Showing papers by "Gene Tsudik published in 2013"

Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking

Abstract: Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. In CCN, named content becomes a first-class entity. CCN focuses on content distribution, which dominates current Internet traffic and is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.

DoS and DDoS in Named Data Networking

Abstract: With the growing realization that current Internet protocols are reaching the limits of their senescence, several on-going research efforts aim to design potential next-generation Internet architectures. Although they vary in maturity and scope, in order to avoid past pitfalls, these efforts seek to treat security and privacy as fundamental requirements. Resilience to Denial-of-Service (DoS) attacks that plague today's Internet is a major issue for any new architecture and deserves full attention. In this paper, we focus on DoS in Named Data Networking (NDN) - a specific candidate for next-generation Internet architecture designs. By naming data instead of its locations, NDN transforms data into a first-class entity and makes itself an attractive and viable approach to meet the needs for many current and emerging applications. It also incorporates some basic security features that mitigate classes of attacks that are commonly seen today. However, NDN's resilience to DoS attacks has not been analyzed to-date. This paper represents a first step towards assessment and possible mitigation of DoS in NDN. After identifying and analyzing several new types of attacks, it investigates their variations, effects and counter-measures. This paper also sheds some light on the debate about relative virtues of self-certifying, as opposed to human-readable, names in the context of content-centric networking.

DoS & DDoS in Named Data Networking

Abstract: With the growing realization that current Internet protocols are reaching the limits of their senescence, several ongoing research efforts aim to design potential next-generation Internet architectures. Although they vary in maturity and scope, in order to avoid past pitfalls, these efforts seek to treat security and privacy as fundamental requirements. Resilience to Denialof-Service (DoS) attacks that plague today’s Internet is a major issue for any new architecture and deserves full attention. In this paper, we focus on DoS in Named Data Networking (NDN) – a specific candidate for next-generation Internet architecture designs. By naming data instead of its locations, NDN transforms data into a first-class entity and makes itself an attractive and viable approach to meet the needs for many current and emerging applications. It also incorporates some basic security features that mitigate classes of attacks that are commonly seen today. However, NDN’s resilience to DoS attacks has not been analyzed to-date. This paper represents a first step towards assessment and possible mitigation of DoS in NDN. After identifying and analyzing several new types of attacks, it investigates their variations, effects and counter-measures. This paper also sheds some light on the debate about relative virtues of self-certifying, as opposed to human-readable, names in the context of content-centric networking.

Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking

Abstract: Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. CCN focuses on content distribution, which is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.

Cache Privacy in Named-Data Networking

Abstract: Content-Centric Networking (CCN) is an alternative to host-centric networking exemplified by today's Internet. CCN emphasizes content distribution by making content directly addressable. Named-Data Networking (NDN) is an example of CCN being considered as a candidate next-generation Internet architecture. One key NDN feature is router-side content caching that optimizes bandwidth consumption, reduces congestion and provides fast fetching for popular content. Unfortunately, the same feature is also detrimental to privacy of both consumers and producers of content. As we show in this paper, simple and difficult-to-detect timing attacks can exploit NDN routers as "oracles" and allow the adversary to learn whether a nearby consumer recently requested certain content. Similarly, probing attacks that target adjacent content producers can be used to discover whether certain content has been recently fetched. After analyzing the scope and feasibility of such attacks, we propose and evaluate some efficient countermeasures that offer quantifiable privacy guarantees while retaining key features of NDN.

Securing instrumented environments over content-centric networking: the case of lighting control and NDN

Abstract: Instrumented environments, such as modern building automation systems (BAS), are becoming commonplace and are increasingly interconnected with (and sometimes by) enterprise networks and the Internet. Regardless of the underlying communication platform, secure control of devices in such environments is a challenging task. The current trend is to move from proprietary communication media and protocols to IP over Ethernet. While the move towards IP represents progress, new and different Internet architectures might be better-suited for instrumented environments. In this paper, we consider security of instrumented environments in the context of Content-Centric Networking (CCN). In particular, we focus on building automation over Named-Data Networking (NDN), a prominent instance of CCN. After identifying security requirements in a specific BAS sub-domain (lighting control), we construct a concrete NDN-based security architecture, analyze its properties and report on preliminary implementation and experimental results. We believe that this work represents a useful exercise in assessing the utility of NDN in securing a communication paradigm well outside of its claimed forte of content distribution. At the same time, we provide a viable (secure and efficient) communication platform for a class of instrumented environments exemplified by lighting control.

