8 research outputs found
The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
In this paper, we analyze the evolution of Certificate Transparency (CT) over
time and explore the implications of exposing certificate DNS names from the
perspective of security and privacy. We find that certificates in CT logs have
seen exponential growth. Website support for CT has also constantly increased,
with now 33% of established connections supporting CT. With the increasing
deployment of CT, there are also concerns of information leakage due to all
certificates being visible in CT logs. To understand this threat, we introduce
a CT honeypot and show that data from CT logs is being used to identify targets
for scanning campaigns only minutes after certificate issuance. We present and
evaluate a methodology to learn and validate new subdomains from the vast
number of domains extracted from CT logged certificates.Comment: To be published at ACM IMC 201
HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks
Geographically locating an IP address is of interest for many purposes. There
are two major ways to obtain the location of an IP address: querying commercial
databases or conducting latency measurements. For structural Internet nodes,
such as routers, commercial databases are limited by low accuracy, while
current measurement-based approaches overwhelm users with setup overhead and
scalability issues. In this work we present our system HLOC, aiming to combine
the ease of database use with the accuracy of latency measurements. We evaluate
HLOC on a comprehensive router data set of 1.4M IPv4 and 183k IPv6 routers.
HLOC first extracts location hints from rDNS names, and then conducts
multi-tier latency measurements. Configuration complexity is minimized by using
publicly available large-scale measurement frameworks such as RIPE Atlas. Using
this measurement, we can confirm or disprove the location hints found in domain
names. We publicly release HLOC's ready-to-use source code, enabling
researchers to easily increase geolocation accuracy with minimum overhead.Comment: As published in TMA'17 conference:
http://tma.ifip.org/main-conference
A Configurable Transport Layer for CAF
The message-driven nature of actors lays a foundation for developing scalable
and distributed software. While the actor itself has been thoroughly modeled,
the message passing layer lacks a common definition. Properties and guarantees
of message exchange often shift with implementations and contexts. This adds
complexity to the development process, limits portability, and removes
transparency from distributed actor systems.
In this work, we examine actor communication, focusing on the implementation
and runtime costs of reliable and ordered delivery. Both guarantees are often
based on TCP for remote messaging, which mixes network transport with the
semantics of messaging. However, the choice of transport may follow different
constraints and is often governed by deployment. As a first step towards
re-architecting actor-to-actor communication, we decouple the messaging
guarantees from the transport protocol. We validate our approach by redesigning
the network stack of the C++ Actor Framework (CAF) so that it allows to combine
an arbitrary transport protocol with additional functions for remote messaging.
An evaluation quantifies the cost of composability and the impact of individual
layers on the entire stack
Bluetooth Mesh under the Microscope: How much ICN is Inside?
Bluetooth (BT) mesh is a new mode of BT operation for low-energy devices that
offers group-based publish-subscribe as a network service with additional
caching capabilities. These features resemble concepts of information-centric
networking (ICN), and the analogy to ICN has been repeatedly drawn in the BT
community. In this paper, we compare BT mesh with ICN both conceptually and in
real-world experiments. We contrast both architectures and their design
decisions in detail. Experiments are performed on an IoT testbed using NDN/CCNx
and BT mesh on constrained RIOT nodes. Our findings indicate significant
differences both in concepts and in real-world performance. Supported by new
insights, we identify synergies and sketch a design of a BT-ICN that benefits
from both worlds
Gain More for Less: The Surprising Benefits of QoS Management in Constrained NDN Networks
Quality of Service (QoS) in the IP world mainly manages forwarding resources,
i.e., link capacities and buffer spaces. In addition, Information Centric
Networking (ICN) offers resource dimensions such as in-network caches and
forwarding state. In constrained wireless networks, these resources are scarce
with a potentially high impact due to lossy radio transmission. In this paper,
we explore the two basic service qualities (i) prompt and (ii) reliable traffic
forwarding for the case of NDN. The resources we take into account are
forwarding and queuing priorities, as well as the utilization of caches and of
forwarding state space. We treat QoS resources not only in isolation, but
correlate their use on local nodes and between network members. Network-wide
coordination is based on simple, predefined QoS code points. Our findings
indicate that coordinated QoS management in ICN is more than the sum of its
parts and exceeds the impact QoS can have in the IP world
NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT
This paper takes a comprehensive view on the protocol stacks that are under
debate for a future Internet of Things (IoT). It addresses the holistic
question of which solution is beneficial for common IoT use cases. We deploy
NDN and the two popular IP-based application protocols, CoAP and MQTT, in its
different variants on a large-scale IoT testbed in single- and multi-hop
scenarios. We analyze the use cases of scheduled periodic and unscheduled
traffic under varying loads. Our findings indicate that (a) NDN admits the most
resource-friendly deployment on nodes, and (b) shows superior robustness and
resilience in multi-hop scenarios, while (c) the IP protocols operate at less
overhead and higher speed in single-hop deployments. Most strikingly we find
that NDN-based protocols are in significantly better flow balance than the
UDP-based IP protocols and require less corrective actions
Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists
Network measurements are an important tool in understanding the Internet. Due
to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not
possible for IPv6. In recent years, several studies have proposed the use of
target lists of IPv6 addresses, called IPv6 hitlists.
In this paper, we show that addresses in IPv6 hitlists are heavily clustered.
We present novel techniques that allow IPv6 hitlists to be pushed from quantity
to quality. We perform a longitudinal active measurement study over 6 months,
targeting more than 50 M addresses. We develop a rigorous method to detect
aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining
to about half of our target addresses. Using entropy clustering, we group the
entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform
client measurements by leveraging crowdsourcing.
To encourage reproducibility in network measurement research and to serve as
a starting point for future IPv6 studies, we publish source code, analysis
tools, and data.Comment: See https://ipv6hitlist.github.io for daily IPv6 hitlists, historical
data, and additional analyse