Using Packet Timing Information in Website Fingerprinting

Website Fingerprinting (WF) enables an eavesdropper to discover what sites the user is visiting despite the use of a VPN or even the Tor anonymity system. Recent WF attacks on Tor have reached high enough accuracy (up to 98%) to prompt Tor to consider adopting defenses based on packet padding. Defenses such as Walkie-Talkie mainly remove features related to bursts of traffic without affecting packet timing. This was reasonable given that previous research on WF attacks ignored or deemphasized the use of packet timing information. In this thesis, we examine the extent to which packet timing can be used to facilitate WF attacks. In our experiment, we gained up to 61% accuracy on our unprotected dataset, 54% on our WTF-PAD dataset, and 43% on our Walkie-Talkie dataset using only timing-based features in an SVM classifier. Using a convolutional neural network (CNN), we got 88% accuracy on our unprotected dataset, and 76% and 47% accuracy on ourWTF-PAD and Walkie-Talkie dataset respectively. We intend to investigate further to develop an effective and robust WF attack using packet timing

Mockingbird: Defending Against Deep-Learning-Based Website Fingerprinting Attacks with Adversarial Traces

Website Fingerprinting (WF) is a type of traffic analysis attack that enables a local passive eavesdropper to infer the victim's activity, even when the traffic is protected by a VPN or an anonymity system like Tor. Leveraging a deep-learning classifier, a WF attacker can gain over 98% accuracy on Tor traffic. In this paper, we explore a novel defense, Mockingbird, based on the idea of adversarial examples that have been shown to undermine machine-learning classifiers in other domains. Since the attacker gets to design and train his attack classifier based on the defense, we first demonstrate that at a straightforward technique for generating adversarial-example based traces fails to protect against an attacker using adversarial training for robust classification. We then propose Mockingbird, a technique for generating traces that resists adversarial training by moving randomly in the space of viable traces and not following more predictable gradients. The technique drops the accuracy of the state-of-the-art attack hardened with adversarial training from 98% to 42-58% while incurring only 58% bandwidth overhead. The attack accuracy is generally lower than state-of-the-art defenses, and much lower when considering Top-2 accuracy, while incurring lower bandwidth overheads.Comment: 18 pages, 13 figures and 8 Tables. Accepted in IEEE Transactions on Information Forensics and Security (TIFS

Organizational commitment: do employees’ compensations and benefits matter?

The main objective of this research is to identify Bangladesh Railway employee's commitment based on compensation and benefits. A structured questionnaire was used to survey the opinions of 40 employees who are from Bangladesh Railway, Rajshahi City. The researchers conducted various statistical analyses such as descriptive statistics, correlation and multiple regression analysis to analyze the survey responses and identified a number of key findings. The study reveals that there are various common factors related to the compensations and benefits that affect employee's commitment

Synthetic Transformations of Cycloadducts of Ethyl Thioxoacetate

The cycloadduct of anthracene and the labile thioaldehyde, ethyl thioxoacetate, has been converted into the alpha-lithio derivative with lithium diisopropylamide (LDA). Subsequent treatment with, separately, methyl iodide, ethyl iodide, allyl bromide and benzyl bromide gave the corresponding 12- 'alkyl' derivatives. Each derivative, when heated in toluene at 11

A Novel Privacy Preserving Search Technique for Stego Data in Untrusted Cloud

We propose the first privacy preserving search technique for stego health data in untrusted cloud in this paper. The Cloud computing is a popular technology to the healthcare providers for outsourcing health data due to flexibility and cost effectiveness. However, outsourcing health data to the cloud introduces serious privacy issues to the patient. For example, dishonest personnel of the cloud provider may disclose patient sensitive information to business organizations for some financial benefits. Using steganography, patient sensitive information is hidden within health data for privacy preservation. As a result, stego health data is generated. To the best of our knowledge, no method exists for searching a particular stego data without disclosing any information to the cloud. We propose a framework for privacy preserving search over stego health data. We systematically describe each component of the proposed framework. We conduct several experiments to evaluate the performance of the framework

Smartphone and Our Students: Is It Being Good for Their Study?

The objectives of this study are to: (I) find out the discriminations or variations (if any) between the attentive and inattentive university students in terms of their purposes of using smartphones, (II) analyze the cause-effect relationship between “the purposes considered to have good or bad impact on study” and “the smartphone usage behavior of the attentive students”, and (III) analyze the cause-effect relationship between “the purposes considered to have good or bad impact on study” and “the smartphone usage behavior of the inattentive students”. 400 students (200 attentive and 200 inattentive) students are surveyed.  Based survey and statistical analysis results, it is found that attentive and inattentive student are differentiating from each other in terms of their purposes of using smartphones for learning and study, social networking and entertainment. Moreover, the reasons of using smartphones believed to be in favor of their learning activities have positive impact on the attentive students’ smartphones usage behavior, whereas inattentive students are not acting likewise. Corrective actions by the interested parties should be undertaken to reform this unexpected scenario. Keywords: Smartphone, Students, Education, Bangladesh

Blockchain-based Access Control for Secure Smart Industry Management Systems

Smart manufacturing systems involve a large number of interconnected devices resulting in massive data generation. Cloud computing technology has recently gained increasing attention in smart manufacturing systems for facilitating cost-effective service provisioning and massive data management. In a cloud-based manufacturing system, ensuring authorized access to the data is crucial. A cloud platform is operated under a single authority. Hence, a cloud platform is prone to a single point of failure and vulnerable to adversaries. An internal or external adversary can easily modify users' access to allow unauthorized users to access the data. This paper proposes a role-based access control to prevent modification attacks by leveraging blockchain and smart contracts in a cloud-based smart manufacturing system. The role-based access control is developed to determine users' roles and rights in smart contracts. The smart contracts are then deployed to the private blockchain network. We evaluate our solution by utilizing Ethereum private blockchain network to deploy the smart contract. The experimental results demonstrate the feasibility and evaluation of the proposed framework's performance