Security and Privacy in Communication Networks

Unlike most cryptosystems which rely on number theoretic problems, cryptosystems based on the invertibility of finite automata are lightweight in nature and can be implemented easily using simple logical operations, thus affording fast encryption and decryption. In this paper, we propose and implement a new variant of finite automaton cryptosystem, which we call DES-Augmented Finite Automaton (DAFA) cryptosystem. DAFA uses the key generation algorithm of the Data Encryption Standard (DES) to dynamically generate linear and non-linear finite automata on the fly using a 128-bit key. Compared to existing finite automaton cryptosystems, DAFA provides stronger security yet has similar encryption/decryption speeds. DAFA is also faster than popular single key cryptosystems such as Advanced Encryption Standard (AES). The test results on desktop and mobile phones with respect to the running speed and security properties are very promising.

P-homomorphic signature is a general framework for computing on authenticated data, which is recently proposed by Ahn et al. With P-homomorphic signature, any third party can derive a signature on the object message m′ from a signature of m, if m′ and m satisfy P(m,m′) = 1 for some predicate P which denotes the authenticatable relationship between m′ and m. Ahn et al. proposed a RSA P-homomorphic signature scheme by using a RSA accumulator, which is very efficient in space. However, the computational cost of verification and derivation is very heavy. We present an improved P-homomorphic signature scheme based on factoring problem. In our construction, the time efficiency of both verification and derivation are much better than Ahn’s scheme.

The Generic Authentication Architecture (GAA) is a standardised extension to the mobile telephony security infrastructures that supports the provision of security services to network applications. We have proposed a generalised version of GAA which enables almost any pre-existing infrastructure to be used as the basis for the provision of generic security services, and have examined a GAA instantiation supported by Trusted Computing. In this paper we study another instantiation of GAA, this time building on the widely deployed EMV security infrastructure. This enables the existing EMV infrastructure to be used as the basis of a general-purpose authenticated key establishment service in a simple and uniform way, and also provides an opportunity for EMV-aware third parties to provide novel security services. We also discuss possible applications and issues of privacy and trust.

We present the first anonymous transferable conditional e-cash system based on two recent cryptographic primitives, i.e., the Groth-Sahai(GS) proofs system and the commuting signatures, thus the unlinkability and anonymity of the user is obtained. We solve an open problem by dividing the deposit into two parts, so that the user is unlinkable in the transferrable protocol and the deposit protocol. Comparing the existing conditional e-cash, the size of the computation and communication of our scheme is constant.

Key distribution is of a critical importance to security of wireless sensor networks (WSNs). Random key predistribution is an acknowledged approach to the key distribution problem. In this paper, we propose and analyze two novel improvements that enhance security provided by the random key predistribution schemes. The first improvement exploits limited length collisions in secure hash functions to increase the probability of two nodes sharing a key. The second improvement introduces hash chains into the key pool construction to directly increase the resilience against a node capture attack. Both improvements can be further combined to bring the best performance. We evaluate the improvements both analytically and computationally on a network simulator. The concepts used are not limited to the random key predistribution.

In recent years, cellular networks have been reported to be susceptible targets for Distributed Denial of Service (DDoS) attacks due to their limited resources. One potential powerful DDoS attack in cellular networks is a SMS flooding attack. Previous research has demonstrated that SMS-capable cellular networks are vulnerable to a SMS flooding attack in which a sufficient rate of SMS messages is sent to saturate the control channels in target areas. We propose a novel detection algorithm which identifies a SMS flooding attack based on the reply rate to messages sent by a handset. We further propose a mitigation technique to reduce the blocking rate caused by the attack. Our simulation results show that the false positive and false negative rates of our detection algorithm are low even when the attack traffic is blended with flash crowd traffic and/or the attack traffic mimics flash crowd traffic, and that the blocking rate is successfully reduced through the mitigation technique.

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to achieve, many times resulting in vulnerable systems exposed to the Internet. Authenticated vulnerability scanners and validation tools represent a means to detect security vulnerabilities caused by missing patches or misconfiguration, but current approaches center much around the concepts of hosts and operating systems. This paper presents a language and an approach for the declarative specification and execution of machine-readable security checks for sets of more fine-granular system components depending on each other in a distributed environment. Such a language, building on existing standards, fosters the creation and sharing of security content among security stakeholders. Our approach is exemplified by vulnerabilities of and corresponding checks for Open Source Software commonly used in today’s Internet applications.

Malicious web pages are among the major security threats on the Web. Most of the existing techniques for detecting malicious web pages focus on specific attacks. Unfortunately, attacks are getting more complex whereby attackers use blended techniques to evade existing countermeasures. In this paper, we present a holistic and at the same time lightweight approach, called BINSPECT, that leverages a combination of static analysis and minimalistic emulation to apply supervised learning techniques in detecting malicious web pages pertinent to drive-by-download, phishing, injection, and malware distribution by introducing new features that can effectively discriminate malicious and benign web pages. Large scale experimental evaluation of BINSPECT achieved above 97% accuracy with low false signals. Moreover, the performance overhead of BINSPECT is in the range 3-5 seconds to analyze a single web page, suggesting the effectiveness of our approach for real-life deployment.

