CASPR: Judiciously Using the Cloud for Wide-Area Packet Recovery

We revisit a classic networking problem -- how to recover from lost packets in the best-effort Internet. We propose CASPR, a system that judiciously leverages the cloud to recover from lost or delayed packets. CASPR supplements and protects best-effort connections by sending a small number of coded packets along the highly reliable but expensive cloud paths. When receivers detect packet loss, they recover packets with the help of the nearby data center, not the sender, thus providing quick and reliable packet recovery for latency-sensitive applications. Using a prototype implementation and its deployment on the public cloud and the PlanetLab testbed, we quantify the benefits of CASPR in providing fast, cost effective packet recovery. Using controlled experiments, we also explore how these benefits translate into improvements up and down the network stack

Covert Ephemeral Communication in Named Data Networking

In the last decade, there has been a growing realization that the current Internet Protocol is reaching the limits of its senescence. This has prompted several research efforts that aim to design potential next-generation Internet architectures. Named Data Networking (NDN), an instantiation of the content-centric approach to networking, is one such effort. In contrast with IP, NDN routers maintain a significant amount of user-driven state. In this paper we investigate how to use this state for covert ephemeral communication (CEC). CEC allows two or more parties to covertly exchange ephemeral messages, i.e., messages that become unavailable after a certain amount of time. Our techniques rely only on network-layer, rather than application-layer, services. This makes our protocols robust, and communication difficult to uncover. We show that users can build high-bandwidth CECs exploiting features unique to NDN: in-network caches, routers' forwarding state and name matching rules. We assess feasibility and performance of proposed cover channels using a local setup and the official NDN testbed

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

A methodology for finding persons of national interest

The asymmetrical threats that challenge U.S. national policies are not large standing armies, but rather individuals who seek to usurp and coerce U.S. national interests. The nature of today's threats call for the U.S. military to change from finding, fixing, and destroying the enemy's forces to identifying, locating and capturing rogue individuals in order to destroy networks. To counter such threats, the USG will have to quickly and efficiently identify and find these targets globally. Unfortunately, no military doctrine, framework or process currently exists for finding and apprehending these Persons of National Interest (PONIs). Since military planners and intelligence analysts are neither educated nor trained in the methods or procedures necessary to find and capture PONIs, this thesis will propose a methodology to do so. This involves the development of an analytical process, and an organizational structure and procedure to identify and locate PONIs. Consequently, the United States government's ability to prosecute the war on terrorism today, and to find and apprehend PONIs in the future, depends on its ability to develop and institutionalize a comprehensive manhunting strategy now.http://archive.org/details/manhuntingmethod109451921US Air Force (USAF) author.Approved for public release; distribution is unlimited

Serving GODAE Data and Products to the Ocean Community

The Global Ocean Data Assimilation Experiment (GODAE [http:// www.godae.org]) has spanned a decade of rapid technological development. The ever-increasing volume and diversity of oceanographic data produced by in situ instruments, remote-sensing platforms, and computer simulations have driven the development of a number of innovative technologies that are essential for connecting scientists with the data that they need. This paper gives an overview of the technologies that have been developed and applied in the course of GODAE, which now provide users of oceanographic data with the capability to discover, evaluate, visualize, download, and analyze data from all over the world. The key to this capability is the ability to reduce the inherent complexity of oceanographic data by providing a consistent, harmonized view of the various data products. The challenges of data serving have been addressed over the last 10 years through the cooperative skills and energies of many individuals

