28 research outputs found
Distributed Internet security and measurement
The Internet has developed into an important economic, military, academic, and social resource. It is a complex network, comprised of tens of thousands of independently operated networks, called Autonomous Systems (ASes). A significant strength of the Internet\u27s design, one which enabled its rapid growth in terms of users and bandwidth, is that its underlying protocols (such as IP, TCP, and BGP) are distributed. Users and networks alike can attach and detach from the Internet at will, without causing major disruptions to global Internet connectivity. This dissertation shows that the Internet\u27s distributed, and often redundant structure, can be exploited to increase the security of its protocols, particularly BGP (the Internet\u27s interdomain routing protocol). It introduces Pretty Good BGP, an anomaly detection protocol coupled with an automated response that can protect individual networks from BGP attacks. It also presents statistical measurements of the Internet\u27s structure and uses them to create a model of Internet growth. This work could be used, for instance, to test upcoming routing protocols on ensemble of large, Internet-like graphs. Finally, this dissertation shows that while the Internet is designed to be agnostic to political influence, it is actually quite centralized at the country level. With the recent rise in country-level Internet policies, such as nation-wide censorship and warrantless wiretaps, this centralized control could have significant impact on international reachability
Radial Structure of the Internet
The structure of the Internet at the Autonomous System (AS) level has been
studied by both the Physics and Computer Science communities. We extend this
work to include features of the core and the periphery, taking a radial
perspective on AS network structure. New methods for plotting AS data are
described, and they are used to analyze data sets that have been extended to
contain edges missing from earlier collections. In particular, the average
distance from one vertex to the rest of the network is used as the baseline
metric for investigating radial structure. Common vertex-specific quantities
are plotted against this metric to reveal distinctive characteristics of
central and peripheral vertices. Two data sets are analyzed using these
measures as well as two common generative models (Barabasi-Albert and Inet). We
find a clear distinction between the highly connected core and a sparse
periphery. We also find that the periphery has a more complex structure than
that predicted by degree distribution or the two generative models
An integrated model of traffic, geography and economy in the Internet
Modeling Internet growth is important both for understanding the current
network and to predict and improve its future. To date, Internet models have
typically attempted to explain a subset of the following characteristics:
network structure, traffic flow, geography, and economy. In this paper we
present a discrete, agent-based model, that integrates all of them. We show
that the model generates networks with topologies, dynamics, and (more
speculatively) spatial distributions that are similar to the Internet
Measuring Re-identification Risk
Compact user representations (such as embeddings) form the backbone of
personalization services. In this work, we present a new theoretical framework
to measure re-identification risk in such user representations. Our framework,
based on hypothesis testing, formally bounds the probability that an attacker
may be able to obtain the identity of a user from their representation. As an
application, we show how our framework is general enough to model important
real-world applications such as the Chrome's Topics API for interest-based
advertising. We complement our theoretical bounds by showing provably good
attack algorithms for re-identification that we use to estimate the
re-identification risk in the Topics API. We believe this work provides a
rigorous and interpretable notion of re-identification risk and a framework to
measure it that can be used to inform real-world applications
Pretty Good BGP: Improving BGP by cautiously adopting routes
Abstract — The Internet’s interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. While experts debate whether such a large deployment is feasible, networks remain vulnerable to false information injected into BGP. However, BGP routers could avoid selecting and propagating these routes if they were cautious about adopting new reachability information. We describe a protocol-preserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into a large-scale Internet attack. Simulation results show that realistic deployments of PGBGP could provide 99% of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40 % of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1%. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers. I
Distributed Internet security and measurement
The Internet has developed into an important economic, military, academic, and social resource. It is a complex network, comprised of
tens of thousands of independently operated networks, called Autonomous Systems (ASes). A significant strength of the Internet's design, one which enabled its rapid growth in terms of
users and bandwidth, is that its underlying protocols (such as IP, TCP, and BGP) are distributed. Users and networks alike can attach
and detach from the Internet at will, without causing major disruptions to global Internet connectivity.
This dissertation shows that the Internet's distributed, and often redundant structure, can be exploited to increase the security of its
protocols, particularly BGP (the Internet's interdomain routing protocol). It introduces Pretty Good BGP, an anomaly detection
protocol coupled with an automated response that can protect individual networks from BGP attacks. It also presents statistical
measurements of the Internet's structure and uses them to create a model of Internet growth. This work could be used, for instance, to test upcoming routing protocols on ensemble of large, Internet-like graphs. Finally, this dissertation shows that while the Internet is designed to be agnostic to political influence, it is actually quite centralized at the country level. With the recent rise in country-level Internet policies, such as nation-wide censorship and warrantless wiretaps, this centralized control could have significant impact on international reachability.Doctor of Computer ScienceDoctoralUniversity of New Mexico. Dept. of Computer Science.Forrest, StephanieRexford, JenniferMaccabe, ArthurCrandall, Jedidia