Electronic Communications of the EASST (European Association of Software Science and Technology)
Not a member yet
887 research outputs found
Sort by
Demo: Traffic Splitting for Tor – A Defense against Fingerprinting Attacks
Full text linkWebsite fingerprinting (WFP) attacks on the anonymity network Tor have become ever more effective. Furthermore, research discovered that proposed defenses are insufficient or cause high overhead. In previous work, we presented a new WFP defense for Tor that incorporates multipath transmissions to repel malicious Tor nodes from conducting WFP attacks. In this demo, we showcase the operation of our traffic splitting defense by visually illustrating the underlying Tor multipath transmission using LED-equipped Raspberry Pis
Uncertainty Entangled; Modelling Safety Assurance Cases for Autonomous Systems
Full text linkWhen designing and analysing autonomous systems and their environment it is necessary to consider uncertainty and multiple potential states (of the system and its environment). In this position paper, we explore the idea of notations and modelling tools that are based on ‘superpositions’ of states. More concretely, we present a treatment of uncertainty in autonomous systems inspired by quantum physics and propose an extension of the Goal Structuring Notation (GSN), a common approach for the modelling of safety arguments, to model ’superposition’ and ’entangled’ nodes; and, incorporate guidelines of the emerging UL 4600 standard for autonomous systems
Towards SCION-enabled IXPs: The SCION Peering Coordinator
Full text linkInternet eXchange Points (IXPs) around the world bring thousands of ISPs together to form dense peering fabrics. Since bilateral BGP peering sessions alone would result in large overhead, many IXPs offer route servers enabling the exchange of routing information with the entire peering population over a single multilateral BGP session. Route servers also perform RPKI validation to combat the lack of authentication and security in BGP. SCION is a novel inter-domain routing architecture addressing the security flaws of BGP by replacing it with a security and reliability centric clean-slate approach. We envision that operators of SCION ASes will be just as open to peering at Internet exchanges as they are today with BGP. Moreover, to fully utilize SCION's multipath capabilities SCION AS operators tend to deploy more different AS numbers than in BGP, further increasing the potential number of unique peering links at an IX. Since SCION has no native multilateral peering support, we propose the SCION peering coordinator, an IXP-hosted service automating SCION peering link setup based on per AS policies. As such, the SCION peering coordinator provides an open peering platform similar to BGP route servers to SCION
Wiretapping Pods and Nodes - Lawful Interception in Kubernetes
Full text linkNowadays IT infrastructures have to supply a flexible and dynamic platformfor the provision of modern applications. Kubernetes is one of the most notableenvironments for the provisioning of small and independently running microservicesused by modern applications. With Kubernetes, these microservices can be developed,deployed, updated and scaled in a continuous process. This flexibility is ahuge advantage to older and more static environments. But whereas these old infrastructureslack in dynamics, necessary digital investigation are easier to accomplish.This need is still existing in modern environments, hence this paper presents a novelapproach for the lawful interception of network packets in a Kubernetes cluster. Theapproach improves the dynamic capture processes by monitoring involved devicesassigned to a defined application without hampering the environment or capturingunwanted network packets.Keywords: Kubernetes, networ
Deep Reinforcement Learning for Smart Queue Management
Full text linkWith the goal of meeting the stringent throughput and delay requirements of classified network flows, we propose a Deep Q-learning Network (DQN) for optimal weight selection in an active queue management system based on Weighted Fair Queuing (WFQ). Our system schedules flows belonging to different priority classes (Gold, Silver, and Bronze) into separate queues, and learns how and when to dequeue from each queue. The neural network implements deep reinforcement learning tools such as target networks and replay buffers to help learn the best weights depending on the network state. We show, via simulations, that our algorithm converges to an efficient model capable of adapting to the flow demands, producing thus lower delays with respect to traditional WFQ
Ray-tracing based Inference Attacks on Physical Layer Security
Full text linkIn wireless network security, physical layer security provides a viable alternative to classical cryptography, which deliver high security guarantees with minimal energy expenditure. Nevertheless, these cryptograhpic primitives are based on assumptions about physical conditions which in practice may not be fulfilled.In this work we present a ray-tracing based attack, which challenges the basic assumption of uncorrelated channel properties for eavesdroppers. We realize this attack and evaluate it with real world measurement, and thereby show that such attacks can predict channel properties better than previous attacks and are also more generally applicable
IDN-Laser-Tester: A Framework for Detecting and Testing ILDA Digital Network Consumers for Laser Projection
Full text linkThe ILDA Digital Network (IDN) is a novel protocol family providing digital data transmission for laser projection. While the new standards mainly aim to replace the old analogue signal transmission, the digital streaming concept also enables completely new applications and flexible networked scenarios. Very simple tools are existing to check the old analogue connection. Our demo presents the IDN-Laser-Tester, a new framework that allows for detecting and testing IDN enabled hardware or software in a local network in a user friendly manner from smartphone, tablet or portable computer.
User Space Packet Schedulers: Towards Rapid Prototyping of Queue-Management Algorithms
Full text linkQuality of Service indicators in computer networks reached tremendousimportance over the last years. Especially throughput and latency are directly influenced by the dimension of packet queues. Determining the optimal dimension based on the inevitable tradeoff between throughput and latency tends to be a hard, almost infeasible challenge. Several algorithms for Active Queue Management have been proposed to address this challenge over the last years. However, the deploymentand by that the development of such algorithms is challenging as they are usually located within the operation systems’ kernel or implemented in fixed hardware. In this work, we investigate how novel algorithms can be deployed in user space for rapid prototyping with tolerable effort. We provide core performance characteristics and highlight the viability and reasonability of this approach
Implementing DNSSEC soft delegation for microservices
Full text linkSecuring DNS in Edge- and Fog computing, or other scenarios where microservices are offloaded, requires the provision of zone signing keys to the third parties who control the computing infrastructure. This fundamentally allows the infrastructure provider to create novel signatures at their discretion and even arbitrarily extend the certificate chain.Based on our proposal on soft delegation for DNSSEC, which curtails this vulnerability, we report on our proof-of-concept: a C-implementation of chameleon hashes in OpenSSL, a server side implementation of the mechanism in the ldns server, and an offline client that validates the signed records, in this paper. We also discuss different approaches for generating DNSSEC RRSIG records, and the behavior of a resolver to verify the credentials and securely connect to an end point using TLS with SNI and DANE
Demonstration: A cloud-control system equipped with intrusion detection and mitigation
Full text linkThe cloud control systems (CCs) are inseparable parts of industry 4.0. The cloud, by providing storage and computing resources, allows the controllers to evaluate complex problems that are too computationally demanding to perform locally. However, connecting physical systems to the cloud through the network can provide an entry point for attackers to infiltrate the system and cause damage with potentially catastrophic consequences. Hence, in this paper, we present a demo of our proposed security framework for CCs and demonstrate how it can detect attacks on this system quickly and mitigate them