Browsing by Author "Wallach, Dan S."

Now showing 1 - 20 of 42
  • Thumbnail Image
    Item
    A Characterization of Compound Documents on the Web
    (1999-11-29) Lara, Eyal de; Wallach, Dan S.; Zwaenepoel, Willy
    Recent developments in office productivity suites make it easier for users to publish rich {\em compound documents\/} on the Web. Compound documents appear as a single unit of information but may contain data generated by different applications, such as text, images, and spreadsheets. Given the popularity enjoyed by these office suites and the pervasiveness of the Web as a publication medium, we expect that in the near future these compound documents will become an increasing proportion of the Web's content. As a result, the content handled by servers, proxies, and browsers may change considerably from what is currently observed. Furthermore, these compound documents are currently treated as opaque byte streams, but future Web infrastructure may wish to understand their internal structure to provide higher-quality service. In order to guide the design of this future Web infrastructure, we characterize compound documents currently found on the Web. Previous studies of Web content either ignored these document types altogether or did not consider their internal structure. We study compound documents originated by the three most popular applications from the Microsoft Office suite: Word, Excel, and PowerPoint. Our study encompasses over 12,500 documents retrieved from 935different Web sites. Our main conclusions are: Compound documents are in general much larger than current HTML documents. For large documents, embedded objects and images make up a large part of the documents' size. For small documents, XML format produces much larger documents than OLE. For large documents, there is little difference. Compression considerably reduces the size of documents in both formats.
  • Thumbnail Image
    Item
    A Related-Key Cryptanalysis of RC4
    (2000-06-08) Grosul, Alexander; Wallach, Dan S.
    In this paper we present analysis of the RC4 stream cipher and show that for each 2048-bit key there exists a family of related keys, differing in one of the byte positions. The keystreams generated by RC4 for a key and its related keys are substantially similar in the initial hundred bytes before diverging. RC4 is most commonly used with a 128-bit key repeated 16 times;this variant does not suffer from the weaknesses we describe. We recommend that applications of RC4 with keys longer than 128 bits (and particularly those using the full 2048-bit keys) discard the initial 256 bytes of the keystream output.
  • Thumbnail Image
    Item
    A Security Analysis of My.MP3.com and the Beam-it Protocol
    (2000-03-08) Stubblefield, Adam; Wallach, Dan S.
    My.MP3.com is a service that streams audio in the MP3 format to its users. In order to resolve copyright concerns, the service first requires that a user prove he or she owns the right to listen to a particular CD. The mechanism used for the verification is a program called Beam-it which reads a random subset of an audio CD and interacts with the My.MP3.com servers using a proprietary protocol. This paper presents a reverse-engineering of the protocol and the client-side code which implements it. An analysis of Beam-it's security implications and speculations as to the Beam-it server architecture are also presented. We found the protocol to provide strong protection against a user pretending to have a music CD without actually possessing it, however we found the protocol to be unnecessarily verbose and includes information that some users may prefer to keep private.
  • Thumbnail Image
    Item
    Algorithmic attacks and timing leaks in distributed systems
    (2005) Crosby, Scott A.; Wallach, Dan S.
    An important class of remotely applicable security attacks concerns time. You can attack somebody by making their algorithms run in their worst-case behavior rather than common-case behavior. Likewise, the processing time can disclose a secret. If an attacker can observe the time it takes for somebody to process a request, an attacker may learn something about the internal state. The first part of this thesis defines a new class of attacks that perform a remote denial of service by deliberately choosing inputs to make common algorithms slow. These attacks are widespread. We show that vulnerable hash tables are used by Perl and Squid and we illustrate an attack on the Bro IDS. This second part of this thesis analyzes the opportunities for determining a remote party's secret by analyzing processing time remotely over the Internet. Our measurements show that an attacker can potentially time a remote host to 300 nanoseconds over a local area network and less than 20 microseconds over the Internet.
  • Thumbnail Image
    Item
    An Analysis of BitTorrent’s Two Kademlia-Based DHTs
    (2007-05-26) Crosby, Scott A.; Wallach, Dan S.
    Despite interest in structured peer-to-peer overlays and their scalability to millions of nodes, few, if any, overlays operate at that scale. This paper considers the distributed hash table extensions supported by modern BitTorrent clients, which implement a Kademlia-style structured overlay network among millions of BitTorrent users. As there are two disjoint Kademlia-based DHTs in use, we collected two weeks of traces from each DHT. We examine churn, reachability, latency, and liveness of nodes in these overlays, and identify a variety of problems, such as median lookup times of over a minute. We show that Kademlia’s choice of iterative routing and its lack of a preferential refresh of its local neighborhood cause correctness problems and poor performance. We also identify implementation bugs, design issues, and security concerns that limit the effectiveness of these DHTs and we offer possible solutions for their improvement.
