Inferring persistent interdomain congestion

There is significant interest in the technical and policy communities regarding the extent, scope, and consumer harm of persistent interdomain congestion. We provide empirical grounding for discussions of interdomain congestion by developing a system and method to measure congestion on thousands of interdomain links without direct access to them. We implement a system based on the Time Series Latency Probes (TSLP) technique that identifies links with evidence of recurring congestion suggestive of an under-provisioned link. We deploy our system at 86 vantage points worldwide and show that congestion inferred using our lightweight TSLP method correlates with other metrics of interconnection performance impairment. We use our method to study interdomain links of eight large U.S. broadband access providers from March 2016 to December 2017, and validate our inferences against ground-truth traffic statistics from two of the providers. For the period of time over which we gathered measurements, we did not find evidence of widespread endemic congestion on interdomain links between access ISPs and directly connected transit and content providers, although some such links exhibited recurring congestion patterns. We describe limitations, open challenges, and a path toward the use of this method for large-scale third-party monitoring of the Internet interconnection ecosystem

Evaluation of appendicitis risk prediction models in adults with suspected appendicitis

Background Appendicitis is the most common general surgical emergency worldwide, but its diagnosis remains challenging. The aim of this study was to determine whether existing risk prediction models can reliably identify patients presenting to hospital in the UK with acute right iliac fossa (RIF) pain who are at low risk of appendicitis. Methods A systematic search was completed to identify all existing appendicitis risk prediction models. Models were validated using UK data from an international prospective cohort study that captured consecutive patients aged 16–45 years presenting to hospital with acute RIF in March to June 2017. The main outcome was best achievable model specificity (proportion of patients who did not have appendicitis correctly classified as low risk) whilst maintaining a failure rate below 5 per cent (proportion of patients identified as low risk who actually had appendicitis). Results Some 5345 patients across 154 UK hospitals were identified, of which two‐thirds (3613 of 5345, 67·6 per cent) were women. Women were more than twice as likely to undergo surgery with removal of a histologically normal appendix (272 of 964, 28·2 per cent) than men (120 of 993, 12·1 per cent) (relative risk 2·33, 95 per cent c.i. 1·92 to 2·84; P < 0·001). Of 15 validated risk prediction models, the Adult Appendicitis Score performed best (cut‐off score 8 or less, specificity 63·1 per cent, failure rate 3·7 per cent). The Appendicitis Inflammatory Response Score performed best for men (cut‐off score 2 or less, specificity 24·7 per cent, failure rate 2·4 per cent). Conclusion Women in the UK had a disproportionate risk of admission without surgical intervention and had high rates of normal appendicectomy. Risk prediction models to support shared decision‐making by identifying adults in the UK at low risk of appendicitis were identified

Cyber conflicts in international relations: Framework and case studies

Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include: • Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain. • The involvement of the private sector on cybersecurity (“cyber defense”) has been critical: 16 out of the 17 cases studied involved the private sector either in attack or defense. • All of the major international cyber conflicts presented here have been related to an ongoing conflict (“attack” or “war”) in the physical domain. • Rich industrialized countries with a highly developed ICT infrastructure are at a higher risk concerning cyber attacks. • Distributed Denial of Service (DDoS) is by far the most common type of cyber attack. • Air-gapped (not connected to the public Internet) networks have not been exempt from attacks. • A perpetrator does not need highly specialized technical knowledge to intrude computer networks. • The potential damage of a cyber strike is likely to continue increasing as the Internet expands. • The size of the actor under attack could have an influence on its ability to deter the attackers with actions in the physical world. • The entrance barriers (including the monetary cost) for any actor to get involved in a conflict seem to be much lower in the cyber domain than in the physical domain. • Accountability on the Internet is difficult, and gets further obscured when the attacks transcend national borders. This fact has probably made cyber attacks desirable for major military powers such as China, Russia and the United States. In many ways, this paper is a re-analysis of the case studies set presented on A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 recently published by the Atlantic Council. In addition, we draw upon other materials (academic and media) to expand our understanding of each case, and add several cases to the original collection resulting in a data set of 17 cyber conflict, spanning almost three decades (1985-2013). Cuckoo's Egg, Morris Worm, Solar Sunrise, Electronic Disturbance Theater, ILOVEYOU, Chinese Espionage, Estonia, Russo-Georgian war, Conficker, NSA-Snowden, WikiLeaks and Stuxnet are some of the major cases included.This material is based on work supported by the U.S. Office of Naval Research, Grant No. N00014-09-1-0597. Any opinions, findings, conclusions or recommendations therein are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research

