I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy

In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the file-sharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and file-sharing usage of tens of millions of identified users.Comment: This is the authors' version of the ACM/USENIX Internet Measurement Conference (IMC) 2011 pape

De-perimeterisation as a cycle: tearing down and rebuilding security perimeters

If an organisation wants to secure its IT assets, where should the security mechanisms be placed? The traditional view is the hard-shell model, where an organisation secures all its assets using a fixed security border: What is inside the security perimeter is more or less trusted, what is outside is not. Due to changes in technologies, business processes and their legal environments this approach is not adequate anymore.\ud This paper examines this process, which was coined de-perimeterisation by the Jericho Forum.\ud In this paper we analyse and define the concepts of perimeter and de-perimeterisation, and show that there is a long term trend in which de-perimeterisation is iteratively accelerated and decelerated. In times of accelerated de-perimeterisation, technical and organisational changes take place by which connectivity between organisations and their environment scales up significantly. In times of deceleration, technical and organisational security measures are taken to decrease the security risks that come with de-perimeterisation, a movement that we call re-perimeterisation. We identify the technical and organisational mechanisms that facilitate de-perimeterisation and re-perimeterisation, and discuss the forces that cause organisations to alternate between these two movements

Social media: a guide for researchers

This guide has been produced by the International Centre for Guidance Studies, and aims to provide the information needed to make an informed decision about using social media and select from the vast range of tools that are available. One of the most important things that researchers do is to find, use and disseminate information, and social media offers a range of tools which can facilitate this. The guide discusses the use of social media for research and academic purposes and will not be examining the many other uses that social media is put to across society. Social media can change the way in which you undertake research, and can also open up new forms of communication and dissemination. It has the power to enable researchers to engage in a wide range of dissemination in a highly efficient way.Research Information Networ

Rethinking De-Perimeterisation: Problem Analysis And Solutions

For businesses, the traditional security approach is the hard-shell model: an organisation secures all its assets using a fixed security border, trusting the inside, and distrusting the outside. However, as technologies and business processes change, this model looses its attractiveness. In a networked world, “inside” and “outside” can no longer be clearly distinguished. The Jericho Forum - an industry consortium part of the Open Group – coined this process deperimeterisation and suggested an approach aimed at securing data rather than complete systems and infrastructures. We do not question the reality of de-perimeterisation; however, we believe that the existing analysis of the exact problem, as well as the usefulness of the proposed solutions have fallen short: first, there is no linear process of blurring boundaries, in which security mechanisms are placed at lower and lower levels, until they only surround data. To the contrary, we experience a cyclic process of connecting and disconnecting of systems. As conditions change, the basic trade-off between accountability and business opportunities is made (and should be made) every time again. Apart from that, data level security has several limitations to start with, and there is a big potential for solving security problems differently: by rearranging the responsibilities between businesses and individuals. The results of this analysis can be useful for security professionals who need to trade off different security mechanisms for their organisations and their information systems

Enabling Social Applications via Decentralized Social Data Management

An unprecedented information wealth produced by online social networks, further augmented by location/collocation data, is currently fragmented across different proprietary services. Combined, it can accurately represent the social world and enable novel socially-aware applications. We present Prometheus, a socially-aware peer-to-peer service that collects social information from multiple sources into a multigraph managed in a decentralized fashion on user-contributed nodes, and exposes it through an interface implementing non-trivial social inferences while complying with user-defined access policies. Simulations and experiments on PlanetLab with emulated application workloads show the system exhibits good end-to-end response time, low communication overhead and resilience to malicious attacks.Comment: 27 pages, single ACM column, 9 figures, accepted in Special Issue of Foundations of Social Computing, ACM Transactions on Internet Technolog

Interpreting infrastructure: Defining user value for digital financial intermediaries.

The 3DaRoC project is exploring digital connectivity and peer-to-peer relationships in financial services. In the light of the near collapse of the UK and world financial sector, understanding and innovating new and more sustainable approaches to financial services is now a critical topic. At the same time, the increasing penetration and take-up of robust high-speed networks, dependable peerto- peer architectures and mobile multimedia technologies offer novel platforms for offering financial services over the Internet. These new forms of digital connectivity give rise to opportunities in doing financial transactions in different ways and with radically different business models that offer the possibility of transforming the marketplace. One area in the digital economy that has had such an effect is in the ways that users access and use digital banking and payment services. The impact of the new economic models presented by these digital financial services is yet to be fully determined, but they have huge potential as disruptive innovations, with a potentially transformative effect on the way that services are offered to users. Little is understood about how technical infrastructures impact on the ways that people make sense of the financial services that they use, or on how these might be designed more effectively. 3DaRoC is exploring this space working with our partners and end users to prototype and evaluate new online, mobile, ubiquitous and tangible technologies, exploring how these services might be extended.Executive Summary: Drawing from Studies of Use - the value, use and interpretation of infrastructure in digital intermediaries to their users. The UK economy has a huge dependence on financial services, and this is increasingly based on digital platforms. Innovating new economic models around consumer financial services through the use of digital technologies is seen as increasingly important in developed economies. There are a number of drivers for this, ranging from national economic factors to the prosaic nature of enabling cheap, speedy and timely interactions for users. The potential for these new digital solutions is that they will allay an over-reliance on the traditional banking sector, which has proved itself to be unstable and risky, and we have seen a number of national policy moves to encourage growth in this sector. Partly as a result of the 2008 banking crisis, there has been an explosion in peer-to-peer financial services for non-professional consumers. These organisations act as intermediaries between users looking to trade goods or credit. However, building self-sustaining or profitable financial services within this novel space is itself fraught with commercial, regulatory, technical and social problems. This document reports on the value, use and interpretation of infrastructure in digital intermediaries to their users, describing analysis of contextual field studies carried out in two retail digital financial intermediary organisations: Zopa Limited and the Bristol Pound. It forms the second milestone document in the 3DaRoC project, developing patterns of use that have arisen on the back of the technical infrastructures in the two organisations that form cases for examination. Its purpose is to examine how the two different technical infrastructures that underpin the transactions that they support–composed of the back-office hardware and software, data structures, the networking and communications technologies used, supported consumer devices, and the user interfaces and interaction design–have provided opportunities for users to realise their financial and other needs. While we orient towards the issues of service use (and its problems), we also examine the activities and expectations of their various users. Our research has involved teams from Lancaster University examining Zopa and Brunel University focusing on the Bristol Pound over approximately a one-year period from October 2013 to October 2014. Extensive interviews, document analysis, observation of user interactions, and other methods have been employed to develop the process analyses of the firms presented here. This report comprises of three key sections: descriptions of the user demographics for Zopa and the Bristol Pound, a discussion about the user experience and its role in community, and an examination of the role of usage data in the development of these a products. We conclude with final analytical section drawing preliminary conclusions from the research presented.The 3DaRoC project is funded by the RCUK Digital Economy ‘Research in the Wild’ theme (grant no. EP/K012304/1)

Economic Policy Analysis and the Internet: Coming to Terms with a Telecommunications Anomaly

The significant set of public policy issues for economic analysis that arise from the tensions between the ‘special benefits’ of the Internet as a platform for innovation, and the drawbacks of the “anomalous” features of the Internet viewed as simply one among the array of telecommunications systems, is the focus of discussion in this chapter. Economists concerned with industrial organization and regulation (including antitrust and merger law) initially found new scope for application of their expertise in conventional policy analyses of the Internet’s interactions with other segments of the telecommunications sector (broadcast and cable television, radio and telephone), and emphasized the potential congestion problems posed by user anonymity and flat rate pricing. Policy issues of a more dynamic kind have subsequently come to the fore. These involve classic tradeoffs between greater efficiency and producer and consumer surpluses today, and a potential for more innovation in Web-based products and service in the future. Many such tradeoffs involve choices such as that between policies that would preserve the original ‘end-to-end’ design of the original Internet architecture, and those that would be more encouraging of market-driven deployment of new technologies that afforded ISPs with greater market power the opportunity to offer (and extract greater profits from) restricted-Web services that consumers valued highly, such as secure and private VOIP.public policy, telecommunications, Web-based products, user anonymity