Virtual networks under attack: disrupting internet coordinate systems

peer reviewe

A reputation-based approach for securing vivaldi embedding system

Abstract. Many large-scale Internet applications optimize their overlay network to reduce latencies. Embedding coordinate systems like Vivaldi are valuable tools for this new range of applications since they propose light-weight algorithms that permit to estimate the latency between any pair of nodes without having to contact them first. It has been recently demonstrated that coordinate systems in general and Vivaldi in particular are sensible to attacks. Typically, nodes can lie about their coordinate and distort the coordinate space. In this paper, we propose a formal reputation model to detect misbehaving nodes and propose a reputation adaptation of Vivaldi called RVivaldi. We evaluate the performance of RVivaldi using the King dataset and show that RVivaldi is less sensitive to malicious nodes than Vivaldi.

Towards Seamless Tracking-Free Web: Improved Detection of Trackers via One-class Learning

Numerous tools have been developed to aggressively block the execution of popular JavaScript pro- grams in Web browsers. Such blocking also affects functionality of webpages and impairs user experience. As a consequence, many privacy preserving tools that have been developed to limit online tracking, often executed via JavaScript programs, may suffer from poor performance and limited uptake. A mechanism that can isolate JavaScript programs necessary for proper functioning of the website from tracking JavaScript programs would thus be useful. Through the use of a manually la- belled dataset composed of 2,612 JavaScript programs, we show how current privacy preserving tools are in-effective in finding the right balance between blocking tracking JavaScript programs and allowing functional JavaScript code. To the best of our knowledge, this is the first study to assess the performance of current web privacy preserving tools in determining tracking vs. functional JavaScript programs.To improve this balance, we examine the two classes of JavaScript programs and hypothesize that tracking JavaScript programs share structural similarities that can be used to differentiate them from functional JavaScript programs. The rationale of our approach is that web developers often “borrow” and customize existing pieces of code in order to embed tracking (resp. functional) JavaScript programs into their webpages. We then propose one-class machine learning classifiers using syntactic and semantic features extracted from JavaScript programs. When trained only on samples of tracking JavaScript programs, our classifiers achieve accuracy of 99%, where the best of the privacy preserving tools achieve accuracy of 78%.The performance of our classifiers is comparable to that of traditional two-class SVM. One-class classification, where a training set of only tracking JavaScript programs is used for learning, has the advantage that it requires fewer labelled examples that can be obtained via manual inspection of public lists of well-known track- ers. We further test our classifiers and several popular privacy preserving tools on a larger corpus of 4,084 websites with 135,656 JavaScript programs. The output of our best classifier on this data is between 20 to 64% different from the tools under study. We manually analyse a sample of the JavaScript programs for which our classifier is in disagreement with all other privacy preserving tools, and show that our approach is not only able to enhance user web experience by correctly classifying more functional JavaScript programs, but also discovers previously unknown tracking services

Crowd-Cache: Leveraging on spatio-temporal correlation in content popularity for mobile networking in proximity

Mobile capped plans are being increasingly adopted by mobile operators due to an exponential data traffic growth. Users then often suffer high data consumption costs as well as poor quality of experience. In this paper, we introduce a novel content access scheme, Crowd-Cache, which enables mobile networking in proximity by exploiting the transient co-location of devices, the epidemic nature of content popularity, and the capabilities of smart mobile devices. Crowd-Cache provides mobile users access to popular content cheaply with low latency while improving the overall quality of experience. We model the Crowd-Cache system in a probabilistic framework using a real-life dataset of video content access. The simulation results show that, in a public transportation scenario, more than 80% of the passengers can save at least 40% on their cellular data usage during a typical average city bus commute of 10 minutes. Finally, we show the practical viability of the system by implementing and evaluating the system on Android devices

Webs of Trust: Choosing Who to Trust on the Internet

none1How to decide whether to engage in transactions with strangers? Whether we’re offering a ride, renting a room or apartment, buying or selling items, or even lending money, we need a degree of trust that the others will behave as they should. Systems like Airbnb, Uber, Blablacar, eBay and others handle this by creating systems where people initially start as untrusted, and they gain reputation over time by behaving well. Unfortunately, these systems are proprietary and siloed, meaning that all information about transactions becomes property of the company managing the systems, and that there are two types of barriers to entry: first, whenever new users enter a new system they will need to restart from scratch as untrusted, without the possibility of exploiting the reputation they gained elsewhere; second, new applications have a similar cold-start problem: young systems, where nobody has reputation yet, are difficult to kickstart. We propose a solution based on a web of trust: a decentralized repository of data about past interactions between users, without any trusted third party. We think this approach can solve the aforementioned issue, establishing a notion of trust that can be used across applications while protecting user privacy. Several problems require consideration, such as scalability and robustness, as well as the trade-off between privacy and accountability. In this paper, we provide an overview of issues and solutions available in the literature, and we discuss the directions to take to pursue this project.mixedDell'Amico M.Dell'Amico, M

On Exploring a Pervasive Infrastructure to Foster Citizens Participation and Sustainable Development

none3simixedPrandi, Catia; Nisi, Valentina; Nunes, NunoPrandi, Catia; Nisi, Valentina; Nunes, Nun