Characterizing performance of residential internet connections using an analysis of measuring broadband America's web browsing test data

Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, Institute for Data, Systems, and Society, Technology and Policy Program, 2015.Cataloged from PDF version of thesis.Includes bibliographical references (pages 71-73).This thesis presents an analysis of F.C.C.-measured web page loading times as observed in 2013 from nodes connected to consumer broadband providers in the Northeastern, Southern and Pacific U.S. We also collected data for multiple months in 2015 from the MIT network. We provide temporal and statistical analyses on total loading times for both datasets. We present four main contributions. First, we find differences in loading times for various websites that are consistent across providers and regions, showing the impact of infrastructure of transit and content providers on loading times and Quality of Experience (QoE.) Second, we find strong evidence of diurnal variation in loading times, highlighting the impact of network and server load on end-user QoE. Third, we show instances of localized congestion that severely impair the performance of some websites when measured from a residential provider. Fourth, we find that web loading times correlate with the size of a website's infrastructure as estimated by the number of IP addresses observed in the data. Finally, we also provide a set of policy recommendations: execution of javascript and other code during the web browsing test to more adequately capture loading times; expanding the list of target websites and collecting trace route data; collection of browsing data from non-residential networks; and public provision of funding for research on Measuring Broadband America's web browsing data. The websites studied in this thesis are: Amazon, CNN, EBay, Facebook, Google, msn, Wikipedia, Yahoo and YouTube.by Alexander M. Gamero-Garrido.S.M. in Technology and Polic

Transit Influence of Autonomous Systems: Country-Specific Exposure of Internet Traffic

Computer networks play a central role in the transmission of information across theworld. Autonomous systems (administrative domains or “ASes”) are the building blocks of such wide-area networks and are responsible for delivering traffic to their individual subscribers as well as to other networks to which they are connected. So-called transit ASes—who sell access to the rest of the Internet to customer ASes for a fee—are mostly invisible to end users but may be able to operate on their traffic, for instance by observing unencrypted traffic or metadata, or by tampering with specific network flows serving popular applications. In many countries, transit ASes serve as the principal intermediaries between domestic access ASes and the global Internet.In this dissertation, we introduce the concept of transit influence, which quantifies theexposure of an AS or groups thereof, such as in an industrial sector, or nation, to observation and tampering by a specific transit network. We hypothesize that there are countries where transit agreements are the dominant form of international connectivity, and where specific ASes have significant degrees of transit influence (TI) over the country as a whole as well as over individual organizations within them. We quantify TI by developing three metrics at distinct granularities: at the country level (CTI), at the AS level (ATI), and at the sectoral level (W-ATI). In order to apply these methods, we first identify 75 countries—with approximately 1 billion Internet users, on aggregate—where transit providers are the dominant mode of inbound connectivity, using analyses of existing interconnection data and our own large-scale measurement campaign. Applying CTI, we find 32 nations that have transit ecosystems with concerning topological features: traffic destined to over 40% of their IP addresses is exposed to a single network. We further study the AS topologies of three nations in South America and find a small number of transit ASes that exert out-sized influence in several sectors, including finance, utilities, and education. We validate our findings with in-country network operators at 123 ASes in 19 countries, who confirm that our results are consistent with their understanding of their countries’ networks

Transit Influence of Autonomous Systems: Country-Specific Exposure of Internet Traffic

Computer networks play a central role in the transmission of information across theworld. Autonomous systems (administrative domains or “ASes”) are the building blocks of such wide-area networks and are responsible for delivering traffic to their individual subscribers as well as to other networks to which they are connected. So-called transit ASes—who sell access to the rest of the Internet to customer ASes for a fee—are mostly invisible to end users but may be able to operate on their traffic, for instance by observing unencrypted traffic or metadata, or by tampering with specific network flows serving popular applications. In many countries, transit ASes serve as the principal intermediaries between domestic access ASes and the global Internet.In this dissertation, we introduce the concept of transit influence, which quantifies theexposure of an AS or groups thereof, such as in an industrial sector, or nation, to observation and tampering by a specific transit network. We hypothesize that there are countries where transit agreements are the dominant form of international connectivity, and where specific ASes have significant degrees of transit influence (TI) over the country as a whole as well as over individual organizations within them. We quantify TI by developing three metrics at distinct granularities: at the country level (CTI), at the AS level (ATI), and at the sectoral level (W-ATI). In order to apply these methods, we first identify 75 countries—with approximately 1 billion Internet users, on aggregate—where transit providers are the dominant mode of inbound connectivity, using analyses of existing interconnection data and our own large-scale measurement campaign. Applying CTI, we find 32 nations that have transit ecosystems with concerning topological features: traffic destined to over 40% of their IP addresses is exposed to a single network. We further study the AS topologies of three nations in South America and find a small number of transit ASes that exert out-sized influence in several sectors, including finance, utilities, and education. We validate our findings with in-country network operators at 123 ASes in 19 countries, who confirm that our results are consistent with their understanding of their countries’ networks

