76 research outputs found
Side-channel timing attack on content privacy of named data networking
Tese de Doutoramento em Engenharia Electrónica e de ComputadoresA diversity of current applications, such as Netflix, YouTube, and social media, have used the Internet mainly
as a content distribution network. Named Data Networking (NDN) is a network paradigm that attempts to
answer today’s applications need by naming the content. NDN promises an optimized content distribution
through a named content-centric design. One of the NDN key features is the use of in-network caching
to improve network efficiency in terms of content distribution. However, the cached contents may put the
consumer privacy at risk. Since the time response of cached contents is different from un-cached contents,
the adversary may distinguish the cached contents (targets) from un-cached ones, through the side-channel
timing responses. The scope of attack can be towards the content, the name, or the signature. For instance,
the adversary may obtain the call history, the callee or caller location on a trusted Voice over NDN (VoNDN)
and the popularity of contents in streaming applications (e.g. NDNtube, NDNlive) through side-channel
timing responses of the cache.
The side-channel timing attack can be mitigated by manipulating the time of the router responses. The
countermeasures proposed by other researches, such as additional delay, random/probabilistic caching,
group signatures, and no-caching can effectively be used to mitigate the attack. However, the content
distribution may be affected by pre-configured countermeasures which may go against the goal of the
original NDN paradigm. In this work, the detection and defense (DaD) approach is proposed to mitigate the
attack efficiently and effectively. With the DaD usage, an attack can be detected by a multi-level detection
mechanism, in order to apply the countermeasures against the adversarial faces. Also, the detections can
be used to determine the severity of the attack. In order to detect the behavior of an adversary, a brute-force
timing attack was implemented and simulated with the following applications and testbeds: i. a trusted
application that mimics the VoNDN and identifies the cached certificate on a worldwide NDN testbed, and
ii. a streaming-like NDNtube application to identify the popularity of videos on the NDN testbed and AT&T
company. In simulation primary results showed that the multi-level detection based on DaD mitigated the
attack about 39.1% in best-route, and 36.6% in multicast communications. Additionally, the results showed
that DaD preserves privacy without compromising the efficiency benefits of in-network caching in NDNtube
and VoNDN applications.Várias aplicações atuais, como o Netflix e o YouTube, têm vindo a usar a Internet como uma rede de
distribuição de conteúdos. O Named Data Networking (NDN) é um paradigma recente nas redes de comunicações
que tenta responder às necessidades das aplicações modernas, através da nomeação dos
conteúdos. O NDN promete uma otimização da distribuição dos conteúdos usando uma rede centrada
nos conteúdos. Uma das características principais do NDN é o uso da cache disponivel nos nós da rede
para melhorar a eficiência desta em termos de distribuição de conteúdos. No entanto, a colocação dos
conteúdos em cache pode colocar em risco a privacidade dos consumidores. Uma vez que a resposta
temporal de um conteúdo em cache é diferente do de um conteúdo que não está em cache, o adversário
pode distinguir os conteúdos que estão em cache dos que não estão em cache, através das respostas de
side-channel. O objectivo do ataque pode ser direcionado para o conteúdo, o nome ou a assinatura da
mensagem. Por exemplo, o adversário pode obter o histórico de chamadas, a localização do callee ou do
caller num serviço seguro de voz sobre NDN (VoNDN) e a popularidade do conteúdos em aplicações de
streaming (e.g. NDNtube, NDNlive) através das respostas temporais de side-channel.
O side-channel timing attack pode ser mitigado manipulando o tempo das respostas dos routers. As
contramedidas propostas por outros pesquisadores, tais como o atraso adicional, o cache aleatório /probabilístico,
as assinaturas de grupo e não fazer cache, podem ser efetivamente usadas para mitigar um
ataque. No entanto, a distribuição de conteúdos pode ser afetada por contramedidas pré-configuradas
que podem ir contra o propósito original do paradigma NDN. Neste trabalho, a abordagem de detecção e
defesa (DaD) é proposta para mitigar o ataque de forma eficiente e eficaz. Com o uso do DaD, um ataque
pode ser detectado por um mecanismo de detecção multi-nível, a fim de aplicar as contramedidas contra
as interfaces dos adversários. Além disso, as detecções podem ser usadas para determinar a gravidade
do ataque. A fim de detectar o comportamento de um adversário, um timing attack de força-bruta foi
implementado e simulado com as seguintes aplicações e plataformas (testbeds): i. uma aplicação segura
que implementa o VoNDN e identifica o certificado em cache numa plataforma NDN mundial; e ii. uma
aplicação de streaming do tipo NDNtube para identificar a popularidade de vídeos na plataforma NDN da
empresa AT&T. Os resultados da simulação mostraram que a detecção multi-nível oferecida pelo DaD atenuou
o ataque cerca de 39,1% em best-route e 36,5% em comunicações multicast. Para avaliar o efeito nos
pedidos legítimos, comparou-se o DaD com uma contramedida estática, tendo-se verificado que o DaD foi
capaz de preservar todos os pedidos legítimos
System support for keyword-based search in structured Peer-to-Peer systems
In this dissertation, we present protocols for building a distributed search infrastructure over structured Peer-to-Peer systems. Unlike existing search engines which consist of large server farms managed by a centralized authority, our approach makes use of a distributed set of end-hosts built out of commodity hardware. These end-hosts cooperatively construct and maintain the search infrastructure.
The main challenges with distributing such a system include node failures, churn, and data migration. Localities inherent in query patterns also cause load imbalances and hot spots that severely impair performance. Users of search systems want their results returned quickly, and in ranked order. Our main contribution is to show that a scalable, robust, and distributed search infrastructure can be built over existing Peer-to-Peer systems through the use of techniques that address these problems. We present a decentralized scheme for ranking search results without prohibitive network or storage overhead. We show that caching allows for efficient query evaluation and present a distributed data structure, called the View Tree, that enables efficient storage, and retrieval of cached results. We also present a lightweight adaptive replication protocol, called LAR that can adapt to different kinds of query streams and is extremely effective at eliminating hotspots. Finally, we present techniques for storing indexes reliably. Our approach is to use an adaptive partitioning protocol to store large indexes and employ efficient redundancy techniques to handle failures. Through detailed analysis and experiments we show that our techniques are efficient and scalable, and that they make distributed search feasible
Edge Intelligence : Empowering Intelligence to the Edge of Network
Edge intelligence refers to a set of connected systems and devices for data collection, caching, processing, and analysis proximity to where data are captured based on artificial intelligence. Edge intelligence aims at enhancing data processing and protects the privacy and security of the data and users. Although recently emerged, spanning the period from 2011 to now, this field of research has shown explosive growth over the past five years. In this article, we present a thorough and comprehensive survey of the literature surrounding edge intelligence. We first identify four fundamental components of edge intelligence, i.e., edge caching, edge training, edge inference, and edge offloading based on theoretical and practical results pertaining to proposed and deployed systems. We then aim for a systematic classification of the state of the solutions by examining research results and observations for each of the four components and present a taxonomy that includes practical problems, adopted techniques, and application goals. For each category, we elaborate, compare, and analyze the literature from the perspectives of adopted techniques, objectives, performance, advantages and drawbacks, and so on. This article provides a comprehensive survey of edge intelligence and its application areas. In addition, we summarize the development of the emerging research fields and the current state of the art and discuss the important open issues and possible theoretical and technical directions.Peer reviewe
Performance assessment of real-time data management on wireless sensor networks
Technological advances in recent years have allowed the maturity of Wireless Sensor Networks
(WSNs), which aim at performing environmental monitoring and data collection. This sort of
network is composed of hundreds, thousands or probably even millions of tiny smart computers
known as wireless sensor nodes, which may be battery powered, equipped with sensors, a radio
transceiver, a Central Processing Unit (CPU) and some memory. However due to the small size and
the requirements of low-cost nodes, these sensor node resources such as processing power, storage
and especially energy are very limited.
Once the sensors perform their measurements from the environment, the problem of data
storing and querying arises. In fact, the sensors have restricted storage capacity and the on-going
interaction between sensors and environment results huge amounts of data. Techniques for data
storage and query in WSN can be based on either external storage or local storage. The external
storage, called warehousing approach, is a centralized system on which the data gathered by the
sensors are periodically sent to a central database server where user queries are processed. The
local storage, in the other hand called distributed approach, exploits the capabilities of sensors
calculation and the sensors act as local databases. The data is stored in a central database server
and in the devices themselves, enabling one to query both.
The WSNs are used in a wide variety of applications, which may perform certain operations on
collected sensor data. However, for certain applications, such as real-time applications, the sensor
data must closely reflect the current state of the targeted environment. However, the environment
changes constantly and the data is collected in discreet moments of time. As such, the collected
data has a temporal validity, and as time advances, it becomes less accurate, until it does not
reflect the state of the environment any longer. Thus, these applications must query and analyze
the data in a bounded time in order to make decisions and to react efficiently, such as industrial
automation, aviation, sensors network, and so on. In this context, the design of efficient real-time
data management solutions is necessary to deal with both time constraints and energy consumption.
This thesis studies the real-time data management techniques for WSNs. It particularly it focuses
on the study of the challenges in handling real-time data storage and query for WSNs and on the
efficient real-time data management solutions for WSNs.
First, the main specifications of real-time data management are identified and the available
real-time data management solutions for WSNs in the literature are presented. Secondly, in order to
provide an energy-efficient real-time data management solution, the techniques used to manage
data and queries in WSNs based on the distributed paradigm are deeply studied. In fact, many
research works argue that the distributed approach is the most energy-efficient way of managing
data and queries in WSNs, instead of performing the warehousing. In addition, this approach can provide quasi real-time query processing because the most current data will be retrieved from the
network.
Thirdly, based on these two studies and considering the complexity of developing, testing, and
debugging this kind of complex system, a model for a simulation framework of the real-time
databases management on WSN that uses a distributed approach and its implementation are
proposed. This will help to explore various solutions of real-time database techniques on WSNs
before deployment for economizing money and time. Moreover, one may improve the proposed
model by adding the simulation of protocols or place part of this simulator on another available
simulator. For validating the model, a case study considering real-time constraints as well as energy
constraints is discussed.
Fourth, a new architecture that combines statistical modeling techniques with the distributed
approach and a query processing algorithm to optimize the real-time user query processing are
proposed. This combination allows performing a query processing algorithm based on admission
control that uses the error tolerance and the probabilistic confidence interval as admission
parameters. The experiments based on real world data sets as well as synthetic data sets
demonstrate that the proposed solution optimizes the real-time query processing to save more
energy while meeting low latency.Fundação para a Ciência e Tecnologi
- …