首页 > 最新文献

Proceedings of the Internet Measurement Conference 2018最新文献

英文 中文
Pushing the Boundaries with bdrmapIT: Mapping Router Ownership at Internet Scale 突破边界与bdrmapIT:映射路由器所有权在互联网规模
Pub Date : 2018-10-31 DOI: 10.1145/3278532.3278538
Alexander Marder, M. Luckie, A. Dhamdhere, B. Huffaker, K. Claffy, Jonathan M. Smith
Two complementary approaches to mapping network boundaries from traceroute paths recently emerged [27,31]. Both approaches apply heuristics to inform inferences extracted from traceroute measurement campaigns. bdrmap [27] used targeted traceroutes from a specific network, alias resolution probing techniques, and AS relationship inferences, to infer the boundaries of that specific network and the other networks attached at each boundary. MAPIT [31] tackled the ambitious challenge of inferring all AS-level network boundaries in a massive archived collection of traceroutes launched from many different networks. Both were substantial contributions to the state-of-the-art, and inspired a collaboration to explore the potential to combine the approaches. We present and evaluate bdrmapIT, the result of that exploration, which yielded a more complete, accurate, and general solution to this persistent and central challenge of Internet topology research. bdrmapIT achieves 91.8%-98.8% accuracy when mapping AS boundaries in two Internet-wide traceroute datasets, vastly improving on MAP-IT's coverage without sacrificing bdrmap's ability to map a single network. The bdrmapIT source code is available at https://git.io/fAsI0.
最近出现了两种互补的从traceroute路径映射网络边界的方法[27,31]。这两种方法都应用启发式来告知从跟踪路由测量活动中提取的推论。bdrmap[27]使用来自特定网络的目标跟踪路由、别名解析探测技术和AS关系推断来推断该特定网络的边界以及附加在每个边界上的其他网络。MAPIT[31]解决了从许多不同网络发起的大量跟踪路由存档集合中推断所有as级网络边界的雄心勃勃的挑战。两者都是对最先进技术的重大贡献,并激发了合作,以探索结合这两种方法的潜力。我们提出并评估了bdrmapIT,这是探索的结果,它为互联网拓扑研究的这一持久和核心挑战提供了更完整、更准确和更通用的解决方案。bdrmapIT在两个互联网范围的跟踪路由数据集中映射AS边界时达到了91.8%-98.8%的精度,在不牺牲bdrmap映射单个网络的能力的情况下,极大地提高了map - it的覆盖范围。bdrmapIT源代码可从https://git.io/fAsI0获得。
{"title":"Pushing the Boundaries with bdrmapIT: Mapping Router Ownership at Internet Scale","authors":"Alexander Marder, M. Luckie, A. Dhamdhere, B. Huffaker, K. Claffy, Jonathan M. Smith","doi":"10.1145/3278532.3278538","DOIUrl":"https://doi.org/10.1145/3278532.3278538","url":null,"abstract":"Two complementary approaches to mapping network boundaries from traceroute paths recently emerged [27,31]. Both approaches apply heuristics to inform inferences extracted from traceroute measurement campaigns. bdrmap [27] used targeted traceroutes from a specific network, alias resolution probing techniques, and AS relationship inferences, to infer the boundaries of that specific network and the other networks attached at each boundary. MAPIT [31] tackled the ambitious challenge of inferring all AS-level network boundaries in a massive archived collection of traceroutes launched from many different networks. Both were substantial contributions to the state-of-the-art, and inspired a collaboration to explore the potential to combine the approaches. We present and evaluate bdrmapIT, the result of that exploration, which yielded a more complete, accurate, and general solution to this persistent and central challenge of Internet topology research. bdrmapIT achieves 91.8%-98.8% accuracy when mapping AS boundaries in two Internet-wide traceroute datasets, vastly improving on MAP-IT's coverage without sacrificing bdrmap's ability to map a single network. The bdrmapIT source code is available at https://git.io/fAsI0.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"41 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72811833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
Dissecting Apple's Meta-CDN during an iOS Update 剖析苹果iOS更新期间的Meta-CDN
Pub Date : 2018-10-06 DOI: 10.1145/3278532.3278567
Jeremias Blendin, Fabrice Bendfeldt, Ingmar Poese, B. Koldehofe, O. Hohlfeld
Content delivery networks (CDN) contribute more than 50% of today's Internet traffic. Meta-CDNs, an evolution of centrally controlled CDNs, promise increased flexibility by multihoming content. So far, efforts to understand the characteristics of Meta-CDNs focus mainly on third-party Meta-CDN services. A common, but unexplored, use case for Meta-CDNs is to use the CDNs mapping infrastructure to form self-operated Meta-CDNs integrating third-party CDNs. These CDNs assist in the build-up phase of a CDN's infrastructure or mitigate capacity shortages by offloading traffic. This paper investigates the Apple CDN as a prominent example of self-operated Meta-CDNs. We describe the involved CDNs, the request-mapping mechanism, and show the cache locations of the Apple CDN using measurements of more than 800 RIPE Atlas probes worldwide. We further measure its load-sharing behavior by observing a major iOS update in Sep. 2017, a significant event potentially reaching up to an estimated 1 billion iOS devices. Furthermore, by analyzing data from a European Eyeball ISP, we quantify third-party traffic offloading effects and find third-party CDNs increase their traffic by 438% while saturating seemingly unrelated links.
内容分发网络(CDN)贡献了当今互联网流量的50%以上。元cdn是中央控制的cdn的一种演变,它承诺通过多宿主内容增加灵活性。到目前为止,对Meta-CDN特性的理解主要集中在第三方Meta-CDN服务上。元cdn的一个常见但未开发的用例是使用cdn映射基础设施来形成集成第三方cdn的自操作元cdn。这些CDN在CDN基础设施的构建阶段提供帮助,或者通过卸载流量来缓解容量短缺。本文研究了苹果CDN作为自操作元CDN的一个突出例子。我们描述了所涉及的CDN,请求映射机制,并使用全球800多个RIPE Atlas探针的测量显示了Apple CDN的缓存位置。我们通过观察2017年9月的一次重大iOS更新进一步衡量了其负载共享行为,这是一个可能影响多达10亿台iOS设备的重大事件。此外,通过分析来自欧洲眼球ISP的数据,我们量化了第三方流量卸载效果,发现第三方cdn在饱和看似不相关的链接的同时增加了438%的流量。
{"title":"Dissecting Apple's Meta-CDN during an iOS Update","authors":"Jeremias Blendin, Fabrice Bendfeldt, Ingmar Poese, B. Koldehofe, O. Hohlfeld","doi":"10.1145/3278532.3278567","DOIUrl":"https://doi.org/10.1145/3278532.3278567","url":null,"abstract":"Content delivery networks (CDN) contribute more than 50% of today's Internet traffic. Meta-CDNs, an evolution of centrally controlled CDNs, promise increased flexibility by multihoming content. So far, efforts to understand the characteristics of Meta-CDNs focus mainly on third-party Meta-CDN services. A common, but unexplored, use case for Meta-CDNs is to use the CDNs mapping infrastructure to form self-operated Meta-CDNs integrating third-party CDNs. These CDNs assist in the build-up phase of a CDN's infrastructure or mitigate capacity shortages by offloading traffic. This paper investigates the Apple CDN as a prominent example of self-operated Meta-CDNs. We describe the involved CDNs, the request-mapping mechanism, and show the cache locations of the Apple CDN using measurements of more than 800 RIPE Atlas probes worldwide. We further measure its load-sharing behavior by observing a major iOS update in Sep. 2017, a significant event potentially reaching up to an estimated 1 billion iOS devices. Furthermore, by analyzing data from a European Eyeball ISP, we quantify third-party traffic offloading effects and find third-party CDNs increase their traffic by 438% while saturating seemingly unrelated links.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"20 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84951221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Multilevel MDA-Lite Paris Traceroute 多层MDA-Lite巴黎Traceroute
Pub Date : 2018-09-26 DOI: 10.1145/3278532.3278536
Kevin Vermeulen, Stephen D. Strowes, Olivier Fourmaux, T. Friedman
Since its introduction in 2006--2007, Paris Traceroute and its Multipath Detection Algorithm (MDA) have been used to conduct well over a billion IP level multipath route traces from platforms such as M-Lab. Unfortunately, the MDA requires a large number of packets in order to trace an entire topology of load balanced paths between a source and a destination, which makes it undesirable for platforms that otherwise deploy Paris Traceroute, such as RIPE Atlas. In this paper we present a major update to the Paris Traceroute tool. Our contributions are: (1) MDA-Lite, an alternative to the MDA that significantly cuts overhead while maintaining a low failure probability; (2) Fakeroute, a simulator that enables validation of a multipath route tracing tool's adherence to its claimed failure probability bounds; (3) multilevel multipath route tracing, with, for the first time, a Traceroute tool that provides a router-level view of multipath routes; and (4) surveys at both the IP and router levels of multipath routing in the Internet, showing, among other things, that load balancing topologies have increased in size well beyond what has been previously reported as recently as 2016. The data and the software underlying these results are publicly available.
自2006年至2007年推出以来,Paris Traceroute及其多路径检测算法(MDA)已用于从M-Lab等平台进行超过10亿个IP级多路径路由跟踪。不幸的是,MDA需要大量的数据包来跟踪源和目标之间负载均衡路径的整个拓扑结构,这使得它不适合部署Paris Traceroute的平台,例如RIPE Atlas。在本文中,我们对Paris Traceroute工具进行了重大更新。我们的贡献是:(1)MDA- lite,它是MDA的替代方案,在保持低故障概率的同时显著降低了开销;(2) Fakeroute,一个能够验证多路径路由跟踪工具是否符合其声称的故障概率界限的模拟器;(3)多级多路径路由跟踪,首次提供了Traceroute工具,提供了路由器级别的多路径路由视图;(4)对互联网中多路径路由的IP和路由器级别进行的调查显示,除其他事项外,负载平衡拓扑的规模已经远远超出了之前报道的2016年的规模。这些结果背后的数据和软件是公开的。
{"title":"Multilevel MDA-Lite Paris Traceroute","authors":"Kevin Vermeulen, Stephen D. Strowes, Olivier Fourmaux, T. Friedman","doi":"10.1145/3278532.3278536","DOIUrl":"https://doi.org/10.1145/3278532.3278536","url":null,"abstract":"Since its introduction in 2006--2007, Paris Traceroute and its Multipath Detection Algorithm (MDA) have been used to conduct well over a billion IP level multipath route traces from platforms such as M-Lab. Unfortunately, the MDA requires a large number of packets in order to trace an entire topology of load balanced paths between a source and a destination, which makes it undesirable for platforms that otherwise deploy Paris Traceroute, such as RIPE Atlas. In this paper we present a major update to the Paris Traceroute tool. Our contributions are: (1) MDA-Lite, an alternative to the MDA that significantly cuts overhead while maintaining a low failure probability; (2) Fakeroute, a simulator that enables validation of a multipath route tracing tool's adherence to its claimed failure probability bounds; (3) multilevel multipath route tracing, with, for the first time, a Traceroute tool that provides a router-level view of multipath routes; and (4) surveys at both the IP and router levels of multipath routing in the Internet, showing, among other things, that load balancing topologies have increased in size well beyond what has been previously reported as recently as 2016. The data and the software underlying these results are publicly available.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"51 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75149584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets Beyond b谷歌Play:中国Android应用市场的大规模比较研究
Pub Date : 2018-09-26 DOI: 10.1145/3278532.3278558
Haoyu Wang, Zhe Liu, Jingyue Liang, N. Vallina-Rodriguez, Yao Guo, Li Li, J. Tapiador, Jingcun Cao, Guoai Xu
China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores are pre-installed vendor-specific app markets (e.g., Huawei, Xiaomi and OPPO), whereas others are maintained by large tech companies (e.g., Baidu, Qihoo 360 and Tencent). The nature of these app stores and the content available through them vary greatly, including their trustworthiness and security guarantees. As of today, the research community has not studied the Chinese Android ecosystem in depth. To fill this gap, we present the first large-scale comparative study that covers more than 6 million Android apps downloaded from 16 Chinese app markets and Google Play. We focus our study on catalog similarity across app stores, their features, publishing dynamics, and the prevalence of various forms of misbehavior (including the presence of fake, cloned and malicious apps). Our findings also suggest heterogeneous developer behavior across app stores, in terms of code maintenance, use of third-party services, and so forth. Overall, Chinese app markets perform substantially worse when taking active measures to protect mobile users and legit developers from deceptive and abusive actors, showing a significantly higher prevalence of malware, fake, and cloned apps than Google Play.
中国是全球最大的Android市场之一。由于中国用户无法进入Google Play购买和安装Android应用,一些独立的应用商店开始在中国应用市场展开竞争。中国的一些应用商店是预装的特定于供应商的应用市场(如华为、小米和OPPO),而其他应用商店则由大型科技公司(如百度、奇虎360和腾讯)维护。这些应用商店的性质和它们提供的内容差异很大,包括它们的可信度和安全保证。到目前为止,研究界还没有深入研究中国的Android生态系统。为了填补这一空白,我们提出了第一个大规模的比较研究,涵盖了从16个中国应用市场和Google Play下载的600多万Android应用程序。我们的研究重点是应用商店的目录相似性,它们的功能,发布动态,以及各种形式的不当行为的流行(包括假冒,克隆和恶意应用的存在)。我们的研究结果还表明,在代码维护、第三方服务的使用等方面,不同应用商店的开发者行为存在差异。总体而言,在采取积极措施保护手机用户和合法开发者免受欺诈和滥用行为的侵害方面,中国应用市场的表现明显较差,恶意软件、假冒和克隆应用的流行程度明显高于Google Play。
{"title":"Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets","authors":"Haoyu Wang, Zhe Liu, Jingyue Liang, N. Vallina-Rodriguez, Yao Guo, Li Li, J. Tapiador, Jingcun Cao, Guoai Xu","doi":"10.1145/3278532.3278558","DOIUrl":"https://doi.org/10.1145/3278532.3278558","url":null,"abstract":"China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores are pre-installed vendor-specific app markets (e.g., Huawei, Xiaomi and OPPO), whereas others are maintained by large tech companies (e.g., Baidu, Qihoo 360 and Tencent). The nature of these app stores and the content available through them vary greatly, including their trustworthiness and security guarantees. As of today, the research community has not studied the Chinese Android ecosystem in depth. To fill this gap, we present the first large-scale comparative study that covers more than 6 million Android apps downloaded from 16 Chinese app markets and Google Play. We focus our study on catalog similarity across app stores, their features, publishing dynamics, and the prevalence of various forms of misbehavior (including the presence of fake, cloned and malicious apps). Our findings also suggest heterogeneous developer behavior across app stores, in terms of code maintenance, use of third-party services, and so forth. Overall, Chinese app markets perform substantially worse when taking active measures to protect mobile users and legit developers from deceptive and abusive actors, showing a significantly higher prevalence of malware, fake, and cloned apps than Google Play.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"10 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78775794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 111
An Empirical Study of the I2P Anonymity Network and its Censorship Resistance I2P匿名网络及其审查阻力的实证研究
Pub Date : 2018-09-24 DOI: 10.1145/3278532.3278565
Nguyen Phong Hoang, Panagiotis Kintis, M. Antonakakis, M. Polychronakis
Tor and I2P are well-known anonymity networks used by many individuals to protect their online privacy and anonymity. Tor's centralized directory services facilitate the understanding of the Tor network, as well as the measurement and visualization of its structure through the Tor Metrics project. In contrast, I2P does not rely on centralized directory servers, and thus obtaining a complete view of the network is challenging. In this work, we conduct an empirical study of the I2P network, in which we measure properties including population, churn rate, router type, and the geographic distribution of I2P peers. We find that there are currently around 32K active I2P peers in the network on a daily basis. Of these peers, 14K are located behind NAT or firewalls. Using the collected network data, we examine the blocking resistance of I2P against a censor that wants to prevent access to I2P using address-based blocking techniques. Despite the decentralized characteristics of I2P, we discover that a censor can block more than 95% of peer IP addresses known by a stable I2P client by operating only 10 routers in the network. This amounts to severe network impairment: a blocking rate of more than 70% is enough to cause significant latency in web browsing activities, while blocking more than 90% of peer IP addresses can make the network unusable. Finally, we discuss the security consequences of the network being blocked, and directions for potential approaches to make I2P more resistant to blocking.
Tor和I2P是众所周知的匿名网络,被许多个人用来保护他们的在线隐私和匿名性。Tor的集中式目录服务促进了对Tor网络的理解,以及通过Tor Metrics项目对其结构的测量和可视化。相比之下,I2P不依赖于集中式目录服务器,因此获得网络的完整视图是具有挑战性的。在这项工作中,我们对I2P网络进行了实证研究,其中我们测量了包括人口、流失率、路由器类型和I2P对等体的地理分布在内的属性。我们发现目前网络中每天大约有32K个活跃的I2P对等体。在这些对等点中,14K位于NAT或防火墙后面。使用收集到的网络数据,我们检查了I2P对使用基于地址的阻塞技术阻止访问I2P的审查器的阻塞阻力。尽管I2P具有去中心化的特点,但我们发现,只要在网络中运行10台路由器,一个审查器就可以阻止一个稳定的I2P客户端所知道的95%以上的对等IP地址。这相当于严重的网络损害:超过70%的阻止率足以导致网页浏览活动的明显延迟,而阻止超过90%的对等IP地址则会使网络无法使用。最后,我们讨论了网络被阻塞的安全后果,以及使I2P更能抵抗阻塞的潜在方法的方向。
{"title":"An Empirical Study of the I2P Anonymity Network and its Censorship Resistance","authors":"Nguyen Phong Hoang, Panagiotis Kintis, M. Antonakakis, M. Polychronakis","doi":"10.1145/3278532.3278565","DOIUrl":"https://doi.org/10.1145/3278532.3278565","url":null,"abstract":"Tor and I2P are well-known anonymity networks used by many individuals to protect their online privacy and anonymity. Tor's centralized directory services facilitate the understanding of the Tor network, as well as the measurement and visualization of its structure through the Tor Metrics project. In contrast, I2P does not rely on centralized directory servers, and thus obtaining a complete view of the network is challenging. In this work, we conduct an empirical study of the I2P network, in which we measure properties including population, churn rate, router type, and the geographic distribution of I2P peers. We find that there are currently around 32K active I2P peers in the network on a daily basis. Of these peers, 14K are located behind NAT or firewalls. Using the collected network data, we examine the blocking resistance of I2P against a censor that wants to prevent access to I2P using address-based blocking techniques. Despite the decentralized characteristics of I2P, we discover that a censor can block more than 95% of peer IP addresses known by a stable I2P client by operating only 10 routers in the network. This amounts to severe network impairment: a blocking rate of more than 70% is enough to cause significant latency in web browsing activities, while blocking more than 90% of peer IP addresses can make the network unusable. Finally, we discuss the security consequences of the network being blocked, and directions for potential approaches to make I2P more resistant to blocking.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"130 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89206285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Understanding Tor Usage with Privacy-Preserving Measurement 了解Tor使用与隐私保护测量
Pub Date : 2018-09-22 DOI: 10.1145/3278532.3278549
A. Mani, T. Wilson-Brown, Rob Jansen, Aaron Johnson, M. Sherr
The Tor anonymity network is difficult to measure because, if not done carefully, measurements could risk the privacy (and potentially the safety) of the network's users. Recent work has proposed the use of differential privacy and secure aggregation techniques to safely measure Tor, and preliminary proof-of-concept prototype tools have been developed in order to demonstrate the utility of these techniques. In this work, we significantly enhance two such tools---PrivCount and Private Set-Union Cardinality---in order to support the safe exploration of new types of Tor usage behavior that have never before been measured. Using the enhanced tools, we conduct a detailed measurement study of Tor covering three major aspects of Tor usage: how many users connect to Tor and from where do they connect, with which destinations do users most frequently communicate, and how many onion services exist and how are they used. Our findings include that Tor has ~8 million daily users, a factor of four more than previously believed. We also find that ~40% of the sites accessed over Tor have a torproject.org domain name, ~10% of the sites have an amazon.com domain name, and ~80% of the sites have a domain name that is included in the Alexa top 1 million sites list. Finally, we find that ~90% of lookups for onion addresses are invalid, and more than 90% of attempted connections to onion services fail.
Tor匿名网络很难测量,因为如果不小心,测量可能会危及网络用户的隐私(以及潜在的安全)。最近的工作已经提出使用差分隐私和安全聚合技术来安全测量Tor,并且已经开发了初步的概念验证原型工具,以展示这些技术的实用性。在这项工作中,我们显著增强了两个这样的工具——PrivCount和Private Set-Union Cardinality——以支持对从未被测量过的新型Tor使用行为的安全探索。使用增强的工具,我们对Tor进行了详细的测量研究,涵盖了Tor使用的三个主要方面:有多少用户连接到Tor,他们从哪里连接,用户最频繁地与哪些目的地通信,存在多少洋葱服务以及它们是如何使用的。我们的发现包括Tor每天有大约800万用户,比之前认为的多了四倍。我们还发现,通过Tor访问的网站中,约40%的网站拥有torproject.org域名,约10%的网站拥有amazon.com域名,约80%的网站拥有Alexa前100万网站列表中的域名。最后,我们发现约90%的洋葱地址查找是无效的,并且超过90%的尝试连接到洋葱服务失败。
{"title":"Understanding Tor Usage with Privacy-Preserving Measurement","authors":"A. Mani, T. Wilson-Brown, Rob Jansen, Aaron Johnson, M. Sherr","doi":"10.1145/3278532.3278549","DOIUrl":"https://doi.org/10.1145/3278532.3278549","url":null,"abstract":"The Tor anonymity network is difficult to measure because, if not done carefully, measurements could risk the privacy (and potentially the safety) of the network's users. Recent work has proposed the use of differential privacy and secure aggregation techniques to safely measure Tor, and preliminary proof-of-concept prototype tools have been developed in order to demonstrate the utility of these techniques. In this work, we significantly enhance two such tools---PrivCount and Private Set-Union Cardinality---in order to support the safe exploration of new types of Tor usage behavior that have never before been measured. Using the enhanced tools, we conduct a detailed measurement study of Tor covering three major aspects of Tor usage: how many users connect to Tor and from where do they connect, with which destinations do users most frequently communicate, and how many onion services exist and how are they used. Our findings include that Tor has ~8 million daily users, a factor of four more than previously believed. We also find that ~40% of the sites accessed over Tor have a torproject.org domain name, ~10% of the sites have an amazon.com domain name, and ~80% of the sites have a domain name that is included in the Alexa top 1 million sites list. Finally, we find that ~90% of lookups for onion addresses are invalid, and more than 90% of attempted connections to onion services fail.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"92 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85843501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem 证书透明度的兴起及其对互联网生态系统的影响
Pub Date : 2018-09-21 DOI: 10.1145/3278532.3278562
Quirin Scheitle, Oliver Gasser, Theodor Nolte, J. Amann, Lexi Brent, G. Carle, Ralph Holz, T. Schmidt, Matthias Wählisch
In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.
在本文中,我们分析了证书透明度(CT)随时间的演变,并从安全和隐私的角度探讨了公开证书DNS名称的含义。我们发现,CT测井中的证书呈指数级增长。网站对CT的支持也在不断增加,目前已有33%的已建立连接支持CT。随着CT部署的增加,由于在CT日志中可以看到所有证书,因此也存在信息泄露的担忧。为了理解这种威胁,我们引入了一个CT蜜罐,并展示了CT日志中的数据在证书颁发几分钟后就被用于识别扫描活动的目标。我们提出并评估了一种从CT日志证书中提取的大量域中学习和验证新子域的方法。
{"title":"The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem","authors":"Quirin Scheitle, Oliver Gasser, Theodor Nolte, J. Amann, Lexi Brent, G. Carle, Ralph Holz, T. Schmidt, Matthias Wählisch","doi":"10.1145/3278532.3278562","DOIUrl":"https://doi.org/10.1145/3278532.3278562","url":null,"abstract":"In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"133 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86329956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 54
Where The Light Gets In: Analyzing Web Censorship Mechanisms in India 光明在哪里:分析印度的网络审查机制
Pub Date : 2018-08-06 DOI: 10.1145/3278532.3278555
T. Yadav, Akshat Sinha, D. Gosain, P. Sharma, Sambuddho Chakravarty
In this work we present a detailed study of the Internet censorship mechanism in India. We consolidated a list of potentially blocked websites from various public sources to assess censorship mechanisms used by nine major ISPs. To begin with, we demonstrate that existing censorship detection tools like OONI are grossly inaccurate. We thus developed various techniques and heuristics to correctly assess censorship and study the underlying mechanism used by these ISPs. At every step we corroborated our finding manually to test the efficacy of our approach, an exercise largely ignored by several others. We fortify our findings by adjudging the coverage and consistency of censorship infrastructure, broadly in terms of average number of network paths and requested domains the infrastructure censors. Our results indicate a clear disparity among the ISPs, on how they install censorship infrastructure. For instance, in Idea network we observed the censorious middleboxes in over 90% of our tested intra-AS paths, whereas for Vodafone, it is as low as 2.5%. We conclude our research by devising our own novel anti-censorship strategies, that does not depend on third party tools (like proxies, Tor and VPNs etc.). We managed to access all blocked websites in all ISPs under test.
在这项工作中,我们提出了印度互联网审查机制的详细研究。我们整合了来自各种公共来源的可能被封锁的网站列表,以评估9个主要互联网服务提供商使用的审查机制。首先,我们证明了现有的审查检测工具(如OONI)是非常不准确的。因此,我们开发了各种技术和启发式方法来正确评估审查并研究这些互联网服务提供商使用的潜在机制。在每一步中,我们都手动地证实我们的发现,以测试我们的方法的有效性,这在很大程度上被其他几个人忽略了。我们通过调整审查基础设施的覆盖范围和一致性来强化我们的发现,广泛地考虑基础设施审查的网络路径和请求域的平均数量。我们的结果表明,互联网服务提供商之间在如何安装审查基础设施方面存在明显的差异。例如,在Idea网络中,我们在超过90%的测试as内部路径中观察到审查性中间盒,而在沃达丰,这一比例低至2.5%。我们通过设计我们自己的新颖反审查策略来总结我们的研究,该策略不依赖于第三方工具(如代理,Tor和vpn等)。我们成功访问了所有测试isp中所有被封锁的网站。
{"title":"Where The Light Gets In: Analyzing Web Censorship Mechanisms in India","authors":"T. Yadav, Akshat Sinha, D. Gosain, P. Sharma, Sambuddho Chakravarty","doi":"10.1145/3278532.3278555","DOIUrl":"https://doi.org/10.1145/3278532.3278555","url":null,"abstract":"In this work we present a detailed study of the Internet censorship mechanism in India. We consolidated a list of potentially blocked websites from various public sources to assess censorship mechanisms used by nine major ISPs. To begin with, we demonstrate that existing censorship detection tools like OONI are grossly inaccurate. We thus developed various techniques and heuristics to correctly assess censorship and study the underlying mechanism used by these ISPs. At every step we corroborated our finding manually to test the efficacy of our approach, an exercise largely ignored by several others. We fortify our findings by adjudging the coverage and consistency of censorship infrastructure, broadly in terms of average number of network paths and requested domains the infrastructure censors. Our results indicate a clear disparity among the ISPs, on how they install censorship infrastructure. For instance, in Idea network we observed the censorious middleboxes in over 90% of our tested intra-AS paths, whereas for Vodafone, it is as low as 2.5%. We conclude our research by devising our own novel anti-censorship strategies, that does not depend on third party tools (like proxies, Tor and VPNs etc.). We managed to access all blocked websites in all ISPs under test.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"28 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74762709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
Digging into Browser-based Crypto Mining 挖掘基于浏览器的加密挖掘
Pub Date : 2018-08-02 DOI: 10.1145/3278532.3278539
Jan Rüth, T. Zimmermann, Konrad Wolsing, O. Hohlfeld
Mining is the foundation of blockchain-based cryptocurrencies such as Bitcoin rewarding the miner for finding blocks for new transactions. The Monero currency enables mining with standard hardware in contrast to special hardware (ASICs) as often used in Bitcoin, paving the way for in-browser mining as a new revenue model for website operators. In this work, we study the prevalence of this new phenomenon. We identify and classify mining websites in 138M domains and present a new fingerprinting method which finds up to a factor of 5.7 more miners than publicly available block lists. Our work identifies and dissects Coinhive as the major browser-mining stakeholder. Further, we present a new method to associate mined blocks in the Monero blockchain to mining pools and uncover that Coinhive currently contributes 1.18% of mined blocks having turned over 1293 Moneros in June 2018.
采矿是基于区块链的加密货币(如比特币)的基础,奖励矿工为新交易找到区块。门罗币可以使用标准硬件进行挖矿,而不是比特币中经常使用的特殊硬件(asic),这为浏览器内挖矿作为网站运营商的新收入模式铺平了道路。在这项工作中,我们研究了这种新现象的普遍性。我们在1.38亿个域名中对挖矿网站进行了识别和分类,并提出了一种新的指纹识别方法,该方法发现的矿工数量比公开的区块列表多5.7倍。我们的工作识别并剖析了Coinhive作为主要的浏览器挖掘利益相关者。此外,我们提出了一种将门罗币区块链中的开采区块与矿池相关联的新方法,并发现Coinhive目前贡献了1.18%的开采区块,在2018年6月交付了1293门罗币。
{"title":"Digging into Browser-based Crypto Mining","authors":"Jan Rüth, T. Zimmermann, Konrad Wolsing, O. Hohlfeld","doi":"10.1145/3278532.3278539","DOIUrl":"https://doi.org/10.1145/3278532.3278539","url":null,"abstract":"Mining is the foundation of blockchain-based cryptocurrencies such as Bitcoin rewarding the miner for finding blocks for new transactions. The Monero currency enables mining with standard hardware in contrast to special hardware (ASICs) as often used in Bitcoin, paving the way for in-browser mining as a new revenue model for website operators. In this work, we study the prevalence of this new phenomenon. We identify and classify mining websites in 138M domains and present a new fingerprinting method which finds up to a factor of 5.7 more miners than publicly available block lists. Our work identifies and dissects Coinhive as the major browser-mining stakeholder. Further, we present a new method to associate mined blocks in the Monero blockchain to mining pools and uncover that Coinhive currently contributes 1.18% of mined blocks having turned over 1293 Moneros in June 2018.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"134 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90328673","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 80
Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists 扩展中的集群:理解和公正的IPv6热门列表
Pub Date : 2018-06-05 DOI: 10.1145/3278532.3278564
Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczyński, Stephen D. Strowes, Luuk Hendriks, G. Carle
Network measurements are an important tool in understanding the Internet. Due to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not possible for IPv6. In recent years, several studies have proposed the use of target lists of IPv6 addresses, called IPv6 hitlists. In this paper, we show that addresses in IPv6 hitlists are heavily clustered. We present novel techniques that allow IPv6 hitlists to be pushed from quantity to quality. We perform a longitudinal active measurement study over 6 months, targeting more than 50 M addresses. We develop a rigorous method to detect aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining to about half of our target addresses. Using entropy clustering, we group the entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform client measurements by leveraging crowdsourcing. To encourage reproducibility in network measurement research and to serve as a starting point for future IPv6 studies, we publish source code, analysis tools, and data.
网络测量是理解互联网的一个重要工具。由于IPv6地址空间的扩展,像IPv4那样的穷举扫描在IPv6中是不可能的。近年来,一些研究提出使用IPv6地址的目标列表,称为IPv6命中列表。在本文中,我们展示了IPv6命中列表中的地址是高度集群的。我们提出了新颖的技术,允许IPv6热门列表从数量推到质量。我们进行了为期6个月的纵向主动测量研究,目标是超过50万个地址。我们开发了一种严格的方法来检测别名前缀,该方法识别出1.5%的前缀为别名,与大约一半的目标地址有关。使用熵聚类,我们将整个命中列表分为6个不同的寻址方案。此外,我们通过利用众包来执行客户评估。为了鼓励网络测量研究的可重复性,并作为未来IPv6研究的起点,我们发布了源代码、分析工具和数据。
{"title":"Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists","authors":"Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczyński, Stephen D. Strowes, Luuk Hendriks, G. Carle","doi":"10.1145/3278532.3278564","DOIUrl":"https://doi.org/10.1145/3278532.3278564","url":null,"abstract":"Network measurements are an important tool in understanding the Internet. Due to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not possible for IPv6. In recent years, several studies have proposed the use of target lists of IPv6 addresses, called IPv6 hitlists. In this paper, we show that addresses in IPv6 hitlists are heavily clustered. We present novel techniques that allow IPv6 hitlists to be pushed from quantity to quality. We perform a longitudinal active measurement study over 6 months, targeting more than 50 M addresses. We develop a rigorous method to detect aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining to about half of our target addresses. Using entropy clustering, we group the entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform client measurements by leveraging crowdsourcing. To encourage reproducibility in network measurement research and to serve as a starting point for future IPv6 studies, we publish source code, analysis tools, and data.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"11 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2018-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82592127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 96
期刊
Proceedings of the Internet Measurement Conference 2018
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1