Visible to the public Biblio

Filters: Author is Zhou, Xiaobo  [Clear All Filters]
2022-06-15
Fan, Wenjun, Chang, Sang-Yoon, Zhou, Xiaobo, Xu, Shouhuai.  2021.  ConMan: A Connection Manipulation-based Attack Against Bitcoin Networking. 2021 IEEE Conference on Communications and Network Security (CNS). :101–109.
Bitcoin is a representative cryptocurrency system using a permissionless peer-to-peer (P2P) network as its communication infrastructure. A number of attacks against Bitcoin have been discovered over the past years, including the Eclipse and EREBUS Attacks. In this paper, we present a new attack against Bitcoin’s P2P networking, dubbed ConMan because it leverages connection manipulation. ConMan achieves the same effect as the Eclipse and EREBUS Attacks in isolating a target (i.e., victim) node from the rest of the Bitcoin network. However, ConMan is different from these attacks because it is an active and deterministic attack, and is more effective and efficient. We validate ConMan through proof-of-concept exploitation in an environment that is coupled with real-world Bitcoin node functions. Experimental results show that ConMan only needs a few minutes to fully control the peer connections of a target node, which is in sharp contrast to the tens of days that are needed by the Eclipse and EREBUS Attacks. Further, we propose several countermeasures against ConMan. Some of them would be effective but incompatible with the design principles of Bitcoin, while the anomaly detection approach is positively achievable. We disclosed ConMan to the Bitcoin Core team and received their feedback, which confirms ConMan and the proposed countermeasures.
Fan, Wenjun, Hong, Hsiang-Jen, Wuthier, Simeon, Zhou, Xiaobo, Bai, Yan, Chang, Sang-Yoon.  2021.  Security Analyses of Misbehavior Tracking in Bitcoin Network. 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). :1–3.
Because Bitcoin P2P networking is permissionless by the application requirement, it is vulnerable against networking threats based on identity/credential manipulations such as Sybil and spoofing attacks. The current Bitcoin implementation keeps track of its peer's networking misbehaviors through ban score. In this paper, we investigate the security problems of the ban-score mechanism and discover that the ban score is not only ineffective against the Bitcoin Message-based DoS attacks but also vulnerable to a Defamation attack. In the Defamation attack, the network adversary can exploit the ban-score mechanism to defame innocent peers.
2022-04-25
Jiang, Xiaoyu, Qiu, Tie, Zhou, Xiaobo, Zhang, Bin, Sun, Ximin, Chi, Jiancheng.  2021.  A Text Similarity-based Protocol Parsing Scheme for Industrial Internet of Things. 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD). :781–787.
Protocol parsing is to discern and analyze packets' transmission fields, which plays an essential role in industrial security monitoring. The existing schemes parsing industrial protocols universally have problems, such as the limited parsing protocols, poor scalability, and high preliminary information requirements. This paper proposes a text similarity-based protocol parsing scheme (TPP) to identify and parse protocols for Industrial Internet of Things. TPP works in two stages, template generation and protocol parsing. In the template generation stage, TPP extracts protocol templates from protocol data packets by the cluster center extraction algorithm. The protocol templates will update continuously with the increase of the parsing packets' protocol types and quantities. In the protocol parsing phase, the protocol data packet will match the template according to the similarity measurement rules to identify and parse the fields of protocols. The similarity measurement method comprehensively measures the similarity between messages in terms of character position, sequence, and continuity to improve protocol parsing accuracy. We have implemented TPP in a smart industrial gateway and parsed more than 30 industrial protocols, including POWERLINK, DNP3, S7comm, Modbus-TCP, etc. We evaluate the performance of TPP by comparing it with the popular protocol analysis tool Netzob. The experimental results show that the accuracy of TPP is more than 20% higher than Netzob on average in industrial protocol identification and parsing.
2021-11-08
Chang, Sang-Yoon, Park, Younghee, Kengalahalli, Nikhil Vijayakumar, Zhou, Xiaobo.  2020.  Query-Crafting DoS Threats Against Internet DNS. 2020 IEEE Conference on Communications and Network Security (CNS). :1–9.
Domain name system (DNS) resolves the IP addresses of domain names and is critical for IP networking. Recent denial-of-service (DoS) attacks on Internet targeted the DNS system (e.g., Dyn), which has the cascading effect of denying the availability of the services and applications relying on the targeted DNS. In view of these attacks, we investigate the DoS on DNS system and introduce the query-crafting threats where the attacker controls the DNS query payload (the domain name) to maximize the threat impact per query (increasing the communications between the DNS servers and the threat time duration), which is orthogonal to other DoS approaches to increase the attack impact such as flooding and DNS amplification. We model the DNS system using a state diagram and comprehensively analyze the threat space, identifying the threat vectors which include not only the random/invalid domains but also those using the domain name structure to combine valid strings and random strings. Query-crafting DoS threats generate new domain-name payloads for each query and force increased complexity in the DNS query resolution. We test the query-crafting DoS threats by taking empirical measurements on the Internet and show that they amplify the DoS impact on the DNS system (recursive resolver) by involving more communications and taking greater time duration. To defend against such DoS or DDoS threats, we identify the relevant detection features specific to query-crafting threats and evaluate the defense using our prototype in CloudLab.
2020-06-02
Zhou, Wei, Wang, Jin, Li, Lingzhi, Wang, Jianping, Lu, Kejie, Zhou, Xiaobo.  2019.  An Efficient Secure Coded Edge Computing Scheme Using Orthogonal Vector. 2019 IEEE Intl Conf on Parallel Distributed Processing with Applications, Big Data Cloud Computing, Sustainable Computing Communications, Social Computing Networking (ISPA/BDCloud/SocialCom/SustainCom). :100—107.

In recent years, Edge Computing (EC) has attracted increasing attention for its advantages in handling latencysensitive and compute-intensive applications. It is becoming a widespread solution to solve the last mile problem of cloud computing. However, in actual EC deployments, data confidentiality becomes an unignorable issue because edge devices may be untrusted. In this paper, a secure and efficient edge computing scheme based on linear coding is proposed. Generally, linear coding can be utilized to achieve data confidentiality by encoding random blocks with original data blocks before they are distributed to unreliable edge nodes. However, the addition of a large amount of irrelevant random blocks also brings great communication overhead and high decoding complexities. In this paper, we focus on the design of secure coded edge computing using orthogonal vector to protect the information theoretic security of the data matrix stored on edge nodes and the input matrix uploaded by the user device, while to further reduce the communication overhead and decoding complexities. In recent years, Edge Computing (EC) has attracted increasing attention for its advantages in handling latencysensitive and compute-intensive applications. It is becoming a widespread solution to solve the last mile problem of cloud computing. However, in actual EC deployments, data confidentiality becomes an unignorable issue because edge devices may be untrusted. In this paper, a secure and efficient edge computing scheme based on linear coding is proposed. Generally, linear coding can be utilized to achieve data confidentiality by encoding random blocks with original data blocks before they are distributed to unreliable edge nodes. However, the addition of a large amount of irrelevant random blocks also brings great communication overhead and high decoding complexities. In this paper, we focus on the design of secure coded edge computing using orthogonal vector to protect the information theoretic security of the data matrix stored on edge nodes and the input matrix uploaded by the user device, while to further reduce the communication overhead and decoding complexities.