首页 > 最新文献

Proceedings of the Internet Measurement Conference 2018最新文献

英文 中文
How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation 如何捕捉代理谎言:验证具有活动地理位置的网络代理的物理位置
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278551
Zachary Weinberg, Shinyoung Cho, Nicolas Christin, V. Sekar, Phillipa Gill
Internet users worldwide rely on commercial network proxies both to conceal their true location and identity, and to control their apparent location. Their reasons range from mundane to security-critical. Proxy operators offer no proof that their advertised server locations are accurate. IP-to-location databases tend to agree with the advertised locations, but there have been many reports of serious errors in such databases. In this study we estimate the locations of 2269 proxy servers from ping-time measurements to hosts in known locations, combined with AS and network information. These servers are operated by seven proxy services, and, according to the operators, spread over 222 countries and territories. Our measurements show that one-third of them are definitely not located in the advertised countries, and another third might not be. Instead, they are concentrated in countries where server hosting is cheap and reliable (e.g. Czech Republic, Germany, Netherlands, UK, USA). In the process, we address a number of technical challenges with applying active geolocation to proxy servers, which may not be directly pingable, and may restrict the types of packets that can be sent through them, e.g. forbidding traceroute. We also test three geolocation algorithms from previous literature, plus two variations of our own design, at the scale of the whole world.
世界各地的互联网用户都依赖商业网络代理来隐藏他们的真实位置和身份,并控制他们的表面位置。他们的理由从普通的到安全的都有。代理运营商没有提供证据证明他们所宣传的服务器位置是准确的。IP-to-location数据库往往与所公布的位置一致,但也有许多关于这类数据库出现严重错误的报告。在本研究中,我们结合AS和网络信息,从ping时间测量到已知位置的主机,估计了2269个代理服务器的位置。这些服务器由7个代理服务运营,据运营商称,分布在222个国家和地区。我们的测量表明,其中三分之一肯定不在广告宣传的国家,另外三分之一可能不在。相反,它们集中在服务器托管便宜且可靠的国家(例如捷克共和国、德国、荷兰、英国、美国)。在这个过程中,我们解决了一些在代理服务器上应用主动地理定位的技术挑战,这些服务器可能无法直接ping通,并且可能限制可以通过它们发送的数据包类型,例如禁止traceroute。我们还在整个世界范围内测试了以前文献中的三种地理定位算法,以及我们自己设计的两种变体。
{"title":"How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation","authors":"Zachary Weinberg, Shinyoung Cho, Nicolas Christin, V. Sekar, Phillipa Gill","doi":"10.1145/3278532.3278551","DOIUrl":"https://doi.org/10.1145/3278532.3278551","url":null,"abstract":"Internet users worldwide rely on commercial network proxies both to conceal their true location and identity, and to control their apparent location. Their reasons range from mundane to security-critical. Proxy operators offer no proof that their advertised server locations are accurate. IP-to-location databases tend to agree with the advertised locations, but there have been many reports of serious errors in such databases. In this study we estimate the locations of 2269 proxy servers from ping-time measurements to hosts in known locations, combined with AS and network information. These servers are operated by seven proxy services, and, according to the operators, spread over 222 countries and territories. Our measurements show that one-third of them are definitely not located in the advertised countries, and another third might not be. Instead, they are concentrated in countries where server hosting is cheap and reliable (e.g. Czech Republic, Germany, Netherlands, UK, USA). In the process, we address a number of technical challenges with applying active geolocation to proxy servers, which may not be directly pingable, and may restrict the types of packets that can be sent through them, e.g. forbidding traceroute. We also test three geolocation algorithms from previous literature, plus two variations of our own design, at the scale of the whole world.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"171 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73077423","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
A First Look at SIM-Enabled Wearables in the Wild 首先看看在野外支持sim卡的可穿戴设备
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278540
Harini Kolamunna, Ilias Leontiadis, Diego Perino, Suranga Seneviratne, Kanchana Thilakarathna, A. Seneviratne
Recent advances are driving wearables towards stand-alone devices with cellular network support (e.g. SIM-enabled Apple Watch series-3). Nonetheless, a little has been studied on SIM-enabled wearable traffic in ISP networks to gain customer insights and to understand traffic characteristics. In this paper, we characterize the network traffic of several thousand SIM-enabled wearable users in a large European mobile ISP. We present insights on user behavior, application characteristics such as popularity and usage, and wearable traffic patterns. We observed a 9% increase in SIM-enabled wearable users over a five month observation period. However, only 34% of such users actually generate any network transaction. Our analysis also indicates that SIM-enabled wearable users are significantly more active in terms of mobility, data consumption and frequency of app usage compared to the remaining customers of the ISP who are mostly equipped with a smartphone. Finally, wearable apps directly communicate with third parties such as advertisement and analytics networks similarly to smartphone apps.
