A Balanced Trust-Based Method to Counter Sybil and Spartacus Attacks in Chord

A Sybil attack is one of the main challenges to be addressed when securing peer-to-peer networks, especially those based on Distributed Hash Tables (DHTs). Tampering routing tables by means of multiple fake identities can make routing, storing, and retrieving operations significantly more difficult and time-consuming. Countermeasures based on trust and reputation have already proven to be effective in some contexts, but one variant of the Sybil attack, the Spartacus attack, is emerging as a new threat and its effects are even riskier and more difficult to stymie. In this paper, we first improve a well-known and deployed DHT (Chord) through a solution mixing trust with standard operations, for facing a Sybil attack affecting either routing or storage and retrieval operations. This is done by maintaining the least possible overhead for peers. Moreover, we extend the solution we propose in order for it to be resilient also against a Spartacus attack, both for an iterative and for a recursive lookup procedure. Finally, we validate our findings by showing that the proposed techniques outperform other trust-based solutions already known in the literature as well

Security in peer-to-peer multimedia communications

Le architetture peer-to-peer (p2p) sono diventate molto popolari negli ultimi anni in conseguenza della grande varietà di servizi che esse possono fornire. Nate principalmente per l'utilizzo come semplice metodo scalabile e decentralizzato per scambiarsi file, sono adesso diventate molto popolari anche per una gran quantità di altri servizi, sfruttando la possibilità di condividere tra peer la banda, la potenza computazionale, la capacità di memorizzazione ed altre risorse. Tra i possibili usi per cui una tale architettura può essere sfruttata, un campo emergente è lo studio dell’applicazione di tecnologie p2p a comunicazioni VoIP in modo da superare alcuni dei problemi di cui soffrono correntemente le piattaforme centralizzate basate su SIP. Sfortunatamente, i problemi di sicurezza delle reti p2p sono ancora un campo di studio aperto, sia per il recente sviluppo di una tale piattaforma, sia per i rischi intrinseci di un ambiente distribuito stesso. Questa tesi ha lo scopo di studiare i problemi di sicurezza e le possibili soluzioni in modo da garantire una comunicazione sicura p2p. La ricerca è stata condotta in due direzioni: sicurezza a livello di routing e sicurezza a livello applicativo. Questi rappresentano I due possibili step di uno scenario di comunicazione: prima di tutto si deve trovare in modo sicuro la posizione di chi si vuole chiamare (che può essere memorizzata in una rete p2p stessa), e questo è un problema di lookup sicuro; in un secondo momento bisogna assicurarsi che la persona con cui si sta andando a parlare è veramente chi si voleva e che la comunicazione stessa sia confidenziale e non possa essere modificata; questi sono problemi di autenticazione e confidenzialità. Per quanto riguarda il primo punto, si sono studiati molti possibili attacchi a reti p2p strutturate e non strutturate, concentrandosi particolarmente sul Sybil attack da cui molti altri attacchi possono derivare. Dopo un analisi delle possibili contromisure presentate negli anni, ci siamo focalizzati sull’algoritmo DHT Kademlia, uno dei più usati nel mondo, studiando tramite simulazioni la degradazione delle performance in presenza di nodi malevoli. Si sono inoltre studiate contromisure basate su fiducia e reputazione e si è cercato di applicarle ad una rete Kademlia operante in un ambiente con un numero crescente di nodi malevoli. Per quanto riguarda il secondo punto, come prima cosa abbiamo studiato gli attuali key agreement protocol, focalizzandoci sul numero di messaggi scambiati e cercando di trovare possibili punti deboli persino in protocolli ed algoritmi largamente utilizzati. In un secondo tempo si è proposto un nuovo key agreement protocol basato su MIKEY e ZRTP che li integra nella procedura standard di INVITE di SIP. E’ stata inoltre fatta un’analisi del protocollo proposto. Su queste basi, si è andati oltre, aggiungendo anche metodi di autenticazione basati sui certificati ed un modo per gestire in maniera p2p certificati e firme. Infine, si è anche pensato ad un’architettura dove i certificati sono memorizzati in una rete p2p stessa tramite l’utilizzo di DHT.Peer-to-peer (P2P) architectures became very popular in the last years as a consequence of the great variety of services they can provide. When they were born, they were mainly deployed as a simple, decentralized and scalable way to exchange files, but they have now become very popular also for a lot of different services, exploiting the possibility of sharing bandwidth, computing power, storage capacity and other resources between peers. Among the possible uses such an architecture can be deployed for, an emerging field of study is the application of P2P technologies to VoIP communication scenarios in order to overcome some of the current issues centralized SIP-based platforms suffer of. Unfortunately, security issues in P2P networks are still an open field of investigation both because of the recent development of such a platform and for the inherent risks of a distributed environment itself. This thesis is meant to investigate the security issues and the possible solutions in order to setup a secure P2P communication. The research was conducted into two directions: - Security issues at routing level; - Security issues at application level. They represent the two steps of a possible communication scenario: first of all one must find in a secure way the location of the callee (maybe stored in a peer-to-peer network), this is a problem of secure lookup; then one must ensure that the person he is going to talk with is really who he wanted and that the communication itself is secret and cannot be tampered, these are problems of authentication and confidentiality. As regards the first point, we studied several possible attacks to structured and unstructured peer-to-peer networks particularly focalizing onto the disruptive Sybil attack from which many other attack can be derived. After an analysis of the possible countermeasures presented over the years, we focalized onto the Kademlia algorithm, one of the most used in the world, studying through simulations the degradation of performances in presence of malicious nodes. We also studied trust and reputation countermeasures and tried to apply them to a Kademlia-based network operating in an environment where there is a growing number of malicious nodes. For the second point, first of all we studied current key agreement protocols focusing on the number of messages and trying to find out possible drawbacks even in widely accepted protocols and algorithms. In a second time we proposed a new key agreement protocol based upon MIKEY and ZRTP integrating them into the standard SIP invite procedure. An analysis of the proposed protocol is also provided. On this basis we got further, adding also certificate-based authentication to our model and a way to manage in a P2P way certificates and signatures. Finally we also provided an architecture where certificates are stored in a P2P network itself with the use of a DHT

Teachers\u27 Perceptions of Manipulatives During Middle School Math Instruction

In a Colorado school district, school personnel and parents were concerned that middle school math proficiency levels were low for 2011-2014 and math teachers were not using manipulatives in their classes to increase math performance. The district\u27s math coordinator did not foresee providing specific professional development (PD) for math manipulative use to address these concerns. Without this PD, math teachers may be ill-quipped to teach math concepts when using manipulatives, which, in turn, could lead to further poor math performance. The purpose of this qualitative bounded collective case study was to explore middle school teachers\u27 perceptions of PD and perceived self-efficacy regading the implementation of manipulatives. Knowles\u27s andragogy and Piaget\u27s cognitive development theories framed this study. A homogeneous sample of 12 voluntary participants with more than 5 years teaching middle school math, both with and without access to manipulatives, volunteered to participate in this study. Data from observations, interviews, and archival documents were analyzed using comparative and inductive analyses and were analytically coded. Participants reported a need for PD that focused on physical and virtual manipulatives (PM and VM) and a low perceived self-efficacy regarding manipulatives use during math instruction. A blended PD using face-to-face and distance learning formats was designed to increase math teachers\u27 knowledge of and perceived self-efficacy with PM and VM for math instruction. This endeavor may contribute to positive social change by reforming PD opportunities to support teachers\u27 practice and self-efficacy using manipulatives during math instruction, ultimately increasing student performance

ReSS: A tool for discovering relevant sets in complex systems

Abstract A complex system can be composed of inherent dynamical structures, i.e., relevant subsets of variables interacting tightly with one another and loosely with other subsets. In the literature, some effective methods to identify such relevant sets rely on the so-called Relevance Indexes (RIs), measuring subset relevance based on information theory principles. In this paper, we present ReSS, a collection of CUDA-based programs computing two of such RIs, either through an exhaustive search or a niching metaheuristic when the system dimension is too large. ReSS also includes a script that iteratively activates the search and identifies hierarchical relationships among the relevant subsets. The main purpose of ReSS is to establish a common and easy-to-use general RI-based platform for the analysis of complex systems and other possible applications

NEMO: A flexible and highly scalable network EMulatOr

Evaluating novel applications and protocols in realistic scenarios has always been a very important task for all stakeholders working in the networking field. Network emulation, being a trade-off between actual deployment and simulations, represents a very powerful solution to this issue, providing a working network platform without requiring the actual deployment of all network components. We present NEMO, a flexible and scalable Java-based network emulator, which can be used to emulate either only a single link, a portion of a network, or an entire network. NEMO is able to work in both real and virtual time, depending on the tested scenarios and goals, and it can be run as either a stand-alone instance on a single machine, or distributed among different network-connected machines, leading to distributed and highly scalable emulation infrastructures. Among different features, NEMO is also capable of virtualizing the execution of third-party Java applications by running them on top of virtual nodes, possibly attached to an emulated or external network. Keywords: Network emulation, Protocol stack, Jav

