Personalized Pseudonyms for Servers in the Cloud. Qiuyu Xiao (UNC-Chapel Hill) Michael K. Reiter (UNC-Chapel Hill) Yinqian Zhang (Ohio State Univ.
Size: px
Start display at page:

Download "Personalized Pseudonyms for Servers in the Cloud. Qiuyu Xiao (UNC-Chapel Hill) Michael K. Reiter (UNC-Chapel Hill) Yinqian Zhang (Ohio State Univ."

Transcription

1 Personalized Pseudonyms for Servers in the Cloud Qiuyu Xiao (UNC-Chapel Hill) Michael K. Reiter (UNC-Chapel Hill) Yinqian Zhang (Ohio State Univ.)

2 Background Server s identity is not well protected with the normal HTTPS connection. DNS query Query name: IP TCP TLS/SSL Encrypted payload SNI: example.com Certificate subject name: example.com Pub key: E58B2C78.. IP address:

3 Background Server s identity is not well protected with the normal HTTPS connection. DNS query Query name: IP TCP TLS/SSL Encrypted payload SNI: example.com Certificate subject name: example.com Pub key: E58B2C78.. IP address:

4 Background Real-world adversaries compromise user s privacy. 2

5 Background Real-world adversaries compromise user s privacy. 2

6 Background Real-world adversaries compromise user s privacy. 2

7 Existing solutions VPN tunneling - Encrypt and tunnel user s traffic through proxy server 3

8 Existing solutions Tor - Route encrypted packets through multiple Tor relays 4

9 Existing solutions Cloud and CDN based solutions - CloudTransport [1] - Domain fronting [2] - CacheBrowser [3] 1. Cloud-Transport: Using cloud storage for censorship-resistant networking, PETS Blocking-resistant communication through domain fronting, PETS CacheBrowser: Bypassing Chinese censorship without proxies using cached content, CCS

10 Existing solutions Cloud and CDN based solutions - CloudTransport [1] - Domain fronting [2] - CacheBrowser [3] non-cooperative cloud provider 1. Cloud-Transport: Using cloud storage for censorship-resistant networking, PETS Blocking-resistant communication through domain fronting, PETS CacheBrowser: Bypassing Chinese censorship without proxies using cached content, CCS

11 Existing solutions Cloud and CDN based solutions - CloudTransport [1] - Domain fronting [2] - CacheBrowser [3] Domain name is visible in TLS SNI field 1. Cloud-Transport: Using cloud storage for censorship-resistant networking, PETS Blocking-resistant communication through domain fronting, PETS CacheBrowser: Bypassing Chinese censorship without proxies using cached content, CCS

12 Our solution Personalized Pseudonym for a Server in the Cloud () DNS query Query name: IP TCP TLS/SSL Encrypted payload SNI: example.com Certificate subject name: example.com Pub key: E58B2C78.. IP address:

13 Our solution Personalized Pseudonym for a Server in the Cloud () DNS query Query name: IP TCP TLS/SSL Encrypted payload SNI: example.com Certificate subject name: example.com Pub key: E58B2C78.. IP address:

14 Our solution Personalized Pseudonym for a Server in the Cloud () DNS query Query name: x x.popsicls.com IP TCP TLS/SSL Encrypted payload SNI: x x.popsicls.com Certificate subject name: x x.popsicls.com Pub key: AGJ46DM.. IP address:

15 Our solution Personalized Pseudonym for a Server in the Cloud () DNS query Query name: x x.popsicls.com IP TCP TLS/SSL Encrypted payload SNI: x x.popsicls.com Certificate subject name: x x.popsicls.com Pub key: AGJ46DM.. No extra client application! 6 IP address:

16 Our solution Personalized Pseudonym for a Server in the Cloud () DNS query Query name: x x.popsicls.com No proxy! IP TCP TLS/SSL Encrypted payload No extra client application! SNI: x x.popsicls.com Certificate subject name: x x.popsicls.com Pub key: AGJ46DM.. IP address:

17 Threat model In the context of a client-server interaction What is trusted Client computer Cloud infrastructure (including the server computer) What is not trusted The network between the client and the cloud Other clients and other servers 7

18 registration 8

19 registration 9

20 registration DNS server store SDN controller Cloud 10

21 registration DNS server store Registration request SDN controller Cloud 10

22 registration store DNS server SDN controller Cloud 10

23 registration Tenant server ID DNS server store SDN controller Cloud 10

24 registration Client Cert Server Cert Client PriKey Server PriKey DNS server store Tenant server ID SDN controller Cloud 10

25 registration Sign Cloud PriKey Client Cert Server Cert Client PriKey Server PriKey DNS server store Tenant server ID SDN controller Cloud 10

26 registration Sign Server PriKey Client Cert Client PriKey Server Cert store DNS server Tenant server ID SDN controller Cloud 10

27 registration Client Cert Server Cert Client PriKey Server PriKey DNS server store Tenant server ID SDN controller Cloud 10

28 registration Client Cert Client PriKey store DNS server Tenant server ID Server Cert Server PriKey SDN controller Cloud 10

29 registration Server Cert Server PriKey Client Cert Client PriKey store DNS server Tenant server ID SDN controller Cloud 10

30 access Client Cert Client PriKey DNS server SDN switch Server Cert Server PriKey SDN controller Tenant server ID Cloud 11

31 access Client Cert Client PriKey (1) DNS query: DNS server SDN switch Server Cert Server PriKey SDN controller Tenant server ID Cloud 11

32 access Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server SDN switch Server Cert Server PriKey SDN controller Tenant server ID Cloud 11

33 access Client Cert Client PriKey (1) DNS query: (2) DNS response: (3) DNS server SDN switch Server Cert Server PriKey SDN controller Tenant server ID Cloud 11

34 access Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server (3) (4) Forward SDN switch Server Cert Server PriKey SDN controller Tenant server ID Cloud 11

35 access Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server (3) (4) Forward SDN switch Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

36 access Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server Get from the SNI field in TLS ClientHello message. SDN switch (3) (4) Forward Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

37 access Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server (3) (4) Forward SDN switch Server Cert Server PriKey (6) Rule update (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

38 access Client Cert Client PriKey MATCH Source IP Source port Destination IP Destination port Client-IP Client-port Pseudo-IP Server-port Drop ACTION Tenant-IP (1) DNS Server-port query: DNS Client-IP server Client-port Change source IP to Pseudo-IP (2) DNS response: (3) (4) Forward (6) Rule update SDN switch Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

39 access Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server (3) (4) Forward (6) Rule update SDN switch (7) TCP hand-off Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

40 access Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server (3) (4) Forward (6)(8) Rule update SDN switch (7) TCP hand-off Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

41 access Client Cert Client PriKey MATCH Source IP Source port Destination IP Destination port Client-IP Client-port Pseudo-IP Server-port Change destination IP to Tenant-IP Tenant-IP (1) Server-port DNS query: Client-IP DNS server Client-port Change source IP to Pseudo-IP (2) DNS response: (3) (4) Forward (6)(8) Rule update SDN switch ACTION (7) TCP hand-off Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

42 access Client Cert Client PriKey MATCH Source IP Source port Destination IP Destination port Client-IP Client-port Pseudo-IP Server-port Change destination IP to Tenant-IP Tenant-IP (1) Server-port DNS query: Client-IP DNS server Client-port Change source IP to Pseudo-IP (2) DNS response: (3) (4) Forward (6)(8) Rule update SDN switch ACTION (7) TCP hand-off Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

43 access Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server (3) (4) Forward (9) TLS (via SDN switch) (6)(8) Rule update SDN switch (7) TCP hand-off Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

44 access Accept the connection only if the user can present a valid Client Cert Client Cert Client PriKey (1) DNS query: (2) DNS response: DNS server (3) (4) Forward (9) TLS (via SDN switch) (6)(8) Rule update SDN switch (7) TCP hand-off Server Cert Server PriKey (5) Establish TCP (via SDN switch) SDN controller Tenant server ID Cloud 11

45 Implementation Cloud - OpenStack-based IaaS cloud deployed in CloudLab testbed - store and SDN controller are implemented in C and C++ - Open vswitch as the SDN switch in each physical machine Tenant server - A Linux kernel module for TCP state transfer - Each is mapped to a virtual host in Nginx server 12

46 Latency 13

47 Latency 13

48 Latency 13

49 Latency 13

50 Latency 17.8s 4.5s 4.1s 13

51 Throughput 14

52 Throughput 14

53 Throughput 14

54 Throughput 14

55 Throughput

56 Scalability: Throughput per retrieved object size 15

57 Scalability: Throughput per retrieved object size 15

58 Scalability: Throughput per retrieved object size 15

59 Scalability: Latency per # switch rules 16

60 Scalability: Latency per # switch rules 16

61 Scalability: Latency per # switch rules 16

62 Scalability: Latency per # s for one server 17

63 Scalability: Latency per # s for one server 17

64 Scalability: Latency per # s for one server 17

65 Q&A

Similar documents

A SIMPLE INTRODUCTION TO TOR

A SIMPLE INTRODUCTION TO TOR A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that

More information

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor? Introduction 1 Overview of Tor What is Tor? Why use Tor? How Tor works Encryption, Circuit Building, Directory Server Drawback of Tor s directory server Potential solution Using DNS Security Extension

More information

Share Count Analysis HEADERS

Share Count Analysis HEADERS Measuring Network Privacy with It s 11PM. DO YOU KNOW WHERE YOUR Share Count Analysis HEADERS ARE? David Naylor Peter Steenkiste GOAL measure how private a network architecture or protocol is GOAL measure

More information

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Table of Contents INTRODUCTION... 4 SCENARIO OVERVIEW... 5 CONFIGURATION STEPS... 6 Core Site Configuration... 6 Generate Self-Issued Certificate

More information

CE Advanced Network Security Anonymity II

CE Advanced Network Security Anonymity II CE 817 - Advanced Network Security Anonymity II Lecture 19 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained

More information

0x1A Great Papers in Computer Security

0x1A Great Papers in Computer Security CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,

More information

ICN & 5G. Dr.-Ing. Dirk Kutscher Chief Researcher Networking. NEC Laboratories Europe

ICN & 5G. Dr.-Ing. Dirk Kutscher Chief Researcher Networking. NEC Laboratories Europe ICN & 5G Dr.-Ing. Dirk Kutscher Chief Researcher Networking NEC Laboratories Europe Performance and Security Today User Equipment Access Network Core/Service Network Application Servers 2 NEC Corporation

More information

Paper survey related with web/app performance optimization and MEC. Youngseok Lee

Paper survey related with web/app performance optimization and MEC. Youngseok Lee Paper survey related with web/app performance optimization and MEC Youngseok Lee lee@cnu.ac.kr cnu.lee@ucdavis.edu 1 1. Mobile Edge Computing: A Survey, in IEEE Internet of Things Journal, vol. 5, no.

More information

Hiding Amongst the Clouds

Hiding Amongst the Clouds Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University https://www.torproject.org/about/overview.html We and

More information

Protecting Privacy: The Evolution of DNS Security

Protecting Privacy: The Evolution of DNS Security Protecting Privacy: The Evolution of DNS Security Burt Kaliski Senior Vice President and CTO, Verisign NSF Technology Transfer to Practice in Cyber Security Workshop November 4, 2015 Agenda DNS Overview

More information

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities INFRASTRUCTURE SECURITY this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities Goals * prevent or mitigate resource attacks

More information

Anonymous Communications

Anonymous Communications Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit

More information

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure

More information

NGFW Security Management Center

NGFW Security Management Center NGFW Security Management Center Release Notes 6.5.3 Revision A Contents About this release on page 2 System requirements on page 2 Build number and checksums on page 4 Compatibility on page 5 New features

More information

TechNote AltitudeCDN OmniCache Integration with Microsoft Teams Live Events

TechNote AltitudeCDN OmniCache Integration with Microsoft Teams Live Events TechNote AltitudeCDN OmniCache Integration with Microsoft Teams Live Events Version 1.0 AltitudeCDN TM OmniCache is a robust proxy cache that enables the efficient delivery of HTTP Live Streaming (HLS)

More information

Telex Anticensorship in the

Telex Anticensorship in the Telex Anticensorship in the Network Infrastructure Eric Wustrow Ian Goldberg * Scott Wolchok J. Alex Halderman University of Michigan University of Michigan * University of Waterloo Background Internet

More information

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems Safely Measuring Tor Safely Measuring Tor, Rob Jansen and Aaron Johnson, In the Proceedings of the 23rd ACM Conference on Computer and Communication Security (CCS 2016). Rob Jansen Center for High Assurance

More information

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009 Port-Scanning Resistance in Tor Anonymity Network Presented By: Shane Pope (Shane.M.Pope@gmail.com) Dec 04, 2009 In partial fulfillment of the requirements for graduation with the Dean's Scholars Honors

More information

On the Internet, nobody knows you re a dog.

