4,877 research outputs found
A QUIC Implementation for ns-3
Quick UDP Internet Connections (QUIC) is a recently proposed transport
protocol, currently being standardized by the Internet Engineering Task Force
(IETF). It aims at overcoming some of the shortcomings of TCP, while
maintaining the logic related to flow and congestion control, retransmissions
and acknowledgments. It supports multiplexing of multiple application layer
streams in the same connection, a more refined selective acknowledgment scheme,
and low-latency connection establishment. It also integrates cryptographic
functionalities in the protocol design. Moreover, QUIC is deployed at the
application layer, and encapsulates its packets in UDP datagrams. Given the
widespread interest in the new QUIC features, we believe that it is important
to provide to the networking community an implementation in a controllable and
isolated environment, i.e., a network simulator such as ns-3, in which it is
possible to test QUIC's performance and understand design choices and possible
limitations. Therefore, in this paper we present a native implementation of
QUIC for ns-3, describing the features we implemented, the main assumptions and
differences with respect to the QUIC Internet Drafts, and a set of examples.Comment: 8 pages, 4 figures. Please cite it as A. De Biasio, F. Chiariotti, M.
Polese, A. Zanella, M. Zorzi, "A QUIC Implementation for ns-3", Proceedings
of the Workshop on ns-3 (WNS3 '19), Firenze, Italy, 201
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Intel Software Guard Extension (SGX) offers software applications enclave to
protect their confidentiality and integrity from malicious operating systems.
The SSL/TLS protocol, which is the de facto standard for protecting
transport-layer network communications, has been broadly deployed for a secure
communication channel. However, in this paper, we show that the marriage
between SGX and SSL may not be smooth sailing.
Particularly, we consider a category of side-channel attacks against SSL/TLS
implementations in secure enclaves, which we call the control-flow inference
attacks. In these attacks, the malicious operating system kernel may perform a
powerful man-in-the-kernel attack to collect execution traces of the enclave
programs at page, cacheline, or branch level, while positioning itself in the
middle of the two communicating parties. At the center of our work is a
differential analysis framework, dubbed Stacco, to dynamically analyze the
SSL/TLS implementations and detect vulnerabilities that can be exploited as
decryption oracles. Surprisingly, we found exploitable vulnerabilities in the
latest versions of all the SSL/TLS libraries we have examined.
To validate the detected vulnerabilities, we developed a man-in-the-kernel
adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL
library running in the SGX enclave (with the help of Graphene) and completely
broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only
57286 queries. We also conducted CBC padding oracle attacks against the latest
GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS
(i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it
only needs 48388 and 25717 queries, respectively, to break one block of AES
ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can
be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US
PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites
Website owners make conscious and unconscious decisions that affect their
users, potentially exposing them to privacy and security risks in the process.
In this paper we introduce PrivacyScore, an automated website scanning portal
that allows anyone to benchmark security and privacy features of multiple
websites. In contrast to existing projects, the checks implemented in
PrivacyScore cover a wider range of potential privacy and security issues.
Furthermore, users can control the ranking and analysis methodology. Therefore,
PrivacyScore can also be used by data protection authorities to perform
regularly scheduled compliance checks. In the long term we hope that the
transparency resulting from the published benchmarks creates an incentive for
website owners to improve their sites. The public availability of a first
version of PrivacyScore was announced at the ENISA Annual Privacy Forum in June
2017.Comment: 14 pages, 4 figures. A german version of this paper discussing the
legal aspects of this system is available at arXiv:1705.0888
IPv6 Network Mobility
Network Authentication, Authorization, and Accounting has
been used since before the days of the Internet as we know it
today. Authentication asks the question, “Who or what are
you?” Authorization asks, “What are you allowed to do?” And fi nally,
accounting wants to know, “What did you do?” These fundamental
security building blocks are being used in expanded ways today. The
fi rst part of this two-part series focused on the overall concepts of
AAA, the elements involved in AAA communications, and highlevel
approaches to achieving specifi c AAA goals. It was published in
IPJ Volume 10, No. 1[0]. This second part of the series discusses the
protocols involved, specifi c applications of AAA, and considerations
for the future of AAA
Independent External Monitoring Agricultural Report 2014 Syngenta, Turkey Dikili Sunflower
This document is part of a digital collection provided by the Martin P. Catherwood Library, ILR School, Cornell University, pertaining to the effects of globalization on the workplace worldwide. Special emphasis is placed on labor rights, working conditions, labor market changes, and union organizing.FLA_2014_Syngenta_Turkey_Dikili_Sunflower.pdf: 13 downloads, before Oct. 1, 2020
- …