Correlation-Based Traffic Analysis Attacks on Anonymity Networks

In this paper, we address attacks that exploit the timing behavior of TCP and other protocols and applications in low-latency anonymity networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures to defeat traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attacks, flow-correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that all but a few batching strategies fail against flow-correlation attacks, allowing the adversary to either identify ingress and egress points of a flow or to reconstruct the path used by the flow. Counterintuitively, some batching strategies are actually detrimental against attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and mechanisms to be used to counter flow-correlation attacks

Correlation-Based Traffic Analysis Attacks on Anonymity Networks

In this paper, we address attacks that exploit the timing behavior of TCP and other protocols and applications in low-latency anonymity networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures to defeat traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attacks, flow-correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link with that over an output link. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that all but a few batching strategies fail against flow-correlation attacks, allowing the adversary to either identify ingress and egress points of a flow or to reconstruct the path used by the flow. Counterintuitively, some batching strategies are actually detrimental against attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and mechanisms to be used to counter flow-correlation attacks

Fundamental Design Issues in Anonymous Peer-to-peer Distributed Hash Table Protocols

Ph.D

Mobility Support in User-Centric Networks

In this paper, an overview of challenges and requirements for mobility management in user-centric networks is given, and a new distributed and dynamic per-application mobility management solution is presented. After a brief summary of generic mobility management concepts, existing approaches from the distributed and peer-to-peer mobility management literature are introduced, along with their applicability or shortcomings in the UCN environment. Possible approaches to deal with the decentralized and highly dynamic nature of UCNs are also provided with a discussion and an introduction to potential future work

Cooperative Caching in Vehicular Networks - Distributed Cache Invalidation Using Information Freshness

Recent advances in vehicular communications has led to significant opportunities to deploy variety of applications and services improving road safety and traffic efficiency to road users. In regard to traffic management services in distributed vehicular networks, this thesis work evaluates managing storage at vehicles efficiently as cache for moderate cellular transmission costs while still achieving correct routing decision. Road status information was disseminated to oncoming traffic in the form of cellular notifications using a reporting mechanism. High transmission costs due to redundant notifications published by all vehicles following a basic reporting mechanism: Default-approach was overcome by implementing caching at every vehicle. A cooperative based reporting mechanism utilizing cache: Cooperative-approach, was proposed to notify road status while avoiding redundant notifications. In order to account those significantly relevant vehicles for decision-making process which did not actually publish, correspondingly virtual cache entries were implemented. To incorporate the real-world scenario of varying vehicular rate observed on any road, virtual cache entries based on varying vehicular rate was modeled as Adaptive Cache Management mechanism. The combinations of proposed mechanisms were evaluated for cellular transmission costs and accuracy achieved for making correct routing decision. Simulation case studies comprising varying vehicular densities and different false detection rates were conducted to demonstrate the performance of these mechanisms. Additionally, the proposed mechanisms were evaluated in different decision-making algorithms for both information freshness in changing road conditions and for robustness despite false detections. The simulation results demonstrated that the combination of proposed mechanisms was capable of achieving realistic information accuracy enough to make correct routing decision despite false readings while keeping network costs significantly low. Furthermore, using QoI-based decision algorithm in high density vehicular networks, fast adaptability to frequently changing road conditions as well as quick recovery from false notifications by invalidating them with correct notifications were indicated

An Approach for Ensuring Robust Support for Location Privacy and Identity Inference Protection

The challenge of preserving a user\u27s location privacy is more important now than ever before with the proliferation of handheld devices and the pervasive use of location based services. To protect location privacy, we must ensure k-anonymity so that the user remains indistinguishable among k-1 other users. There is no better way but to use a location anonymizer (LA) to achieve k-anonymity. However, its knowledge of each user\u27s current location makes it susceptible to be a single-point-of-failure. In this thesis, we propose a formal location privacy framework, termed SafeGrid that can work with or without an LA. In SafeGrid, LA is designed in such a way that it is no longer a single point of failure. In addition, it is resistant to known attacks and most significantly, the cloaking algorithm it employs meets reciprocity condition. Simulation results exhibit its better performance in query processing and cloaking region calculation compared with existing solutions. In this thesis, we also show that satisfying k-anonymity is not enough in preserving privacy. Especially in an environment where a group of colluded service providers collaborate with each other, a user\u27s privacy can be compromised through identity inference attacks. We present a detailed analysis of such attacks on privacy and propose a novel and powerful privacy definition called s-proximity. In addition to building a formal definition for s-proximity, we show that it is practical and it can be incorporated efficiently into existing systems to make them secure

