Visible to the public Peer to Peer 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Peer to Peer



In a peer-to-peer (P2P) network, tasks such as searching for files or streaming audio or video are shared among multiple interconnected nodes—peers who share resources with other network participants without the need for centralized coordination by servers. Peer-to-peer systems pose considerable challenges for computer security. Like other forms of software, P2P applications can contain vulnerabilities, but what makes security particularly dangerous for P2P software is that peer-to-peer applications act as servers as well as clients, making them more vulnerable to remote exploits. For the Science of Security community, the issues relate to the hard problems of human behavior, metrics, composability, and resiliency. The work cited here was presented in 2015.

A. Reiter, “Enabling Secure Communication over Existing Peer-to-Peer Frameworks,” Parallel, Distributed and Network-Based Processing (PDP), 2015 23rd Euromicro International Conference on, Turku, 2015, pp. 575-582. doi:10.1109/PDP.2015.10
Abstract: Peer-to-peer technologies are, due to their distributed nature and the absence of a single point of failure, most promising in the field of providing privacy and security if appropriate mechanisms are in place. Currently security and privacy in peer-to-peer networks is tightly bound to specific frameworks. In this paper a flexible and modular approach for existing peer-to-peer frameworks to enable a secure communication using well-established and proven protocols and algorithms called SP2P is proposed. An interoperability layer is introduced where existing peer-to-peer frameworks, transport security protocols, different types of identities and appropriate identity authentication services can be plugged in seamlessly. The identity authentication service is designed to be compatible with existing quality level assurance frameworks which can be chosen depending on the deployment environment and requirements. Further the different components of end-to-end security protocols and their impact on the overall security and privacy level is analysed. This enables developers to use proven and well established security mechanisms without diving in the very specifics of different peer-to-peer framework specifications.
Keywords: computer network security; peer-to-peer computing; protocols; data privacy; enabling secure communication; end-to-end security protocols; existing peer-to-peer frameworks; identity authentication services; peer-to-peer frameworks; peer-to-peer technologies; transport security protocols; Authentication; Encryption; Interoperability; Peer-to-peer computing; Privacy; Protocols; End to end security; Identity authentication; Identity provisioning; Peer to peer networks; Secure communication; Transport security (ID#: 16-10631)  


Q. Han, H. Wen, G. Feng, L. Wang, and F. Pan, “Secure Interdependent Networks for Peer-to-Peer and Online Social Network,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, pp. 1-6. doi:10.1109/GLOCOM.2015.7417048
Abstract: Peer-to-peer (P2P) systems and online social network (OSN) both have achieved tremendous success. Recent studies suggest that the cooperation of P2P and OSN can achieve better efficiency and security. Unfortunately, novel security problems are emerging as the mutual cooperation and dependence contributes to forming the interdependent networks which are more vulnerable for malicious attack as well as rumor propagation. In this paper, we examined the security environment for P2P and OSN, respectively, and analyzed the security problem derived from the cooperation and interdependence of two networks. The spreader-ignorant-recaller-stifler (SICR) is leveraged to model the rumor spreading in the interdependent networks. In order to enhance the security, we proposed two security schemes named authentication intervening and splitting target and their performance summaries indicate to be effective, simple, and potentially transformative way to guarantee the security for interdependent networks of P2P and OSN.
Keywords: peer-to-peer computing; social networking (online); telecommunication security; OSN; P2P; authentication; online social network; peer-to-peer; secure interdependent networks; security problems; splitting target; spreader-ignorant-recaller-stifler; Complex networks; Peer-to-peer computing; Privacy; Security; Social network services; Topology (ID#: 16-10632)


N. Hwang and S. Lee, “Privacy Preserving Intersection of Neighbor Sets Exploiting Cross Checking Capability in a Peer to Peer Social Network Service,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, pp. 1-6. doi:10.1109/GLOCOM.2015.7416985
Abstract: Due to the privacy concerns on the data generated by the users, Peer to Peer Social Network Services are getting popular these days because the data is kept in a distributed manner. In some cases, the list of neighbors of a node should be kept private, too. However, for some applications, we may need to compute the list of common neighbors between two nodes without revealing the whole list of neighbors. In this paper, we propose a Bloom filter based approach to compute the intersection of neighbors between two nodes in SNSes. We exploit the cross-checking property enabled by the neighbor relationships to simplify the computation while getting more accurate results. Our proposed method can get a near perfect intersection with mostly zero or one false common neighbors. Furthermore, the Bloom filter can successfully hide the neighbor information from attackers. We show the performance through numerical analysis and extensive simulations.
Keywords: computer network security; data privacy; data structures; peer-to-peer computing; set theory; social networking (online); Bloom filter based approach; SNS; cross checking capability; neighbor intersection computation; neighbor sets; numerical analysis; peer-to-peer social network services; privacy preserving intersection; Data privacy; Distributed databases; Encryption; Numerical analysis; Peer-to-peer computing; Privacy; Social network services (ID#: 16-10633)


G. Nguyen, S. Roos, T. Strufe, and M. Fischer, “RBCS: A Resilient Backbone Construction Scheme for Hybrid Peer-to-Peer Streaming,” Local Computer Networks (LCN), 2015 IEEE 40th Conference on, Clearwater Beach, FL, 2015, pp. 261-269. doi:10.1109/LCN.2015.7366319
Abstract: Hybrid Peer-to-Peer streaming systems combine the advantages of an efficient push-based with a more resilient pull-based system to deliver video streams over the Internet. In this manner, hybrid systems offer low latency and an increased robustness to failures and node churn. However, current hybrid systems is vulnerable to misbehaving nodes and deliberate attacks. By taking central positions in the overlay, malicious nodes can perform extremely harmful Denial-of-Service (DoS) attacks. We propose RBCS, a novel backbone construction scheme, that is highly resilient against DoS attacks while maintaining fast content dissemination. RBCS incorporates stable peers into a manipulation-resistant multi-tree backbone overlay, which is resilient against both attacks and node churn. Additionally, RBCS securely identifies stable peers by using only local knowledge about the participation time of others. Extensive simulations indicate that RBCS outperforms the state-of-the-art in being more resilient against attacks at the price of a slightly increased overhead.
Keywords: Internet; computer network security; video streaming; DoS attacks;  RBCS; denial-of-service attacks; hybrid peer-to-peer streaming systems; manipulation-resistant multitree backbone overlay; node churn; pull-based system; resilient backbone construction scheme; video streams; Bandwidth; Computer crime; Peer-to-peer computing; Resilience; Streaming media; Switches; Topology (ID#: 16-10634)


J. Miguel, S. Caballé, F. Xhafa, and V. Snasel, “A Data Visualization Approach for Trustworthiness in Social Networks for On-line Learning,” Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, Gwangiu, 2015, pp. 490-497. doi:10.1109/AINA.2015.226
Abstract: Up to now, the problem of ensuring collaborative activities in e-Learning against dishonest students’ behaviour has been mainly tackled with technological security solutions. Over the last years, technological security solutions have evolved from isolated security approaches based on specific properties, such as privacy, to holistic models based on technological security comprehensive solutions, such as public key infrastructures, biometric models and multidisciplinary approaches from different research areas. Current technological security solutions are feasible in many e-Learning scenarios but on-line assessment involves certain requirements that usually bear specific security challenges related to e-Learning design. In this context, even the most advanced and comprehensive technological security solutions cannot cope with the whole scope of e-Learning vulnerabilities. To overcome these deficiencies, our previous research aimed at incorporating information security properties and services into on-line collaborative e-Learning by a functional approach based on trustworthiness assessment and prediction. In this paper, we present a peer-to-peer on-line assessment approach carried out in a real on-line course developed in our real e-Learning context of the Open University of Catalonia. The design presented in this paper is conducted by our trustworthiness security methodology with the aim of building peer-to-peer collaborative activities, which enhances security e-Learning requirements. Eventually, peer-to-peer visualizations methods are proposed to manage security e-Learning events, as well as on-line visualization through peer-to-peer tools, intended to analyse collaborative relationship.
Keywords: computer aided instruction; data visualisation; social networking (online); trusted computing; Open University of Catalonia; biometric models; data visualization approach; e-learning; holistic models; information security properties; information security services; multidisciplinary approaches; online learning; peer-to-peer collaborative activities; peer-to-peer on-line assessment; public key infrastructures; social networks; student behaviour; technological security; technological security comprehensive solutions; trustworthiness assessment; trustworthiness security methodology; Collaboration; Context; Electronic learning; Peer-to-peer computing; Security; Social network services; Visualization; Information security; computer-supported collaborative learning; on-line assessment; peer-to-peer analysis; trustworthiness (ID#: 16-10635)


D. Frey, R. Guerraoui, A. M. Kermarrec, A. Rault, F. Taïani, and J. Wang, “Hide & Share: Landmark-Based Similarity for Private KNN Computation,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 263-274. doi:10.1109/DSN.2015.60
Abstract: Computing k-nearest-neighbor graphs constitutes a fundamental operation in a variety of data-mining applications. As a prominent example, user-based collaborative-filtering provides recommendations by identifying the items appreciated by the closest neighbors of a target user. As this kind of applications evolve, they will require KNN algorithms to operate on more and more sensitive data. This has prompted researchers to propose decentralized peer-to-peer KNN solutions that avoid concentrating all information in the hands of one central organization. Unfortunately, such decentralized solutions remain vulnerable to malicious peers that attempt to collect and exploit information on participating users. In this paper, we seek to overcome this limitation by proposing H&S (Hide & Share), a novel landmark-based similarity mechanism for decentralized KNN computation. Landmarks allow users (and the associated peers) to estimate how close they lay to one another without disclosing their individual profiles. We evaluate H&S in the context of a user-based collaborative-filtering recommender with publicly available traces from existing recommendation systems. We show that although landmark-based similarity does disturb similarity values (to ensure privacy), the quality of the recommendations is not as significantly hampered. We also show that the mere fact of disturbing similarity values turns out to be an asset because it prevents a malicious user from performing a profile reconstruction attack against other users, thus reinforcing users’ privacy. Finally, we provide a formal privacy guarantee by computing an upper bound on the amount of information revealed by H&S about a user’s profile.
Keywords: collaborative filtering; data mining; data privacy; graph theory; pattern clustering; peer-to-peer computing; recommender systems; security of data; data-mining applications; decentralized peer-to-peer KNN solutions; formal privacy; hide & share; item identification; k-nearest-neighbor graph computation; landmark-based similarity mechanism; malicious user prevention; private KNN computation; profile reconstruction attack; similarity values; user-based collaborative-filtering recommender; Approximation methods; Context; Electronic mail; Measurement; Peer-to-peer computing; Privacy; Protocols; Data privacy; Nearest neighbor searches; Peer-to-peer computing; Recommender systems (ID#: 16-10636)


F. d. A. López-Fuentes and S. Balleza-Gallegos, “Evaluating Sybil Attacks in P2P Infrastructures for Online Social Networks,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1262-1267. doi:10.1109/HPCC-CSS-ICESS.2015.252
Abstract: In recent years, online social networks (OSN) have become very popular. These types of networks have been useful to find former classmates or to improve our interaction with friends. Currently, a huge amount of information is generated and consumed by millions of people from these types of networks. Most popular online social networks are based on centralized servers, which are responsible for the management and storage all information. Although online social networks introduce several benefits, these networks still face many challenges such as central control, privacy or security. P2P infrastructures have emerged as an alternative platform to deploy decentralized online social networks. However, decentralized distributed systems are vulnerable to malicious peers. In this work, we evaluate P2P infrastructures against Sybil attacks. In particular, we simulate and evaluate hybrid and distributed P2P architectures.
Keywords: computer network security; file servers; peer-to-peer computing; social networking (online); OSN; P2P infrastructure; Sybil attack evaluation; centralized server; decentralized distributed systems; decentralized online social network; distributed P2P architecture; hybrid P2P architecture; malicious peers; Bandwidth; Computational modeling; Flowcharts; Peer-to-peer computing; Protocols; Servers; Social network services; Sybil attack; online-social networks; peer-to-peer networks (ID#: 16-10637)


M. Zahak, M. Alizadeh, and M. Abbaspour, “Collaborative Privacy Management in P2P Online Social Networks,” Information Security and Cryptology (ISCISC), 2015 12th International Iranian Society of Cryptology Conference on, Rasht, 2015, pp. 64-72. doi:10.1109/ISCISC.2015.7387900
Abstract: Online Social Networks (OSNs) have become widely popular in recent years. In spite of users’ interest to join OSNs, sharing vast amounts of personal information and resources in these networks might result in privacy issues for them. In the centralized OSNs, access control policies defined by users are enforced by OSN providers. Moreover, as these shared resources are stored by providers, they can access them. To avoid such problems, various architectures for decentralized OSNs are proposed. But the proposed architectures for P2P OSNs yet do not support any mechanism for collaborative privacy management on the shared content. By increasing the amount of resources such as photos which is shared by friends or family members, privacy of a user in these networks does not depend on the resources shared by him anymore. In this case, users should be able to collaborate in control of the accessibility of all the resources belong to them. In this paper, using secret sharing scheme, we propose a collaborative access control model which all the users tagged in a content are able to define the privacy policy for it. Based on the various parameters such as sensitivity scores and privacy policies defined by each controller, an aggregated policy is assigned to a shared resource. To the best of our knowledge this is the first time such a collaborative privacy management model has been proposed for P2P based OSNs. Additionally, to demonstrate the applicability of the proposed model a prototype is implemented.
Keywords: data privacy; peer-to-peer computing; social networking (online); P2P based OSN; P2P online social networks; collaborative access control model; collaborative privacy management model; Access control; Collaboration; Cryptography; Decision support systems; Privacy; Proposals; Servers; collaborative; data sharing; peer-to-peer systems; privacy; social networking (ID#: 16-10638)


F. Burgstaller, A. Derler, S. Kern, G. Schanner, and A. Reiter, “Anonymous Communication in the Browser via Onion-Routing,” 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, Poland, 2015, pp. 260-267. doi:10.1109/3PGCIC.2015.22
Abstract: Every single communication on the Internet reveals private and sensitive information of the communicating parties if no further measures are applied. Various applications and measures are already available to e.g. tunnel traffic through other nodes to obscure the original sender and receiver. Existing frameworks require external applications, running on the particular nodes. We propose a flexible architecture for an anonymous communication framework that supports the interoperability among different platforms. Our proof-of-concept implementation, based on web standards and web technologies shows the feasibility of the framework in terms of usability and interoperability. The framework is running completely in the web-browser and does not have requirements on external applications. The evaluation results show that our framework brings great benefits to user’s privacy and security.
Keywords: Browsers; Peer-to-peer computing; Protocols; Public key; Servers; WebRTC; WebRTC; anonymous communication; end-to-end security; onion routing; peer-to-peer; security (ID#: 16-10639)


C. N. Kayembe, “Ubiquitous Social Sensor Networking System,” Consumer Electronics - Berlin (ICCE-Berlin), 2015 IEEE 5th International Conference on, Berlin, 2015, pp. 256-259. doi:10.1109/ICCE-Berlin.2015.7391250
Abstract: Social Networking Sites (SNS) require a centralized system accessible via Internet. SNS’ owners are in control of user’s data; this often leads to data theft, piracy and privacy issues. This paper proposes a way of socializing with people in surrounding places by using a ubiquitous social sensor network system (USSNS) where Wireless Sensor Node interact in a peer-to-peer mode without the need of Internet. Sensor Node are programed in order to exchange selected social information (e.g. status availability, emergency) to their peer sensor node within a predefine network coverage area (~ 10 indoor to 100 meter outdoor) via a multicast request. The result of this system could allow node’s user to find their peer via nodes’ LED lightening and engage in a face-to-face conversation if they are willing to. The USSNS aims to promote face-to-face interaction instead of current virtual interaction on SNS. The system was tested on two K-mote B2 devices using CoAP protocol.
Keywords: data privacy; peer-to-peer computing; protocols; social networking (online); ubiquitous computing; wireless sensor networks; CoAP protocol; ED lightening; Internet; USSNS; data piracy; data theft; peer-to-peer mode; social networking sites; ubiquitous social sensor networking system; wireless sensor node; Internet; Peer-to-peer computing; Protocols; Security; Social network services; Wireless communication; Wireless sensor networks; Sensor Node; Ubiquitous Social Sensor Networking (USSN); Wireless Sensor Network (ID#: 16-10640)