  • Thumbnail Image
    Item
    Building Incentives into Tor
    (2008-11-12) Dingledine, Roger; Ngan, Tsuen-Wan "Johnny"; Wallach, Dan S.
    Distributed anonymous communication networks like Tor depend on volunteers to donate their resources. However, the efforts of Tor volunteers have not grown as fast as the demands on the Tor network. We explore techniques to incentivize Tor users to relay Tor traffic too; if users contribute resources to the Tor overlay, they should receive faster service in return. In our design, the central Tor directory authorities measure performance and publish a list of Tor relays that should be given higher priority when establishing circuits. Our system provides an acceptable anonymity tradeoff and improves performance while incentivizing Tor users, across the whole network, to contribute the resources necessary for Tor to better support its users’ needs. Simulations of our proposed design show that conforming users receive significant improvements in performance, in some cases experiencing twice the network throughput of selfish users who do not relay traffic for the Tor network.
  • Thumbnail Image
    Item
    CHILVote: The design and assessment of an accessible audio voting system
    (2013-09-16) Piner, Gillian E.; Byrne, Michael D.; Kortum, Philip; Lane, David M.; Wallach, Dan S.
    The Help America Vote Act, passed into law in 2002, mandated that all polling places provide privacy and independence to all voters. Given this, many jurisdictions have been forced into making a choice between providing traditional voting methods (such as paper ballots) and offering newer electronic voting systems. Electronic voting machines have been seen as the solution to many usability and accessibility problems, but very little literature exists to indicate whether this is the case among specific populations such as disabled, elderly, and non-English speaking voters. An audio accessible voting interface for visually disabled voters (CHILVote) was designed using specifications from both the Voluntary Voting System Guidelines and a largescale survey of blind individuals conducted by Piner and Byrne [in proceedings of The Human Factors and Ergonomics Society 55th Annual Meeting, pp. 1686-1690 (2011)]. CHILVote’s interface utilizes the given design guidelines and includes use of a male text-to-speech voice, a flexible navigation structure, adjustable speed and volume, and an optional review section. Relatively low error rates (M=1.7%) and high SUS scores (M=89.5) among blind subjects are consistent with previous findings. Error rates and satisfaction are not significantly different than those of sighted voters using both paper and DRE, and blind voters using a non-electronic interface. CHILVote significantly reduced the time it takes for blind subjects to vote, from 25.2 minutes (VotePAD) to 17.1 minutes (CHILVote). This is an improvement, but still over 2.5 times slower than sighted subjects voting on an identical ballot. The integration of accessibility into mainstream technology often has benefits beyond allowing more of the population access to a system. This research provides a comparison point and guidelines for future studies of accessibility solutions.
  • Thumbnail Image
    Item
    Dagster: Censorship-Resistant Publishing Without Replication
    (2002-07-23) Stubblefield, Adam; Wallach, Dan S.
    In this paper we present Dagster, a new censorship-resistant publishing scheme. Unlike previous censorship-resistant schemes, Dagster does not rely on the widespread replication of data and can even be used in a single server setting. It accomplishes this by ``intertwining'' legitimate and illegitimate data, so that a censor can not remove objectionable content without simultaneously removing legally protected content. The Dagster system was designed to be as simple and efficient as possible. It increases required network traffic by a constant (but tunable) factor, but otherwise has a very low cost for both clients and servers, making it easy to scale.
  • Thumbnail Image
    Item
    Denial of Service via Algorithmic Complexity Attacks
    (2003-02-12) Crosby, Scott A.; Wallach, Dan S.
    We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures. Frequently used data structures have "average-case'' expected running time that's far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with carefully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU.
  • Thumbnail Image
    Item
    Designing incentives for peer-to-peer systems
    (2010) Nielson, Seth James; Wallach, Dan S.
    Peer-to-peer systems, networks of egalitarian nodes without a central authority, can achieve massive scalability and fault tolerance through the pooling together of individual resources. Unfortunately, most nodes represent self-interested, or rational, parties that will attempt to maximize their consumption of shared resources while minimizing their own contributions. This constitutes a type of attack that can destabilize the system. The first contribution of this thesis is a proposed taxonomy for these rational attacks and the most common solutions used in contemporary designs to thwart them. One approach is to design the P2P system with incentives for cooperation, so that rational nodes voluntarily behave. We broadly classify these incentives as being either genuine or artificial , with the former describing incentives inherent in peer interactions, and the latter describing a secondary enforcement system. We observe that genuine incentives tend to be more robust to rational manipulations than artificial counterparts. Based on this observation, we also propose two extensions to BitTorrent, a P2P file distribution protocol. While this system is popular, accounting for approximately one-third of current Internet traffic, it has known limitations. Our extensions use genuine incentives to address some of these problems. The first extension improves seeding, an altruistic mode wherein nodes that have completed their download continue to provide upload service. We incentivize seeding by giving long-term identifiers to clients enabling seeding clients to be recognized and rewarded in subsequent downloads. Simulations demonstrate that our method is highly effective in protecting swarms from aggressive clients such as BitTyrant. Finally, we introduce The BitTorrent Anonymity Marketplace , wherein each peer simultaneously joins multiple swarms to disguise their true download intentions. Peers then trade one torrent for another, making the cover traffic valuable as a means of obtaining the real target. Thus, when a neighbor receives a request from a peer for blocks of a torrent, it does not know if the peer is really downloading that torrent, or only using it in trade. Using simulation, we demonstrate that nodes cannot determine peer intent from observed interactions.
  • Thumbnail Image
    Item
    Efficient tamper-evident data structures for untrusted servers
    (2010) Crosby, Scott Alexander; Wallach, Dan S.
    Many real-world applications run on untrusted servers or are run on servers that are subject to strong insider attacks. Although we cannot prevent an untrusted server from modifying or deleting data, with tamper-evident data structures, we can discover when this has occurred. If an untrusted server knows that a particular reply will not be checked for correctness, it is free to lie. Auditing for correctness is thus a frequent but overlooked operation. In my thesis, I present and evaluate new efficient data structures for tamper-evident logging and tamper-evident storage of changing data on untrusted servers, focussing on the costs of the entire system. The first data structure is a new tamper-evident log design. I propose new semantics of tamper-evident logs in terms of the auditing process, required to detect misbehavior. To accomplish efficient auditing, I describe and benchmark a new tree-based data structure that can generate such proofs with logarithmic size and space, significantly improving over previous linear constructions while also offering a flexible query mechanism with authenticated results. The remaining data structures are designs for a persistent authenticated dictionary (PAD) that allows users to send lookup requests to an untrusted server and get authenticated answers, signed by a trusted author, for both the current and historical versions of the dataset. Improving on prior constructions that require logarithmic storage and time, I present new classes of efficient PAD algorithms offering constant-sized authenticated answers or constant storage per update. I implement 21 different versions of PAD algorithms and perform a comprehensive evaluation using contemporary cloud-computing prices for computing and bandwidth to determine the most monetarily cost-effective designs.
  • Thumbnail Image
    Item
    Extensible adaptation via constraint solving
    (2002) Dotsenko, Yuri; Wallach, Dan S.
    This work presents the design, implementation, and evaluation of a simple programming language for expressing scheduling policies for transmission of multiple objects across a shared network connection. A key design component of the language is the ability to express constraints among the objects to be transmitted. Policies can: make ordering constraints, such as "all text objects are transmitted before any image objects"; express rules on the relative bandwidth allocations across objects of different types; reserve a certain amount of bandwidth or restrict transmission of a subset of objects. Because it is possible to express contradictory constraints, the system finds suitable approximate solutions when no precise solution is available.
  • Thumbnail Image
    Item
    Finding the Evidence in Tamper-Evident Logs
    (2008-01-23) Sandler, Daniel; Derr, Kyle; Crosby, Scott A.; Wallach, Dan S.
    Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, the problem of how to automatically detect violations remains open. Low-level inconsistencies, such as gaps in the hash chain, are detectable without knowledge about the application, but existing research stops short of extracting or verifying application-specific log properties. In this paper we contribute the design and implementation of a system for discovering this kind of evidence. We first propose a logical language for applications to express concisely the constraints that apply to their logs and the evidence that can be extracted from them. We offer several algorithms for efficiently and incrementally evaluating these rules. Finally, we present QUERIFIER, a log analysis package that implements our proposed techniques. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Given validity rules and available log data, it presents evidence of correctness and offers counterexamples if desired. We describe QUERIFIER's implementation and offer early performance results: for a rule set developed for a distributed voting application, we observed that our system could incrementally verify a realistic election-day log at 50 events per second.
