CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

Similar documents
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Privacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology

Lecture 9. Anonymity in Cryptocurrencies

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

0x1A Great Papers in Computer Security

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

CS Paul Krzyzanowski

ENEE 457: E-Cash and Bitcoin

Privacy Enhancing Technologies CSE 701 Fall 2017

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

A SIMPLE INTRODUCTION TO TOR

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Design and Implementation of Privacy-Preserving Surveillance. Aaron Segal

Anonymous communications: Crowds and Tor

CS526: Information security

How Alice and Bob meet if they don t like onions

A Review on Blockchain Application for Decentralized Decision of Ownership of IoT Devices

As a 3rd generation currency, not only are transactions secured, private and fast, you actually get paid for holding DigitalPrice coins.

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

Introduction to Bitcoin I

Distributed Ledger Technology & Fintech Applications. Hart Montgomery, NFIC 2017

Bitcoin, Security for Cloud & Big Data

Lecture 41 Blockchain in Government III (Digital Identity)

Analyzing Bitcoin Security. Philippe Camacho

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

The technical notes represented on the following pages are intended to describe and officially document the concepts behind NulleX Blockchain.

ENEE 459-C Computer Security. Security protocols

Anonymous Communications

ENEE 459-C Computer Security. Security protocols (continued)

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Anonymity. Assumption: If we know IP address, we know identity

Void main Technologies

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Cyber-Physical Chain (CPChain) Light Paper

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Whitepaper Rcoin Global

Protocols for Anonymous Communication

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

Network Security (PhD Section)

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

Security (and finale) Dan Ports, CSEP 552

Biomedical Security. Cipher Block Chaining and Applications

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Lecture 3. Introduction to Cryptocurrencies

Technical Solutions Novel Challenges to Privacy Privacy Enhancing Technologies Examples

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

Key concepts of blockchain

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Yashar Dehkan Asl

Formally Specifying Blockchain Protocols

Social Networking for Anonymous Communication Systems: A Survey

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

Anonymity in Bitcoin. Presenter: Muhammad Anas Imtiaz

JAVA IEEE TRANSACTION ON CLOUD COMPUTING. 1. ITJCC01 Nebula: Distributed Edge Cloud for Data Intensive Computing

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

The New Cell-Counting-Based Against Anonymous Proxy

The Blockchain. Josh Vorick

A Lightweight Blockchain Consensus Protocol

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

SpaceMint Overcoming Bitcoin s waste of energy

Anonymity and Privacy

CS 134 Winter Privacy and Anonymity

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Table of contents. Technical Features. Our approach. Technical Overview. Stage 1 (Using Ethereum blockchain) Participants. Data Owner.

Algorand: Scaling Byzantine Agreements for Cryptocurrencies

Secure Multiparty Computation

Maintaining the Anonymity of Direct Anonymous Attestation with Subverted Platforms MIT PRIMES Computer Science Conference October 13, 2018

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

WAVE: A decentralised authorization system for IoT via blockchain smart contracts

Onion services. Philipp Winter Nov 30, 2015

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

SmartPool: practical decentralized pool mining. Loi Luu, Yaron Velner, Jason Teutsch, and Prateek Saxena August 18, 2017

Introduction to Cryptocurrency Ecosystem. By Raj Thimmiah

Lecture 8: Privacy and Anonymity Using Anonymizing Networks. CS 336/536: Computer Network Security Fall Nitesh Saxena

VPKIs: State-of-the-Art, Challenges and Extensions

Bitcoin, a decentralized and trustless protocol

Achieving Privacy in Mesh Networks

BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

Anonymity. Christian Grothoff.

Problem: Equivocation!

Certificate reputation. Dorottya Papp

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

REM: Resource Efficient Mining for Blockchains

Blockchain (de)constructed

BitBill: Scalable, Robust, Verifiable Peer-to-Peer Billing for Cloud Computing

Distributed-Application Security

INTRODUCTION WHY DAPS?

Blockchain & Distributed Internet Infrastructure

SOLUTION ARCHITECTURE AND TECHNICAL OVERVIEW. Decentralized platform for coordination and administration of healthcare and benefits

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Privacy and Security in Cloud-based ML

DEV. Deviant Coin, Innovative Anonymity. A PoS/Masternode cr yptocurrency developed with POS proof of stake.