Intrusion Detection Systems (IDS) have emerged as one of the most promising ways to secure systems in the network. To be effective against evasion attempts, the IDS must provide tight bounds on performance. Otherwise an adversary can bypass the IDS by carefully crafting and sending packets that throttle it. This can render the IDS ineffective, thus resulting in the network becoming vulnerable.

We present a performance throttling attack mounted against the computationally intensive string matching algorithm. This algorithm performs string matching by traversing a finite-state-machine (FSM). We observe that there are some input bytes that sequentially traverse a chain of 30 pointers. This chain of traversal drastically degrades performance, and we observe a 22X performance drop in comparison to the average case performance. We investigate hardware and software mechanisms to counter this performance degradation. The software mechanism is targeted for commodity general purpose CPUs. While the hardware-based mechanism uses a parallel traversal suitable for network processor architectures. Our results show that our proposed mechanisms significantly improves (by over 3X magnitude) string matching algorithm’s worst performing cases.

It is known that BitTorrent file-sharing traffic is analysed to identify exchangers of copyrighted material. In general, copyright holders can perform monitoring using two approaches: indirect monitoring, where indirect clues of the sharing activity of a peer are considered (e.g., its presence in the peer list of a tracker), and direct monitoring, which establishes connections with peers to estimate their participation in sharing activity. Previous research has focused exclusively on indirect monitoring. We provide a broader characterisation of the monitoring of BitTorrent activity by considering both indirect and direct monitoring. In particular, we review previous work on indirect monitoring, provide features to detect peers engaged in such monitoring, and apply them to identify a number of monitoring organisations. Additionally, we introduce features that detect direct monitors, and provide the first ever measurements of direct monitoring, showing that it is now occurring.

Network intrusion detection systems (NIDSs) have become an essential part for current network security infrastructure. However, in a large-scale network, the overhead network packets can greatly decrease the effectiveness of such detection systems by significantly increasing the processing burden of a NIDS. To mitigate this issue, we advocate that constructing a packet filter is a promising and complementary solution to reduce the workload of a NIDS, especially to reduce the burden of signature matching. We have developed a blacklist-based packet filter to help a NIDS filter out network packets and achieved positive experimental results. But the calculation of IP confidence is still a big challenge for our previous work. In this paper, we further design a packet filter with a trust-based method using Bayesian inference to calculate the IP confidence and explore its performance with a real dataset and in a network environment. We also analyze the trust-based method by comparing it with our previous weight-based method. The experimental results show that by using the trust-based calculation of IP confidence, our designed trust-based blacklist packet filter can achieve a better outcome.

In this paper we present an algorithm that is able to progressively discover nodes cooperating in a P2P network. Starting from a single known node, we can easily identify other nodes in the peer-to-peer network, through the analysis of widely available and standardized IPFIX (NetFlow) data. Instead of relying on the analysis of content characteristics or packet properties, we monitor connections of known nodes in the network and then progressively discover other nodes through the analysis of their mutual contacts. We show that our method is able to discover all cooperating nodes in many P2P networks. The use of standardized input data allows for easy deployment onto real networks. Moreover, because this approach requires only short processing times, it scales very well in larger and higher speed networks.

In recent years, there has been an alarming increase of online identity theft and attacks using personally identifiable information. The goal of privacy preservation is to de-associate individuals from sensitive or microdata information. Microaggregation techniques seeks to protect microdata in such a way that can be published and mined without providing any private information that can be linked to specific individuals. Microaggregation works by partitioning the microdata into groups of at least k records and then replacing the records in each group with the centroid of the group. An optimal microaggregation method must minimize the information loss resulting from this replacement process. The challenge is how to minimize the information loss during the microaggregation process. This paper presents a new microaggregation technique for Statistical Disclosure Control (SDC). It consists of two stages. In the first stage, the algorithm sorts all the records in the data set in a particular way to ensure that during microaggregation very dissimilar observations are never entered into the same cluster. In the second stage an optimal microaggregation method is used to create k-anonymous clusters while minimizing the information loss. It works by taking the sorted data and simultaneously creating two distant clusters using the two extreme sorted values as seeds for the clusters. The performance of the proposed technique is compared against the most recent microaggregation methods. Experimental results using benchmark datasets show that the proposed algorithm has the lowest information loss compared with a basket of techniques in the literature.

