Malicious code is defined as software designed to execute attacks on software systems. This work demonstrates the possibility of executing malware on wireless sensor nodes that are based on the von Neumann architecture. This is achieved by exploiting a buffer overflow vulnerability to smash the call stack, intrude a remote node over the radio channel and, eventually, completely take control of it. Then we show how the malware can be crafted to become a self-replicating worm that broadcasts itself and propagates over the network hop-by-hop, infecting all the nodes.
{"title":"Self-propagating worms in wireless sensor networks","authors":"Thanassis Giannetsos, T. Dimitriou, N. Prasad","doi":"10.1145/1658997.1659015","DOIUrl":"https://doi.org/10.1145/1658997.1659015","url":null,"abstract":"Malicious code is defined as software designed to execute attacks on software systems. This work demonstrates the possibility of executing malware on wireless sensor nodes that are based on the von Neumann architecture. This is achieved by exploiting a buffer overflow vulnerability to smash the call stack, intrude a remote node over the radio channel and, eventually, completely take control of it. Then we show how the malware can be crafted to become a self-replicating worm that broadcasts itself and propagates over the network hop-by-hop, infecting all the nodes.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"44 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114057576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Network testbeds have become very popular to support research on network protocols and distributed applications. When it comes to reproduce network behaviour, testbeds range between two extremes: use a fully emulated network, as in EmuLab, which yields very reproducible experiments but might be a poor representation of reality; or communicate through the real Internet, as in PlanetLab, resulting in more realistic but less reproducible scenarios. Having both features available in the same testbed, and being able to choose and mix the two at will, is clearly interesting for researchers.� In this paper we present an extension of the PlanetLab testbed to add emulation capabilities to all nodes. The work is centered around the Dummynet emulator, which we ported to Linux as part of this project.
{"title":"Adding emulation to planetlab nodes","authors":"M. Carbone, L. Rizzo","doi":"10.1145/1658997.1659020","DOIUrl":"https://doi.org/10.1145/1658997.1659020","url":null,"abstract":"Network testbeds have become very popular to support research on network protocols and distributed applications. When it comes to reproduce network behaviour, testbeds range between two extremes: use a fully emulated network, as in EmuLab, which yields very reproducible experiments but might be a poor representation of reality; or communicate through the real Internet, as in PlanetLab, resulting in more realistic but less reproducible scenarios. Having both features available in the same testbed, and being able to choose and mix the two at will, is clearly interesting for researchers.\u0000 In this paper we present an extension of the PlanetLab testbed to add emulation capabilities to all nodes. The work is centered around the Dummynet emulator, which we ported to Linux as part of this project.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"191 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124231338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Revealing the misuse of network resources is one of the important fields in the network security, especially for the network administrators. One of them is the use of unauthorized NAT (Network Address Translation) devices (e.g. small office routers or wireless access points) inside the network which introduces serious security issues. There are several techniques proposed on how to detect NAT devices in the computer networks, but all these methods suffer from high false positive rate. Also there is no study how to perform NAT detection using NetFlow data, often used for monitoring and forensics analysis in large networks. The contribution of our work consists of the following: i) we have transformed existing NAT detection techniques to work with NetFlow data, ii) we propose three new NAT detection approaches, iii) we have designed a prototype of NAT detection system, which aggregates the results from various NAT detection techniques in order to minimize false positive and false negative rates.
{"title":"Netflow based system for NAT detection","authors":"Vojtech Krmicek, Jan Vykopal, Radek Krejcí","doi":"10.1145/1658997.1659010","DOIUrl":"https://doi.org/10.1145/1658997.1659010","url":null,"abstract":"Revealing the misuse of network resources is one of the important fields in the network security, especially for the network administrators. One of them is the use of unauthorized NAT (Network Address Translation) devices (e.g. small office routers or wireless access points) inside the network which introduces serious security issues. There are several techniques proposed on how to detect NAT devices in the computer networks, but all these methods suffer from high false positive rate. Also there is no study how to perform NAT detection using NetFlow data, often used for monitoring and forensics analysis in large networks. The contribution of our work consists of the following: i) we have transformed existing NAT detection techniques to work with NetFlow data, ii) we propose three new NAT detection approaches, iii) we have designed a prototype of NAT detection system, which aggregates the results from various NAT detection techniques in order to minimize false positive and false negative rates.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115544750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To support secure communications for many applications in wireless sensor networks (WSNs), some strategies have been proposed to develop the pair-wise rekeying protocol. However, most existing schemes suffer the node capture attack. In this paper, we present a perturbation-based pair-wise rekeying scheme for a hierarchical WSN. Our security analysis shows that the proposed scheme is robust to the node capture attack.
{"title":"A robust pair-wise rekeying protocol in hierarchical wireless sensor networks","authors":"An-Ni Shen, Song Guo","doi":"10.1145/1658997.1659011","DOIUrl":"https://doi.org/10.1145/1658997.1659011","url":null,"abstract":"To support secure communications for many applications in wireless sensor networks (WSNs), some strategies have been proposed to develop the pair-wise rekeying protocol. However, most existing schemes suffer the node capture attack. In this paper, we present a perturbation-based pair-wise rekeying scheme for a hierarchical WSN. Our security analysis shows that the proposed scheme is robust to the node capture attack.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114853375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recently, an ISP-driven cooperative approach is proposed to empowering ISPs for controlling traffic generated by P2P applications [?]. In this approach, an ISP and peers running a P2P application have a cooperative relationship where the ISP provides a guidance, i.e., network information to peers so that the peers select neighbors according to the guidance. This approach enables each party to gain better control and performance, e.g., ISPs gain a control over the P2P traffic, and peers accelerate the performance of the P2P application. However, we observe that the existing approach defines unilateral interaction where only ISPs strive to tackle traffic control and guide the peers that in turn just follow the guidance given by the ISPs, even though the peers could actively help collect network information and refine the guidance. The incentives for the peers to participate in this scheme is that they will also benefit on their part in reducing the download completion time as shown in the existing work [?]. In the light of this observation, we propose bilateral cooperation between ISPs and peers to bring more benefit to both parties, where not only ISPs but also the peers actively provide information so that ISPs can issue a better guidance for the peers than in the existing unilateral interaction model. In more detail, we divide measurement work into two parts so as to collect the network information efficiently and also introduce the guidance including traffic bound which is missing from the existing work. Through simulations we show our proposal brings more benefit to both ISPs and peers than the existing approach such as P4P [?].
{"title":"What can P2P do for traffic control in P2P networks?","authors":"HyunYong Lee, A. Nakao, JongWon Kim","doi":"10.1145/1658997.1659005","DOIUrl":"https://doi.org/10.1145/1658997.1659005","url":null,"abstract":"Recently, an ISP-driven cooperative approach is proposed to empowering ISPs for controlling traffic generated by P2P applications [?]. In this approach, an ISP and peers running a P2P application have a cooperative relationship where the ISP provides a guidance, i.e., network information to peers so that the peers select neighbors according to the guidance. This approach enables each party to gain better control and performance, e.g., ISPs gain a control over the P2P traffic, and peers accelerate the performance of the P2P application. However, we observe that the existing approach defines unilateral interaction where only ISPs strive to tackle traffic control and guide the peers that in turn just follow the guidance given by the ISPs, even though the peers could actively help collect network information and refine the guidance. The incentives for the peers to participate in this scheme is that they will also benefit on their part in reducing the download completion time as shown in the existing work [?]. In the light of this observation, we propose bilateral cooperation between ISPs and peers to bring more benefit to both parties, where not only ISPs but also the peers actively provide information so that ISPs can issue a better guidance for the peers than in the existing unilateral interaction model. In more detail, we divide measurement work into two parts so as to collect the network information efficiently and also introduce the guidance including traffic bound which is missing from the existing work. Through simulations we show our proposal brings more benefit to both ISPs and peers than the existing approach such as P4P [?].","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133341003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We study the problem of interference detection in dense Wi-Fi deployments, which are a reality in most modern metropolitan areas. Interference among neighbor Wi-Fi cells stems from the anarchic deployment of Wi-Fi access points (APs) and the fact that only few APs can operate at the same location on non-overlapping frequencies. Detection of interference conditions is the first step towards its mitigation. We follow a client-centric approach, where wireless clients monitor and report Wi-Fi AP presence. We focus on the security aspects of such a scheme, assuming that clients may attack the reporting mechanism by submitting fake information. Our early evaluation shows that for certain attacker strategies, simple mechanisms can effectively filter invalid reports with minimal loss of information.
{"title":"Secure interference reporting for dense Wi-Fi deployments","authors":"P. A. Frangoudis, D. Zografos, George C. Polyzos","doi":"10.1145/1658997.1659018","DOIUrl":"https://doi.org/10.1145/1658997.1659018","url":null,"abstract":"We study the problem of interference detection in dense Wi-Fi deployments, which are a reality in most modern metropolitan areas. Interference among neighbor Wi-Fi cells stems from the anarchic deployment of Wi-Fi access points (APs) and the fact that only few APs can operate at the same location on non-overlapping frequencies. Detection of interference conditions is the first step towards its mitigation. We follow a client-centric approach, where wireless clients monitor and report Wi-Fi AP presence. We focus on the security aspects of such a scheme, assuming that clients may attack the reporting mechanism by submitting fake information. Our early evaluation shows that for certain attacker strategies, simple mechanisms can effectively filter invalid reports with minimal loss of information.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121093993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fei Song, Hongke Zhang, Sidong Zhang, Fernando M. V. Ramos, Jon Crowcroft
Due to the dynamic nature of the Internet, the characteristic parameters of network paths are continually changing. The round trip time (RTT) can be used to estimate retransmission timeouts with reasonable accuracy. However, using RTT to evaluate forward or backward delays is not suitable. By identifying this shortcoming, we propose a relative delay estimator (RDE) to make a distinction between all available paths and build a retransmission policy based on it.