Vehicle re-routing strategies for congestion avoidance

Traffic congestion causes driver frustration and costs billions of dollars annually in lost time and fuel consumption. This dissertation introduces a cost-effective and easily deployable vehicular re-routing system that reduces the effects of traffic congestion. The system collects real-time traffic data from vehicles and road-side sensors, and computes proactive, individually tailored re-routing guidance, which is pushed to vehicles when signs of congestion are observed on their routes. Subsequently, this dissertation proposes and evaluates two classes of re-routing strategies designed to be incorporated into this system, namely, Single Shortest Path strategies and Multiple Shortest Paths Strategies. These strategies are firstly implemented in a centralized system, where a server receives traffic updates from cars, computes alternative routes, and pushes them as guidance to drivers. The extensive experimental results show that the proposed strategies are capable of reducing the travel time comparable to a state-of-the-art Dynamic Traffic Assignment (DTA) algorithm, while avoiding the issues that make DTA impractical, such as lack of scalability and robustness, and high computation time. Furthermore, the variety of proposed strategies allows the system to be tuned to different levels of trade-off between re-routing effectiveness and computational efficiency. Also, the proposed traffic guidance system is robust even if many drivers ignore the guidance, or if the system adoption rate is relatively low. The centralized system suffers from two intrinsic problems: the central server has to perform intensive computation and communication with the vehicles in real-time, which can make such solutions infeasible for large regions with many vehicles; and driver privacy is not protected since the drivers have to share their location as well as the origins and destinations of their trips with the server, which may prevent the adoption of such solutions. To address these problems, a hybrid vehicular re-routing system is presented in this dissertation. The system off-loads a large part of the re-routing computation at the vehicles, and thus, the re-routing process becomes practical in real-time. To make collaborative re-routing decisions, the vehicles exchange messages over vehicular ad hoc networks. The system is hybrid because it still uses a server to determine an accurate global view of the traffic. In addition, the user privacy is balanced with the re-routing effectiveness. The simulation results demonstrate that, compared with a centralized system, the proposed hybrid system increases the user privacy substantially, while the re-routing effectiveness is minimally impacted

BGP-Multipath Routing in the Internet

BGP-Multipath, or BGP-M, is a routing technique for balancing traffic load in the Internet. It enables a Border Gateway Protocol (BGP) border router to install multiple ‘equally-good’ paths to a destination prefix. While other multipath routing techniques are deployed at internal routers, BGP-M is deployed at border routers where traffic is shared on multiple border links between Autonomous Systems (ASes). Although there are a considerable number of research efforts on multipath routing, there is so far no dedicated measurement or study on BGP-M in the literature. This thesis presents the first systematic study on BGP-M. I proposed a novel approach to inferring the deployment of BGP-M by querying Looking Glass (LG) servers. I conducted a detailed investigation on the deployment of BGP-M in the Internet. I also analysed BGP-M’s routing properties based on traceroute measurements using RIPE Atlas probes. My research has revealed that BGP-M has already been used in the Internet. In particular, Hurricane Electric (AS6939), a Tier-1 network operator, has deployed BGP-M at border routers across its global network to hundreds of its neighbour ASes on both IPv4 and IPv6 Internet. My research has provided the state-of-the-art knowledge and insights in the deployment, configuration and operation of BGP-M. The data, methods and analysis introduced in this thesis can be immensely valuable to researchers, network operators and regulators who are interested in improving the performance and security of Internet routing. This work has raised awareness of BGP-M and may promote more deployment of BGP-M in future because BGP-M not only provides all benefits of multipath routing but also has distinct advantages in terms of flexibility, compatibility and transparency

Path Protection Switching in Information Centric Networks (ICN)

Since its formation, the Internet has experienced tremendous growth, constantly increasing traffic and new applications, including voice and video. However, it still keeps its original architecture drafted almost 40 years ago built on the end-to-end principle; this has proven to be problematic when there are failures as routing convergence is slow for unicast networks and even slower for multicast which has to rely upon slow multicast routing as no protection switching exists for multicast. This thesis investigates protection in an alternative approach for network communication, namely information centric networking (ICN) using the architecture proposed by the PSIRP/PURSUIT projects. This uses Bloom Filters to allow both unicast and multicast forwarding. However, the PSIRP/PURSUIT ICN approach did not investigate protection switching and this problem forms the main aim of this thesis. The work builds on the research by Grover and Stamatelakis who introduced the concept of pre-configured protection p-cycles in 2000 for optical networks and, with modification, applicable to unicast IP or packet networks. This thesis shows how the p-cycle concept can be directly applied to packet networks that use PSIRP/PURSUIT ICN and extends the approach to encompass both unicast and multicast protection switching. Furthermore, it shows how the chosen p-cycles can be optimised to reduce the redundancy overhead introduced by the protection mechanism. The work evaluates the approach from two aspects, the first is how the proposed approach compares to existing switching state and traffic in an MPLS multicast architecture. The second considers the redundancy overhead in three known network topologies for synthetic traffic matrices. The thesis is the first work to demonstrate the efficiency of Bloom filter based switching for multicast (and unicast) protection switching

Software framework for the development of context-aware reconfigurable systems

In this project we propose a new software framework for the development of context-aware and secure controlling software of distributed reconfigurable systems. Context-awareness is a key feature allowing the adaptation of systems behaviour according to the changing environment. We introduce a new definition of the term “context” for reconfigurable systems then we define a new context modelling and reasoning approach. Afterwards, we define a meta-model of context-aware reconfigurable applications that paves the way to the proposed framework. The proposed framework has a three-layer architecture: reconfiguration, context control, and services layer, where each layer has its well-defined role. We define also a new secure conversation protocol between distributed trustless parts based on the blockchain technology as well as the elliptic curve cryptography. To get better correctness and deployment guarantees of applications models in early development stages, we propose a new UML profile called GR-UML to add new semantics allowing the modelling of probabilistic scenarios running under memory and energy constraints, then we propose a methodology using transformations between the GR-UML, the GR-TNCES Petri nets formalism, and the IEC 61499 function blocks. A software tool implementing the methodology concepts is developed. To show the suitability of the mentioned contributions two case studies (baggage handling system and microgrids) are considered.In diesem Projekt schlagen wir ein Framework für die Entwicklung von kontextbewussten, sicheren Anwendungen von verteilten rekonfigurierbaren Systemen vor. Kontextbewusstheit ist eine Schlüsseleigenschaft, die die Anpassung des Systemverhaltens an die sich ändernde Umgebung ermöglicht. Wir führen eine Definition des Begriffs ``Kontext" für rekonfigurierbare Systeme ein und definieren dann einen Kontextmodellierungs- und Reasoning-Ansatz. Danach definieren wir ein Metamodell für kontextbewusste rekonfigurierbare Anwendungen, das den Weg zum vorgeschlagenen Framework ebnet. Das Framework hat eine dreischichtige Architektur: Rekonfigurations-, Kontextkontroll- und Dienste-Schicht, wobei jede Schicht ihre wohldefinierte Rolle hat. Wir definieren auch ein sicheres Konversationsprotokoll zwischen verteilten Teilen, das auf der Blockchain-Technologie sowie der elliptischen Kurven-Kryptographie basiert. Um bessere Korrektheits- und Einsatzgarantien für Anwendungsmodelle zu erhalten, schlagen wir ein UML-Profil namens GR-UML vor, um Semantik umzufassen, die die Modellierung probabilistischer Szenarien unter Speicher- und Energiebeschränkungen ermöglicht. Dann schlagen wir eine Methodik vor, die Transformationen zwischen GR-UML, dem GR-TNCES-Petrinetz-Formalismus und den IEC 61499-Funktionsblöcken verwendet. Es wird ein Software entwickelt, das die Konzepte der Methodik implementiert. Um die Eignung der genannten Beiträge zu zeigen, werden zwei Fallstudien betrachtet