Network topology facilitates internet traffic control in autocracies.

Recent years have seen an increase in governmental interference in digital communication. Most research on this topic has focused on the application level, studying how content is manipulated or removed on websites, blogs, or social media. However, in order for governments to obtain and maintain control of digital data flows, they need to secure access to the network infrastructure at the level of Internet service providers. In this paper, we study how the network topology of the Internet varies across different political environments, distinguishing between control at the level of individual Internet users (access) and a higher level in the hierarchy of network carriers (transit). Using a novel method to estimate the structure of the Internet from network measurements, we show that in autocratic countries, state-owned (rather than privately owned) providers have a markedly higher degree of control over transit networks. We also show that state-owned Internet providers often provide Internet access abroad, with a clear focus on other autocratic countries. Together, these results suggest that in autocracies, the network infrastructure is organized in a way that is more susceptible to the monitoring and manipulation of Internet data flows by state-owned providers both domestically and abroad

Your Echos are Heard: Tracking, Profiling, and Ad Targeting in the Amazon Smart Speaker Ecosystem

Smart speakers collect voice input that can be used to infer sensitive information about users. Given a number of egregious privacy breaches, there is a clear unmet need for greater transparency and control over data collection, sharing, and use by smart speaker platforms as well as third party skills supported on them. To bridge the gap, we build an auditing framework that leverages online advertising to measure data collection, its usage, and its sharing by the smart speaker platforms. We evaluate our framework on the Amazon smart speaker ecosystem. Our results show that Amazon and third parties (including advertising and tracking services) collect smart speaker interaction data. We find that Amazon processes voice data to infer user interests and uses it to serve targeted ads on-platform (Echo devices) as well as off-platform (web). Smart speaker interaction leads to as much as 30X higher ad bids from advertisers. Finally, we find that Amazon's and skills' operational practices are often not clearly disclosed in their privacy policies.Comment: We answer frequently asked questions about the paper on https://alexaechos.co

Cyber Conflicts in International Relations: Framework and Case Studies

Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include: • Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain. • The involvement of the private sector on cybersecurity (“cyber defense”) has been critical: 16 out of the 17 cases studied involved the private sector either in attack or defense. • All of the major international cyber conflicts presented here have been related to an ongoing conflict (“attack” or “war”) in the physical domain. • Rich industrialized countries with a highly developed ICT infrastructure are at a higher risk concerning cyber attacks. • Distributed Denial of Service (DDoS) is by far the most common type of cyber attack. • Air-gapped (not connected to the public Internet) networks have not been exempt from attacks. • A perpetrator does not need highly specialized technical knowledge to intrude computer networks. • The potential damage of a cyber strike is likely to continue increasing as the Internet expands. • The size of the actor under attack could have an influence on its ability to deter the attackers with actions in the physical world. • The entrance barriers (including the monetary cost) for any actor to get involved in a conflict seem to be much lower in the cyber domain than in the physical domain. • Accountability on the Internet is difficult, and gets further obscured when the attacks transcend national borders. This fact has probably made cyber attacks desirable for major military powers such as China, Russia and the United States. In many ways, this paper is a re-analysis of the case studies set presented on A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 recently published by the Atlantic Council. In addition, we draw upon other materials (academic and media) to expand our understanding of each case, and add several cases to the original collection resulting in a data set of 17 cyber conflict, spanning almost three decades (1985-2013). Cuckoo's Egg, Morris Worm, Solar Sunrise, Electronic Disturbance Theater, ILOVEYOU, Chinese Espionage, Estonia, Russo-Georgian war, Conficker, NSA-Snowden, WikiLeaks and Stuxnet are some of the major cases included.This material is based on work supported by the U.S. Office of Naval Research, Grant No. N00014-09-1-0597. Any opinions, findings, conclusions or recommendations therein are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research