The Chills and Thrills of Whole Genome Sequencing

Abstract: In recent years, whole genome sequencing (WGS) evolved from a futuristic-sounding research project to an increasingly affordable technology for determining complete genome sequences of complex organisms, including humans. This prompts a wide range of revolutionary applications, as WGS is a promising means for improving modern healthcare and providing a better understanding of the human genome, in particular its relation to diseases and response to treatments. However, this progress raises worrisome privacy and ethical issues, since, besides uniquely identifying its owner, the genome contains a treasure trove of highly personal and sensitive information. In this article, after summarizing recent advances in genomics, we discuss some important privacy issues associated with human genomic information and identify a number of particularly relevant research challenges.

Secure genomic testing with size- and position-hiding private substring matching

Abstract: Recent progress in genomics and bioinformatics is bringing complete and on-demand sequencing of human (and other) genomes closer and closer to reality. Despite exciting new opportunities, affordable and ubiquitous genome sequencing prompts some serious privacy and ethical concerns, owing to extreme sensitivity and uniqueness of genomic information. At the same time, new medical applications, such as personalized medicine, require testing genomes for specific markers that themselves represent sensitive (e.g., proprietary) material. This paper focuses on privacy challenges posed by such genetic tests. It presents a secure and efficient protocol called: Size- and Position-Hiding Private Substring Match- ing (SPH-PSM). This protocol allows two parties -- one with a digitized genome and the other with a set of DNA markers -- to conduct a test, such that the result is only learned by the former, and no other information is learned by either party. In particular, the genome owner does not even learn the size or the position of the markers, which makes SPH-PSM the first of its kind. Finally, we report on a prototype of the proposed technique which attests to its practicality.

United We Stand: Intrusion Resilience in Mobile Unattended WSNs

Abstract: Wireless Sensor Networks (WSNs) are susceptible to a wide range of attacks due to their distributed nature, limited sensor resources, and lack of tamper resistance Once a sensor is corrupted, the adversary learns all secrets Thereafter, most security measures become ineffective Recovering secrecy after compromise requires either help from a trusted third party or access to a source of high-quality cryptographic randomness Neither is available in Unattended Wireless Sensor Networks (UWSNs), where the sink visits the network periodically Prior results have shown that sensor collaboration is an effective but expensive means of obtaining probabilistic intrusion resilience in static UWSNs In this paper, we focus on intrusion resilience in Mobile Unattended Wireless Sensor Networks (μUWSNs), where sensors move according to some mobility models Note that such a mobility feature could be independent from security (eg, sensors move to improve area coverage) We define novel security metrics to evaluate intrusion resilience protocols for sensor networks We also propose a cooperative protocol that - by leveraging sensor mobility - allows compromised sensors to recover secure state after compromise This is obtained with very low overhead and in a fully distributed fashion Thorough analysis and extensive simulations support our findings

Fast and Private Computation of Cardinality of Set Intersection and Union

Abstract: In many everyday scenarios, sensitive information must be shared between parties without complete mutual trust. Private set operations are particularly useful to enable sharing information with privacy, as they allow two or more parties to jointly compute operations on their sets (e.g., intersection, union, etc.), such that only the minimum required amount of information is disclosed. In the last few years, the research community has proposed a number of secure and efficient techniques for Private Set Intersection (PSI), however, somewhat less explored is the problem of computing the magnitude, rather than the contents, of the intersection – we denote this problem as Private Set Intersection Cardinality (PSI-CA). This paper explores a few PSI-CA variations and constructs several protocols that are more efficient than the state-of-the-art.

Secure Informatics Infrastructure for Genomic-Enabled Medicine, Social, and Other Applications

Abstract: A system is disclosed in which human genomes are stored in databases or in a cloud based computer system, which is secure and private and then downloaded to personal devices for possible peer-to-peer interactions for health care applications, as well as for social and other applications. The use of the system is directed to fully sequenced genomes and includes protocols that are constructed to mimic in vitro biological tests to conduct genomic analysis instead of generic computational techniques, which tend to be impractical as they require performance of online computation over the entire genome. Three specific examples of protocols or techniques for privacy-preserving testing on fully sequenced genomes included are: 1) privacy-preserving genetic paternity testing, 2) privacy-preserving personalized medicine testing, and 3) privacy-preserving genetic compatibility testing.

Privacy-Preserving Matching of Community-Contributed Content

Abstract: Popular consumer review sites, such as Yelp and Tripadvisor, are based upon massive amounts of voluntarily contributed content. Sharing of data among different review sites can offer certain benefits, such as more customized service and better-targeted advertisements. However, business, legal and ethical issues prevent review site providers from sharing data in bulk.

Transaction Verification on RFID Enabled Payment and Transaction Instruments

Abstract: A display enabled RFID tag (DERT) receives transaction details from the reader. DERT verifies that the details match their counterparts in the reader public key certificate. The process is aborted in case of a mismatch. DERT extracts and displays user-verifiable data. It then enters a countdown stage that lasts for a predetermined duration. A user observes the transaction information and, if the transaction amount and other details are deemed correct, presses an accept button provided on the DERT before the timer runs out. DERT signs the time-stamped transaction statement and sends it to the reader. This signed statement is then sent to the payment gateway and eventually to the financial institution that issued the payment DERT.

Optimizing bi-directional low-latency communication in named data networking

Abstract: Content-Centric Networking (CCN) is an alternative to today's Internet IP-style packet-switched host-centric networking. One key feature of CCN is its focus on content distribution, which dominates current Internet traffic and which is not well-served by IP. Named Data Networking (NDN) is an instance of CCN; it is an on-going research effort aiming to design and develop a full-blown candidate future Internet architecture. Although NDN's emphasizes content distribution, it must also support other types of traffic, such as conferencing (audio, video) as well as more historical applications, such as remote login and file transfer. However, suitability of NDN for applications that are not obviously or primarily content-centric. We believe that such applications are not going away any time soon. In this paper, we explore NDN in the context of a class of applications that involve lowlatency bi-directional (point-to-point) communication. Specifically, we propose a few architectural amendments to NDN that provide significantly better throughput and lower latency for this class of applications by reducing routing and forwarding costs. The proposed approach is validated via experiments.

Can Jannie verify? Usability of display-equipped RFID tags for security purposes

Abstract: The recent emergence of RFID tags capable of performing public key operations enables a number of new applications in commerce e.g., RFID-enabled credit cards and security e.g., ePassports and access-control badges. While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly when RFID tags are used for financial transactions or bearer identification.In this paper, we focus exclusively on techniques with user involvement for secure user-to-tag authentication, transaction verification, reader expiration and revocation checking, as well as pairing of RFID tags with other personal devices. Our approach is based on two factors: 1 recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive display-equipped RFID tags, and 2 high-end RFID tags used in financial transactions or identification are attended by a human user typically, their owner. Our techniques rely on user involvement coupled with on-tag displays to achieve better security and privacy. Since user acceptance is a crucial factor in this context, we conducted comprehensive user studies to assess usability of all considered methods. This paper reports on our findings.

The Chills and Thrills of Whole Genome Sequencing

Abstract: In recent years, Whole Genome Sequencing (WGS) evolved from a futuristic-sounding research project to an increasingly affordable technology for determining complete genome sequences of complex organisms, including humans. This prompts a wide range of revolutionary applications, as WGS promises to improve modern healthcare and provide a better understanding of the human genome -- in particular, its relation to diseases and response to treatments. However, this progress raises worrisome privacy and ethical issues, since, besides uniquely identifying its owner, the genome contains a treasure trove of highly personal and sensitive information. In this article, after summarizing recent advances in genomics, we discuss some important privacy issues associated with human genomic information and identify a number of particularly relevant research challenges.

Covert Ephemeral Communication in Named Data Networking

Abstract: In the last decade, there has been a growing realization that the current Internet Protocol is reaching the limits of its senescence. This has prompted several research efforts that aim to design potential next-generation Internet architectures. Named Data Networking (NDN), an instantiation of the content-centric approach to networking, is one such effort. In contrast with IP, NDN routers maintain a significant amount of user-driven state. In this paper we investigate how to use this state for covert ephemeral communication (CEC). CEC allows two or more parties to covertly exchange ephemeral messages, i.e., messages that become unavailable after a certain amount of time. Our techniques rely only on network-layer, rather than application-layer, services. This makes our protocols robust, and communication difficult to uncover. We show that users can build high-bandwidth CECs exploiting features unique to NDN: in-network caches, routers' forwarding state and name matching rules. We assess feasibility and performance of proposed cover channels using a local setup and the official NDN testbed.