On the Internet, nobody knows you re a dog. On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing

More information

A New Internet? RIPE76 - Marseille May Jordi Palet

A New Internet? RIPE76 - Marseille May Jordi Palet A New Internet? RIPE76 - Marseille May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 (a quick) Introduction to HTTP/2, QUIC and DOH and more RIPE76 - Marseille May 2018 Jordi Palet (jordi.palet@theipv6company.com)

More information

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.

More information

The Evolving Architecture of the Web. Nick Sullivan

The Evolving Architecture of the Web. Nick Sullivan The Evolving Architecture of the Web Nick Sullivan Head of Cryptography CFSSL Universal SSL Keyless SSL Privacy Pass Geo Key Manager Recently Standards work TLS 1.3 Competing Goals make browsing more

More information

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013 Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive

More information

Web as a Distributed System

Web as a Distributed System Web as a Distributed System The World Wide Web is a large distributed system. In 1998 comprises 70-75% of Internet traffic. With large transfers of streaming media and p2p, no longer a majority of bytes,

More information

Access Control. Access Control Overview. Access Control Rules and the Default Action

Access Control. Access Control Overview. Access Control Rules and the Default Action The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,

More information

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures Srdjan Matic, Carmela Troncoso, Juan Caballero Dublin 31 March 2017 Privacy in electronic communications Alice Bob

More information

A New Approach to Fixing Internet Application Performance. Elad Rave, Founder and CEO

A New Approach to Fixing Internet Application Performance. Elad Rave, Founder and CEO A New Approach to Fixing Internet Application Performance Elad Rave, Founder and CEO Agenda What? Today s Internet and Content Why? Impact on performance How? A cloud-based solution The Cloud: Platforms

More information

Introduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh

Introduction to Tor. January 20, Secure Web Browsing and Anonymity. Tor Mumbai Meetup, Sukhbir Singh Introduction to Tor Secure Web Browsing and Anonymity Tor Mumbai Meetup, 2018 Sukhbir Singh sukhbir@torproject.org January 20, 2018 Before We Begin... 2 / 18 Before We Begin... Understand your threat model

More information

Network Administrator s Guide

Network Administrator s Guide Overview Network Administrator s Guide Beam is a comprehensive Smart Presence system that couples high-end video, high-end audio, and the freedom of mobility for a crisp and immersive, video experience

More information

Access Control. Access Control Overview. Access Control Rules and the Default Action

Access Control. Access Control Overview. Access Control Rules and the Default Action The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,

More information

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.

More information

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems Safely Measuring Tor Safely Measuring Tor, Rob Jansen and Aaron Johnson, In the Proceedings of the 23rd ACM Conference on Computer and Communication Security (CCS 2016). Rob Jansen Center for High Assurance

More information

Best Practice - VPN Performance Testing

Best Practice - VPN Performance Testing Follow these instructions to create a standardized VPN performance testing environment. Using standardized settings is required for support to be able to compare performance tests with our in-house testing

More information

PrivCount: A Distributed System for Safely Measuring Tor

PrivCount: A Distributed System for Safely Measuring Tor PrivCount: A Distributed System for Safely Measuring Tor Rob Jansen Center for High Assurance Computer Systems Invited Talk, October 4 th, 2016 University of Oregon Department of Computer and Information

More information

A Ten Minute Introduction to Middleboxes. Justine Sherry, UC Berkeley

A Ten Minute Introduction to Middleboxes. Justine Sherry, UC Berkeley A Ten Minute Introduction to Middleboxes Justine Sherry, UC Berkeley This Talk: Three Questions! What is a middlebox? What are some recent trends in middlebox engineering? What research challenges do middleboxes

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

anonymous routing and mix nets (Tor) Yongdae Kim

anonymous routing and mix nets (Tor) Yongdae Kim anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1 q Why? Anonymous web browsing 1. Discuss health issues or financial matters anonymously

More information

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3. Android Mobile Single Sign-On to VMware Workspace ONE SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware

More information

Remote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN

Remote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN Remote Access virtual private network (VPN) allows individual users to connect to your network from a remote location using a laptop or desktop computer connected to the Internet. This allows mobile workers

More information

Tor: Online anonymity, privacy, and security.

Tor: Online anonymity, privacy, and security. Tor: Online anonymity, privacy, and security. Runa A. Sandvik runa@torproject.org 12 September 2011 Runa A. Sandvik runa@torproject.org () Tor: Online anonymity, privacy, and security. 12 September 2011

More information

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7. Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which

More information

Metrics for Security and Performance in Low-Latency Anonymity Systems

Metrics for Security and Performance in Low-Latency Anonymity Systems Metrics for Security and Performance in Low-Latency Anonymity Systems Tor user Entry node Tor Network Middle node Exit node Bandwidth per node (kb/s) (log scale) 1e+01 1e+03 1e+05 Encrypted tunnel Web

More information

Cisco Security Solutions for Systems Engineers (SSSE) Practice Test. Version

Cisco Security Solutions for Systems Engineers (SSSE) Practice Test. Version Cisco 642-566 642-566 Security Solutions for Systems Engineers (SSSE) Practice Test Version 3.10 QUESTION NO: 1 You are the network consultant from Your company. Please point out two requirements call

More information

Sirindhorn International Institute of Technology Thammasat University

Sirindhorn International Institute of Technology Thammasat University Name.............................. ID............... Section...... Seat No...... Sirindhorn International Institute of Technology Thammasat University Course Title: IT Security Instructor: Steven Gordon

More information

CS Paul Krzyzanowski

CS Paul Krzyzanowski Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide

More information

HY436: Network Virtualization

HY436: Network Virtualization HY436: Network Virtualization 20/10/2014 Xenofontas Dimitropoulos Credits: Bing Wang, Rob Sherwood, Ben Pfaff, Nick Feamster Agenda Network virtualization basics Early Forms of Vnets Overlay networks VPNs

More information

Rule Management: Common Characteristics

Rule Management: Common Characteristics The following topics describe how to manage common characteristics of rules in various policies on the Firepower Management Center: Introduction to Rules, page 1 Rule Condition Types, page 2 Searching

More information

New Features for ASA Version 9.0(2)

New Features for ASA Version 9.0(2) FIREWALL Features New Features for ASA Version 9.0(2) Cisco Adaptive Security Appliance (ASA) Software Release 9.0 is the latest release of the software that powers the Cisco ASA family. The same core

More information

Intercloud Federation using via Semantic Resource Federation API and Dynamic SDN Provisioning

Intercloud Federation using via Semantic Resource Federation API and Dynamic SDN Provisioning Intercloud Federation using via Semantic Resource Federation API and Dynamic SDN Provisioning David Bernstein Deepak Vij Copyright 2013, 2014 IEEE. All rights reserved. Redistribution and use in source

More information

Cloud Security Best Practices

Cloud Security Best Practices Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal

More information

Digging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network

Digging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network 1 / 37 Digging into Anonymous Traffic: A Deep Analysis of the Anonymizing Network Abdelberi Chaabane, Pere Manils, Mohamed Ali Kaafar INRIA Rhônes-Alpes, FRANCE pere.manils@inrialpes.fr NSS, September

More information

Cisco Group Encrypted Transport VPN

Cisco Group Encrypted Transport VPN Cisco Group Encrypted Transport VPN Q. What is Cisco Group Encrypted Transport VPN? A. Cisco Group Encrypted Transport is a next-generation WAN VPN solution that defines a new category of VPN, one that

More information

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure Load Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure Quick Reference Guide v1.0.2 ABOUT THIS GUIDE This document provides a quick reference guide on how to load balance Nginx Web Servers and

More information

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN

More information

Cross-Site Virtual Network Provisioning in Cloud and Fog Computing

Cross-Site Virtual Network Provisioning in Cloud and Fog Computing This paper was accepted for publication in the IEEE Cloud Computing. The copyright was transferred to IEEE. The final version of the paper will be made available on IEEE Xplore via http://dx.doi.org/10.1109/mcc.2017.28

More information

Understanding Traffic Decryption

Understanding Traffic Decryption The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake

More information

ExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you

ExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version

More information

PyNetSim A modern INetSim Replacement. Jason Jones FIRST 2017

PyNetSim A modern INetSim Replacement. Jason Jones FIRST 2017 PyNetSim A modern INetSim Replacement Jason Jones FIRST 2017 BackGround Why? Research teams may need a simulated environment because They are not allowed to directly contact malware C2s Trying to avoid

More information

Licensing the Firepower System

Licensing the Firepower System The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 1 Classic Licensing for the Firepower System,

More information

Cisco ASA Next-Generation Firewall Services

Cisco ASA Next-Generation Firewall Services Q&A Cisco ASA Next-Generation Firewall Services Q. What are Cisco ASA Next-Generation Firewall Services? A. Cisco ASA Next-Generation Firewall Services are a modular security service that extends the Cisco

More information

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L Anonymity C S 6 8 2 A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L 2 0 1 9 Tor: The Second- Generation Onion Router R. DINGLEDINE N.

More information

Corrigendum 3. Tender Number: 10/ dated

Corrigendum 3. Tender Number: 10/ dated (A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial

More information

A New Internet? Introduction to HTTP/2, QUIC and DOH

A New Internet? Introduction to HTTP/2, QUIC and DOH A New Internet? Introduction to HTTP/2, QUIC and DOH and more LACNIC 29 - Panamá May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 Internet is Changing More and more, Internet traffic is moving

More information

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Fundamentals of Windows Server 2008 Network and Applications Infrastructure COURSE OVERVIEW This five-day instructor-led course introduces students to network and applications infrastructure concepts and configurations provided by Window Server 2008. Students will be able to acquire

More information

Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking

Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking Markosz Maliosz PhD Department of Telecommunications and Media Informatics Faculty of Electrical Engineering

More information

Secure and Scalable Infrastructures for Cloud Operations (SSICLOPS) Resource Management in federated OpenStack cloud environments

Secure and Scalable Infrastructures for Cloud Operations (SSICLOPS) Resource Management in federated OpenStack cloud environments Secure and Scalable Infrastructures for Cloud Operations (SSICLOPS) Resource Management in federated OpenStack cloud environments Felix Eberhardt Stefan Klauck Max Plauth Research Areas 02.2015 02.2018

More information

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS Carrier networks are undergoing their biggest transformation since the beginning of the Internet. The ability to get to market quickly and to respond to

More information

Level 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V2 Page 1 of 16

Level 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V2 Page 1 of 16 Level 1 Technical Firewall Traversal & Security V2 Page 1 of 16 Contents 1 - Introduction... 3 Introduction... Error! Bookmark not defined. Available Resources... 8 2 - Overview... 4 Level 1 Recap... Error!

More information

Enabling Efficient and Scalable Zero-Trust Security

Enabling Efficient and Scalable Zero-Trust Security WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support

More information

Protocols for Anonymous Communication

Protocols for Anonymous Communication 18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your

More information

Monitoring and Threat Detection

Monitoring and Threat Detection Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What

More information

Scaling Internet TV Content Delivery ALEX GUTARIN DIRECTOR OF ENGINEERING, NETFLIX

Scaling Internet TV Content Delivery ALEX GUTARIN DIRECTOR OF ENGINEERING, NETFLIX Scaling Internet TV Content Delivery ALEX GUTARIN DIRECTOR OF ENGINEERING, NETFLIX Inventing Internet TV Available in more than 190 countries 104+ million subscribers Lots of Streaming == Lots of Traffic

More information

Course AZ-100T01-A: Manage Subscriptions and Resources

Course AZ-100T01-A: Manage Subscriptions and Resources Course AZ-100T01-A: Manage Subscriptions and Resources Module 1: Managing Azure Subscriptions In this module, you ll learn about the components that make up an Azure subscription and how management groups

More information

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples ACSC424 NETWORK APPLICATION PROGRAMMING Kyriacou E. Frederick University Cyprus communication examples The OSI reference model (proposed by ISO) Application A Application B 2 Application Application Presentation

More information

Flow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018

Flow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 Flow Measurement For IT, Security and IoT/ICS Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018 What is Flow Data? Modern method for network monitoring flow

More information

ENEE 459-C Computer Security. Security protocols (continued)

ENEE 459-C Computer Security. Security protocols (continued) ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p

More information

Configuring F5 for SSL Intercept

Configuring F5 for SSL Intercept Configuring F5 for Welcome to the F5 deployment guide for configuring the BIG-IP system for SSL intercept (formerly called with Air Gap Egress Inspection). This document contains guidance on configuring

More information

Service Mesh and Microservices Networking

Service Mesh and Microservices Networking Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards

More information

1V0-642.exam.30q.

1V0-642.exam.30q. 1V0-642.exam.30q Number: 1V0-642 Passing Score: 800 Time Limit: 120 min 1V0-642 VMware Certified Associate 6 Network Visualization Fundamentals Exam Exam A QUESTION 1 Which is NOT a benefit of virtualized

More information

Cisco Next Generation Firewall Services

Cisco Next Generation Firewall Services Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the

More information

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS Quick Reference Guide V1.0.2 ABOUT THIS GUIDE This document provides a quick reference guide on how to load balance Nginx Web Servers and configure

More information

A. On the VCS, navigate to Configuration, Protocols, H.323, and set Auto Discover to off.

A. On the VCS, navigate to Configuration, Protocols, H.323, and set Auto Discover to off. Volume: 383 Questions Question No: 1 Which parameter should be set to prevent H.323 endpoints from registering to Cisco TelePresence Video Communication Server automatically? A. On the VCS, navigate to

More information

App Gateway Deployment Guide

App Gateway Deployment Guide C E N T R I F Y D E P L O Y M E N T G U I D E App Gateway Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical

More information

Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P

Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P Weighted Factors for Measuring Anonymity Services: A Case Study on Tor, JonDonym, and I2P Khalid Shahbar A. Nur Zincir-Heywood Faculty of Computer Science Dalhousie University Halifax, Canada {Shahbar,

More information

How to Configure a Remote Management Tunnel for an F-Series Firewall

How to Configure a Remote Management Tunnel for an F-Series Firewall How to Configure a Remote Management Tunnel for an F-Series Firewall If the managed NextGen Firewall F-Series cannot directly reach the NextGen Control Center, it must connect via a remote management tunnel.

More information

PrecisionAccess Trusted Access Control

PrecisionAccess Trusted Access Control Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised

More information

Shadow: Real Applications, Simulated Networks. Dr. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems

Shadow: Real Applications, Simulated Networks. Dr. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems Shadow: Real Applications, Simulated Networks Dr. Rob Jansen Center for High Assurance Computer Systems Cyber Modeling and Simulation Technical Working Group Mark Center, Alexandria, VA October 25 th,

More information

CSC Network Security

CSC Network Security CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet

More information

Telex Anticensorship in the Network Infrastructure

Telex Anticensorship in the Network Infrastructure Telex Anticensorship in the Network Infrastructure Eric Wustrow Scott Wolchok Ian Goldberg * J. Alex Halderman University of Michigan *University of Waterloo In Proceedings of the 20 th USENIX Security

More information

Security Considerations for Cloud Readiness

Security Considerations for Cloud Readiness Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution

More information

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification

More information

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ Q-Balancer Range FAQ The Q-Balance LB Series The Q-Balance Balance Series is designed for Small and medium enterprises (SMEs) to provide cost-effective solutions for link resilience and load balancing

More information

Seceon s Open Threat Management software

Seceon s Open Threat Management software Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real

More information

Delivering Microservices Securely and at Scale with NGINX in Red Hat OpenShift. November, 2017

Delivering Microservices Securely and at Scale with NGINX in Red Hat OpenShift. November, 2017 Delivering Microservices Securely and at Scale with NGINX in Red Hat OpenShift November, 2017 Klaus Oxdal Channel Director klaus@nginx.com The Big Shift Architectural Changes: Monolith import myapp.driver

More information

SoloWAN: open source WAN optimization

SoloWAN: open source WAN optimization Universidad Politécnica de Madrid (UPM) SoloWAN: open source WAN optimization David Fernández, F. Javier Ruiz, Luis Bellido, Raúl Álvarez, German Martín, Carlos Vega, Roberto Montero, Mattia Peirano, Francisco

More information

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls How to Configure a Remote Management Tunnel for Barracuda NG Firewalls If the managed NG Firewall can not directly reach the NG Control Center it must connect via a remote management tunnel. The remote

More information

Implementing Security in Windows 2003 Network (70-299)

Implementing Security in Windows 2003 Network (70-299) Implementing Security in Windows 2003 Network (70-299) Level 1 Authorization & Authentication 2h 20m 20s 1.1 Group Strategy 1.2 Group Scopes 1.3 Built-in Groups 1.4 System or Special Groups 1.5 Administrating

More information

Uniform Resource Locators (URL)

Uniform Resource Locators (URL) The World Wide Web Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web

More information

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist VPN World MENOG 16 Istanbul-Turkey By Ziad Zubidah Network Security Specialist What is this Van used for?! Armed Van It used in secure transporting for valuable goods from one place to another. It is bullet

More information

ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM

ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM JOINT SOLUTION BRIEF ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM DIAMANTI PLATFORM AT A GLANCE Modern load balancers which deploy as

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback