SiegeBreaker: An SDN Based Practical Decoy Routing System

AbstractDecoy Routing (DR), a promising approach to censorship circumvention, uses routers (rather than end hosts) as proxy servers. Users of censored networks, who wish to use DR, send specially crafted packets, nominally addressed to an uncensored website. Once safely out of the censored network, the packets encounter a special router (the Decoy Router) which identifies them using a secret handshake, and proxies them to their true destination (a censored site). However, DR has implementation problems: it is infeasible to reprogram routers for the complex operations required. Existing DR solutions fall back on using commodity servers as a Decoy Router. But as servers are not efficient at routing, most web applications show poor performance when accessed over DR. A further concern is that the Decoy Router has to inspect all flows in order to identify the ones that need DR. This may itself be a breach of privacy for other users (who neither require DR nor want to be monitored). In this paper, we present a novel DR system, Siege- Breaker (SB), which solves the aforementioned problems using an SDN-based architecture. Previous proposals involve a single unit which performs all major operations (inspecting all flows, identifying the DR requests and proxying them). In contrast, SB distributes the tasks for DR among three independent modules. (1) The SDN controller identifies DR requests via a covert, privacy preserving scheme, and does not need to inspect all flows. (2) The reconfigurable SDN switch intercepts packets, and forwards them to a secret proxy efficiently. (3) The secret proxy server proxies the client’s traffic to the censored site. Our modular, lightweight design achieves performance comparable to direct TCP downloads, for both in-lab setups, and Internet based tests involving commercial SDN switches.

Download Full-text

SPCAuth: Scalable and Privacy-Preserving Continuous Authentication for Web Applications

10.1109/lcn52139.2021.9524959 ◽

2021 ◽

Author(s):

David Monschein ◽

Oliver P. Waldhorst

Keyword(s):

Web Applications ◽

Privacy Preserving ◽

Continuous Authentication

Download Full-text

Towards Seamless Tracking-Free Web: Improved Detection of Trackers via One-class Learning

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2017-0006 ◽

2017 ◽

Vol 2017 (1) ◽

pp. 79-99 ◽

Cited By ~ 14

Author(s):

Muhammad Ikram ◽

Hassan Jameel Asghar ◽

Mohamed Ali Kaafar ◽

Anirban Mahanti ◽

Balachandar Krishnamurthy

Keyword(s):

Poor Performance ◽

Privacy Preserving ◽

Web Browsers ◽

Semantic Features ◽

Manual Inspection ◽

Online Tracking ◽

One Class Classification ◽

The Right ◽

Web Experience ◽

Web Developers

Abstract Numerous tools have been developed to aggressively block the execution of popular JavaScript programs in Web browsers. Such blocking also affects functionality of webpages and impairs user experience. As a consequence, many privacy preserving tools that have been developed to limit online tracking, often executed via JavaScript programs, may suffer from poor performance and limited uptake. A mechanism that can isolate JavaScript programs necessary for proper functioning of the website from tracking JavaScript programs would thus be useful. Through the use of a manually labelled dataset composed of 2,612 JavaScript programs, we show how current privacy preserving tools are ineffective in finding the right balance between blocking tracking JavaScript programs and allowing functional JavaScript code. To the best of our knowledge, this is the first study to assess the performance of current web privacy preserving tools in determining tracking vs. functional JavaScript programs. To improve this balance, we examine the two classes of JavaScript programs and hypothesize that tracking JavaScript programs share structural similarities that can be used to differentiate them from functional JavaScript programs. The rationale of our approach is that web developers often “borrow” and customize existing pieces of code in order to embed tracking (resp. functional) JavaScript programs into their webpages. We then propose one-class machine learning classifiers using syntactic and semantic features extracted from JavaScript programs. When trained only on samples of tracking JavaScript programs, our classifiers achieve accuracy of 99%, where the best of the privacy preserving tools achieve accuracy of 78%. The performance of our classifiers is comparable to that of traditional two-class SVM. One-class classification, where a training set of only tracking JavaScript programs is used for learning, has the advantage that it requires fewer labelled examples that can be obtained via manual inspection of public lists of well-known trackers. We further test our classifiers and several popular privacy preserving tools on a larger corpus of 4,084 websites with 135,656 JavaScript programs. The output of our best classifier on this data is between 20 to 64% different from the tools under study. We manually analyse a sample of the JavaScript programs for which our classifier is in disagreement with all other privacy preserving tools, and show that our approach is not only able to enhance user web experience by correctly classifying more functional JavaScript programs, but also discovers previously unknown tracking services.

Download Full-text

Coordination Algorithm Design of the Distributed Storage Proxy Servers for Streaming Media

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.760-762.1892 ◽

2013 ◽

Vol 760-762 ◽

pp. 1892-1895

Author(s):

Xi Hu Zhi ◽

Ai Di Zhi

Keyword(s):

Streaming Media ◽

Distributed Storage ◽

Algorithm Design ◽

Optimal Solution ◽

Proxy Server ◽

Coordination Problem ◽

Proxy Servers ◽

User Request ◽

Server Systems ◽

Server Clusters

For streaming media proxy server systems which are geographically far apart, distributed streaming media proxy server clusters can be a good solution to reduce upward bandwidth consumption, shorten access distance, and improve service capacity; the key is to solve the coordination problem among the proxy servers. The decision problem of the user request dispatch actually belongs to NP-complete. This article proposes an online coordination algorithm for the distributed storage streaming media proxy servers, and discusses the relative deviation of the approximate solution from the optimal solution, to serve as a reference to the specific applications of clustered streaming media proxy servers.

Download Full-text

Efficient Privacy-Preserving Fingerprint-Based Authentication System Using Fully Homomorphic Encryption

Security and Communication Networks ◽

10.1155/2020/4195852 ◽

2020 ◽

Vol 2020 ◽

pp. 1-11 ◽

Cited By ~ 1

Author(s):

Taeyun Kim ◽

Yongwoo Oh ◽

Hyoungshick Kim

Keyword(s):

Hash Function ◽

Web Applications ◽

Homomorphic Encryption ◽

Privacy Preserving ◽

Fingerprint Matching ◽

Fully Homomorphic Encryption ◽

Matching Process ◽

Authentication System ◽

Fingerprint Database ◽

Fingerprint Data

To help smartphone users protect their phone, fingerprint-based authentication systems (e.g., Apple’s Touch ID) have increasingly become popular in smartphones. In web applications, however, fingerprint-based authentication is still rarely used. One of the most serious concerns is the lack of technology for securely storing fingerprint data used for authentication. Because scanned fingerprint data are not exactly the same each time, the use of a traditional cryptographic hash function (e.g., SHA-256) is infeasible to protect raw fingerprint data. In this paper, we present an efficient privacy-preserving fingerprint authentication system using a fully homomorphic encryption scheme in which fingerprint data are always stored and processed in an encrypted form. We implement a fully working fingerprint authentication system with a fingerprint database (containing 4,000 samples) using the Fast Fully Homomorphic Encryption over the Torus (TFHE) library. The proposed system can perform the fingerprint matching process within about 166 seconds (±0.564 seconds) on average.

Download Full-text

Experiential Learning of Networking Technologies: Understanding TCP States – Part 2

10.34048/2019.1.f3 ◽

2018 ◽

Author(s):

Ram P Rustagi ◽

Viraj Kumar

Keyword(s):

Experiential Learning ◽

Resource Utilization ◽

Web Applications ◽

Poor Performance ◽

Networking Technologies ◽

Tcp Connections ◽

Web Developers

This article focuses on the states of a TCP connection once one of the endpoints decides to terminate the connection. This so-called teardown phase involves the exchange of numerous messages (for reasons we will explore), and the TCP connection itself transitions through several states. Web developers often have only an overly simplistic understanding of these states, which may suffice when the network behaves reliably. However, a deeper understanding of TCP states is essential to design web applications that robustly manage TCP connections even in the presence of network faults during the teardown phase, and debug poorly design applications that exhibit poor resource utilization and poor performance in such situations. As always, we will explore these issues through a series of experiential learning exercises.

