---for performing such monitoring with high utility while also protecting user privacy. The ESA design, and its Prochlo implementation, are informed by our practical experiences with an existing, large deployment of privacy-preserving software monitoring. (cont.; see the paper

arXiv.org e-Print Archive

University of Toronto Research Repository

Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Author: Anwar Zahid
Campbell Roy H.
Gunter Carl A.
Narayanaswami Chandra
Potter Shaya
Yurcik William
Publication venue
Publication date: 01/04/2008
Field of study

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services