Routing in anonymous networks as a means to prevent traffic analysis

Traditionally, traffic analysis is something that has been used to measure and keep track of a network's situation regarding network congestion, networking hardware failures, etc. However, largely due to commercial interests such as targeted advertisement, traffic analysis techniques can also be used to identify and track a single user's movements within the Internet. To counteract this perceived breach of privacy and anonymity, several counters have been developed over time, e.g. proxies used to obfuscate the true source of traffic, making it harder for others to pinpoint your location. Another approach has been the development of so called anonymous overlay networks, application-level virtual networks running on top of the physical IP network. The core concept is that by the way of encryption and obfuscation of traffic patterns, the users of such anonymous networks will gain anonymity and protection against traffic analysis techniques. In this master's thesis we will be taking a look at how message forwarding or packet routing in IP networks functions and how this is exploited in different analysis techniques to single out a visitor to a website or just someone with a message being forwarded through a network device used for traffic analysis. After that we will discuss some examples of anonymous overlay networks and see how well they protect their users from traffic analysis, and how do their respective models hold up against traffic analysis attacks from a malicious entity. Finally, we will present a case study about Tor network's popularity by running a Tor relay node and gathering information on how much data the relay transmits and from where does the traffic originate. CCS-concepts: - Security and privacy ~ Privacy protections - Networks ~ Overlay and other logical network structures - Information systems ~ Traffic analysi

First Glance: An Introductory Analysis of Network Forensics of Tor

The Tor network is a low-latency overlay network for TCP flows that is designed to provide privacy and anonymity to its users. It is currently in use by many as a means to avoid censorship of both information to be shared and information to be retrieved. This paper details the architecture of the Tor network as a platform for evaluating the current state of forensic analysis of the Tor network. Specific attempts to block access to the Tor network are examined to identify (a) the processes utilized to identify Tor nodes, and (b) the resulting exposure of potentially inculpatory evidence. Additional known, but yet to be perpetrated, attacks are examined for a more holistic view of the state of forensics of the Tor network. Based on the combination of these studies, there is some evidence that a specific, individual flow of traffic over the Tor network is attributable to a single entity. However, the content of that flow has not been compromised within the Tor network. As such, the inculpatory evidence required for legal action is limited at this time. Keywords: Tor, Forensic Analysis, Privacy & Anonymit

Mitigating Distributed Denial of Service Attacks in an Anonymous Routing Environment: Client Puzzles and Tor

Online intelligence operations use the Internet to gather information on the activities of U.S. adversaries. The security of these operations is paramount, and one way to avoid being linked to the Department of Defense (DoD) is to use anonymous communication systems. One such system, Tor, makes interactive TCP services anonymous. Tor uses the Transport Layer Security (TLS) protocol and is thus vulnerable to a distributed denial-of-service (DDoS) attack that can significantly delay data traversing the Tor network. This research uses client puzzles to mitigate TLS DDoS attacks. A novel puzzle protocol, the Memoryless Puzzle Protocol (MPP), is conceived, implemented, and analyzed for anonymity and DDoS vulnerabilities. Consequently, four new secondary DDoS and anonymity attacks are identified and defenses are proposed. Furthermore, analysis of the MPP identified and resolved two important shortcomings of the generalized client puzzle technique. Attacks that normally induce victim CPU utilization rates of 80-100% are reduced to below 70%. Also, the puzzle implementation allows for user-data latency to be reduced by close to 50% during a large-scale attack .Finally, experimental results show successful mitigation can occur without sending a puzzle to every requesting client. By adjusting the maximum puzzle strength, CPU utilization can be capped at 70% even when an arbitrary client has only a 30% chance of receiving a puzzle

Immersive Virtual Reality Attacks and the Human Joystick

This is one of the first accounts for the security analysis of consumer immersive Virtual Reality (VR) systems. This work breaks new ground, coins new terms, and constructs proof of concept implementations of attacks related to immersive VR. Our work used the two most widely adopted immersive VR systems, the HTC Vive, and the Oculus Rift. More specifically, we were able to create attacks that can potentially disorient users, turn their Head Mounted Display (HMD) camera on without their knowledge, overlay images in their field of vision, and modify VR environmental factors that force them into hitting physical objects and walls. Finally, we illustrate through a human participant deception study the success of being able to exploit VR systems to control immersed users and move them to a location in physical space without their knowledge. We term this the Human Joystick Attack. We conclude our work with future research directions and ways to enhance the security of these systems