Trust-based onion routing employs users’ own trust to circumvent compromised onion routers. However, it runs a high risk of being deanonymized by the inference attack based on a priori trust relationship. In this paper, we first observe that the onion routers with higher trust degree (e.g., those that are trusted by more users) are more effective in defending against the inference attack. We therefore incorporate trust degree into trust-based onion routing. With a rigorous theoretical analysis, we devise an optimal strategy for router selection and an optimal routing algorithm for path selection. Both minimize the risk of deanonymization by the inference attack without sacrificing the capability of evading compromised routers. Moreover, simulation-based experiments on top of real-world social networks confirm the effectiveness of the optimal router selection.

Back-propagation is an effective method for neural network learning. To improve the accuracy of the learning result, in practice multiple parties may want to collaborate by jointly executing the back-propagation algorithm on the union of their respective data sets. During this process no party wants to disclose her/his private data to others for privacy concerns. Existing schemes supporting this kind of collaborative learning just partially solve the problem by limiting the way of data partition or considering only two parties. There still lacks a solution for more general and practical settings wherein two or more parties, each with an arbitrarily partitioned data set, collaboratively conduct learning.

In this paper, by utilizing the power of cloud computing, we solve this open problem with our proposed privacy preserving back-propagation algorithm, which is tailored for the setting of multiparty and arbitrarily partitioned data. In our proposed scheme, each party encrypts his/her private data locally and uploads the ciphertexts into the cloud. The cloud then executes most of the operations pertaining to the learning algorithms with ciphertexts but learns nothing about the original private data. By securely offloading the expensive operations to the cloud, we keep the local computation and communication costs on each party minimal and independent to the number of participants. To support flexible operations over ciphertexts, we adopt and tailor the BGN ‘doubly homomorphic’ encryption algorithm for the multiparty setting. Thorough analysis shows that our proposed scheme is secure, efficient and scalable.

Exploiting static configuration of networks and hosts has always been a great advantage for design and launching of decisive attacks. Network reconnaissance of IP addresses and ports is prerequisite to many host and network attacks. At the same time, knowing IP addresses is required for service reachability in IP networks, which makes complete concealment of IP address for servers infeasible. In addition, changing IP addresses too frequently may cause serious ramifications including service interruptions, routing inflation, delays and security violations. In this paper, we present a novel approach that turns end-hosts into untraceable moving targets by transparently mutating their IP addresses in an intelligent and unpredictable fashion and without sacrificing network integrity, manageability or performance. The presented technique is called Random Host Mutation (RHM). In RHM, moving target hosts are assigned virtual IP addresses that change randomly and synchronously in a distributed fashion over time. In order to prevent disruption of active connections, the IP address mutation is managed by network appliances and totally transparent to end-host. RHM employs multi-level optimized mutation techniques that maximize uncertainty in adversary scanning by effectively using the whole available address range, while at the same time minimizing the size of routing tables, and reconfiguration updates. RHM can be transparently deployed on existing networks on end-hosts or network elements. Our analysis, implementation and evaluation show that RHM can effectively defend against stealthy scanning, many types of worm propagation and attacks that require reconnaissance for successful launching. We also show the performance bounds for moving target defense in a practical network setup.

In recent years researchers have shown that the analogue signalling behaviour of digital devices can be used for identification and monitoring purposes. The basic postulate of these so-called physical-layer identification (PLI) approaches is that devices are sufficiently variable in their behaviour to be distinguishable and that an attacker would be unable to adequately emulate this behaviour. Recent work, however, has shown that at least some PLI implementations can be defeated using electronic equipment capable of generating arbitrarily shaped signals known as arbitrary waveform generators (AWGs).

In this work we first present a framework to determine whether an AWG, specified in terms of resolution, sampling rate, distortion, and noise parameters, could be used to defeat a given PLI system. We then utilise this framework in the formulation of a cost-minimisation problem to find the most cost-effective values of these parameters; i.e. we characterise the least expensive, and hence lowest performing, AWG an attacker would require to defeat a PLI system. The use of the framework is illustrated by applying it to a previously proposed PLI approach. Results indicate that the PLI system could be defeated using an AWG with a substantially lower sampling rate and resolution than the PLI system sampler.

With the growing popularity of VoIP and its large customer base, the incentives of telemarketers for voice spam has been increasing in the recent years. If the threat of voice spam remains unchecked, it could become a problem as serious as email spam today. Compared to email spam, voice spam will be much more obnoxious and time consuming nuisance for telephone subscribers to filter out. In this paper, we propose a content-based approach to protect telephone subscribers voice mailboxes from voice spam. In particular, based on Dynamic Time Warping (DTW), we develop a speaker independent speech recognition system to make content comparison of speech messages. Using our system, the voice messages left on the media server by callers are matched against a set of spam filtering rules involving the study of call behavioral pattern and the analysis of message content. The uniqueness of our spam filtering approach lies in its independence on the generation of voice spam, regardless whether spammers play same spam content recorded in many different ways, such as human or machine generated voice, male or female voice, and different accents. We validate the efficacy of the proposed scheme through real experiments, and our experimental results show that it can effectively filter out spam from the subscribers’ voice mailbox with 0.67% false positive rate and 8.33% false negative rate.