1,721,049 research outputs found
S-Kademlia: a Trust and Reputation Method to Mitigate a Sybil Attack in Kademlia
No full textPeer-to-peer architectures have become very popular in the last years for a variety of services and applications such as collaborative computing, streaming and VoIP applications. The security and integrity of the overlay involved in such networks is a fundamental prerequisite for deploying such a technology. Withstanding multiple false identities in the overlay, also known as a Sybil attack, is one of the main challenges in securing structured peer-to-peer networks. Poisoning routing tables through these identities may make the routing and storage and retrieval processes extremely difficult and time consuming. In this paper we investigate possible countermeasures and propose a novel method for making the routing and the storage and retrieval of resources in a Kademlia network more secure through the use of a combined trust-based algorithm exploiting reputation techniques. Our solution provides a balanced mixing of standard Kademlia algorithms and trust-based algorithms showing promising results in thwarting a Sybil attack in a Kademlia network, in comparison with similar methods as well
A Virtual Learning Architecture Enhanced by Fog Computing and Big Data Streams
No full textIn recent years, virtual learning environments are gaining more and more momentum, considering both the technologies deployed in their support and the sheer number of terminals directly or indirectly interacting with them. This essentially means that every day, more and more smart devices play an active role in this exemplary Web of Things scenario. This digital revolution, affecting education, appears clearly intertwined with the earliest forecasts of the Internet of Things, envisioning around 50 billions heterogeneous devices and gadgets to be active by 2020, considering also the deployment of the fog computing paradigm, which moves part of the computational power to the edge of the network. Moreover, these interconnected objects are expected to produce more and more significant streams of data, themselves generated at unprecedented rates, sometimes to be analyzed almost in real time. Concerning educational environments, this translates to a new type of big data stream, which can be labeled as educational big data streams. Here, pieces of information coming from different sources (such as communications between students and instructors, as well as students’ tests, etc.) require accurate analysis and mining techniques in order to retrieve fruitful and well-timed insights from them. This article presents an overview of the current state of the art of virtual learning environments and their limitations; then, it explains the main ideas behind the paradigms of big data streams and of fog computing, in order to introduce an e-learning architecture integrating both of them. Such an action aims to enhance the ability of virtual learning environments to be closer to the needs of all the actors in an educational scenario, as demonstrated by a preliminary implementation of the envisioned architecture. We believe that the proposed big stream and fog-based educational framework may pave the way towards a better understanding of students’ educational behaviors and foster new research directions in the fiel
A comparison analysis of trust-adaptive approaches to deliver signed public keys in P2P systems
No full text
A Balanced Trust-based Method to Counter Sybil and Spartacus Attacks in Chord
No full textA Sybil attack is one of the main challenges to be addressed when securing peer-to-peer networks, especially those based on Distributed Hash Tables (DHTs). Tampering routing tables by means of multiple fake identities can make routing, storing, and retrieving operations significantly more difficult and time-consuming. Countermeasures based on trust and reputation have already proven to be effective in some contexts, but one variant of the Sybil attack, the Spartacus attack, is emerging as a new threat and its effects are even riskier and more difficult to stymie. In this paper, we first improve a well-known and deployed DHT (Chord) through a solution mixing trust with standard operations, for facing a Sybil attack affecting either routing or storage and retrieval operations. This is done by maintaining the least possible overhead for peers. Moreover, we extend the solution we propose in order for it to be resilient also against a Spartacus attack, both for an iterative and for a recursive lookup procedure. Finally, we validate our findings by showing that the proposed techniques outperform other trust-based solutions already known in the literature as well
3AKEP: Triple-authenticated key exchange protocol for peer-to-peer VoIP applications
No full textPeer-to-peer architectures have become very popular in the last years for a variety of services and applications they support, such as collaborative computing, streaming and VoIP applications. The security of the protocols involved in such operations is, however, a fundamental prerequisite for a widespread diffusion of such a technology. In this paper, we focus on the establishment of a security association in a distributed scenario and we propose a new key exchange protocol authenticated through three different methods: i) the verification of a signature, based on the identifier of the remote peer, ii) the use of retained secrets from previously established sessions with the same peer, iii) the exchange of a Short Authentication String through a proper “trusted means”. We also provide a possible implementation for peer-to-peer VoIP applications for setting up secure multimedia communications through the standard SIP protocol. Our proposal does not require pre-shared secrets, trusted third parties, nor a Public Key Infrastructure. In addition, we investigate different ways of distributing cryptographic peer identities in a sort of P2P web-of-trust. The proposed protocols have been also implemented and integrated into an open source SIP User Agent, for functional validation
Automatic Job Safety Report Generation using RAG-based LLMs
No full textThis study introduces an innovative approach to safety report generation using a Retrieval-Augmented Generation (RAG) framework, tailored to synthesize comprehensive reports from descriptions and logs of work sessions. The core contribution of our study is the comparison and optimization of various Large Language Model variants (based on LLaMA) and embedding models, aiming to identify the most effective combination for accurately capturing and reflecting the intricacies of safety-related data in a given domain. Our RAG-based system leverages the strengths of different LLaMA models and embedding techniques to process and contextualize the input data, which include detailed session descriptions and operational logs. By integrating these models, we aim to automate the generation of safety reports that are not only coherent and contextually relevant, but also adhere to the stringent requirements of safety documentation in professional environments. The validation of our approach is performed using an aviation safety dataset and classic metrics in the field, such as Recall@5, GLEU, METEOR, and BERTscore. Our findings demonstrate the potential of RAG-based systems in streamlining the process of safety report generation, offering significant improvements in efficiency and accuracy over traditional methods and non domain-specific tailored models
A key agreement protocol for P2P VoIP applications
No full textA crucial aspect when establishing a secure peer-to-peer communication channel is the negotiation of the security parameters used to protect the successive data communications, including the various encryption and authentication keys. There are different secure protocol (such as IPSec, TLS, SSH, etc.) currently defined with their own negotiation mechanisms; unfortunately they usually rely on a pre-established trust relationship or secure association based on a shared secret key, some digital certificates, or a public key infrastructure (PKI). In this work we propose a new alternative key agreement protocol for setting up multimedia sessions between user agents (UAs) without requiring any pre-shared key or trust relationship or PKI. When two UAs communicate for the first time, a new key is established through Diffie-Hellman algorithm and authenticated by end users through vocal reading of a short authentication string. The proposed protocol has been also implemented and integrated in a publicly available VoIP UA
A statistical blind technique for recognition of internet traffic with dependence enforcement
No full textThe increasing demand of network security, access control, and service differentiation over IP networks drives Internet Service Providers and network administrators to deploy ever more sophisticated and faster traffic recognition mechanisms. Unfortunately this is complicated by the continuous development of new application protocols, increasing network bandwidth, and spreading of complicated tunneling and encryption techniques. In this paper we describe a statistical technique for blind recognition and classification of application sessions amongst aggregated traffic. Packets are assigned to known applications/protocols on the basis of a restricted set of information extracted from each packet: packet addresses, sizes, and timestamps. We analyzed three modes with different degrees of correlation among packets belonging to the same session. Albeit its simplicity, the studied technique has demonstrated very good performances, also when used for real-time classification
- …
