1,559 research outputs found
Systemization of Pluggable Transports for Censorship Resistance
An increasing number of countries implement Internet censorship at different
scales and for a variety of reasons. In particular, the link between the
censored client and entry point to the uncensored network is a frequent target
of censorship due to the ease with which a nation-state censor can control it.
A number of censorship resistance systems have been developed thus far to help
circumvent blocking on this link, which we refer to as link circumvention
systems (LCs). The variety and profusion of attack vectors available to a
censor has led to an arms race, leading to a dramatic speed of evolution of
LCs. Despite their inherent complexity and the breadth of work in this area,
there is no systematic way to evaluate link circumvention systems and compare
them against each other. In this paper, we (i) sketch an attack model to
comprehensively explore a censor's capabilities, (ii) present an abstract model
of a LC, a system that helps a censored client communicate with a server over
the Internet while resisting censorship, (iii) describe an evaluation stack
that underscores a layered approach to evaluate LCs, and (iv) systemize and
evaluate existing censorship resistance systems that provide link
circumvention. We highlight open challenges in the evaluation and development
of LCs and discuss possible mitigations.Comment: Content from this paper was published in Proceedings on Privacy
Enhancing Technologies (PoPETS), Volume 2016, Issue 4 (July 2016) as "SoK:
Making Sense of Censorship Resistance Systems" by Sheharbano Khattak, Tariq
Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch and Ian Goldberg
(DOI 10.1515/popets-2016-0028
dReDBox: Materializing a full-stack rack-scale system prototype of a next-generation disaggregated datacenter
Current datacenters are based on server machines, whose mainboard and hardware components form the baseline, monolithic building block that the rest of the system software, middleware and application stack are built upon. This leads to the following limitations: (a) resource proportionality of a multi-tray system is bounded by the basic building block (mainboard), (b) resource allocation to processes or virtual machines (VMs) is bounded by the available resources within the boundary of the mainboard, leading to spare resource fragmentation and inefficiencies, and (c) upgrades must be applied to each and every server even when only a specific component needs to be upgraded. The dRedBox project (Disaggregated Recursive Datacentre-in-a-Box) addresses the above limitations, and proposes the next generation, low-power, across form-factor datacenters, departing from the paradigm of the mainboard-as-a-unit and enabling the creation of function-block-as-a-unit. Hardware-level disaggregation and software-defined wiring of resources is supported by a full-fledged Type-1 hypervisor that can execute commodity virtual machines, which communicate over a low-latency and high-throughput software-defined optical network. To evaluate its novel approach, dRedBox will demonstrate application execution in the domains of network functions virtualization, infrastructure analytics, and real-time video surveillance.This work has been supported in part by EU H2020 ICTproject dRedBox, contract #687632.Peer ReviewedPostprint (author's final draft
An Empirical Study of the I2P Anonymity Network and its Censorship Resistance
Tor and I2P are well-known anonymity networks used by many individuals to
protect their online privacy and anonymity. Tor's centralized directory
services facilitate the understanding of the Tor network, as well as the
measurement and visualization of its structure through the Tor Metrics project.
In contrast, I2P does not rely on centralized directory servers, and thus
obtaining a complete view of the network is challenging. In this work, we
conduct an empirical study of the I2P network, in which we measure properties
including population, churn rate, router type, and the geographic distribution
of I2P peers. We find that there are currently around 32K active I2P peers in
the network on a daily basis. Of these peers, 14K are located behind NAT or
firewalls.
Using the collected network data, we examine the blocking resistance of I2P
against a censor that wants to prevent access to I2P using address-based
blocking techniques. Despite the decentralized characteristics of I2P, we
discover that a censor can block more than 95% of peer IP addresses known by a
stable I2P client by operating only 10 routers in the network. This amounts to
severe network impairment: a blocking rate of more than 70% is enough to cause
significant latency in web browsing activities, while blocking more than 90% of
peer IP addresses can make the network unusable. Finally, we discuss the
security consequences of the network being blocked, and directions for
potential approaches to make I2P more resistant to blocking.Comment: 14 pages, To appear in the 2018 Internet Measurement Conference
(IMC'18
Personalizable Service Discovery in Pervasive Systems
Today, telecom providers are facing changing challenges.
To stay ahead in the competition and provide market
leading offerings, carriers need to enable a global ecosystem of
third party independent application developers to deliver converged
services. This is the aim of leveraging a open standardsbased
service delivery platform. To identify and to cope with
those challenges is the main target of the EU funded project
IST DAIDALOS II. And a central point to satisfy the changing
user needs is the provision of a well working, user friendly and
personalized service discovery. This paper describes our work
in the project on a middleware in a framework for pervasive
service usage. We have designed an architecture for it, that
enables full transparency to the user, grants high compatibility
and extendability by a modular and pluggable conception and
allows for interoperability with most known service discovery
protocols. Our Multi-Protocol Service Discovery and the Four
Phases Service Filtering concept enabling personalization should
allow for the best possible results in service discovery
PTPerf: On the performance evaluation of Tor Pluggable Transports
Tor, one of the most popular censorship circumvention systems, faces regular
blocking attempts by censors. Thus, to facilitate access, it relies on
"pluggable transports" (PTs) that disguise Tor's traffic and make it hard for
the adversary to block Tor. However, these are not yet well studied and
compared for the performance they provide to the users. Thus, we conduct a
first comparative performance evaluation of a total of 12 PTs -- the ones
currently supported by the Tor project and those that can be integrated in the
future.
Our results reveal multiple facets of the PT ecosystem. (1) PTs' download
time significantly varies even under similar network conditions. (2) All PTs
are not equally reliable. Thus, clients who regularly suffer censorship may
falsely believe that such PTs are blocked. (3) PT performance depends on the
underlying communication primitive. (4) PTs performance significantly depends
on the website access method (browser or command-line). Surprisingly, for some
PTs, website access time was even less than vanilla Tor.
Based on our findings from more than 1.25M measurements, we provide
recommendations about selecting PTs and believe that our study can facilitate
access for users who face censorship.Comment: 25 pages, 12 figure
The OMII Software – Demonstrations and Comparisons between two different deployments for Client-Server Distributed Systems
This paper describes the key elements of the OMII software and the scenarios which OMII software can be deployed to achieve distributed computing in the UK e-Science Community, where two different deployments for Client-Server distributed systems are demonstrated. Scenarios and experiments for each deployment have been described, with its advantages and disadvantages compared and analyzed. We conclude that our first deployment is more relevant for system administrators or developers, and the second deployment is more suitable for users’ perspective which they can send and check job status for hundred job submissions
- …