Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1137
Ralf Kundel, Paul Stiegele, D. Tran, Julian Zobel, Osama Abboud, Rhaban Hark, R. Steinmetz
Quality of Service indicators in computer networks reached tremendous importance over the last years. Especially throughput and latency are directly influenced by the dimension of packet queues. Determining the optimal dimension based on the inevitable tradeoff between throughput and latency tends to be a hard, almost infeasible challenge. Several algorithms for Active Queue Management have been proposed to address this challenge over the last years. However, the deployment and by that the development of such algorithms is challenging as they are usually located within the operation systems’ kernel or implemented in fixed hardware. In this work, we investigate how novel algorithms can be deployed in user space for rapid prototyping with tolerable effort. We provide core performance characteristics and highlight the viability and reasonability of this approach.
{"title":"User Space Packet Schedulers: Towards Rapid Prototyping of Queue-Management Algorithms","authors":"Ralf Kundel, Paul Stiegele, D. Tran, Julian Zobel, Osama Abboud, Rhaban Hark, R. Steinmetz","doi":"10.14279/TUJ.ECEASST.80.1137","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1137","url":null,"abstract":"Quality of Service indicators in computer networks reached tremendous importance over the last years. Especially throughput and latency are directly influenced by the dimension of packet queues. Determining the optimal dimension based on the inevitable tradeoff between throughput and latency tends to be a hard, almost infeasible challenge. Several algorithms for Active Queue Management have been proposed to address this challenge over the last years. However, the deployment and by that the development of such algorithms is challenging as they are usually located within the operation systems’ kernel or implemented in fixed hardware. In this work, we investigate how novel algorithms can be deployed in user space for rapid prototyping with tolerable effort. We provide core performance characteristics and highlight the viability and reasonability of this approach.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116682965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1146.1115
Aditya Tyagi, Razieh Nokhbeh Zaeem, K. S. Barber
While many organizations share threat intelligence, there is still a lack of actionable data for organizations to proactively and effectively respond to emerging identity threats to mitigate a wide range of crimes. There currently exists no solution for organizations to access current trends and intelligence to understand emerging threats and how to appropriately respond to them. This research project delivers I-WARN to help bridge that gap. Using a wide range of open-source information, I-WARN gathers, analyzes, and reports on threats related to the theft, fraud, and abuse of Personally Identifiable Information (PII). I-WARN then maps those threats to the MITRE ATT&CK -- a framework that helps understand lateral movement of an attack -- to offer mitigation and risk reduction tactics. I-WARN aims to deliver actionable intelligence, offering early warning into threat behaviors, and mitigation responses. This paper discusses the technical details of I-WARN, non-exhaustive current solutions for threat intelligence sharing, and future work.
{"title":"Early Warning Identity Threat and Mitigation System","authors":"Aditya Tyagi, Razieh Nokhbeh Zaeem, K. S. Barber","doi":"10.14279/TUJ.ECEASST.80.1146.1115","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1146.1115","url":null,"abstract":"While many organizations share threat intelligence, there is still a lack of actionable data for organizations to proactively and effectively respond to emerging identity threats to mitigate a wide range of crimes. There currently exists no solution for organizations to access current trends and intelligence to understand emerging threats and how to appropriately respond to them. This research project delivers I-WARN to help bridge that gap. Using a wide range of open-source information, I-WARN gathers, analyzes, and reports on threats related to the theft, fraud, and abuse of Personally Identifiable Information (PII). I-WARN then maps those threats to the MITRE ATT&CK -- a framework that helps understand lateral movement of an attack -- to offer mitigation and risk reduction tactics. I-WARN aims to deliver actionable intelligence, offering early warning into threat behaviors, and mitigation responses. This paper discusses the technical details of I-WARN, non-exhaustive current solutions for threat intelligence sharing, and future work.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121916408","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1155.1088
Martin Byrenheid, Stefanie Roos, T. Strufe
Routing based on greedy network embeddings enables efficient and privacy-preserving routing in overlays where connectivity is restricted to mutually trusted nodes. In previous works, we proposed security enhancements to the embedding and routing procedures to protect against denial-of-service attacks by malicious overlay participants. In this work, we propose an improved timeout scheme to reduce the stabilization overhead of secure tree maintenance in response to node failures and malicious behavior. Furthermore, we present an attack-resistant packet replication scheme that leverages alternative paths discovered during routing.
{"title":"Improvements to the Secure Construction and Utilization of Greedy Embeddings in Friend-to-Friend Overlays","authors":"Martin Byrenheid, Stefanie Roos, T. Strufe","doi":"10.14279/TUJ.ECEASST.80.1155.1088","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1155.1088","url":null,"abstract":"Routing based on greedy network embeddings enables efficient and privacy-preserving routing in overlays where connectivity is restricted to mutually trusted nodes. In previous works, we proposed security enhancements to the embedding and routing procedures to protect against denial-of-service attacks by malicious overlay participants. In this work, we propose an improved timeout scheme to reduce the stabilization overhead of secure tree maintenance in response to node failures and malicious behavior. Furthermore, we present an attack-resistant packet replication scheme that leverages alternative paths discovered during routing.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124769866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1179
Katharina Dietz, Michael Mühlhauser, Michael Seufert, N. Gray, T. Hossfeld, Dominik Herrmann
As modern communication networks grow more and more complex, manually maintaining an overview of deployed soft- and hardware is challenging. Mechanisms such as fingerprinting are utilized to automatically extract information from ongoing network traffic and map this to a specific device or application, e.g., a browser. Active approaches directly interfere with the traffic and impose security risks or are simply infeasible. Therefore, passive approaches are employed, which only monitor traffic but require a well-designed feature set since less information is available. However, even these passive approaches impose privacy risks. Browser identification from encrypted traffic may lead to data leakage, e.g., the browser history of users. We propose a passive browser fingerprinting method based on explainable features and evaluate two privacy protection mechanisms, namely differentially private classifiers and differentially private data generation. With a differentially private Random Decision Forest, we achieve an accuracy of 0.877. If we train a non-private Random Forest on differentially private synthetic data, we reach an accuracy up to 0.887, showing a reasonable trade-off between utility and privacy.
{"title":"Browser Fingerprinting: How to Protect Machine Learning Models and Data with Differential Privacy?","authors":"Katharina Dietz, Michael Mühlhauser, Michael Seufert, N. Gray, T. Hossfeld, Dominik Herrmann","doi":"10.14279/TUJ.ECEASST.80.1179","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1179","url":null,"abstract":"As modern communication networks grow more and more complex, manually maintaining an overview of deployed soft- and hardware is challenging. Mechanisms such as fingerprinting are utilized to automatically extract information from ongoing network traffic and map this to a specific device or application, e.g., a browser. Active approaches directly interfere with the traffic and impose security risks or are simply infeasible. Therefore, passive approaches are employed, which only monitor traffic but require a well-designed feature set since less information is available. However, even these passive approaches impose privacy risks. Browser identification from encrypted traffic may lead to data leakage, e.g., the browser history of users. We propose a passive browser fingerprinting method based on explainable features and evaluate two privacy protection mechanisms, namely differentially private classifiers and differentially private data generation. With a differentially private Random Decision Forest, we achieve an accuracy of 0.877. If we train a non-private Random Forest on differentially private synthetic data, we reach an accuracy up to 0.887, showing a reasonable trade-off between utility and privacy.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131027409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1133.1095
William Tarneberg, M. Gunnarsson, M. Kihl, C. Gehrmann
Digital twins are taking a central role in the industry 4.0 narrative. How- ever, they are still illusive. Many aspects of the digital-twins have yet to materialize. For example, to what degree will they be integrated into cloud and industry 4.0 sys- tems as well as how and if they should augment their physical counterpart. Those choices are accompanied by challenging security aspects, many of which have to be studied partially. In this paper, we present a novel digital-twin demonstrator that en- ables experimentation and advanced research on such systems. The demonstrator is cloud-native, has a distributed adaptive control system, incorporates edge and public clouds, a PLC, intrusion detection, a wireless network emulator, and an attacker.
{"title":"Demonstration: A cloud-native digital twin with adaptive cloud-based control and intrusion detection","authors":"William Tarneberg, M. Gunnarsson, M. Kihl, C. Gehrmann","doi":"10.14279/TUJ.ECEASST.80.1133.1095","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1133.1095","url":null,"abstract":"Digital twins are taking a central role in the industry 4.0 narrative. How- ever, they are still illusive. Many aspects of the digital-twins have yet to materialize. For example, to what degree will they be integrated into cloud and industry 4.0 sys- tems as well as how and if they should augment their physical counterpart. Those choices are accompanied by challenging security aspects, many of which have to be studied partially. In this paper, we present a novel digital-twin demonstrator that en- ables experimentation and advanced research on such systems. The demonstrator is cloud-native, has a distributed adaptive control system, incorporates edge and public clouds, a PLC, intrusion detection, a wireless network emulator, and an attacker.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130620578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1175
David Monschein, O. P. Waldhorst
Since password-based authentication is no longer sufficient for web applications, additional authentication factors are required. Especially in the context of mobile devices and with regard to usability, there is an increasing focus on methods where the user's behavior is used as authentication factor (e.g., touchscreen interactions or sensors). As this typically requires the processing of large amounts of sensitive data, issues related to privacy and scalability arise. Our work addresses the issues by presenting a scalable and privacy-friendly approach for authenticating users of mobile applications based on information about their network connections.
{"title":"Privacy-Preserving and Scalable Authentication based on Network Connection Traces","authors":"David Monschein, O. P. Waldhorst","doi":"10.14279/TUJ.ECEASST.80.1175","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1175","url":null,"abstract":"Since password-based authentication is no longer sufficient for web applications, additional authentication factors are required. Especially in the context of mobile devices and with regard to usability, there is an increasing focus on methods where the user's behavior is used as authentication factor (e.g., touchscreen interactions or sensors). As this typically requires the processing of large amounts of sensitive data, issues related to privacy and scalability arise. Our work addresses the issues by presenting a scalable and privacy-friendly approach for authenticating users of mobile applications based on information about their network connections.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131403917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1172
K. Thimmaraju, B. Scheuermann
QUIC is a new transport protocol over UDP which is recently became an IETF RFC. Our security analysis of the Connection ID mechanism in QUIC reveals that the protocol is underspecified. This allows an attacker to count the number of server instances behind a middlebox, e.g., a load balancer. We found 4/15 (~25%) implementations vulnerable to our enumeration attack. We then concretely describe how an attacker can count the number of instances behind a load balancer that either uses Round Robin or Hashing.
{"title":"Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers","authors":"K. Thimmaraju, B. Scheuermann","doi":"10.14279/TUJ.ECEASST.80.1172","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1172","url":null,"abstract":"QUIC is a new transport protocol over UDP which is recently became an IETF RFC. Our security analysis of the Connection ID mechanism in QUIC reveals that the protocol is underspecified. This allows an attacker to count the number of server instances behind a middlebox, e.g., a load balancer. We found 4/15 (~25%) implementations vulnerable to our enumeration attack. We then concretely describe how an attacker can count the number of instances behind a load balancer that either uses Round Robin or Hashing.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134603483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1142.1106
Yasin Alhamwy
Multi-Agent Systems (MAS) are becoming increasingly popular in large-scale dynamic domains such as Smart Cities and Search & Rescue (S&R) missions. In order for agents to cooperate efficiently in such domains, they need to distribute tasks, share knowledge, resolve conflicts, incorporate unknown agents, assign roles among each other, assign and keep track of teams of agents, etc. The cooperation in such dynamic domains requires both a software platform that supports the interoperability of cyber-physical agents as well as a shared Knowledge Base that stores general semantic information about the entities of discourse as well as live status information. ALICA, which is an in-house Multi-Agent platform, addresses such domains and is well suited to tackle a lot of these problems. To further enhance its capabilities, an extension is planned in order to integrate the standardised context information interface NGSI-LD as well as the widely used FIWARE models and components for Smart Cities, which enables the management of static and dynamic context information in normal and crisis situations.
{"title":"Information Management for Multi-Agent Systems","authors":"Yasin Alhamwy","doi":"10.14279/TUJ.ECEASST.80.1142.1106","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1142.1106","url":null,"abstract":"Multi-Agent Systems (MAS) are becoming increasingly popular in large-scale dynamic domains such as Smart Cities and Search & Rescue (S&R) missions. In order for agents to cooperate efficiently in such domains, they need to distribute tasks, share knowledge, resolve conflicts, incorporate unknown agents, assign roles among each other, assign and keep track of teams of agents, etc. The cooperation in such dynamic domains requires both a software platform that supports the interoperability of cyber-physical agents as well as a shared Knowledge Base that stores general semantic information about the entities of discourse as well as live status information. ALICA, which is an in-house Multi-Agent platform, addresses such domains and is well suited to tackle a lot of these problems. To further enhance its capabilities, an extension is planned in order to integrate the standardised context information interface NGSI-LD as well as the widely used FIWARE models and components for Smart Cities, which enables the management of static and dynamic context information in normal and crisis situations.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114310091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-09-08DOI: 10.14279/TUJ.ECEASST.80.1183.1085
Sanaz Afzali, A. Udugama, Anna Förster, Mathias Fischer
Opportunistic Networks (OppNets) enable contact-based networking and service provisioning when no infrastructure exists, e.g., in disaster areas. In such sensitive scenarios, maintaining their availability is important, but most existing work on OppNets mainly assume fully cooperative and thus not malicious nodes. In this paper, we study the impact of different flavors of low-intensity Denial of Service (DoS) attacks on OppNets, which are hard to detect and to counter. Our results indicate that low-rate DoS and black hole attacks as a special case of DoS, seem to have a huge impact on the packet delivery ratio and the delivery delay of an OppNet.
{"title":"On the Resilience of Opportunistic Networks against DoS Attacks","authors":"Sanaz Afzali, A. Udugama, Anna Förster, Mathias Fischer","doi":"10.14279/TUJ.ECEASST.80.1183.1085","DOIUrl":"https://doi.org/10.14279/TUJ.ECEASST.80.1183.1085","url":null,"abstract":"Opportunistic Networks (OppNets) enable contact-based networking and service provisioning when no infrastructure exists, e.g., in disaster areas. In such sensitive scenarios, maintaining their availability is important, but most existing work on OppNets mainly assume fully cooperative and thus not malicious nodes. In this paper, we study the impact of different flavors of low-intensity Denial of Service (DoS) attacks on OppNets, which are hard to detect and to counter. Our results indicate that low-rate DoS and black hole attacks as a special case of DoS, seem to have a huge impact on the packet delivery ratio and the delivery delay of an OppNet.","PeriodicalId":115235,"journal":{"name":"Electron. Commun. Eur. Assoc. Softw. Sci. Technol.","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124001344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: