11,707 research outputs found
RAPTOR: Routing Attacks on Privacy in Tor
The Tor network is a widely used system for anonymous communication. However,
Tor is known to be vulnerable to attackers who can observe traffic at both ends
of the communication path. In this paper, we show that prior attacks are just
the tip of the iceberg. We present a suite of new attacks, called Raptor, that
can be launched by Autonomous Systems (ASes) to compromise user anonymity.
First, AS-level adversaries can exploit the asymmetric nature of Internet
routing to increase the chance of observing at least one direction of user
traffic at both ends of the communication. Second, AS-level adversaries can
exploit natural churn in Internet routing to lie on the BGP paths for more
users over time. Third, strategic adversaries can manipulate Internet routing
via BGP hijacks (to discover the users using specific Tor guard nodes) and
interceptions (to perform traffic analysis). We demonstrate the feasibility of
Raptor attacks by analyzing historical BGP data and Traceroute data as well as
performing real-world attacks on the live Tor network, while ensuring that we
do not harm real users. In addition, we outline the design of two monitoring
frameworks to counter these attacks: BGP monitoring to detect control-plane
attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our
work motivates the design of anonymity systems that are aware of the dynamics
of Internet routing
A survey on pseudonym changing strategies for Vehicular Ad-Hoc Networks
The initial phase of the deployment of Vehicular Ad-Hoc Networks (VANETs) has
begun and many research challenges still need to be addressed. Location privacy
continues to be in the top of these challenges. Indeed, both of academia and
industry agreed to apply the pseudonym changing approach as a solution to
protect the location privacy of VANETs'users. However, due to the pseudonyms
linking attack, a simple changing of pseudonym shown to be inefficient to
provide the required protection. For this reason, many pseudonym changing
strategies have been suggested to provide an effective pseudonym changing.
Unfortunately, the development of an effective pseudonym changing strategy for
VANETs is still an open issue. In this paper, we present a comprehensive survey
and classification of pseudonym changing strategies. We then discuss and
compare them with respect to some relevant criteria. Finally, we highlight some
current researches, and open issues and give some future directions
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
A Survey on Wireless Sensor Network Security
Wireless sensor networks (WSNs) have recently attracted a lot of interest in
the research community due their wide range of applications. Due to distributed
nature of these networks and their deployment in remote areas, these networks
are vulnerable to numerous security threats that can adversely affect their
proper functioning. This problem is more critical if the network is deployed
for some mission-critical applications such as in a tactical battlefield.
Random failure of nodes is also very likely in real-life deployment scenarios.
Due to resource constraints in the sensor nodes, traditional security
mechanisms with large overhead of computation and communication are infeasible
in WSNs. Security in sensor networks is, therefore, a particularly challenging
task. This paper discusses the current state of the art in security mechanisms
for WSNs. Various types of attacks are discussed and their countermeasures
presented. A brief discussion on the future direction of research in WSN
security is also included.Comment: 24 pages, 4 figures, 2 table
Hang With Your Buddies to Resist Intersection Attacks
Some anonymity schemes might in principle protect users from pervasive
network surveillance - but only if all messages are independent and unlinkable.
Users in practice often need pseudonymity - sending messages intentionally
linkable to each other but not to the sender - but pseudonymity in dynamic
networks exposes users to intersection attacks. We present Buddies, the first
systematic design for intersection attack resistance in practical anonymity
systems. Buddies groups users dynamically into buddy sets, controlling message
transmission to make buddies within a set behaviorally indistinguishable under
traffic analysis. To manage the inevitable tradeoffs between anonymity
guarantees and communication responsiveness, Buddies enables users to select
independent attack mitigation policies for each pseudonym. Using trace-based
simulations and a working prototype, we find that Buddies can guarantee
non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for
both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure
Who clicks there!: Anonymizing the photographer in a camera saturated society
In recent years, social media has played an increasingly important role in
reporting world events. The publication of crowd-sourced photographs and videos
in near real-time is one of the reasons behind the high impact. However, the
use of a camera can draw the photographer into a situation of conflict.
Examples include the use of cameras by regulators collecting evidence of Mafia
operations; citizens collecting evidence of corruption at a public service
outlet; and political dissidents protesting at public rallies. In all these
cases, the published images contain fairly unambiguous clues about the location
of the photographer (scene viewpoint information). In the presence of adversary
operated cameras, it can be easy to identify the photographer by also combining
leaked information from the photographs themselves. We call this the camera
location detection attack. We propose and review defense techniques against
such attacks. Defenses such as image obfuscation techniques do not protect
camera-location information; current anonymous publication technologies do not
help either. However, the use of view synthesis algorithms could be a promising
step in the direction of providing probabilistic privacy guarantees
- …