323 research outputs found
Temporal and Spatial Classification of Active IPv6 Addresses
There is striking volume of World-Wide Web activity on IPv6 today. In early
2015, one large Content Distribution Network handles 50 billion IPv6 requests
per day from hundreds of millions of IPv6 client addresses; billions of unique
client addresses are observed per month. Address counts, however, obscure the
number of hosts with IPv6 connectivity to the global Internet. There are
numerous address assignment and subnetting options in use; privacy addresses
and dynamic subnet pools significantly inflate the number of active IPv6
addresses. As the IPv6 address space is vast, it is infeasible to
comprehensively probe every possible unicast IPv6 address. Thus, to survey the
characteristics of IPv6 addressing, we perform a year-long passive measurement
study, analyzing the IPv6 addresses gleaned from activity logs for all clients
accessing a global CDN.
The goal of our work is to develop flexible classification and measurement
methods for IPv6, motivated by the fact that its addresses are not merely more
numerous; they are different in kind. We introduce the notion of classifying
addresses and prefixes in two ways: (1) temporally, according to their
instances of activity to discern which addresses can be considered stable; (2)
spatially, according to the density or sparsity of aggregates in which active
addresses reside. We present measurement and classification results numerically
and visually that: provide details on IPv6 address use and structure in global
operation across the past year; establish the efficacy of our classification
methods; and demonstrate that such classification can clarify dimensions of the
Internet that otherwise appear quite blurred by current IPv6 addressing
practices
Internet Localization of Multi-Party Relay Users: Inherent Friction Between Internet Services and User Privacy
Internet privacy is increasingly important on the modern Internet. Users are
looking to control the trail of data that they leave behind on the systems that
they interact with. Multi-Party Relay (MPR) architectures lower the traditional
barriers to adoption of privacy enhancing technologies on the Internet. MPRs
are unique from legacy architectures in that they are able to offer privacy
guarantees without paying significant performance penalties. Apple's iCloud
Private Relay is a recently deployed MPR service, creating the potential for
widespread consumer adoption of the architecture. However, many current
Internet-scale systems are designed based on assumptions that may no longer
hold for users of privacy enhancing systems like Private Relay. There are
inherent tensions between systems that rely on data about users -- estimated
location of a user based on their IP address, for example -- and the trend
towards a more private Internet.
This work studies a core function that is widely used to control network and
application behavior, IP geolocation, in the context of iCloud Private Relay
usage. We study the location accuracy of popular IP geolocation services
compared against the published location dataset that Apple publicly releases to
explicitly aid in geolocating PR users. We characterize geolocation service
performance across a number of dimensions, including different countries, IP
version, infrastructure provider, and time. Our findings lead us to conclude
that existing approaches to IP geolocation (e.g., frequently updated databases)
perform inadequately for users of the MPR architecture. For example, we find
median location errors >1,000 miles in some countries for IPv4 addresses using
IP2Location. Our findings lead us to conclude that new, privacy-focused,
techniques for inferring user location may be required as privacy becomes a
default user expectation on the Internet
Entropy/IP: Uncovering Structure in IPv6 Addresses
In this paper, we introduce Entropy/IP: a system that discovers Internet
address structure based on analyses of a subset of IPv6 addresses known to be
active, i.e., training data, gleaned by readily available passive and active
means. The system is completely automated and employs a combination of
information-theoretic and machine learning techniques to probabilistically
model IPv6 addresses. We present results showing that our system is effective
in exposing structural characteristics of portions of the IPv6 Internet address
space populated by active client, service, and router addresses.
In addition to visualizing the address structure for exploration, the system
uses its models to generate candidate target addresses for scanning. For each
of 15 evaluated datasets, we train on 1K addresses and generate 1M candidates
for scanning. We achieve some success in 14 datasets, finding up to 40% of the
generated addresses to be active. In 11 of these datasets, we find active
network identifiers (e.g., /64 prefixes or `subnets') not seen in training.
Thus, we provide the first evidence that it is practical to discover subnets
and hosts by scanning probabilistically selected areas of the IPv6 address
space not known to contain active hosts a priori.Comment: Paper presented at the ACM IMC 2016 in Santa Monica, USA
(https://dl.acm.org/citation.cfm?id=2987445). Live Demo site available at
http://www.entropy-ip.com
Measuring and Analysing the Chain of Implicit Trust: AStudy of Third-party Resources Loading
The web is a tangled mass of interconnected services, whereby websites import a range of external resources from various third-party domains. The latter can also load further resources hosted on other domains. For each website, this creates a dependency chain underpinned by a form of implicit trust between the first-party and transitively connected third parties. The chain can only be loosely controlled as first-party websites often have little, if any, visibility on where these resources are loaded from. This article performs a large-scale study of dependency chains in the web to find that around 50% of first-party websites render content that they do not directly load. Although the majority (84.91%) of websites have short dependency chains (below three levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third parties are classified as suspicious—although seemingly small, this limited set of suspicious third parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third parties, and 24.8% of first-party webpages contain at least three third parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range of activities with the majority of suspicious JavaScript codes downloading malware
Water Quality Engineering and Wastewater Treatment
Clean water is one of the most important natural resources on earth. Wastewater, which is spent water, is also a valuable natural resource. However, wastewater may contain many contaminants and cannot be released back into the environment until the contaminants are removed. Untreated wastewater and inadequately treated wastewater may have a detrimental effect on the environment and has a harmful effect on human health. Water quality engineering addresses the sources, transport and treatment of chemical and microbiological contaminants that affect water. Objectives for the treatment of wastewater are that the treated wastewater can meet national effluent standards for the protection of the environment and the protection of public health. This book, which is based on the Special Issue, includes contributions on advanced technologies applied to the treatment of municipal and industrial wastewater and sludge. The book deals with recent advances in municipal wastewater, industrial wastewater, and sludge treatment technologies, health effects of municipal wastewater, risk management, energy efficient wastewater treatment, water sustainability, water reuse and resource recovery
Efficient techniques for end-to-end bandwidth estimation: performance evaluations and scalable deployment
Several applications, services, and protocols are conjectured to benefit from the knowledge of the end-to-end available bandwidth on a given Internet path. Unfortunately, despite the availability of several bandwidth estimation techniques, there has been only a limited adoption of these in contemporary applications. We identify two issues that contribute to this state of affairs. First, there is a lack of comprehensive evaluations that can help application developers in calibrating the relative performance of these tools--this is especially limiting since the performance of these tools depends on algorithmic, implementation, as well as temporal aspects of probing for available bandwidth. Second, most existing bandwidth estimation tools impose a large probing overhead on the paths over which bandwidth is measured. This can be a significant deterrent for deploying these tools in distributed infrastructures that need to measure bandwidth on several paths periodically. In this dissertation, we address the two issues raised above by making the following contributions: We conduct the first comprehensive black-box evaluation of a large suite of prominent available bandwidth estimation tools on a high-speed network. In this evaluation,we also illustrate the impact that technological and implementation limitations can have on the performance of bandwidth-estimation tools. We conduct the first comprehensive evaluation of available bandwidth estimation algorithms, independent of systemic and implementation biases. In this evaluation, we also illustrate the impact temporal factor such as measurement timescales have on the observed relative performance of bandwidth-estimation tools. We demonstrate that temporal properties can significantly impact the AB estimation process. We redesign the interfaces of existing bandwidth-estimation tools to allow temporal parameters to be explicitly specified and controlled. We design AB inference schemes which can be used to scalably and collaboratively infer the available bandwidth for a large set of end-to-end paths. These schemes allow an operator to select the desired operating point in the trade-off between accuracy and overhead of AB estimation. We further demonstrate that in order to monitor the bandwidth on all paths of a network we do not need access to per-hop bandwidth estimates and can simply rely on end-to-end bandwidth estimates
October 3, 2008, Ohio University Board of Trustees Meeting Minutes
Meeting minutes document the activities of Ohio University\u27s Board of Trustees
Energy. A continuing bibliography with indexes, issue 36, January 1983
This bibliography lists 1297 reports, articles, and other documents introduced into the NASA scientific and technical information system from October 1, 1982 through December 31, 1982
- …