Now showing 1 - 3 of 3
PublicationProvenance-Aware Declarative Secure Networks(2007-12-05) Zhou, Wenchao; Cronin, Eric; Loo, Boon Thau; Zhou, Wenchao; Cronin, Eric; Loo, Boon ThauIn recent years, network accountability and forensic analysis have become increasingly important, as a means of performing network diagnostics, identifying malicious nodes, enforcing trust management policies, and imposing diverse billing over the Internet. This has lead to a series of work to provide better network support for accountability, and efficient mechanisms to trace packets and information flows through the Internet. In this paper, we make the following contributions. First, we show that network accountability and forensic analysis can be posed generally as data provenance computations and queries over distributed streams. In particular, one can utilize provenance-aware declarative networks with appropriate security extensions to provide a flexible declarative framework for specifying, analyzing and auditing networks. Second, we propose a taxonomy of data provenance along multiple axes, and show that they map naturally to different use cases in networks. Third, we suggest techniques to efficiently compute and store network provenance, and provide an initial performance evaluation on the P2 declarative networking system with modifications to support provenance and authenticated communication. PublicationOn the Reliability of Current Generation Network Eavesdropping Tools(2006-01-01) Cronin, Eric; Sherr, Micah; Blaze, Matthew A; Cronin, Eric; Sherr, Micah; Blaze, Matthew AThis paper analyzes the problem of interception of Internet traffic from the eavesdropper's point of view. We examine the reliability and accuracy of transcripts, and show that obtaining "high fidelity" transcripts is harder than previously assumed. Even in highly favorable situations, such as capturing unencrypted traffic using standard protocols, simple -- and entirely unilateral -- countermeasures are shown to be sufficient to prevent accurate traffic analysis in many Internet interception configurations. In particular, these countermeasures were successful against every available eavesdropping system we tested. Central to our approach is a new class of techniques that we call confusion, which, unlike cryptography or steganography, does not require cooperation by the communicating parties and, in some case, can be employed entirely by a third party not involved in the communication at all. PublicationThe Eavesdropper's Dilemma(2006-02-03) Cronin, Eric; Sherr, Micah; Blaze, Matthew A; Cronin, Eric; Sherr, Micah; Blaze, Matthew AThis paper examines the problem of surreptitious Internet interception from the eavesdropper's point of view. We introduce the notion of "fidelity" in digital eavesdropping. In particular, we formalize several kinds of "network noise" that might degrade fidelity, most notably "confusion," and show that reliable network interception may not be as simple as previously thought or even always possible. Finally, we suggest requirements for "high fidelity" network interception, and show how systems that do not meet these requirements can be vulnerable to countermeasures, which in some cases can be performed entirely by a third party without the cooperation or even knowledge of the communicating parties.