Download Full-text

Machine Learning for Web Proxy Analytics

International Journal of Cyber Research and Education ◽

10.4018/ijcre.2019070103 ◽

2019 ◽

Vol 1 (2) ◽

pp. 30-41

Author(s):

Mark Maldonado ◽

Ayad Barsoum

Keyword(s):

Neural Network ◽

Machine Learning ◽

Decision Making ◽

Everyday Life ◽

Small Businesses ◽

Electronic Device ◽

Proxy Server ◽

Proxy Servers ◽

The Neural Network ◽

Trained Neural Network

Proxy servers used around the globe are typically graded and built for small businesses to large enterprises. This does not dismiss any of the current efforts to keep the general consumer of an electronic device safe from malicious websites or denying youth of obscene content. With the emergence of machine learning, we can utilize the power to have smart security instantiated around the population's everyday life. In this work, we present a simple solution of providing a web proxy to each user of mobile devices or any networked computer powered by a neural network. The idea is to have a proxy server to handle the functionality to allow safe websites to be rendered per request. When a website request is made and not identified in the pre-determined website database, the proxy server will utilize a trained neural network to determine whether or not to render that website. The neural network will be trained on a vast collection of sampled websites by category. The neural network needs to be trained constantly to improve decision making as new websites are visited.

Download Full-text

Centralized ARP proxy server over SDN controller to cut down ARP broadcast in large-scale data center networks

2015 International Conference on Information Networking (ICOIN) ◽

10.1109/icoin.2015.7057900 ◽

2015 ◽

Cited By ~ 2

Author(s):

Hyunjeong Cho ◽

Saehoon Kang ◽

Younghee Lee

Keyword(s):

Data Center ◽

Large Scale ◽

Proxy Server ◽

Data Center Networks ◽

Large Scale Data ◽

Sdn Controller ◽

Scale Data

Download Full-text

Perbandingan proxy pada linux dan windows untuk mempercepat browsing website

Digital Zone Jurnal Teknologi Informasi dan Komunikasi ◽

10.31849/digitalzone.v8i1.628 ◽

2017 ◽

Vol 8 (1) ◽

pp. 50-57

Author(s):

Dafwen Toresa

Keyword(s):

Operating System ◽

The Internet ◽

Proxy Server ◽

Web Browsing ◽

Web Browser ◽

Private Companies ◽

Proxy Servers ◽

Speed Up ◽

Mozilla Firefox ◽

Client Computer

Abstrak- Pada saat ini sangat banyak organisasi, baik pendidikan, pemerintahan, maupun perusahaan swasta berusaha membatasi akses para pengguna ke internet dengan alasan bandwidth yang dimiliki mulai terasa lambat ketika para penggunanya mulai banyak yang melakukan browsing ke internet. Mempercepat akses browsing menjadi perhatian utama dengan memanfaatkan teknologi Proxy server. Penggunaan proxy server perlu mempertimbangkan sistem operasi pada server dan tool yang digunakan belum diketahui performansi terbaiknya pada sistem operasi apa. Untuk itu dirasa perlu untuk menganalisis performan Proxy server pada sistem operasi berbeda yaitu Sistem Operasi Linux dengan tools Squid dan Sistem Operasi Windows dengan tool Winroute. Kajian ini dilakukan untuk mengetahui perbandingan kecepatan browsing dari komputer pengguna (client). Browser yang digunakan di komputer pengguna adalah Mozilla Firefox. Penelitian ini menggunakan 2 komputer klien dengan pengujian masing-masingnya 5 kali pengujian pengaksesan/browsing web yang dituju melalui proxy server. Dari hasil pengujian yang dilakukan, diperoleh kesimpulan bahwa penerapan proxy server di sistem operasi linux dengan tools squid lebih cepat browsing dari klien menggunakan web browser yang sama dan komputer klien yang berbeda dari pada proxy server sistem operasi windows dengan tools winroute. Kata kunci: Proxy, Bandwidth, Browsing, Squid, Winroute Abstract- At this time very many organizations, both education, government, and private companies try to limit the access of users to the internet on the grounds that the bandwidth owned began to feel slow when the users began to do a lot of browsing to the internet. Speed up browsing access is a major concern by utilizing Proxy server technology. The use of proxy servers need to consider the operating system on the server and the tool used is not yet known the best performance on what operating system. For that it is necessary to analyze Performance Proxy server on different operating system that is Linux Operating System with Squid tools and Windows Operating System with Winroute tool. This study was conducted to determine the comparison of browsing speed of the user's computer (client). The browser used on the user's computer is Mozilla Firefox. This study uses two client computers with each test 5 times accessing web browsing / destination testing via proxy server. From the results of tests conducted, it can be concluded that the application of proxy server in linux operating system with squid tools faster browsing from client using the same web browser and client computer different from the proxy server windows operating system with winroute tools. Keywords: Proxy Server, Linux, Windows, Squid, Winroute

Download Full-text

DATA PROCESSING THROUGH AN ADDITIVE ROTATIONAL PERTURBATION TECHNIQUE IN A SECURED ENVIRONMENT OF PPRIVACY

INFORMATION TECHNOLOGY IN INDUSTRY ◽

10.17762/itii.v9i2.315 ◽

2021 ◽

Vol 9 (2) ◽

pp. 131-135

Author(s):

G. Srinivas Reddy, Et. al.

Keyword(s):

Data Mining ◽

Privacy Preservation ◽

Web Applications ◽

Perturbation Technique ◽

Privacy Preserving ◽

Security And Privacy ◽

Experimental Result ◽

Perturbation Approach ◽

Privacy Preserving Data Mining ◽

Rotational Perturbation

As the usage of internet and web applications emerges faster, security and privacy of the data is the most challenging issue which we are facing, leading to the possibility of being easily damaged. Various conventional techniques are used for privacy preservation like condensation, randomization and tree structure etc., the limitations of the existing approaches are, they are not able to maintain proper balance between the data utility and privacy and it may have the problem with privacy violations. This paper presents an Additive Rotation Perturbation approach for Privacy Preserving Data Mining (PPDM). In this proposed work, various dataset from UCI Machine Learning Repository was collected and it is protected with a New Additive Rotational Perturbation Technique under Privacy Preserving Data Mining. Experimental result shows that the proposed algorithm’s strength is high for all the datasets and it is estimated using the DoV (Difference of Variance) method.

Download Full-text

Cooperative Web Caching

Multimedia Information Storage and Retrieval ◽

10.4018/978-1-59904-225-1.ch024 ◽

2011 ◽

pp. 368-382

Author(s):

Phillip K.C. Tse

Keyword(s):

Web Caching ◽

The Internet ◽

Proxy Server ◽

Complete Control ◽

Proxy Servers ◽

Network Bandwidth ◽

Space Network ◽

Cache Efficiency ◽

Overall Performance ◽

And Control

Most clients are placed behind the proxy servers on the Internet. Proxy servers have the disk cache space, network bandwidth, and availability to cache part of the objects for clients. In addition, the number of proxy servers can be increased or decreased dynamically according to the anticipated server workload, making them good candidates to alleviate the bottleneck problem. We have described in the last two chapters how the caching methods provide better performance for continuous request streams in individual proxy servers. In this chapter, we show how the proxy servers may work together to improve the overall performance in delivering objects. At present, large multimedia objects are not cached or only partially cached in current proxy servers mainly for two reasons. First, the owner of the multimedia objects needs to ensure security and control of access of the objects before they are willing to let any proxy servers cache their objects. Thus, any new methods need to allow the content owner have complete control over the objects’ security. Second, the owner of the proxy server wishes to have full autonomy control over its own cache content so that the proxy server may maximize the cache efficiency for its own clients.

Download Full-text