F. Jacob, J. Mittag, and H. Hartenstein, “A Security Analysis of the Emerging P2P-Based Personal Cloud Platform MaidSafe,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, pp. 1403-1410. doi:10.1109/Trustcom.2015.538
Abstract: The emergence of decentralized crypto currencies such as Bitcoin and the success of the anonymizing network TOR lead to an increased interest in peer-to-peer based technologies lately - not only due to the prevalent deployment of mass network surveillance technologies by authorities around the globe. While today’s application services typically employ centralized client/server architectures that require the user to trust the service provider, new decentralized platforms that eliminate this need of trust are on their rise. In this paper we critically analyze a fully decentralized alternative to today’s digital ecosystem - MaidSafe - that drops most of the commonly applied principles. The MaidSafe network implements a fully decentralized personal data storage platform on which user applications can be built. The network is made up by individual users who contribute storage, computing power and bandwidth. All communication between network nodes is encrypted, yet users only have to remember a username and password. To guarantee these objectives, MaidSafe combines mechanisms such as Self-Authentication, Self-Encryption, and a P2P-based public key infrastructure. This paper provides a condensed description of MaidSafe’s key protocol mechanisms, derives the underlying identity and access management architecture, and evaluates it with respect to security and privacy aspects.
Keywords: client-server systems; cloud computing; peer-to-peer computing; public key cryptography; security of data; Bitcoin; MaidSafe key protocol mechanisms; MaidSafe network; P2P-based personal cloud platform MaidSafe; P2P-based public key infrastructure; access management architecture; centralized client-server architectures; decentralized crypto currencies; digital ecosystem; fully decentralized personal data storage platform; mass network surveillance technologies; network TOR; peer-to-peer based technologies; security analysis; self-authentication mechanism; self-encryption mechanism; service provider; Internet; Online banking; Peer-to-peer computing; Privacy; Public key; Cloud; Decentralization; Distributed System; MaidSafe; P2P; Self-Authentication; Self-Encryption (ID#: 16-10641)


A. Biryukov and I. Pustogarov, “Bitcoin over Tor Isn’t a Good Idea,” Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 122-134. doi:10.1109/SP.2015.15
Abstract: Bit coin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transactions are broadcasted via a peer-to-peer network. While Bit coin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bit coin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bit coin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bit coin creates a new attack vector. A low-resource attacker can gain full control of information flows between all users who chose to use Bit coin over Tor. In particular the attacker can link together user’s transactions regardless of pseudonyms used, control which Bit coin blocks and transactions are relayed to user and can delay or discard user’s transactions and blocks. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP addresses when they decide to connect to the Bit coin network directly.
Keywords: IP networks; peer-to-peer computing; security of data; Bit coin network; Bitcoin; IP address; decentralized P2P digital currency; default Tor functionality; information flow; low-resource attacker; peer-to-peer network; popular mobile SPV client; pseudonymity; random-looking Bit coin address; user transactions; Bandwidth; Databases; IP networks; Online banking; Peer-to-peer computing; Relays; Servers; Anonymity; P2P; Security; Tor; cryptocurrency (ID#: 16-10642)


K. Kalaivani and C. Suguna, “Efficient Botnet Detection Based n Reputation Model and Content Auditing in P2P Networks,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, 2015, pp. 1-4. doi:10.1109/ISCO.2015.7282358
Abstract: Botnet is a number of computers connected through internet that can send malicious content such as spam and virus to other computers without the knowledge of the owners. In peer-to-peer (p2p) architecture, it is very difficult to identify the botnets because it does not have any centralized control. In this paper, we are going to use a security principle called data provenance integrity. It can verify the origin of the data. For this, the certificate of the peers can be exchanged. A reputation based trust model is used for identifying the authenticated peer during file transmission. Here the reputation value of each peer can be calculated and a hash table is used for efficient file searching. The proposed system can also verify the trustworthiness of transmitted data by using content auditing. In this, the data can be checked against trained data set and can identify the malicious content.
Keywords: authorisation; computer network security; data integrity; information retrieval; invasive software; peer-to-peer computing; trusted computing; P2P networks; authenticated peer; botnet detection; content auditing; data provenance integrity; file searching; file transmission; hash table; malicious content; peer-to-peer architecture; reputation based trust model; reputation model; reputation value; security principle; spam; transmitted data trustworthiness; virus; Computational modeling; Cryptography; Measurement; Peer-to-peer computing; Privacy; Superluminescent diodes; Data provenance integrity; content auditing; reputation value; trained data set (ID#: 16-10643)


T. Amft, B. Guidi, K. Graffi, and L. Ricci, “FRoDO: Friendly Routing over Dunbar-Based Overlays,” Local Computer Networks (LCN), 2015 IEEE 40th Conference on, Clearwater Beach, FL, 2015, pp. 356-364. doi:10.1109/LCN.2015.7366330
Abstract: Centralized Online Social Networks (OSNs) have become the main communication channel in both the personal and the business domain. A current trend for developing OSN services is towards the distribution of the social network infrastructure by using P2P architectures as basis for Distributed Online Social Networks (DOSNs). One of the main challenges of DOSNs comes from guaranteeing privacy and protection of private data. In previous work [18], we proposed a Dunbar-based approach to preserve data availability in DOSNs. Using Dunbar’s circles of intimacy a certain level of trust is ensured which bases on the users confidence in their friends. Now, to achieve privacy and anonymity, we focus on the incorporation of social contacts into existing Peer-to-Peer Overlays and show that a naive integration of social links into existing Overlays like Chord and Pastry is not satisfactory. In order to address drawbacks of the naive approach we introduce goLLuM, a general solution which can be used on top of existing structured and unstructured P2P networks. Our protocol enables to route messages via friendly nodes only, even if only few friends per node exist. By using synthetic models and real-data traces for the representation of friendship relationships we highlight the drawbacks of the naive solution and show the functionality of goLLuM.
Keywords: data privacy; overlay networks; peer-to-peer computing; routing protocols; security of data; social networking (online); trusted computing; Chord; DOSN; Dunbar circles of intimacy; FRoDO; Friendly Routing over Dunbar-based Overlays; OSN service; P2P architectures; Pastry; anonymity; centralized online social network; communication channel; data availability preservation; distributed online social network; friendly nodes; goLLuM; message routing protocol; peer-to-peer overlays; privacy guarantee; private data protection; social contact; social links; social network infrastructure; trust level; unstructured P2P network; user confidence; Data privacy; Distributed databases; Overlay networks; Peer-to-peer computing; Privacy; Routing; Social network services (ID#: 16-10644)


G. Paul, P. L. Dubouilh, and J. Irvine, “Performance Challenges of Decentralised Services,” Vehicular Technology Conference (VTC Fall), 2015 IEEE 82nd, Boston, MA, 2015, pp. 1-4. doi:10.1109/VTCFall.2015.7391073
Abstract: Decentralised, peer-to-peer based services present a variety of security and privacy benefits for their users, and highly scalable to cater for a growing numbers of users, without extra servers being required of the service operator. This presents a significant advantage for newly emerging mobile applications (with high numbers of users, and limited funds for infrastructure), although performance is a challenge when accessing decentralised services. In this paper, we firstly show the performance of our implementation of a decentralised chunk-based storage platform is constrained by the network. We show the impact of network latency on the performance of this decentralised storage solution, and propose our solution to this, in the form of a federated, intermediary server, thus creating a hybrid decentralised service. This approach offers relatively constant performance as latency increases, due to the use of TCP connectivity, while ensuring the advantages of the decentralised service are not lost in the process.
Keywords: mobile communication; peer-to-peer computing; transport protocols; TCP connectivity; decentralised chunk-based storage platform; decentralised peer-to-peer based services; mobile applications; Computer architecture; Distributed databases; Internet; Mobile handsets; Peer-to-peer computing; Performance evaluation; Servers (ID#: 16-10645)


J. M. Reddy and C. Hota, “Heuristic-Based Real-Time P2P Traffic Identification,” Emerging Information Technology and Engineering Solutions (EITES), 2015 International Conference on, Pune, India, 2015, pp. 38-43. doi:10.1109/EITES.2015.16
Abstract: Peer-to-Peer (P2P) networks have seen a rapid growth, spanning diverse applications like online anonymity (Tor), online payment (Bit coin), file sharing (Bit Torrent), etc. However, the success of these applications has raised concerns among ISPs and Network administrators. These types of traffic worsen the congestion of the network, and create security vulnerabilities. Hence, P2P traffic identification has been researched actively in recent times. Early P2P traffic identification approaches were based on port-based inspection. Presently, Deep Packet Inspection (DPI) is a prominent technique used to identify P2P traffic. But it relies on payload signatures which are not resilient against port masquerading, traffic encryption and NATing. In this paper, we propose a novel P2P traffic identification mechanism based on the host behaviour from the transport layer headers. A set of heuristics was identified by analysing the off-line datasets collected in our test bed. This approach is privacy preserving as it does not examine the payload content. The usefulness of these heuristics is shown on real-time traffic traces received from our campus backbone, where in the best case only 0.20% of flows were unknown.
Keywords: cryptography; data privacy; peer-to-peer computing; telecommunication security; telecommunication traffic; Bit coin; DPI; ISP; NATing; P2P network; P2P traffic identification mechanism; bit torrent; deep packet inspection; file sharing; heuristic-based real-time P2P traffic identification; network administrator; off-line dataset; online anonymity; online payment; payload signature; peer-to-peer network; port masquerading; port-based inspection; privacy preserving; real-time traffic; security vulnerability; traffic encryption; transport layer header; Accuracy; Internet; Payloads; Peer-to-peer computing; Ports (Computers); Protocols; Servers (ID#: 16-10646)


M. R. Abdmeziem, D. Tandjaoui, and I. Romdhani, “A Decentralized Batch-Based Group Key Management Protocol for Mobile Internet of Things (DBGK),” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, pp. 1109-1117. doi:10.1109/CIT/IUCC/DASC/PICOM.2015.166
Abstract: It is anticipated that constrained devices in the Internet of Things (IoT) will often operate in groups to achieve collective monitoring or management tasks. For sensitive and mission-critical sensing tasks, securing multicast applications is therefore highly desirable. To secure group communications, several group key management protocols have been introduced. However, the majority of the proposed solutions are not adapted to the IoT and its strong processing, storage, and energy constraints. In this context, we introduce a novel decentralized and batch-based group key management protocol to secure multicast communications. Our protocol is simple and it reduces the rekeying overhead triggered by membership changes in dynamic and mobile groups and guarantees both backward and forward secrecy. To assess our protocol, we conduct a detailed analysis with respect to its communication and storage costs. This analysis is validated through simulation to highlight energy gains. The obtained results show that our protocol outperforms its peers with respect to the rekeying overhead and the mobility of members.
Keywords: Internet of Things; cryptographic protocols; data privacy; mobile computing; multicast communication; backward secrecy; communication costs; decentralized batch-based group key management protocol; dynamic groups; energy constraints; energy gains; forward secrecy; group communication security; membership changes; mobile Internet of Things; mobile groups; multicast applications; rekeying overhead reduction; sensitive mission-critical sensing tasks; storage costs; Context; Encryption; Mobile communication; Peer-to-peer computing; Protocols; Servers; Data confidentiality; Group key Management; Internet Of Things; Multicast communications; Security and Privacy (ID#: 16-10647)


R. Moore, C. Morrell, R. Marchany, and J. G. Tront, “Utilizing the BitTorrent DHT for Blind Rendezvous and Information Exchange,” Military Communications Conference, MILCOM 2015 - 2015 IEEE, Tampa, FL, 2015, pp. 1560-1565. doi:10.1109/MILCOM.2015.7357667
Abstract: This paper introduces a moving target blind rendezvous system leveraging the BitTorrent Distributed Hash Table (DHT) to securely locate other nodes in a distributed system and to exchange information without a single point of failure. We leverage cryptographic constructions such as Elliptic Curve Diffie-Hellman key exchange and secure hashing functions, as well as the immense size of the BitTorrent DHT swarm to build this secure system. We require a minimal amount of pre-shared information and additionally allow that pre-shared information to be publicly available in the form of public keys. Our goal in this work is to provide a means of secure information dissemination that improves the capability of privacy focused and censorship avoidance systems.
Keywords: peer-to-peer computing; public key cryptography; BitTorrent DHT swarm; BitTorrent distributed hash table; censorship avoidance systems; cryptographic constructions; distributed system; elliptic curve Diffie-Hellman key exchange; information exchange; moving target blind rendezvous system; pre-shared information; public keys; secure hashing functions; secure information dissemination; Internet; Peer-to-peer computing; Privacy; Protocols; Security; Servers; Target tracking; Distributed Systems; Key Agreement; Mobile Privacy; Mobile Security; Moving Target Defense; Session Establishment (ID#: 16-10648)


M. A. U. Nasir, S. Girdzijauskas, and N. Kourtellis, “Socially-Aware Distributed Hash Tables for Decentralized Online Social Networks,” Peer-to-Peer Computing (P2P), 2015 IEEE International Conference on, Boston, MA, 2015, pp. 1-10. doi:10.1109/P2P.2015.7328524
Abstract: Many decentralized online social networks (DOSNs) have been proposed due to an increase in awareness related to privacy and scalability issues in centralized social networks. Such decentralized networks transfer processing and storage functionalities from the service providers towards the end users. DOSNs require individualistic implementation for services, (i.e., search, information dissemination, storage, and publish/subscribe). However, many of these services mostly perform social queries, where OSN users are interested in accessing information of their friends. In our work, we design a socially-aware distributed hash table (DHTs) for efficient implementation of DOSNs. In particular, we propose a gossip-based algorithm to place users in a DHT, while maximizing the social awareness among them. Through a set of experiments, we show that our approach reduces the lookup latency by almost 30% and improves the reliability of the communication by nearly 10% via trusted contacts.
Keywords: file organisation; social networking (online); DHT; DOSN; decentralized online social networks; gossip-based algorithm; socially-aware distributed hash tables; Peer-to-peer computing; Privacy; Relays; Reliability; Scalability; Security; Social network services (ID#: 16-10649)


Q. Tan, J. Shi, B. Fang, W. Zhang, and X. Wang, “StegoP2P: Oblivious User-Driven Unobservable Communications,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 7126-7131. doi:10.1109/ICC.2015.7249463
Abstract: With increasing concern for erosion of privacy, privacy preserving and censorship-resistance techniques are becoming more and more important. Anonymous communication techniques offer an important method defending against Internet surveillance, but these techniques don’t conceal themselves when used. In this paper, we propose StegoP2P, an unobservable communication system with Internet users in overlay network that relies on Innocent users’ oblivious data downloading, StegoP2P works by deploying a end-to-middle proxies, which inspect special steganography flows from StegoP2P users to innocent-looking destinations and mirror them to the true destination requested by oblivious P2P users. The hidden communication is indistinguishable from normal network communications to any adversaries without a private key, hence, making the StegoP2P clients unobservable. We have developed a proof-of-concept application based on Vuze and conducted evaluations through experiments.
Keywords: Internet; overlay networks; peer-to-peer computing; steganography; Internet users; StegoP2P; Vuze proof-of-concept application; end-to-middle proxy; hidden communication; innocent users oblivious data downloading; innocent-looking destinations; normal network communications; oblivious user-driven unobservable communications; overlay network; steganography; Censorship; IP networks; Internet; Peer-to-peer computing; Protocols; Security; Servers; Censorship-resistant; Covert channel; Steganography; Unobservable communication (ID#: 16-10650)


F. Randazzo, D. Croce, I. Tinnirello, C. Barcellona, and M. L. Merani, “Experimental Evaluation of Privacy-Preserving Aggregation Schemes on PlanetLab,” Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, Dubrovnik, 2015, pp. 379-384. doi:10.1109/IWCMC.2015.7289113
Abstract: New pervasive technologies often reveal many sensitive information about users’ habits, seriously compromising the privacy and sometimes even the personal security of people. To cope with this problem, researchers have developed the idea of privacy-preserving data mining which refers to the possibility of releasing aggregate information about the data provided by multiple users, without any information leakage about individual data. These techniques have different privacy levels and communication costs, but all of them can suffer when some users’ data becomes inaccessible during the operation of the privacy preserving protocols. It is thus interesting to validate the applicability of such architectures in real-world scenarios. In this paper we experimentally evaluate two promising privacy-preserving techniques on PlanetLab, analyzing the execution time and the failure rate that each scheme exhibits.
Keywords: data mining; data privacy; ubiquitous computing; PlanetLab; communication costs; pervasive technologies; privacy preserving protocols; privacy-preserving aggregation schemes; privacy-preserving data mining; Artificial neural networks; Cryptography; Data privacy; Peer-to-peer computing; Protocols; Servers; privacy; secret sharing; secure multi-party computation (ID#: 16-10651)


A. Sanatinia and G. Noubir, “OnionBots: Subverting Privacy Infrastructure for Cyber Attacks,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 69-80. doi:10.1109/DSN.2015.40
Abstract: Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively attempt to subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots can achieve a low diameter and a low degree and be robust to partitioning under node deletions. We develop a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.
Keywords: IP networks; computer network management; computer network security; data privacy; fault tolerant computing; telecommunication traffic; Cyber Attacks; IP-based mitigation techniques; OnionBots; SOAP; Tor; botnets; cryptographic mechanisms; destination information; host IP address; illegal activities; information nature; node deletions; privacy infrastructure subversion; resilient-stealthy botnets; self-healing network maintenance scheme; source information; Cryptography; Maintenance engineering; Peer-to-peer computing; Privacy; Relays; Servers; botnet; cyber security; privacy infrastructure; self-healing network (ID#: 16-10652)


L. Bariah, D. Shehada, E. Salahat, and C. Y. Yeun, “Recent Advances in VANET Security: A Survey,” Vehicular Technology Conference (VTC Fall), 2015 IEEE 82nd, Boston, MA, 2015, pp. 1-7. doi:10.1109/VTCFall.2015.7391111
Abstract: Vehicular ad hoc networks (VANET) are emerging as a prominent form of mobile ad hoc networks (MANETs) and as an effective technology for providing a wide range of safety applications for vehicle passengers. Nowadays, VANETs are of an increasing importance as they enable accessing a large variety of ubiquitous services. Such increase is also associated with a similar increase in vulnerabilities in these inter-vehicular services and communications, and consequently, the number of security attacks and threats. It is of paramount importance to ensure VANETs security as their deployment in the future must not compromise the safety and privacy of their users. The successful defending against such VANETs attacks prerequisite deploying efficient and reliable security solutions and services, and the research in this field is still immature and is continuously and rapidly growing. As such, this paper is devoted to provide a structured and comprehensive overview of the recent research advances on VANETS security services, surveying the state-of-the-art on security threats, vulnerabilities and security services, while focusing on important aspects that are not well-surveyed in the literature such as VANET security assessment tools.
Keywords: data privacy; telecommunication security; vehicular ad hoc networks; MANET; VANET security; intervehicular service; mobile ad hoc network; ubiquitous service; vehicle passenger; vehicular ad hoc networks; Global Positioning System; Peer-to-peer computing; Privacy; Roads; Security; Vehicles; Vehicular ad hoc networks (ID#: 16-10653)


E. Papapetrou, V. F. Bourgos, and A. G. Voyiatzis, “Privacy-Preserving Routing in Delay Tolerant Networks Based on Bloom Filters,” World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2015 IEEE 16th International Symposium on a, Boston, MA, 2015, pp. 1-9. doi:10.1109/WoWMoM.2015.7158148
Abstract: Privacy preservation in opportunistic networks, such as disruption and delay tolerant networks, constitutes a very challenging area of research. The wireless channel is vulnerable to malicious nodes that can eavesdrop data exchanges. Moreover, all nodes in an opportunistic network can act as routers and thus, gain access to sensitive information while forwarding data. Node anonymity and data protection can be achieved using encryption. However, cryptography-based mechanisms are complex to handle and computationally expensive for the participating (mobile) nodes. We propose SimBet-BF, a privacy-preserving routing algorithm for opportunistic networks. The proposed algorithm builds atop the SimBet algorithm and uses Bloom filters so as to represent routing as well as other sensitive information included in data packets. SimBet-BF provides anonymous communication and avoids expensive cryptographic operations, while the functionality of the SimBet algorithm is not significantly affected. In fact, we show that the required security level can be achieved with a negligible routing performance trade-off.
Keywords: delay tolerant networks; delays; radio networks; telecommunication network routing; telecommunication security; Bloom filters; SimBet algorithm; cryptography based mechanisms; eavesdrop data exchanges; expensive cryptographic operations; malicious nodes; mobile nodes; opportunistic networks; privacy preserving routing algorithm; wireless channel; Cryptography; Measurement; Peer-to-peer computing; Privacy; Protocols; Routing (ID#: 16-10654)


D. C. M. Segura et al., “Availability in the Flexible and Adaptable Distributed File System,” Parallel and Distributed Computing (ISPDC), 2015 14th International Symposium on, Limassol, 2015, pp. 148-155. doi:10.1109/ISPDC.2015.24
Abstract: The goals of a Distributed File Systems (DFS) may vary broadly. It is impossible to design a DFS attaining every desirable characteristic, such as, transparency, performance, privacy, reliability, and availability, for example. In this paper we describe the improvements achieved with the availability and performance offered by a DFS named FlexA (Flexible and Adaptable Distributed File System), which already proposed an architecture that could provide data security and flexibility. Modifications included a new approach to provide file replication and procedures to prevent system overloads. Details about the modifications introduced to FlexA, as well as results achieved with them, are provided. These results indicate that FlexA can be an important option among the known DFS.
Keywords: data privacy; distributed databases; DFS; FlexA system; data security; file replication; flexible and adaptable distributed file system; Computer crashes; File systems; Nominations and elections; Peer-to-peer computing; Servers; Synchronization; Distributed File Systems; availability; user space file system (ID#: 16-10655)


S. Gurung and Y. Kim, “Healthcare Privacy: How Secure Are the VOIP/Video-Conferencing Tools for PHI Data?,” Information Technology - New Generations (ITNG), 2015 12th International Conference on, Las Vegas, NV, 2015, pp. 574-579. doi:10.1109/ITNG.2015.96
Abstract: There is a high-tech term called telemedicine, which uses information technologies and telecommunication for exchanging medical information among patients and health service providers from different locations. Many video conferencing tools such as WebEx, Go To Meeting, Skype, Google+ Hangouts, etc. Are commonly used these days. Even though these tools vouch for some level of privacy and secured encrypted connections, there are still security risks and vulnerabilities associated with them such as data leaks, call intrusions, identity theft, etc. The risk is even higher during medical video conferencing as there involves many protected health information (PHI) data exchanges. And, any such violations or breach of PHI data can result in civil and criminal penalties as per the Health Insurance Portability and Accountability Act (HIPAA). In this paper, we conduct a literature survey on the security level of such tools, associated risks and possible alternative methods or tools.
Keywords: cryptography; data communication; electronic data interchange; electronic health records; health care; medical computing; medical information systems; teleconferencing; telemedicine; video communication; GoToMeeting; Google+ Hangouts; HIPAA; Health Insurance Portability and Accountability Act; PHI data breach; PHI data exchange; PHI data violation; Skype; VOIP; WebEx; call intrusion; data leak; healthcare privacy; identity theft; medical video conferencing; privacy level; protected health information data exchange; secured encrypted connection; security risk; telemedicine; video-conferencing tools; Cryptography; Google; Medical services; Peer-to-peer computing; Protocols; Servers; Google Hangout; PHI; Video Conferencing (ID#: 16-10656)


J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies,” Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 104-121. doi:10.1109/SP.2015.14
Abstract: Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system’s design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or ‘altcoins.’ Drawing from a scattered body of knowledge, we identify three key components of Bit coin’s design that can be decoupled. This enables a more insightful analysis of Bit coin’s properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.
Keywords: cryptography; data privacy; electronic money; financial data processing; protocols; Bitcoin; computational puzzle; consensus mechanism; cryptocurrency; cryptographic currency; currency allocation mechanism; disinter mediation protocol; key management tool; privacy-enhancing proposal; Communities; Cryptography; Online banking; Peer-to-peer computing; Proposals; Protocols (ID#: 16-10657)


Hongyu Jin and P. Papadimitratos, “Scaling VANET Security Through Cooperative Message Verification,” Vehicular Networking Conference (VNC), 2015 IEEE, Kyoto, 2015, pp. 275-278. doi:10.1109/VNC.2015.7385588
Abstract: VANET security introduces significant processing overhead for resource-constrained On-Board Units (OBUs). Here, we propose a novel scheme that allows secure Vehicular Communication (VC) systems to scale well beyond network densities for which existing optimization approaches could be workable, without compromising security (and privacy).
Keywords: cooperative communication; on-board communications; vehicular ad hoc networks; OBU; VANET security scaling; VC system; cooperative message verification; network density; resource-constrained on-board unit; vehicular ad hoc network; vehicular communication system; Cams; Computer aided manufacturing; Delays; Peer-to-peer computing; Receivers; Security; Vehicles; Security; performance; scalability (ID#: 16-10658)


L. Chen, L. Xu, X. Yuan, and N. Shashidhar, “Digital Forensics in Social Networks and the Cloud: Process, Approaches, Methods, Tools, and Challenges,” Computing, Networking and Communications (ICNC), 2015 International Conference on, Garden Grove, CA, 2015, pp. 1132-1136. doi:10.1109/ICCNC.2015.7069509
Abstract: As cloud computing and social networks become ubiquitous in our modern world, what come along with the nearly infinite storage and computing power are the security, privacy, and digital forensic challenges. Due to the completely different ways of data storage and processing in the cloud and social networks compared to their traditional counterparts, digital forensics practitioners are in need to establish new forensic process and find novel approaches, methods, and tools to maintain the efficiency and performance of their investigations. This paper examines latest studies of the process, challenges, approaches, methods, and tools of digital forensics in the cloud and social network environments, aiming to provide the audience new perspectives and recommendations in the related fields.
Keywords: cloud computing; digital forensics; social networking (online); data processing; data storage; digital forensics; forensic process; infinite storage; social networks; Conferences; Digital forensics; IEC standards; Peer-to-peer computing; Social network services; Time factors; digital investigation; electronic evidence; (ID#: 16-10659)


S. Dahal, Junghee Lee, Jungmin Kang, and Seokjoo Shin, “Analysis on End-to-End Node Selection Probability in Tor Network,” Information Networking (ICOIN), 2015 International Conference on, Cambodia, 2015, pp. 46-50. doi:10.1109/ICOIN.2015.7057855
Abstract: Tor is an open network that helps to defend against traffic analysis and thus achieves anonymity and resisting censorship online. Nowadays many researches have been carried out to attack Tor and to break the anonymity. To deanonymize the Tor, the attacker must be able to control both the guard node and exit node of a circuit. In this paper, we present an analysis on end-to-end node selection probability when an attacker adds different types of compromised nodes in the existing Tor network. For accurate Tor simulation, we used Shadow simulator for our experiment. By extensive performance evaluation, we conclude that when guard + exit flagged compromised nodes are added to Tor network, the selection probability of compromised nodes gets higher.
Keywords: computer network security; probability; telecommunication network routing; Shadow simulator; Tor network; Tor simulation; compromised nodes; end-to-end node selection probability; online anonymity; online censorship resistance; open network; selection probability; traffic analysis; Bandwidth; Peer-to-peer computing; Privacy; Relays; Routing; Security; Servers; Shadow; Tor; nodes; selection probability (ID#: 16-10660)


E. Vasilomanolakis, C. G. Cordero, M. Muhlhauser, and M. Fischer, “SkipMon: A Locality-Aware Collaborative Intrusion Detection System,” 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), Nanjing, 2015, pp. 1-8. doi:10.1109/PCCC.2015.7410282
Abstract: Due to the increasing quantity and sophistication of cyber-attacks, Intrusion Detection Systems (IDSs) are nowadays considered mandatory security mechanisms for protecting critical networks. Research on cyber-security is moving from such isolated IDSs towards Collaborative IDSs (CIDSs) in order to protect large-scale networks. In CIDSs, a number of IDS sensors work together for creating a holistic picture of the monitored network. Our contribution in this paper is a novel distributed and scalable CIDS, called SkipMon. Our system supports, both, the idea of locality and privacy preserving communication by means of exchanging compact alert data. Furthermore, we propose a mechanism for interconnecting sensors that experience similar traffic patterns. The experimental results suggest that our CIDS, with our technique of connecting monitoring nodes that experience similar traffic, is scalable and offers a good accuracy rate compared to a centralized system with full knowledge of the participating sensors’ data.
Keywords: groupware; security of data; CIDS; SkipMon; cyber-security; locality-aware collaborative intrusion detection system; mandatory security mechanisms; privacy preserving communication; Collaboration; Intrusion detection; Monitoring; Peer-to-peer computing; Routing; Sensors (ID#: 16-10661)


F. Yang, “The Tale of Deep Packet Inspection in China: Mind the Gap,” Information and Communication Technology (ICoICT ), 2015 3rd International Conference on, Nusa Dua, 2015, pp. 348-351. doi:10.1109/ICoICT.2015.7231449
Abstract: People expect some technologies to help access, share and enjoy the human knowledge and resources via the Internet as the deepening of Internet globalization. Deep packet inspection is a packet sniffing technology on the network traffic, enabling operators to monitor what is happening in real time. It could be applied to management bandwidth, lawful surveillance, copyright enforcement, network security and so forth. However, DPI deployment should be concerned its black boxing results such as ISPs unilateral measure, privacy infringement, advertisement implantation. When ISPs deploy the applications of DPI popularly, it is lack of sufficient attention from users, policy-makers, and researchers to rethink its social adverse impact. This paper seeks to examine the DPI deployment by ISPs in China, and be aware of the unbalanced gap between DPI deployment and social public policy. It is a brief tale of gap between DPI deployment and social public policy in China, hoping more attention could be paid to this domain.
Keywords: Internet; computer network security; copyright; China; DPI deployment; ISP deployment; Internet globalization; Internet service provider; black boxing; copyright enforcement; deep packet inspection; human knowledge; human resources; lawful surveillance; management bandwidth; network security; network traffic; packet sniffing technology; social adverse impact; social public policy; Bandwidth; Broadband communication; Inspection; Internet; Peer-to-peer computing; Privacy; Telecommunications; China; Deep packet inspection; P2P; bandwidth; policy; privacy (ID#: 16-10662)


J. Classen, J. Braun, F. Volk, M. Hollick, J. Buchmann, and M. Mühlhäuser, “A Distributed Reputation System for Certification Authority Trust Management,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, pp. 1349-1356. doi:10.1109/Trustcom.2015.529
Abstract: In the current Web Public Key Infrastructure (Web PKI), few central instances have the power to make trust decisions. From a system’s perspective, it has the side effect that every Certification Authority (CA) becomes a single point of failure (SPOF). In addition, trust is no individual matter per user, what makes trust decisions hard to revise. Hence, we propose a method to leverage Internet users and thus distribute CA trust decisions. However, the average user is unable to manually decide which incoming TLS connections are trustworthy and which are not. Therefore, we overcome this issue with a distributed reputation system that facilitates sharing trust opinions while preserving user privacy. We assess our methodology using real-world browsing histories. Our results exhibit a significant attack surface reduction with respect to the current Web PKI, and at the same time we only introduce a minimal overhead.
Keywords: Internet; data privacy; decision making; public key cryptography; trusted computing; CA trust decision; Internet users; SPOF; TLS connections; Web PKI; Web public key infrastructure; attack surface reduction; certification authority trust management; distributed reputation system; single point of failure; trust decision making; trust opinion sharing; user privacy preservation; History; Internet; Peer-to-peer computing; Privacy; Protocols; Routing; Security; distributed system; trust management (ID#: 16-10663)


P. Rad, M. Muppidi, A. S. Jaimes, S. S. Agaian, and M. Jamshidi, “Secure Proxy Service Using p-Fibonacci Transformation of Cosine Coefficients on Cloud File Sharing Environment,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1454-1459. doi:10.1109/HPCC-CSS-ICESS.2015.304
Abstract: In this paper, we sketch the idea of double image encryption service to provide the privacy and authentication on big-data image libraries on cloud computing environment. The encoding of the image is done using the P-Fibonacci transform of Discrete Cosine Coefficients “PFCC“ algorithm. First, using Discrete Cosine Transfer (DCT), we transfer an image from the spatial domain to the frequency domain. Second, we utilize the Fibonacci P-code for image bit-plane decomposition and the 2D P-Fibonacci transform for image encryption. Furthermore detailed simulations have been carried out to test the encryption service on cloud file sharing environment such as OpenStack Object Storage and flicker.
Keywords: Big Data; cloud computing; cryptography; data privacy; discrete cosine transforms; image coding; libraries; peer-to-peer computing; 2D P-Fibonacci transform; Big-Data image libraries authentication; Big-Data image libraries privacy; DCT; Fibonacci P-code; cloud computing environment; cloud file sharing environment; discrete cosine coefficients PFCC algorithm; discrete cosine transfer; double image encryption service; frequency domain; image bit-plane decomposition; image encoding; p-Fibonacci transformation; secure proxy service; spatial domain; Discrete cosine transforms; Encryption; Image reconstruction; Cloud computing; Discrete Cosine Transform; Image encryption; OpenStack Object Storage; p-Fibonacci Transform (ID#: 16-10664)


J. Yanez-Sierra, A. Diaz-Perez, V. Sosa-Sosa, and J. L. Gonzalez, “Towards Secure and Dependable Cloud Storage Based on User-Defined Workflows,” Cyber Security and Cloud Computing (CSCloud), 2015 IEEE 2nd International Conference on, New York, NY, 2015, pp. 405-410. doi:10.1109/CSCloud.2015.28
Abstract: A major concern of users of cloud storage services is the loss of control over security, availability and privacy of their files. That is partially addressed by end-to-end encryption techniques. However, most of the solutions currently available offer rigid functionalities that cannot be rapidly integrated into customized tools to meet user’s requirements like, for example, file sharing with other users. This paper presents an end-to-end architecture that enables users to build secure and resilient work-flows for storing and sharing files in the cloud. The workflows are configurable structures executed on the user-side that perform processing operations on the files through chained stages such as data compression for capacity overhead reduction, file assurance for ensuring confidentiality when sharing files and information dispersion for storing files in n cloud locations and retrieving them even during outages of m cloud storage providers. The users can set up different workflows depending on their requirements because they can organize the processing units of each stage in either pipeline to improve its performance or stack for improving functionality. The stages and their processing units are connected using I/O communication interfaces which ensure a continuous data flow from the user/organization computers to multiple cloud locations. Based on our architecture, we developed a prototype for a private cloud infrastructure. The experimental evaluation revealed the feasibility of enabling flexible file sharing and storage user-defined workflows in terms of performance.
Keywords: cloud computing; cryptography; input-output programs; peer-to-peer computing; software reliability; user interfaces; I/O communication interface; cloud storage dependability; cloud storage security; end-to-end architecture; end-to-end encryption technique; file sharing; user-defined workflow; Cloud computing; Computer architecture; Computers; Encryption; Pipelines; Reliability; cloud security; cloud storage; reliability; workflows (ID#: 16-10665)


X. Liu, Y. Xia, Y. Xiang, M. M. Hassan, and A. Alelaiwi, “A Secure and Efficient Data Sharing Framework with Delegated Capabilities in Hybrid Cloud,” Security and Privacy in Social Networks and Big Data (SocialSec), 2015 International Symposium on, Hangzhou, 2015, pp. 7-14. doi:10.1109/SocialSec2015.13
Abstract: Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the public cloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in data utilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication security that once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.
Keywords: cloud computing; cryptography; data privacy; mobile computing; outsourcing; peer-to-peer computing; software architecture; anonymous key agreement; attribute-based encryption; data confidentiality; data security; data sharing framework; encryption/decryption computation; hybrid cloud architecture; mobile device; outsourcing; Cloud computing; Data privacy; Encryption; Mobile handsets; Outsourcing; anonymous key agreement protocol; attribute-based encryption; hybrid cloud (ID#: 16-10666)


T. Loruenser, A. Happe, and D. Slamanig, “ARCHISTAR: Towards Secure and Robust Cloud Based Data Sharing,” 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), Vancouver, BC, 2015, pp. 371-378. doi:10.1109/CloudCom.2015.71
Abstract: Cloud based collaboration gives rise to many new applications and business opportunities in both the private and the business domain. However, building such systems in a secure and robust manner is a challenging task. In this paper, we present a new architecture for secure cloud based data sharing called ARCHISTAR. It builds upon a distributed storage system and thus avoids any single point of trust or failure. Besides providing confidentiality of data, our focus is on availability and in particular on robustness against active attacks or failures. Our system provides full multi-user support and enables advanced sharing scenarios without complex key management and revocation mechanisms. We also present a prototype implementation of the ARCHISTAR system and discuss open issues.
Keywords: cloud computing; data privacy; peer-to-peer computing; security of data; software architecture; ARCHISTAR architecture; cloud based data sharing; data confidentiality; data security; distributed storage system; multiuser support; Cloud computing; Distributed databases; Encryption; Information management; Public key; cloud security; cryptography; distributed systems; information sharing (ID#: 16-10667)


R. Khan and R. Hasan, “MIDEP: Multiparty Identity Establishment Protocol for Decentralized Collaborative Services,” Services Computing (SCC), 2015 IEEE International Conference on, New York, NY, 2015, pp. 546-553. doi:10.1109/SCC.2015.80
Abstract: Decentralized collaborative architectures are gaining popularity in all application areas, varying from peer-to-peer communication and content management to cloud and ubiquitous services. However, the public identity of the user is still a major concern, in terms of privacy, trace ability, verifiability, masquerading, and other attacks in such environments. We demonstrate two new attacks, identity shadowing and the Man-in-the-Loop (MITL) attacks, which are applicable in particular to multiparty collaborative environments. In this paper, we propose MIDEP, a Multiparty Identity Establishment Protocol for collaborative environments. The proposed protocol allows a client to establish a secure, multiparty, probabilistic, temporal, verifiable, and non-traceable public identity with the collaborating peers in a decentralized architecture. MIDEP allows a client to avoid identity shadowing and protects the service from the resulting threats as well as from colluded information sharing among the collaborating peers. We illustrate how existing collaborative service frameworks can utilize MIDEP to securely establish the public identity prior to beginning the service session. A prototype implementation is utilized to perform extensive experimental analysis. Our results show that MIDEP is highly suitable in terms of overhead to ensure secure identity establishment for underlying decentralized collaborative services.
Keywords: cryptographic protocols; MIDEP; MITL attacks; cloud services; content management; decentralized collaborative architectures; decentralized collaborative services; man-in-the-loop attacks; multiparty collaborative environments; multiparty identity establishment protocol; peer-to-peer communication; public identity; ubiquitous services; Collaboration; Information management; Privacy; Protocols; Prototypes; Security; Shadow mapping; Collaborative; Decentralized; Identity Establishment; Multiparty; Non-Traceable; Security; Temporal (ID#: 16-10668)


T. Veugen and Z. Erkin, “Content-Based Recommendations with Approximate Integer Division,” Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference on, South Brisbane, QLD, 2015, pp. 1802-1806. doi:10.1109/ICASSP.2015.7178281
Abstract: Recommender systems have become a vital part of e-commerce and online media applications, since they increased the profit by generating personalized recommendations to the customers. As one of the techniques to generate recommendations, content-based algorithms offer items or products that are most similar to those previously purchased or consumed. These algorithms rely on user-generated content to compute accurate recommendations. Collecting and storing such data, which is considered to be privacy-sensitive, creates serious privacy risks for the customers. A number of threats to mention are: service providers could process the collected rating data for other purposes, sell them to third parties, or fail to provide adequate physical security. In this paper, we propose a cryptographic approach to protect the privacy of individuals in a recommender system. Our proposal is founded on homomorphic encryption, which is used to obscure the private rating information of the customers from the service provider. Our proposal explores basic and efficient cryptographic techniques to generate private recommendations using a server-client model, which neither relies on (trusted) third parties, nor requires interaction with peer users. The main strength of our contribution lies in providing a highly efficient division protocol which enables us to hide commercially sensitive similarity values, which was not the case in previous works.
Keywords: approximation theory; cryptography; electronic commerce; integer programming; recommender systems; approximate integer division; content based algorithms; content based recommendations; cryptographic approach; cryptographic techniques; e-commerce; homomorphic encryption; online media applications; personalized recommendations; recommender systems; serious privacy risks; server-client model; service providers; user generated content; Computational modeling; Protocols; Recommender systems; homomorphic encryption; privacy; secure division; secure multi-party computation (ID#: 16-10669)