最近的进展正在推动可穿戴设备向支持蜂窝网络的独立设备发展(例如支持sim卡的Apple Watch series-3)。尽管如此,对ISP网络中支持sim卡的可穿戴流量进行了少量研究,以获得客户见解并了解流量特征。在本文中,我们描述了欧洲大型移动ISP中数千名支持sim卡的可穿戴用户的网络流量。我们对用户行为、应用程序特征(如受欢迎程度和使用情况)以及可穿戴流量模式提出了见解。我们发现,在5个月的观察期内,支持sim卡的可穿戴设备用户增加了9%。然而,只有34%的此类用户实际上产生了任何网络交易。我们的分析还表明,与大部分使用智能手机的ISP客户相比,支持sim卡的可穿戴用户在移动性、数据消费和应用使用频率方面明显更加活跃。最后,与智能手机应用程序类似,可穿戴应用程序直接与第三方(如广告和分析网络)进行通信。
{"title":"A First Look at SIM-Enabled Wearables in the Wild","authors":"Harini Kolamunna, Ilias Leontiadis, Diego Perino, Suranga Seneviratne, Kanchana Thilakarathna, A. Seneviratne","doi":"10.1145/3278532.3278540","DOIUrl":"https://doi.org/10.1145/3278532.3278540","url":null,"abstract":"Recent advances are driving wearables towards stand-alone devices with cellular network support (e.g. SIM-enabled Apple Watch series-3). Nonetheless, a little has been studied on SIM-enabled wearable traffic in ISP networks to gain customer insights and to understand traffic characteristics. In this paper, we characterize the network traffic of several thousand SIM-enabled wearable users in a large European mobile ISP. We present insights on user behavior, application characteristics such as popularity and usage, and wearable traffic patterns. We observed a 9% increase in SIM-enabled wearable users over a five month observation period. However, only 34% of such users actually generate any network transaction. Our analysis also indicates that SIM-enabled wearable users are significantly more active in terms of mobility, data consumption and frequency of app usage compared to the remaining customers of the ISP who are mostly equipped with a smartphone. Finally, wearable apps directly communicate with third parties such as advertisement and analytics networks similarly to smartphone apps.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"165 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78852756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A First Joint Look at DoS Attacks and BGP Blackholing in the Wild 首次联合研究DoS攻击和BGP黑洞
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278571
M. Jonker, A. Pras, A. Dainotti, A. Sperotto
BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation. Although empirical evidence of blackholing activities are documented in literature, a clear understanding of how blackholing is used in practice when attacks occur is still missing. This paper presents a first joint look at DoS attacks and BGP blackholing in the wild. We do this on the basis of two complementary data sets of DoS attacks, inferred from a large network telescope and DoS honeypots, and on a data set of blackholing events. All data sets span a period of three years, thus providing a longitudinal overview of operational deployment of blackholing during DoS attacks.
BGP黑洞是一种基于BGP功能实现DoS缓解的操作对策。尽管文献中记录了黑洞活动的经验证据,但对于攻击发生时如何在实践中使用黑洞的清晰理解仍然缺失。本文首次对DoS攻击和BGP黑洞进行了联合研究。我们这样做是基于两个互补的DoS攻击数据集,从一个大型网络望远镜和DoS蜜罐推断,以及黑洞事件的数据集。所有数据集跨越三年,从而提供了DoS攻击期间黑洞操作部署的纵向概述。
{"title":"A First Joint Look at DoS Attacks and BGP Blackholing in the Wild","authors":"M. Jonker, A. Pras, A. Dainotti, A. Sperotto","doi":"10.1145/3278532.3278571","DOIUrl":"https://doi.org/10.1145/3278532.3278571","url":null,"abstract":"BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation. Although empirical evidence of blackholing activities are documented in literature, a clear understanding of how blackholing is used in practice when attacks occur is still missing. This paper presents a first joint look at DoS attacks and BGP blackholing in the wild. We do this on the basis of two complementary data sets of DoS attacks, inferred from a large network telescope and DoS honeypots, and on a data set of blackholing events. All data sets span a period of three years, thus providing a longitudinal overview of operational deployment of blackholing during DoS attacks.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"2 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74598355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
403 Forbidden: A Global View of CDN Geoblocking 403禁止:CDN地理阻塞的全局视图
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278552
Allison McDonald, Matthew Bernhard, Luke Valenta, Benjamin VanderSloot, W. Scott, N. Sullivan, J. A. Halderman, Roya Ensafi
We report the first wide-scale measurement study of server-side geographic restriction, or geoblocking, a phenomenon in which server operators intentionally deny access to users from particular countries or regions. Many sites practice geoblocking due to legal requirements or other business reasons, but excessive blocking can needlessly deny valuable content and services to entire national populations. To help researchers and policymakers understand this phenomenon, we develop a semi-automated system to detect instances where whole websites were rendered inaccessible due to geoblocking. By focusing on detecting geoblocking capabilities offered by large CDNs and cloud providers, we can reliably distinguish the practice from dynamic anti-abuse mechanisms and network-based censorship. We apply our techniques to test for geoblocking across the Alexa Top 10K sites from thousands of vantage points in 177 countries. We then expand our measurement to a sample of CDN customers in the Alexa Top 1M. We find that geoblocking occurs across a broad set of countries and sites. We observe geoblocking in nearly all countries we study, with Iran, Syria, Sudan, Cuba, and Russia experiencing the highest rates. These countries experience particularly high rates of geoblocking for finance and banking sites, likely as a result of U.S. economic sanctions. We also verify our measurements with data provided by Cloudflare, and find our observations to be accurate.
我们报告了服务器端地理限制或地理阻塞的首次大规模测量研究,这是一种服务器运营商故意拒绝特定国家或地区用户访问的现象。由于法律要求或其他商业原因,许多网站实行地理封锁,但过度封锁可能会不必要地拒绝向整个国家的人口提供有价值的内容和服务。为了帮助研究人员和政策制定者理解这一现象,我们开发了一个半自动系统来检测由于地理屏蔽而导致整个网站无法访问的情况。通过专注于检测大型cdn和云提供商提供的地理封锁功能,我们可以可靠地将这种做法与动态反滥用机制和基于网络的审查区分开来。我们应用我们的技术来测试地理屏蔽在177个国家的数千个有利位置的Alexa前10K网站。然后,我们将测量扩展到Alexa前1M中的CDN客户样本。我们发现地理封锁发生在广泛的国家和网站。我们在几乎所有研究的国家都观察到地理封锁,其中伊朗、叙利亚、苏丹、古巴和俄罗斯的比例最高。这些国家对金融和银行网站的地理屏蔽率特别高,可能是美国经济制裁的结果。我们还用Cloudflare提供的数据验证了我们的测量结果,并发现我们的观察结果是准确的。
{"title":"403 Forbidden: A Global View of CDN Geoblocking","authors":"Allison McDonald, Matthew Bernhard, Luke Valenta, Benjamin VanderSloot, W. Scott, N. Sullivan, J. A. Halderman, Roya Ensafi","doi":"10.1145/3278532.3278552","DOIUrl":"https://doi.org/10.1145/3278532.3278552","url":null,"abstract":"We report the first wide-scale measurement study of server-side geographic restriction, or geoblocking, a phenomenon in which server operators intentionally deny access to users from particular countries or regions. Many sites practice geoblocking due to legal requirements or other business reasons, but excessive blocking can needlessly deny valuable content and services to entire national populations. To help researchers and policymakers understand this phenomenon, we develop a semi-automated system to detect instances where whole websites were rendered inaccessible due to geoblocking. By focusing on detecting geoblocking capabilities offered by large CDNs and cloud providers, we can reliably distinguish the practice from dynamic anti-abuse mechanisms and network-based censorship. We apply our techniques to test for geoblocking across the Alexa Top 10K sites from thousands of vantage points in 177 countries. We then expand our measurement to a sample of CDN customers in the Alexa Top 1M. We find that geoblocking occurs across a broad set of countries and sites. We observe geoblocking in nearly all countries we study, with Iran, Syria, Sudan, Cuba, and Russia experiencing the highest rates. These countries experience particularly high rates of geoblocking for finance and banking sites, likely as a result of U.S. economic sanctions. We also verify our measurements with data provided by Cloudflare, and find our observations to be accurate.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"15 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73656109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
How Tracking Companies Circumvented Ad Blockers Using WebSockets 跟踪公司如何使用WebSockets规避广告拦截器
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278573
M. Bashir, Sajjad Arshad, E. Kirda, William K. Robertson, Christo Wilson
In this study of 100,000 websites, we document how Advertising and Analytics (A&A) companies have used WebSockets to bypass ad blocking, exfiltrate user tracking data, and deliver advertisements. Specifically, our measurements investigate how a long-standing bug in Chrome's (the world's most popular browser) chrome.webRequest API prevented blocking extensions from being able to interpose on WebSocket connections. We conducted large-scale crawls of top publishers before and after this bug was patched in April 2017 to examine which A&A companies were using WebSockets, what information was being transferred, and whether companies altered their behavior after the patch. We find that a small but persistent group of A&A companies use WebSockets, and that several of them engaged in troubling behavior, such as browser fingerprinting, exfiltrating the DOM, and serving advertisements, that would have circumvented blocking due to the Chrome bug.
在这项对100,000个网站的研究中,我们记录了广告和分析(A&A)公司如何使用WebSockets绕过广告拦截,泄露用户跟踪数据并发布广告。具体来说,我们的测量调查了Chrome(世界上最流行的浏览器)Chrome浏览器中一个长期存在的bug是如何修复的。webRequest API防止阻塞扩展能够干预WebSocket连接。我们在2017年4月这个漏洞被修补前后对顶级出版商进行了大规模的爬行,以检查哪些A&A公司在使用WebSockets,传输了哪些信息,以及这些公司是否在修补后改变了他们的行为。我们发现,有一小部分A&A公司一直在使用WebSockets,其中一些公司从事一些令人不安的行为,比如浏览器指纹识别、泄露DOM和提供广告,这些行为本可以绕过由于Chrome漏洞而导致的屏蔽。
{"title":"How Tracking Companies Circumvented Ad Blockers Using WebSockets","authors":"M. Bashir, Sajjad Arshad, E. Kirda, William K. Robertson, Christo Wilson","doi":"10.1145/3278532.3278573","DOIUrl":"https://doi.org/10.1145/3278532.3278573","url":null,"abstract":"In this study of 100,000 websites, we document how Advertising and Analytics (A&A) companies have used WebSockets to bypass ad blocking, exfiltrate user tracking data, and deliver advertisements. Specifically, our measurements investigate how a long-standing bug in Chrome's (the world's most popular browser) chrome.webRequest API prevented blocking extensions from being able to interpose on WebSocket connections. We conducted large-scale crawls of top publishers before and after this bug was patched in April 2017 to examine which A&A companies were using WebSockets, what information was being transferred, and whether companies altered their behavior after the patch. We find that a small but persistent group of A&A companies use WebSockets, and that several of them engaged in troubling behavior, such as browser fingerprinting, exfiltrating the DOM, and serving advertisements, that would have circumvented blocking due to the Chrome bug.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"7 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80282889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Tracing Cross Border Web Tracking 追踪跨境网页追踪
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278561
Costas Iordanou, Georgios Smaragdakis, Ingmar Poese, Nikolaos Laoutaris
A tracking flow is a flow between an end user and a Web tracking service. We develop an extensive measurement methodology for quantifying at scale the amount of tracking flows that cross data protection borders, be it national or international, such as the EU28 border within which the General Data Protection Regulation (GDPR) applies. Our methodology uses a browser extension to fully render advertising and tracking code, various lists and heuristics to extract well known trackers, passive DNS replication to get all the IP ranges of trackers, and state-of-the art geolocation. We employ our methodology on a dataset from 350 real users of the browser extension over a period of more than four months, and then generalize our results by analyzing billions of web tracking flows from more than 60 million broadband and mobile users from 4 large European ISPs. We show that the majority of tracking flows cross national borders in Europe but, unlike popular belief, are pretty well confined within the larger GDPR jurisdiction. Simple DNS redirection and PoP mirroring can increase national confinement while sealing almost all tracking flows within Europe. Last, we show that cross boarder tracking is prevalent even in sensitive and hence protected data categories and groups including health, sexual orientation, minors, and others.
跟踪流是终端用户和Web跟踪服务之间的流。我们开发了一种广泛的测量方法,用于大规模量化跨越数据保护边界的跟踪流量,无论是国内还是国际,例如适用通用数据保护条例(GDPR)的欧盟28国边界。我们的方法使用浏览器扩展来完全呈现广告和跟踪代码,各种列表和启发式方法来提取众所周知的跟踪器,被动DNS复制以获得跟踪器的所有IP范围,以及最先进的地理定位。我们将我们的方法应用于一个数据集,该数据集来自350个浏览器扩展的真实用户,持续时间超过4个月,然后通过分析来自4个大型欧洲互联网服务提供商的6000多万宽带和移动用户的数十亿网络跟踪流来概括我们的结果。我们发现,在欧洲,大多数追踪数据流动是跨越国界的,但与普遍看法不同的是,它们在很大程度上局限于更大的GDPR管辖范围内。简单的DNS重定向和PoP镜像可以增加国家限制,同时封闭欧洲境内几乎所有的跟踪流。最后,我们表明,即使在敏感的、因此受到保护的数据类别和群体中,包括健康、性取向、未成年人等,跨境跟踪也很普遍。
{"title":"Tracing Cross Border Web Tracking","authors":"Costas Iordanou, Georgios Smaragdakis, Ingmar Poese, Nikolaos Laoutaris","doi":"10.1145/3278532.3278561","DOIUrl":"https://doi.org/10.1145/3278532.3278561","url":null,"abstract":"A tracking flow is a flow between an end user and a Web tracking service. We develop an extensive measurement methodology for quantifying at scale the amount of tracking flows that cross data protection borders, be it national or international, such as the EU28 border within which the General Data Protection Regulation (GDPR) applies. Our methodology uses a browser extension to fully render advertising and tracking code, various lists and heuristics to extract well known trackers, passive DNS replication to get all the IP ranges of trackers, and state-of-the art geolocation. We employ our methodology on a dataset from 350 real users of the browser extension over a period of more than four months, and then generalize our results by analyzing billions of web tracking flows from more than 60 million broadband and mobile users from 4 large European ISPs. We show that the majority of tracking flows cross national borders in Europe but, unlike popular belief, are pretty well confined within the larger GDPR jurisdiction. Simple DNS redirection and PoP mirroring can increase national confinement while sealing almost all tracking flows within Europe. Last, we show that cross boarder tracking is prevalent even in sensitive and hence protected data categories and groups including health, sexual orientation, minors, and others.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"15 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87583280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 55
Comments on DNS Robustness 关于DNS健壮性的评论
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278541
M. Allman
The Domain Name System (DNS) maps human-friendly names into the network addresses necessary for network communication. Therefore, the robustness of the DNS is crucial to the general operation of the Internet. As such, the DNS protocol and architecture were designed to facilitate structural robustness within system. For instance, a domain can depend on authoritative nameservers in several topologically disparate datacenters to aid robustness. However, the actual operation of the system need not utilize these robustness tools. In this paper we provide an initial analysis of the structural robustness of the DNS ecosystem over the last nine years.