{"title":"Relative delay estimator for multipath transport","authors":"Fei Song, Hongke Zhang, Sidong Zhang, Fernando M. V. Ramos, Jon Crowcroft","doi":"10.1145/1658997.1659024","DOIUrl":"https://doi.org/10.1145/1658997.1659024","url":null,"abstract":"Due to the dynamic nature of the Internet, the characteristic parameters of network paths are continually changing. The round trip time (RTT) can be used to estimate retransmission timeouts with reasonable accuracy. However, using RTT to evaluate forward or backward delays is not suitable. By identifying this shortcoming, we propose a relative delay estimator (RDE) to make a distinction between all available paths and build a retransmission policy based on it.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116529818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Existing non-cooperative methods for network capacity measurement are quite restrictive for capacity-asymmetric paths, and their results could be affected by adverse network conditions (e.g., packet delay, packet loss, and packet reordering). In this paper, we propose to use two types of packet pairs---round-trip packet pair and two-way packet pair---and the minimum-delay-difference method for reliable capacity measurement. Our preliminary results show that the new proposal is correct and achieves accurate results even for highly capacity-asymmetric paths.
{"title":"Reliable asymmetric path capacity measurement","authors":"Edmond W. W. Chan, Xiapu Luo, R. Chang","doi":"10.1145/1658997.1659027","DOIUrl":"https://doi.org/10.1145/1658997.1659027","url":null,"abstract":"Existing non-cooperative methods for network capacity measurement are quite restrictive for capacity-asymmetric paths, and their results could be affected by adverse network conditions (e.g., packet delay, packet loss, and packet reordering). In this paper, we propose to use two types of packet pairs---round-trip packet pair and two-way packet pair---and the minimum-delay-difference method for reliable capacity measurement. Our preliminary results show that the new proposal is correct and achieves accurate results even for highly capacity-asymmetric paths.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129025538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Champel, Kévin Huguenin, Anne-Marie Kermarrec, Nicolas Le Scouarnec
This paper proposes LTNC, a new recoding algorithm to build low complexity network codes. At the core of LTNC is a decentralized version of LT codes that allows the use of fast belief propagation decoding instead of high complexity Gauss reduction used by random linear network coding (RLNC). In the context of a peer-to-peer content dissemination application, we observe that LTNC trades advantageously communication optimality of RLNC with decoding cost as it incurs only 38.5% of bandwidth overhead for a gain of almost 99% in CPU cycles.
{"title":"LT network codes: low complexity network codes","authors":"M. Champel, Kévin Huguenin, Anne-Marie Kermarrec, Nicolas Le Scouarnec","doi":"10.1145/1658997.1659019","DOIUrl":"https://doi.org/10.1145/1658997.1659019","url":null,"abstract":"This paper proposes LTNC, a new recoding algorithm to build low complexity network codes. At the core of LTNC is a decentralized version of LT codes that allows the use of fast belief propagation decoding instead of high complexity Gauss reduction used by random linear network coding (RLNC). In the context of a peer-to-peer content dissemination application, we observe that LTNC trades advantageously communication optimality of RLNC with decoding cost as it incurs only 38.5% of bandwidth overhead for a gain of almost 99% in CPU cycles.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116689835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We are assisting to the evolution of new generation applications and services, progressively providing - through a single interface - more interactions among the users and between the users and the network. This is promoting the development of multi-channel applications (e.g. Skype, Cloud Computing Platforms, Facebook, ...) that are specifically designed to easily manage different services delivered on different channels, providing a single access point for the users. This work proposes an integrated multi-layer methodology for the analysis, characterization, and identification of multi-channel applications. A proof of its applicability is shown considering Skype as a case study.
{"title":"On the characterization of multi-channel applications","authors":"Walter de Donato, A. Pescapé","doi":"10.1145/1658997.1659001","DOIUrl":"https://doi.org/10.1145/1658997.1659001","url":null,"abstract":"We are assisting to the evolution of new generation applications and services, progressively providing - through a single interface - more interactions among the users and between the users and the network. This is promoting the development of multi-channel applications (e.g. Skype, Cloud Computing Platforms, Facebook, ...) that are specifically designed to easily manage different services delivered on different channels, providing a single access point for the users. This work proposes an integrated multi-layer methodology for the analysis, characterization, and identification of multi-channel applications. A proof of its applicability is shown considering Skype as a case study.","PeriodicalId":181045,"journal":{"name":"Co-Next Student Workshop '09","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122662452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: