70,903 research outputs found
A Privacy-Aware Access Control Model for Distributed Network Monitoring
International audienceIn this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision
Contextual Localization Through Network Traffic Analysis
opportunitiesforcontentserviceproviderstooptimizethecontent delivery based on userâs location. Since sharing precise location remainsamajorprivacyconcernamongtheusers,manylocationbased services rely on contextual location (e.g. residence, cafe etc.) as opposed to acquiring userâs exact physical location. In this paper, we present PACL (Privacy-Aware Contextual Localizer), which can learn userâs contextual location just by passively monitoring userâs network traffic. PACL can discern a set of vital attributes (statistical and application-based) from userâs network traffic, and predict userâs contextual location with a very high accuracy.WedesignandevaluatePACLusingreal-worldnetwork traces of over 1700 users with over 100 gigabytes of total data. OurresultsshowthatPACL(builtusingdecisiontree)canpredict userâs contextual location with the accuracy of around 87%. I
RAPTOR: Routing Attacks on Privacy in Tor
The Tor network is a widely used system for anonymous communication. However,
Tor is known to be vulnerable to attackers who can observe traffic at both ends
of the communication path. In this paper, we show that prior attacks are just
the tip of the iceberg. We present a suite of new attacks, called Raptor, that
can be launched by Autonomous Systems (ASes) to compromise user anonymity.
First, AS-level adversaries can exploit the asymmetric nature of Internet
routing to increase the chance of observing at least one direction of user
traffic at both ends of the communication. Second, AS-level adversaries can
exploit natural churn in Internet routing to lie on the BGP paths for more
users over time. Third, strategic adversaries can manipulate Internet routing
via BGP hijacks (to discover the users using specific Tor guard nodes) and
interceptions (to perform traffic analysis). We demonstrate the feasibility of
Raptor attacks by analyzing historical BGP data and Traceroute data as well as
performing real-world attacks on the live Tor network, while ensuring that we
do not harm real users. In addition, we outline the design of two monitoring
frameworks to counter these attacks: BGP monitoring to detect control-plane
attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our
work motivates the design of anonymity systems that are aware of the dynamics
of Internet routing
CLOSER: A Collaborative Locality-aware Overlay SERvice
Current Peer-to-Peer (P2P) file sharing systems make use of a considerable percentage of Internet Service Providers (ISPs) bandwidth. This paper presents the Collaborative Locality-aware Overlay SERvice (CLOSER), an architecture that aims at lessening the usage of expensive international links by exploiting traffic locality (i.e., a resource is downloaded from the inside of the ISP whenever possible). The paper proves the effectiveness of CLOSER by analysis and simulation, also comparing this architecture with existing solutions for traffic locality in P2P systems. While savings on international links can be attractive for ISPs, it is necessary to offer some features that can be of interest for users to favor a wide adoption of the application. For this reason, CLOSER also introduces a privacy module that may arouse the users' interest and encourage them to switch to the new architectur
- âŠ