Effective Anomaly Detection Using Deep Learning in IoT Systems

Anomaly detection in network traffic is a hot and ongoing research theme especially when concerning IoT devices, which are quickly spreading throughout various situations of people's life and, at the same time, prone to be attacked through different weak points. In this paper, we tackle the emerging anomaly detection problem in IoT, by integrating five different datasets of abnormal IoT traffic and evaluating them with a deep learning approach capable of identifying both normal and malicious IoT traffic as well as different types of anomalies. The large integrated dataset is aimed at providing a realistic and still missing benchmark for IoT normal and abnormal traffic, with data coming from different IoT scenarios. Moreover, the deep learning approach has been enriched through a proper hyperparameter optimization phase, a feature reduction phase by using an autoencoder neural network, and a study of the robustness of the best considered deep neural networks in situations affected by Gaussian noise over some of the considered features. The obtained results demonstrate the effectiveness of the created IoT dataset for anomaly detection using deep learning techniques, also in a noisy scenario

MQTT-Auth: a Token-based Solution to Endow MQTT with Authentication and Authorization Capabilities

Security in the Internet of Things is a current hot topic and it may comprise different aspects such as confidentiality and integrity of personal data, as well as the authentication and the authorization to access smart objects that are spreading more and more in our every-day lives. In this work we focus on MQTT (Message Queue Telemetry Transport), a message-based communication protocol explicitly designed for low-power machine-to-machine communications and based on the publish-subscribe paradigm. First of all, we provide an accurate analysis of some of the most recent security solutions and improvements of MQTT found in the literature. Secondly, we describe in detail a novel secure solution, called MQTT-Auth, to protect specific topics in MQTT. This solution is based on the AugPAKE security algorithm for guaranteeing confidentiality, and onto two tokens which permit to authenticate the usage of a topic and to guarantee authorization in accessing a topic respectively. MQTT-Auth can also be easily extended to a hierarchical structure of topics and entities. Finally, we compare MQTT-Auth with some solutions for securing MQTT being present in the relevant literature, and we provide some details on how MQTT-Auth has been implemented and successfully tested

ADAR RNA editing on antisense RNAs results in apparent U-to-C base changes on overlapping sense transcripts

Despite hundreds of RNA modifications described to date, only RNA editing results in a change in the nucleotide sequence of RNA molecules compared to the genome. In mammals, two kinds of RNA editing have been described so far, adenosine to inosine (A-to-I) and cytidine to uridine (C-to-U) editing. Recent improvements in RNA sequencing technologies have led to the discovery of a continuously growing number of editing sites. These methods are powerful but not error-free, making routine validation of newly-described editing sites necessary. During one of these validations on DDX58 mRNA, along with A-to-I RNA editing sites, we encountered putative U-to-C editing. These U-to-C edits were present in several cell lines and appeared regulated in response to specific environmental stimuli. The same findings were also observed for the human long intergenic non-coding RNA p21 (hLincRNA-p21). A more in-depth analysis revealed that putative U-to-C edits result from A-to-I editing on overlapping antisense RNAs that are transcribed from the same loci. Such editing events, occurring on overlapping genes transcribed in opposite directions, have recently been demonstrated to be immunogenic and have been linked with autoimmune and immune-related diseases. Our findings, also confirmed by deep transcriptome data, demonstrate that such loci can be recognized simply through the presence of A-to-I and U-to-C mismatches within the same locus, reflective A-to-I editing both in the sense-oriented transcript and in the cis-natural antisense transcript (cis-NAT), implying that such clusters could be a mark of functionally relevant ADAR1 editing events

A relevance index method to infer global properties of biological networks

Many complex systems, both natural and artificial, may be represented by networks of interacting nodes. Nevertheless, it is often difficult to find meaningful correspondences between the dynamics expressed by these systems and the topological description of their networks. In contrast, many of these systems may be well described in terms of coordinated behavior of their dynamically relevant parts. In this paper we use the recently proposed Relevance Index approach, based on information-theoretic measures. Starting from the observation of the dynamical states of any system, the Relevance Index is able to provide information about its organization. Moreover, we show how the application of the proposed approach leads to novel and effective interpretations in the T helper network case study

Clinical and magnetic resonance study of a case of subacute sclerosing panencephalitis treated with ketogenic diet

Background Subacute sclerosing panencephalitis is a progressive neurodegenerative disorder caused by a latent and mutant measles virus which is extremely rare in developed countries. The lack of effective treatments leads to the research of other anti-inflammatory and neuroprotective treatments. Case Here we present a case of a 17-year-old patient affected by subacute sclerosing panencephalitis who manifest a dramatic improvement in neurological and general clinical conditions, as well as an arrest in the progression of demyelinating process in the central nervous system, after the beginning of a high ratio ketogenic diet. Conclusions Given its anti-inflammatory, antioxidant and metabolic effects, we believe that ketogenic diet utilisation could be a rational approach, can be considered a safe add-on therapy, carrying on with only a minimal risk of adverse effects or interactions