DNS (Domain Name System)将人性化的名称映射为网络通信所需的网络地址。因此,DNS的健壮性对互联网的正常运行至关重要。因此,设计DNS协议和体系结构是为了促进系统内部的结构健壮性。例如,一个域可以依赖于几个拓扑上完全不同的数据中心中的权威名称服务器来帮助实现健壮性。然而,系统的实际运行并不需要利用这些鲁棒性工具。在本文中,我们对过去九年DNS生态系统的结构稳健性进行了初步分析。
{"title":"Comments on DNS Robustness","authors":"M. Allman","doi":"10.1145/3278532.3278541","DOIUrl":"https://doi.org/10.1145/3278532.3278541","url":null,"abstract":"The Domain Name System (DNS) maps human-friendly names into the network addresses necessary for network communication. Therefore, the robustness of the DNS is crucial to the general operation of the Internet. As such, the DNS protocol and architecture were designed to facilitate structural robustness within system. For instance, a domain can depend on authoritative nameservers in several topologically disparate datacenters to aid robustness. However, the actual operation of the system need not utilize these robustness tools. In this paper we provide an initial analysis of the structural robustness of the DNS ecosystem over the last nine years.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83650027","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Coming of Age: A Longitudinal Study of TLS Deployment 成年:TLS部署的纵向研究
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278568
Platon Kotzias, Abbas Razaghpanah, J. Amann, K. Paterson, N. Vallina-Rodriguez, Juan Caballero
The Transport Layer Security (TLS) protocol is the de-facto standard for encrypted communication on the Internet. However, it has been plagued by a number of different attacks and security issues over the last years. Addressing these attacks requires changes to the protocol, to server- or client-software, or to all of them. In this paper we conduct the first large-scale longitudinal study examining the evolution of the TLS ecosystem over the last six years. We place a special focus on the ecosystem's evolution in response to high-profile attacks. For our analysis, we use a passive measurement dataset with more than 319.3B connections since February 2012, and an active dataset that contains TLS and SSL scans of the entire IPv4 address space since August 2015. To identify the evolution of specific clients we also create the---to our knowledge---largest TLS client fingerprint database to date, consisting of 1,684 fingerprints. We observe that the ecosystem has shifted significantly since 2012, with major changes in which cipher suites and TLS extensions are offered by clients and accepted by servers having taken place. Where possible, we correlate these with the timing of specific attacks on TLS. At the same time, our results show that while clients, especially browsers, are quick to adopt new algorithms, they are also slow to drop support for older ones. We also encounter significant amounts of client software that probably unwittingly offer unsafe ciphers. We discuss these findings in the context of long tail effects in the TLS ecosystem.
传输层安全(TLS)协议是Internet上加密通信的事实上的标准。然而,在过去的几年里,它一直受到许多不同的攻击和安全问题的困扰。解决这些攻击需要对协议、服务器或客户端软件或所有这些进行更改。在本文中,我们进行了第一次大规模的纵向研究,研究了TLS生态系统在过去六年中的演变。我们特别关注生态系统的演变,以应对高调的攻击。在我们的分析中,我们使用了自2012年2月以来拥有超过319.3亿个连接的被动测量数据集,以及自2015年8月以来包含整个IPv4地址空间的TLS和SSL扫描的主动数据集。为了识别特定客户端的演变,我们还创建了——据我们所知——迄今为止最大的TLS客户端指纹数据库,包含1,684个指纹。我们观察到,自2012年以来,生态系统发生了重大变化,客户端提供密码套件和TLS扩展并被服务器接受的重大变化已经发生。在可能的情况下,我们将这些与针对TLS的特定攻击的时间关联起来。同时,我们的结果表明,虽然客户端,尤其是浏览器,采用新算法的速度很快,但它们放弃对旧算法的支持的速度也很慢。我们还会遇到大量可能无意中提供不安全密码的客户端软件。我们在TLS生态系统中的长尾效应背景下讨论这些发现。
{"title":"Coming of Age: A Longitudinal Study of TLS Deployment","authors":"Platon Kotzias, Abbas Razaghpanah, J. Amann, K. Paterson, N. Vallina-Rodriguez, Juan Caballero","doi":"10.1145/3278532.3278568","DOIUrl":"https://doi.org/10.1145/3278532.3278568","url":null,"abstract":"The Transport Layer Security (TLS) protocol is the de-facto standard for encrypted communication on the Internet. However, it has been plagued by a number of different attacks and security issues over the last years. Addressing these attacks requires changes to the protocol, to server- or client-software, or to all of them. In this paper we conduct the first large-scale longitudinal study examining the evolution of the TLS ecosystem over the last six years. We place a special focus on the ecosystem's evolution in response to high-profile attacks. For our analysis, we use a passive measurement dataset with more than 319.3B connections since February 2012, and an active dataset that contains TLS and SSL scans of the entire IPv4 address space since August 2015. To identify the evolution of specific clients we also create the---to our knowledge---largest TLS client fingerprint database to date, consisting of 1,684 fingerprints. We observe that the ecosystem has shifted significantly since 2012, with major changes in which cipher suites and TLS extensions are offered by clients and accepted by servers having taken place. Where possible, we correlate these with the timing of specific attacks on TLS. At the same time, our results show that while clients, especially browsers, are quick to adopt new algorithms, they are also slow to drop support for older ones. We also encounter significant amounts of client software that probably unwittingly offer unsafe ciphers. We discuss these findings in the context of long tail effects in the TLS ecosystem.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"151 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86645731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 63
LDplayer
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278544
Liang Zhu, J. Heidemann
DNS has evolved over the last 20 years, improving in security and privacy and broadening the kinds of applications it supports. However, this evolution has been slowed by the large installed base and the wide range of implementations. The impact of changes is difficult to model due to complex interactions between DNS optimizations, caching, and distributed operation. We suggest that experimentation at scale is needed to evaluate changes and facilitate DNS evolution. This paper presents LDplayer, a configurable, general-purpose DNS experimental framework that enables DNS experiments to scale in several dimensions: many zones, multiple levels of DNS hierarchy, high query rates, and diverse query sources. LDplayer provides high fidelity experiments while meeting these requirements through its distributed DNS query replay system, methods to rebuild the relevant DNS hierarchy from traces, and efficient emulation of this hierarchy on minimal hardware. We show that a single DNS server can correctly emulate multiple independent levels of the DNS hierarchy while providing correct responses as if they were independent. We validate that our system can replay a DNS root traffic with tiny error (± 8 ms quartiles in query timing and ± 0.1% difference in query rate). We show that our system can replay queries at 87k queries/s while using only one CPU, more than twice of a normal DNS Root traffic rate. LDplayer's trace replay has the unique ability to evaluate important design questions with confidence that we capture the interplay of caching, timeouts, and resource constraints. As an example, we demonstrate the memory requirements of a DNS root server with all traffic running over TCP and TLS, and identify performance discontinuities in latency as a function of client RTT.
{"title":"LDplayer","authors":"Liang Zhu, J. Heidemann","doi":"10.1145/3278532.3278544","DOIUrl":"https://doi.org/10.1145/3278532.3278544","url":null,"abstract":"DNS has evolved over the last 20 years, improving in security and privacy and broadening the kinds of applications it supports. However, this evolution has been slowed by the large installed base and the wide range of implementations. The impact of changes is difficult to model due to complex interactions between DNS optimizations, caching, and distributed operation. We suggest that experimentation at scale is needed to evaluate changes and facilitate DNS evolution. This paper presents LDplayer, a configurable, general-purpose DNS experimental framework that enables DNS experiments to scale in several dimensions: many zones, multiple levels of DNS hierarchy, high query rates, and diverse query sources. LDplayer provides high fidelity experiments while meeting these requirements through its distributed DNS query replay system, methods to rebuild the relevant DNS hierarchy from traces, and efficient emulation of this hierarchy on minimal hardware. We show that a single DNS server can correctly emulate multiple independent levels of the DNS hierarchy while providing correct responses as if they were independent. We validate that our system can replay a DNS root traffic with tiny error (± 8 ms quartiles in query timing and ± 0.1% difference in query rate). We show that our system can replay queries at 87k queries/s while using only one CPU, more than twice of a normal DNS Root traffic rate. LDplayer's trace replay has the unique ability to evaluate important design questions with confidence that we capture the interplay of caching, timeouts, and resource constraints. As an example, we demonstrate the memory requirements of a DNS root server with all traffic running over TCP and TLS, and identify performance discontinuities in latency as a function of client RTT.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"27 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78147177","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Large Scale Study of Data Center Network Reliability 数据中心网络可靠性大规模研究
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278566
Justin Meza, Tianyin Xu, K. Veeraraghavan, O. Mutlu
The ability to tolerate, remediate, and recover from network incidents (caused by device failures and fiber cuts, for example) is critical for building and operating highly-available web services. Achieving fault tolerance and failure preparedness requires system architects, software developers, and site operators to have a deep understanding of network reliability at scale, along with its implications on the software systems that run in data centers. Unfortunately, little has been reported on the reliability characteristics of large scale data center network infrastructure, let alone its impact on the availability of services powered by software running on that network infrastructure. This paper fills the gap by presenting a large scale, longitudinal study of data center network reliability based on operational data collected from the production network infrastructure at Facebook, one of the largest web service providers in the world. Our study covers reliability characteristics of both intra and inter data center networks. For intra data center networks, we study seven years of operation data comprising thousands of network incidents across two different data center network designs, a cluster network design and a state-of-the-art fabric network design. For inter data center networks, we study eighteen months of recent repair tickets from the field to understand reliability of Wide Area Network (WAN) backbones. In contrast to prior work, we study the effects of network reliability on software systems, and how these reliability characteristics evolve over time. We discuss the implications of network reliability on the design, implementation, and operation of large scale data center systems and how it affects highly-available web services. We hope our study forms a foundation for understanding the reliability of large scale network infrastructure, and inspires new reliability solutions to network incidents.
容忍、修复和从网络事件(例如由设备故障和光纤切断引起的)中恢复的能力对于构建和操作高可用性web服务至关重要。实现容错和故障准备需要系统架构师、软件开发人员和站点操作员对大规模的网络可靠性及其对在数据中心中运行的软件系统的影响有深刻的理解。不幸的是,关于大型数据中心网络基础设施的可靠性特征的报道很少,更不用说它对运行在该网络基础设施上的软件支持的服务可用性的影响了。本文通过对数据中心网络可靠性的大规模纵向研究来填补这一空白,该研究基于从Facebook(世界上最大的网络服务提供商之一)的生产网络基础设施收集的运营数据。我们的研究涵盖了数据中心内和数据中心间网络的可靠性特征。对于内部数据中心网络,我们研究了7年的运行数据,包括两种不同的数据中心网络设计,集群网络设计和最先进的结构网络设计中的数千个网络事件。对于跨数据中心网络,我们研究了18个月的现场维修单,以了解广域网(WAN)主干网的可靠性。与之前的工作相反,我们研究了网络可靠性对软件系统的影响,以及这些可靠性特征如何随着时间的推移而演变。我们讨论了网络可靠性对大型数据中心系统的设计、实现和操作的影响,以及它如何影响高可用性web服务。我们希望我们的研究能够为理解大规模网络基础设施的可靠性奠定基础,并启发新的网络事件可靠性解决方案。
{"title":"A Large Scale Study of Data Center Network Reliability","authors":"Justin Meza, Tianyin Xu, K. Veeraraghavan, O. Mutlu","doi":"10.1145/3278532.3278566","DOIUrl":"https://doi.org/10.1145/3278532.3278566","url":null,"abstract":"The ability to tolerate, remediate, and recover from network incidents (caused by device failures and fiber cuts, for example) is critical for building and operating highly-available web services. Achieving fault tolerance and failure preparedness requires system architects, software developers, and site operators to have a deep understanding of network reliability at scale, along with its implications on the software systems that run in data centers. Unfortunately, little has been reported on the reliability characteristics of large scale data center network infrastructure, let alone its impact on the availability of services powered by software running on that network infrastructure. This paper fills the gap by presenting a large scale, longitudinal study of data center network reliability based on operational data collected from the production network infrastructure at Facebook, one of the largest web service providers in the world. Our study covers reliability characteristics of both intra and inter data center networks. For intra data center networks, we study seven years of operation data comprising thousands of network incidents across two different data center network designs, a cluster network design and a state-of-the-art fabric network design. For inter data center networks, we study eighteen months of recent repair tickets from the field to understand reliability of Wide Area Network (WAN) backbones. In contrast to prior work, we study the effects of network reliability on software systems, and how these reliability characteristics evolve over time. We discuss the implications of network reliability on the design, implementation, and operation of large scale data center systems and how it affects highly-available web services. We hope our study forms a foundation for understanding the reliability of large scale network infrastructure, and inspires new reliability solutions to network incidents.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"44 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83637139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
期刊
Proceedings of the Internet Measurement Conference 2018
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1