Assessing the effectiveness of pulsing denial of service attacks under realistic network synchronization assumptions

Distributed Denial-of-Service (DDoS) is a big threat to the availability of Internet-based services today. Low rate DDoS attacks, especially pulsing attacks, aim to degrade the Quality of Service experienced by users by using only a small amount of attack traffic, unlike conventional volume-based DDoS attacks. To improve the effectiveness and stealthiness, these pulsing attacks assume that the attack packet is concentrated on the server in a very short time (a few milliseconds) using state-of-the-art synchronization techniques. However, even with the most advanced technology in the real world, it is almost impossible to achieve this fight level of synchronization, which means the effectiveness of the pulsing attack can be overestimated based on the exceeded assumption. In this paper, we use the Very Short Intermittent DDoS attack (VSI-DDoS) as an example to measure the practical effectiveness of a pulsing attack in a realistic environment. We found that VSI-DDoSbecame substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions

Contra-*: Mechanisms for countering spam attacks on blockchain's memory pools

Blockchain-based cryptocurrencies, such as Bitcoin, have seen on the rise in their popularity and value, making them a target to several forms of Denial-of-Service (DoS) attacks, and calling for a better understanding of their attack surface from both security and distributed systems standpoints. In this paper, and in the pursuit of understanding the attack surface of blockchains, we explore a new form of attack that can be carried out on the memory pools (mempools), and mainly targets blockchain-based cryptocurrencies. We study this attack on Bitcoin's mempool and explore the attack's effects on transactions fee paid by benign users. To counter this attack, this paper further proposes Contra-*, a set of countermeasures utilizing fee, age, and size (thus, Contra-F, Contra-A, and Contra-S) as prioritization mechanisms. Contra-* optimize the mempool size and help in countering the effects of DoS attacks due to spam transactions. We evaluate Contra-* by simulations and analyze their effectiveness under various attack conditions

Exploring the Attack Surface of Blockchain: A Comprehensive Survey

In this paper, we systematically explore the attack surface of the Blockchain technology, with an emphasis on public Blockchains. Towards this goal, we attribute attack viability in the attack surface to 1) the Blockchain cryptographic constructs, 2) the distributed architecture of the systems using Blockchain, and 3) the Blockchain application context. To each of those contributing factors, we outline several attacks, including selfish mining, the 51 attack, DNS attacks, distributed denial-of-service (DDoS) attacks, consensus delay (due to selfish behavior or distributed denial-of-service attacks), Blockchain forks, orphaned and stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks. We also explore the causal relationships between these attacks to demonstrate how various attack vectors are connected to one another. A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated vulnerabilities

Performance Evaluation of Consensus Protocols in Blockchain-based Audit Systems

Blockchain-based audit systems use 'Practical Byzantine Fault Tolerance' (PBFT) consensus protocol which suffers from a high message complexity and low scalability. Alternatives to PBFT have not been tested in blockchain-based audit systems since no blockchain testbed supports the execution and benchmarking of different consensus protocols in a unified testing environment. In this paper, we address this gap by developing a blockchain testbed capable of executing and testing five consensus protocols in a blockchain network; namely PBFT, Proof-of-Work (PoW), Proof-of-Stake (PoS), Proof-of-Elapsed Time (PoET), and Clique. We carry out performance evaluation of those consensus algorithms using data from a real-world audit system. Our results show that the Clique protocol is best suited for blockchain-based audit systems, based on scalability features. © 2021 IEEE.The Korean Institute of Communications and Information Sciences (KICS

AUToSen: Deep-Learning-Based Implicit Continuous Authentication Using Smartphone Sensors

Smartphones have become crucial for our daily life activities and are increasingly loaded with our personal information to perform several sensitive tasks, including, mobile banking and communication, and are used for storing private photos and files. Therefore, there is a high demand for applying usable authentication techniques that prevent unauthorized access to sensitive information. In this article, we propose AUToSen, a deep-learning-based active authentication approach that exploits sensors in consumer-grade smartphones to authenticate a user. Unlike conventional approaches, AUToSen is based on deep learning to identify user distinct behavior from the embedded sensors with and without the user's interaction with the smartphone. We investigate different deep learning architectures in modeling and capturing users' behavioral patterns for the purpose of authentication. Moreover, we explore the sufficiency of sensory data required to accurately authenticate users. We evaluate AUToSen on a real-world data set that includes sensors data of 84 participants' smartphones collected using our designed data-collection application. The experiments show that AUToSen operates accurately using readings of only three sensors (accelerometer, gyroscope, and magnetometer) with a high authentication frequency, e.g., one authentication attempt every 0.5 s. Using sensory data of one second enables an authentication F1-score of approximately 98%, false acceptance rate (FAR) of 0.95%, false rejection rate (FRR) of 6.67%, and equal error rate (EER) of 0.41%. While using sensory data of half a second enables an authentication F1-score of 97.52%, FAR of 0.96%, FRR of 8.08%, and EER of 0.09%. Moreover, we investigate the effects of using different sensory data at variable sampling periods on the performance of the authentication models under various settings and learning architectures

e-PoS: Making Proof-of-Stake Decentralized and Fair

Blockchain applications that rely on the Proof-of-Work (PoW) have increasingly become energy inefficient with a staggering carbon footprint. In contrast, energy efficient alternative consensus protocols such as Proof-of-Stake (PoS) may cause centralization and unfairness in the blockchain system. To address these challenges, we propose a modular version of PoS-based blockchain systems called e-PoS that resists the centralization of network resources by extending mining opportunities to a wider set of stakeholders. Moreover, e-PoS leverages the in-built system operations to promote fair mining practices by penalizing malicious entities. We validate e-PoS 's achievable objectives through theoretical analysis and simulations. Our results show that e-PoS ensures fairness and decentralization, and can be applied to existing blockchain applications

Factors Affecting Customers’ Trust in Internet Shopping

Although the volume of electronic commerce is increasing rapidly more than 100% annually, many consumers still hesitate Internet shopping due to the lack of trust in electronic transactions. Greenfield Online (1998) reports that Internet vendors could enhance their level of trust by increasing the security of the payment system and trustworthiness of the vendors. Even though trust is an important element in consumer based electronic shopping, there have not been many empirical studies dealing with the trust of consumers in Internet shopping. This study found factors which influence the consumers’ trust and suggests ways to obtain consumers’ trust for the Internet shopping mall operators. A rather comprehensive model was developed to explain the relationship between independent variables and consumers’ trust as a dependent variable. The independent variables are propensity to trust of consumers, familiarity of consumers to Internet shopping, the perception of transaction safety of consumers, protection of privacy, vendor’s integrity, vendor’s competence, substance of website, functionality of website, quality of information, third party recognition, and the legal framework. The following factors are found to be influencing consumers’ trust; familiarity of consumers to Internet shopping, the perception of transaction safety of consumers, protection of privacy, vendor’s competence and the legal framework. A few recommendations are given to Internet vendors to win consumers’ trust

Anonymity-Based Authenticated Key Agreement with Full Binding Property

1