  • Thumbnail Image
    Item
    From Error to Error: Why Voters Could not Cast a Ballot and Verify Their Vote With Helios, Prêt à Voter, and Scantegrity II
    (USENIX, 2015) Acemyan, Claudia Z.; Kortum, Philip; Byrne, Michael D.; Wallach, Dan S.
    The aim of this paper is to identify user errors, and the related potential design deficiencies, that contributed to participants failing to vote cast and vote verify across three end-to-end voting systems: Helios, Prêt à Voter, and Scantegrity II. To understand why voters could not cast a vote 42% of the time and verify that their ballots were cast and counted with the tested e2e systems 53% of the time, we reviewed data collected during a system usability study. An analysis of the findings revealed subjects were most often not able to vote with Helios because they did not log in after encrypting their ballot but before casting it. For both Prêt à Voter and Scantegrity II, failing to vote was most frequently attributed to not scanning the completed ballot. Across all three systems, the most common reason participants did not verify their vote was due to not casting a ballot in the first place. While there were numerous usability failures identified in the study, these errors can likely be designed out of the systems. This formative information can be used to avoid making the same types of mistakes in the next generation of voting systems—ultimately resulting in more usable e2e methods.
  • Thumbnail Image
    Item
    Garbage Collector Memory Accounting in Language-Based Systems
    (2003-11-11) Price, David W.; Rudys, Algis; Wallach, Dan S.
    Language run-time systems are often called upon to safely execute mutually distrustful tasks within the same runtime, protecting them from other tasks' bugs or otherwise hostile behavior. well-studied access controls exist in systems such as Java to prevent unauthorized reading or writing of data, but techniques to measure and control resource usage are less prevalent. In particular, most language run-time systems include no facility for accounting for heap memory usage on a per-task basis. In addition, because tasks may very well share references to the same objects, traditional approaches that charge memory to its allocator fail to properly account for this sharing. We present a method for modifying the garbage collector, already present in most modern language run-time systems, to measure the amount of live memory reachable from each task as it performs its regular duties. Our system naturally distinguishes memory shared across tasks from memory reachable from only a single task without requiring incompatible changes to the semantics of the programming language. Our prototype implementation imposes negligible performance overheads on a variety of benchmarks, yet provides enough information for the expression of rich policies to express the limits on a task's memory usage.
  • Thumbnail Image
    Item
    Golden-Eye: A server-side location-sensing system for wireless LANs
    (2004) Tao, Ping; Wallach, Dan S.
    Determining the location of a wireless client is a key problem for location-aware systems and for security applications. Many recent studies have used Bayesian methods to determine location from wireless LAN signals, but such methods have the drawback that a model must first be built from training data. The introduction of model error can drastically reduce the robustness of the location estimates, rendering most models incapable of tolerating hardware differences, channel variations, and intentional interferences from malicious users. This thesis describes the design, implementation and analysis of Golden-Eye, a robust wireless LAN location-sensing system that uses new techniques to address this problem. By fitting training data into Gaussian distributions and using relative signal strength, Golden-Eye works independent of the client's 802.11 implementation or transmission power level, making it suitable even for tracking clients that might be trying to hide their locations.
  • Thumbnail Image
    Item
    Hack-a-Vote: Demonstrating Security Issues with Electronic Voting Systems
    (2003-11-21) Bannet, Jonathan; Price, David W.; Rudys, Algis; Singer, Justin; Wallach, Dan S.
    A representative democracy depends on a universally trusted voting system for the election of representatives; voters need to believe that their votes count, and all parties need to be convinced that the winner and loser of the election were declared legitimately. Direct recording electronic (DRE)voting systems are increasingly being deployed to fill this role. Unfortunately, doubts have been raised as to the trustworthiness of these systems. This article presents a research voting system and associated class project which was used to demonstrate several classes of bugs that might occur in such a voting system unbeknownst to voters, with the difficulty of detecting these bugs through auditing. The intent of this project is to justify the mistrust sometimes placed in DRE voting systems that lack a voter-verifiable audit trail.
  • Thumbnail Image
    Item
    Incentives and fair sharing in peer-to-peer systems
    (2004) Ngan, Tsuen-Wan (Johnny); Wallach, Dan S.
    Cooperative peer-to-peer applications are designed to share the resources of each participating computer for the common good of everyone. However, users do not necessarily have an incentive to donate resources to the system if they can use the system's resources for free. This thesis presents mechanisms to enforce fair sharing of limiting resources in peer-to-peer systems. Storage fairness is enforced by requiring nodes to publish their storage records and allowing auditing to those records. Bandwidth fairness is enforced by having nodes locally track the amount of data transferred and limiting each node's interactions to a small number of nodes that are proven trustworthy. Thus, a node must provide good service to receive good service. For storage systems to be efficient, nodes should provide overcapacity. Based on an economic analysis of utility functions, we show how the overcapacity parameter should be set and why clustering of the system would benefit users.
  • Thumbnail Image
    Item
    Lightweight Silicon-based Security: Concept, Implementations, and Protocols
    (2013-09-16) Majzoobi, Mehrdad; Koushanfar, Farinaz; Baraniuk, Richard G.; Wallach, Dan S.
    Advancement in cryptography over the past few decades has enabled a spectrum of security mechanisms and protocols for many applications. Despite the algorithmic security of classic cryptography, there are limitations in application and implementation of standard security methods in ultra-low energy and resource constrained systems. In addition, implementations of standard cryptographic methods can be prone to physical attacks that involve hardware level invasive or non-invasive attacks. Physical unclonable functions (PUFs) provide a complimentary security paradigm for a number of application spaces where classic cryptography has shown to be inefficient or inadequate for the above reasons. PUFs rely on intrinsic device-dependent physical variation at the microscopic scale. Physical variation results from imperfection and random fluctuations during the manufacturing process which impact each device’s characteristics in a unique way. PUFs at the circuit level amplify and capture variation in electrical characteristics to derive and establish a unique device-dependent challenge-response mapping. Prior to this work, PUF implementations were unsuitable for low power applications and vulnerable to wide range of security attacks. This doctoral thesis presents a coherent framework to derive formal requirements to design architectures and protocols for PUFs. To the best of our knowledge, this is the first comprehensive work that introduces and integrates these pieces together. The contributions include an introduction of structural requirements and metrics to classify and evaluate PUFs, design of novel architectures to fulfill these requirements, implementation and evaluation of the proposed architectures, and integration into real-world security protocols. First, I formally define and derive a new set of fundamental requirements and properties for PUFs. This work is the first attempt to provide structural requirements and guideline for design of PUF architectures. Moreover, a suite of statistical properties of PUF responses and metrics are introduced to evaluate PUFs. Second, using the proposed requirements, new and efficient PUF architectures are designed and implemented on both analog and digital platforms. In this work, the most power efficient and smallest PUF known to date is designed and implemented on ASICs that exploits analog variation in sub-threshold leakage currents of MOS devices. On the digital platform, the first successful implementation of Arbiter-PUF on FPGA was accomplished in this work after years of unsuccessful attempts by the research community. I introduced a programmable delay tuning mechanism with pico-second resolution which serves as a key component in implementation of the Arbiter-PUF on FPGA. Full performance analysis and comparison is carried out through comprehensive device simulations as well as measurements performed on a population of FPGA devices. Finally, I present the design of low-overhead and secure protocols using PUFs for integration in lightweight identification and authentication applications. The new protocols are designed with elegant simplicity to avoid the use of heavy hash operations or any error correction. The first protocol uses a time bound on the authentication process while second uses a pattern-matching index-based method to thwart reverseengineering and machine learning attacks. Using machine learning methods during the commissioning phase, a compact representation of PUF is derived and stored in a database for authentication.
  • Thumbnail Image
    Item
    The Mason Test: A Defense Against Sybil Attacks in Wireless Networks Without Trusted Authorities
    (IEEE, 2015) Liu, Yue; Bild, David R.; Dick, Robert P.; Mao, Z. Morley; Wallach, Dan S.
    Wireless networks are vulnerable to Sybil attacks, in which a malicious node poses as many identities in order to gain disproportionate influence. Many defenses based on spatial variability of wireless channels exist, but depend either on detailed, multi-tap channel estimation-something not exposed on commodity 802.11 devices-or valid RSSI observations from multiple trusted sources, e.g., corporate access points-something not directly available in ad hoc and delay-tolerant networks with potentially malicious neighbors. We extend these techniques to be practical for wireless ad hoc networks of commodity 802.11 devices. Specifically, we propose two efficient methods for separating the valid RSSI observations of behaving nodes from those falsified by malicious participants. Further, we note that prior signalprint methods are easily defeated by mobile attackers and develop an appropriate challenge-response defense. Finally, we present the Mason test, the first implementation of these techniques for ad hoc and delay-tolerant networks of commodity 802.11 devices. We illustrate its performance in several real-world scenarios.