S. Rizvi and J. Mitchell, “A Semi-Distributed Access Control Management Scheme for Securing Cloud Environment,” Cloud Computing (CLOUD), 2015 IEEE 8th International Conference on, New York City, NY, 2015, pp. 501-507. doi:10.1109/CLOUD.2015.73
Abstract: Despite numerous advantages that cloud computing offer (e.g., Flexibility, elasticity, scalability, etc.), many potential clients are still hesitant to join the cloud due to their security and privacy concerns. Outsourcing the data to a cloud in a multitenant environment brings many security challenges including data leaks, threats, and malicious attacks. The cloud computing platform, virtual servers, and the provider’s services are highly dynamic and diverse in nature, making the traditional access control mechanisms (e.g., Firewalls and VLAN etc.) less effective in controlling the unauthorized access to cloud’s data and resources. Several access control policies and authorization system have been proposed in literature to defend against cloud security threats. Most of these systems are designed to work with one or more access control policies. However, little work has been done to develop generic access control architecture capable to work with most of the available access control policies. In this paper, we present a new access control architecture using a global resource management system (GRMS) to effectively handle both local and remote access requests. The introduction of GRMS makes our proposed architecture semi distributed at the expense of minimal request-response time. In addition, our proposed architecture works effectively with both peered access control module (PACM) and virtual resource manager (VRM) to protect and manage all resources and services of cloud providers from unauthorized access.
Keywords: authorisation; cloud computing; data privacy; file servers; resource allocation; GRMS; PACM; VRM; access control mechanisms; authorization system; cloud computing; cloud environment security; cloud providers; cloud security threats; data leaks; generic access control architecture; global resource management system; malicious attacks; multitenant environment; peered access control module; privacy concerns; security challenges; security concerns; semidistributed access control management scheme; unauthorized access; virtual resource manager; virtual servers; Authorization; Cloud computing; Computer architecture; Containers; Virtualization; Access control; role based access control; side channel attack (ID#: 16-10670)


G. Cattaneo, L. Catuogno, F. Petagna, and G. Roscigno, “Reliable Voice-Based Transactions over VoIP Communications,” Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on, Blumenau, 2015, pp. 101-108. doi:10.1109/IMIS.2015.20
Abstract: Nowadays, plenty of sensitive transactions are provided through call centers such as bank operations, goods purchase and contracts signing. Beside communication confidentiality, two major issues are raised within this scenario: (1) each peer should be ensured about the identity of the other, (2) each peer should be guaranteed that the other could not cheat about the communication contents. Current telecommunication (TLC) networks offer (built-in) or allow several mechanisms to enhance security and reliability of human conversations, leveraging strong authentication mechanisms and cryptography. However, in most cases these solutions require complex deployments, mainly based on proprietary technologies which are often characterized by high costs and low flexibility. In this paper we present a solution for strong peers authentication and non-repudiability of human conversations through Voice over IP (VoIP) networks. Our solution achieves low costs and high interoperability as it is built on top of open standard technologies. Authentication and key-agreement mechanism are based on X.509 digital certificates and full PKCS#11 compliant cryptographic tokens. As proof of concept, we present and discuss a prototype implementation.
Keywords: Internet telephony; cryptographic protocols; open systems; telecommunication network reliability; telecommunication security; TLC networks; VoIP communications; X.509 digital certificates; authentication mechanisms; call centers; communication confidentiality; cryptographic tokens; cryptography; current telecommunication networks; high interoperability; human conversation reliability; human conversation security; key agreement mechanism; peer authentication; reliable voice-based transactions; voice over IP networks; Authentication; Cryptography; Digital signatures; Protocols; Prototypes; Standards; Non-repudiable Communication; Peer Authentication; Privacy; Smart Card; VoIP (ID#: 16-10671)


G. Zyskind, O. Nathan, and A. Pentland, “Decentralizing Privacy: Using Blockchain to Protect Personal Data,” Security and Privacy Workshops (SPW), 2015 IEEE, San Jose, CA, 2015, pp. 180-184. doi:10.1109/SPW.2015.27
Abstract: The recent increase in reported incidents of surveillance and security breaches compromising users’ privacy call into question the current model, in which third-parties collect and control massive amounts of personal data. Bit coin has demonstrated in the financial space that trusted, auditable computing is possible using a decentralized network of peers accompanied by a public ledger. In this paper, we describe a decentralized personal data management system that ensures users own and control their data. We implement a protocol that turns a block chain into an automated access-control manager that does not require trust in a third party. Unlike Bit coin, transactions in our system are not strictly financial -- they are used to carry instructions, such as storing, querying and sharing data. Finally, we discuss possible future extensions to block chains that could harness them into a well-rounded solution for trusted computing problems in society.
Keywords: data privacy; trusted computing; auditable computing; automated access-control manager; bit coin; blockchain; decentralized network; decentralized personal data management system; decentralizing privacy; financial space; personal data protection; public ledger; security breaches; surveillance; trusted computing problem; user privacy call; Compounds; Data privacy; Encryption; Online banking; Privacy; Protocols; bitcoin; personal data; privacy (ID#: 16-10672)


S. Raza, P. Misra, Z. He, and T. Voigt, “Bluetooth Smart: An Enabling Technology for the Internet of Things,” Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on, Abu Dhabi, 2015, pp. 155-162. doi:10.1109/WiMOB.2015.7347955
Abstract: The past couple of years have seen a heightened interest in the Internet of Things (IoT), transcending industry, academia and government. As with new ideas that hold immense potential, the optimism of IoT has also exaggerated the underlying technologies well before they can mature into a sustainable ecosystem. While 6LoWPAN has emerged as a disruptive technology that brings IP capability to networks of resource constrained devices, a suitable radio technology for this device class is still debatable. In the recent past, Bluetooth Low Energy (LE) - a subset of the Bluetooth v4.0 stack - has surfaced as an appealing alternative that provides a low-power and loosely coupled mechanism for sensor data collection with ubiquitous units (e.g., smartphones and tablets). When Bluetooth 4.0 was first released, it was not targeted for IP-connected devices but for communication between two neighboring peers. However, the latest release of Bluetooth 4.2 offers features that makes Bluetooth LE a competitive candidate among the available low-power communication technologies in the IoT space. In this paper, we discuss the novel features of Bluetooth LE and its applicability in 6LoWPAN networks. We also highlight important research questions and pointers for potential improvement for its greater impact.
Keywords: Bluetooth; Internet of Things; smart phones; 6LoWPAN networks; Bluetooth low energy; Bluetooth smart; Bluetooth v4.0 stack; IP-connected devices; IoT; low-power communication; resource constrained devices; sensor data collection; smartphones; tablets; ubiquitous units; Internet; Privacy; Protocols; Security; Smart phones; Standards; Bluetooth 4.2; Bluetooth Smart; Low Energy; Research Challenges (ID#: 16-10673)


K. Thakker, C. H. Lung, and P. Morde, “Secure and Optimal Content-centric Networking Caching Design,” Trustworthy Systems and Their Applications (TSA), 2015 Second International Conference on, Hualien, 2015, pp. 36-43. doi:10.1109/TSA.2015.17
Abstract: Due to accretion demand and size of the contents makes today’s Internet architecture inefficient. This host centric model does not seem effective to cater current communication needs where users focus on desired content. As a result, translation between content information and networking domain should take place, typically consisting of an establishment of a delivery path between the content provider and the content consumer. This translation is generally an inefficient constraint, as data location and data popularity are neglected, which leads to over consumption of network resources. The increasing demands of highly scalable and efficient distribution of contents have motivated the development of future Internet architecture based on named data objects. Currently, Content Centric Networking (CCN) is gaining attention as the future Internet architecture where contents themselves are the primary focus, rather than the location of the content. This paper provides an insight into efficient caching management policies used currently for large file caching, our proposed approach along with its justification and validation behind the idea for designing the best caching strategy in CCN. However, caching policies can be misused if attackers use cache as storage to make their own content available for attacks or privacy leaks. We conclude with the need for security mechanisms for protecting the cache and the security measures to prevent any misuse of it.
Keywords: Internet; cache storage; data privacy; security of data; CCN; Internet architecture; host centric model; named data objects; network resource over-consumption; optimal content-centric networking caching design; privacy leaks; secure content-centric networking caching design; Computer architecture; Computers; Mathematical model; Privacy; Routing protocols; Security; Content delivery networking (CDN); Content-centric networking (CCN); caching; peer-assisted content delivery; software defined networking (SDN) (ID#: 16-10674)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.