Alternatives to Blockchains. Sarah Meiklejohn (University College London)

Cryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies

Blockstack, a New Internet for Decentralized Apps. Muneeb Ali

Transcription:

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security A Brief Overview of Security & Privacy Issues 1

Topics to Be Covered Cloud computing RFID systems Bitcoin Anonymous comm. Social networks Sybil attacks Location privacy Mobile crowdsourcing Telecom networks Internet of Things Cognitive radios Anything interesting 2

Cloud Computing 3

Typical Scenarios Datasets Untrusted Cloud Service Provider Users 4

Security and privacy issues How to verify the computation/query results returned by CSPs? How to process queries over encrypted datasets? How to deduplicate files encrypted under different keys? How to verify that my uploaded files are retrievable? 5

RFID System http://www.youtube.com/watch?v=_xnhl39ud7i RFID = Radio Frequency IDentification. An ADC (Automated Data Collection) technology that: Uses radio-frequency waves to transfer data between a reader and a movable item to identify, categorize, track.. Is fast and does not require physical sight or contact between reader/scanner and the tagged item. Performs the operation using low cost components. Attempts to provide unique identification and backend integration that allows for wide range of applications. Other ADC technologies: Bar codes, OCR. 6

A typical RFID system backoffice database(s) Reader LF / UHF Communication range Coupling Backscatter communication Tag active / passive 1 bit 64 kb (EEPROM/SRAM) controller / CPU read-only / read-write 7

Frame Slotted Aloha Protocol 8

Current RFID Systems Unsafe No authentication No friend/foe distinction No access control Rogue reader can link to tag Rogue tag can mess up reader No encryption Eavesdropping possible Predictable responses Traffic analysis, linkability No GUI and distance not enforced by tag 9

Security & Privacy Issues Privacy-preserving tag identification/authentication/counting Missing tag detection/identification Batch tag authentication Clone/counterfeit detection etc. 10

Bitcoin & Blockchain A nice introductory video on bitcoin Youtube, search How Bitcoin Works Under the Hood A decentralized digital ledger that records transactions such that the registered transactions cannot be altered retroactively Important concepts: transactions, blocks, mining, mining pools, etc. Cryptographic techniques: cryptographic hash and digital signature 11

Research issues Double spending Proof-of-work Stability Consensus protocol Payment verification Key management etc. Additional reading: SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies IEEE S&P 2015 12

Anonymous communication Hiding the identitie(s) of the parties involved in digital communications from each other, or from third-parties Types of Anonymity Sender anonymity Receiver anonymity Sender-Receiver (a.k.a. relationship) anonymity 13

Mix Proxies and Onion Routing <K P, K S > <K P, K S > <K P, K S >

Traffic Mixing Arrival Order Send Order 4 2 1 1 2 3 3 4 15

Dummy / Cover Traffic Simple idea: Send useless traffic to help obfuscate real traffic 16

Tor Largest, most well deployed anonymity preserving service on the Internet Publicly available since 2002 Continues to be developed and improved Currently, ~5000 Tor relays around the world All relays are run by volunteers It is suspected that some are controlled by intelligence agencies 500K 900K daily users Numbers are likely larger now, thanks to Snowden Additional reading: Tor: The Second-Generation Onion Router, Usenix Security 2004 17

Research Issues Novel anonymous communication systems Attacks on existing anonymous communication systems, e.g., Tor Improvement for Tor etc. 18

Social Networks 19

Sybil Attack Definition: an individual entity masquerades as multiple simultaneous identities Why named Sybil attack Severe impact on many distributed applications and everyday services Commonly assume that every participating entity controls exactly one identity Examples of the Sybil attack Rig Internet polls by using multiple IP addresses to submit votes Gain advantage in any results of a chain letter A well-known major problem in real-world selections Increase the Google PageRank ratings of customers pages 20

Sybil Attack Examples of the Sybil attack (cont d) A common attack on social networking websites, e.g., Facebook, Twitter A common attack on real-world reputation systems like Ebay Obtain multiple accounts on free-email systems by spammers Cause P2P computing systems which use voting to verify correct answers, such as SETI@home, to accept false solutions from a Sybil attacker Reveal the initiator of a connection in a system that provides anonymous communications between peers, like Tor Out-votes honest users in other collaborative tasks such as resource allocation, voting, 21

Defenses against Sybil Attack Using a trusted central authority Tie identities to actual human beings Not always desirable Can be hard to find such authority Sensitive info may scare away users Potential bottleneck and target of attack Without a trusted central authority Impossible unless using special assumptions [Douceur 02] Resource challenges not sufficient -- adversary can have much more resources than a typical user 22

Research Issues Detect fake/malicious accounts in social networks Explore social networks to thwart Sybil attacks Additional reading: Using Social Networks to Overcome Sybil Attacks, Distributed Computing 2011. 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback