Alternative digital communication networks (DCN) publications

@article{Grothoff2005,
  author = {Grothoff, Christian},
  journal = {Linux Journal},
  title = {Reading File Metadata with extract and libextractor},
  year = {2005},
  month = jun,
  volume = {6-2005},
  keywords = {GNUnet, keywords, libextractor, metadata, search},
  owner = {tom},
  publisher = {SCC},
  timestamp = {2017-10-10},
  url = {http://www.linuxjournal.com/article/7552}
}

[Gritzalis2004] Enhancing Web privacy and anonymity in the digital era

Gritzalis, Stefanos

2004 2004

abstract Bib

This paper presents a state-of-the-art review of the Web privacy and anonymity enhancing security mechanisms, tools, applications and services, with respect to their architecture, operational principles and vulnerabilities. Furthermore, to facilitate a detailed comparative analysis, the appropriate parameters have been selected and grouped in classes of comparison criteria, in the form of an integrated comparison framework. The main concern during the design of this framework was to cover the confronted security threats, applied technological issues and users’ demands satisfaction. GNUnet’s Anonymity Protocol (GAP), Freedom, Hordes, Crowds, Onion Routing, Platform for Privacy Preferences (P3P), TRUSTe, Lucent Personalized Web Assistant (LPWA), and Anonymizer have been reviewed and compared. The comparative review has clearly highlighted that the pros and cons of each system do not coincide, mainly due to the fact that each one exhibits different design goals and thus adopts dissimilar techniques for protecting privacy and anonymity.
@article{Gritzalis2004, author = {Gritzalis, Stefanos}, journal = {Information Management \& Computer Security}, title = {Enhancing Web privacy and anonymity in the digital era}, year = {2004}, month = {2004}, pages = {255--287}, volume = {12}, keywords = {anonymity, GNUnet, onion routing}, owner = {tom}, timestamp = {2017-10-10}, type = {survey} }
[Grothoff2003] An Excess-Based Economic Model for Resource Allocation in Peer-to-Peer Networks

Grothoff, Christian

Wirtschaftsinformatik Jun 2003

Website abstract Bib

This paper describes economic aspects of GNUnet, a peer-to-peer framework for anonymous distributed file-sharing. GNUnet is decentralized; all nodes are equal peers. In particular, there are no trusted entities in the network. This paper describes an economic model to perform resource allocation and defend against malicious participants in this context. The approach presented does not use credentials or payments; rather, it is based on trust. The design is much like that of a cooperative game in which peers take the role of players. Nodes must cooperate to achieve individual goals. In such a scenario, it is important to be able to distinguish between nodes exhibiting friendly behavior and those exhibiting malicious behavior. GNUnet aims to provide anonymity for its users. Its design makes it hard to link a transaction to the node where it originated from. While anonymity requirements make a global view of the end-points of a transaction infeasible, the local link-to-link messages can be fully authenticated. Our economic model is based entirely on this local view of the network and takes only local decisions.
@article{Grothoff2003, author = {Grothoff, Christian}, journal = {Wirtschaftsinformatik}, title = {An Excess-Based Economic Model for Resource Allocation in Peer-to-Peer Networks}, year = {2003}, month = jun, volume = {3-2003}, keywords = {anonymity, file-sharing, GNUnet}, owner = {tom}, publisher = {Vieweg-Verlag}, timestamp = {2021-01-27}, url = {http://grothoff.org/christian/ebe.pdf} }
[Bennett2003] gap - Practical Anonymous Networking

Bennett, Krista, and Grothoff, Christian

2003

Website abstract Bib

This paper describes how anonymity is achieved in GNUnet, a framework for anonymous distributed and secure networking. The main focus of this work is gap, a simple protocol for anonymous transfer of data which can achieve better anonymity guarantees than many traditional indirection schemes and is additionally more efficient. gap is based on a new perspective on how to achieve anonymity. Based on this new perspective it is possible to relax the requirements stated in traditional indirection schemes, allowing individual nodes to balance anonymity with efficiency according to their specific needs.
@conference{Bennett2003, author = {Bennett, Krista and Grothoff, Christian}, booktitle = {Designing Privacy Enhancing Technologies}, title = {gap - Practical Anonymous Networking}, year = {2003}, organization = {Springer-Verlag}, pages = {141{\textendash}160}, publisher = {Springer-Verlag}, keywords = {anonymity, GNUnet, installation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://grothoff.org/christian/aff.pdf} }
[Ferreira2003] A Transport Layer Abstraction for Peer-to-Peer Networks

Ferreira, Ronaldo A., Grothoff, Christian, and Ruth, Paul

2003

Website abstract Bib

The initially unrestricted host-to-host communication model provided by the Internet Protocol has deteriorated due to political and technical changes caused by Internet growth. While this is not a problem for most client-server applications, peer-to-peer networks frequently struggle with peers that are only partially reachable. We describe how a peer-to-peer framework can hide diversity and obstacles in the underlying Internet and provide peer-to-peer applications with abstractions that hide transport specific details. We present the details of an implementation of a transport service based on SMTP. Small-scale benchmarks are used to compare transport services over UDP, TCP, and SMTP.
@conference{Ferreira2003, author = {Ferreira, Ronaldo A. and Grothoff, Christian and Ruth, Paul}, booktitle = {Proceedings of the 3rd International Symposium on Cluster Computing and the Grid (GRID 2003)}, title = {A Transport Layer Abstraction for Peer-to-Peer Networks}, year = {2003}, organization = {IEEE Computer Society}, pages = {398{\textendash}403}, publisher = {IEEE Computer Society}, keywords = {GNUnet, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://grothoff.org/christian/transport.pdf} }

[Bennett2002b] Efficient Sharing of Encrypted Data

Bennett, Krista, Grothoff, Christian, Horozov, Tzvetan, and Patrascu, Ioana

2002

@conference{Bennett2002b,
  author = {Bennett, Krista and Grothoff, Christian and Horozov, Tzvetan and Patrascu, Ioana},
  booktitle = {Proceedings of ACSIP 2002},
  title = {Efficient Sharing of Encrypted Data},
  year = {2002},
  address = {Melbourne, Australia},
  organization = {Springer-Verlag},
  pages = {107{\textendash}120},
  publisher = {Springer-Verlag},
  keywords = {censorship resistance, ECRS, encoding, file-sharing, GNUnet},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://grothoff.org/christian/esed.pdf}
}

[Bennett2002] The GNet Whitepaper

Bennett, Krista, Stef, Tiberius, Grothoff, Christian, Horozov, Tzvetan, and Patrascu, Ioana

06/2002 2002

Bib

@article{Bennett2002,
  author = {Bennett, Krista and Stef, Tiberius and Grothoff, Christian and Horozov, Tzvetan and Patrascu, Ioana},
  title = {The GNet Whitepaper},
  year = {2002},
  month = {06/2002},
  institution = {Purdue University},
  keywords = {anonymity, economics, encoding, GNUnet, obsolete database},
  owner = {tom},
  timestamp = {2017-10-10},
  type = {Technical report}
}

[Dold2016a] Byzantine Set-Union Consensus using Efficient Set Reconciliation

Dold, Florian, and Grothoff, Christian

6/2016 2016

abstract Bib

Applications of secure multiparty computation such as certain electronic voting or auction protocols require Byzantine agreement on large sets of elements. Implementations proposed in the literature so far have relied on state machine replication, and reach agreement on each individual set element in sequence. We introduce set-union consensus, a specialization of Byzantine consensus that reaches agreement over whole sets. This primitive admits an efficient and simple implementation by the composition of Eppstein’s set reconciliation protocol with Ben-Or’s ByzConsensus protocol. A free software implementation of this construction is available in GNUnet. Experimental results indicate that our approach results in an efficient protocol for very large sets, especially in the absence of Byzantine faults. We show the versatility of set-union consensus by using it to implement distributed key generation, ballot collection and cooperative decryption for an electronic voting protocol implemented in GNUnet.
@conference{Dold2016a, author = {Dold, Florian and Grothoff, Christian}, booktitle = {International Conference on Availability, Reliability and Security (ARES)}, title = {Byzantine Set-Union Consensus using Efficient Set Reconciliation}, year = {2016}, month = {6/2016}, keywords = {byzantine fault tolerance, consensus, GNUnet}, owner = {tom}, timestamp = {2021-01-27} }

[Grothoff2015] El programa MORECOWBELL de la NSA: Doblan las campanas para el DNS

Grothoff, Christian, Wachs, Matthias, Ermert, Monika, and Appelbaum, Jacob

01/2015 2015

Bib

@article{Grothoff2015,
  author = {Grothoff, Christian and Wachs, Matthias and Ermert, Monika and Appelbaum, Jacob},
  title = {El programa MORECOWBELL de la NSA: Doblan las campanas para el DNS},
  year = {2015},
  month = {01/2015},
  address = {Muenchen},
  institution = {GNUnet e.V.},
  keywords = {DNS, DNSSEC, MORECOWBELL, NAMECOIN},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Grothoff2015a] Il programma MORECOWBELL della NSA: Campane a morto per il DNS

Grothoff, Christian, Wachs, Matthias, Ermert, Monika, Appelbaum, Jacob, and Saiu, Luca

01/2015 2015

Bib

@article{Grothoff2015a,
  author = {Grothoff, Christian and Wachs, Matthias and Ermert, Monika and Appelbaum, Jacob and Saiu, Luca},
  title = {Il programma MORECOWBELL della NSA: Campane a morto per il DNS},
  year = {2015},
  month = {01/2015},
  address = {Muenchen},
  institution = {GNUnet e.V.},
  keywords = {DNS, DNSSEC, MORECOWBELL, NAMECOIN},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Grothoff2015b] Le programme MORECOWBELL de la NSA Sonne le glas du NSA

Grothoff, Christian, Wachs, Matthias, Ermert, Monika, Appelbaum, Jacob, and Courtes, Ludovic

01/2015 2015

Bib

@article{Grothoff2015b,
  author = {Grothoff, Christian and Wachs, Matthias and Ermert, Monika and Appelbaum, Jacob and Courtes, Ludovic},
  title = {Le programme MORECOWBELL de la NSA Sonne le glas du NSA},
  year = {2015},
  month = {01/2015},
  address = {Muenchen},
  institution = {GNUnet e.V.},
  keywords = {DNS, DNSSEC, MORECOWBELL, NAMECOIN},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Grothoff2015c] NSA’s MORECOWBELL: Knell for DNS

Grothoff, Christian, Wachs, Matthias, Ermert, Monika, and Appelbaum, Jacob

01/2015 2015

Bib

@article{Grothoff2015c,
  author = {Grothoff, Christian and Wachs, Matthias and Ermert, Monika and Appelbaum, Jacob},
  title = {NSA{\textquoteright}s MORECOWBELL: Knell for DNS},
  year = {2015},
  month = {01/2015},
  address = {Muenchen},
  institution = {GNUnet e.V.},
  keywords = {DNS, DNSSEC, MORECOWBELL, NAMECOIN, TLS},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Devet2014] The Best of Both Worlds: Combining Information-Theoretic and Computational PIR for Communication Efficiency

Devet, Casey, and Goldberg, Ian

2014

DOI Website abstract Bib

The goal of Private Information Retrieval (PIR) is the ability to query a database successfully without the operator of the database server discovering which record(s) of the database the querier is interested in. There are two main classes of PIR protocols: those that provide privacy guarantees based on the computational limitations of servers (CPIR) and those that rely on multiple servers not colluding for privacy (IT-PIR). These two classes have different advantages and disadvantages that make them more or less attractive to designers of PIR-enabled privacy enhancing technologies. We present a hybrid PIR protocol that combines two PIR protocols, one from each of these classes. Our protocol inherits many positive aspects of both classes and mitigates some of the negative aspects. For example, our hybrid protocol maintains partial privacy when the security assumptions of one of the component protocols is broken, mitigating the privacy loss in such an event. We have implemented our protocol as an extension of the Percy++ library so that it combines a PIR protocol by Aguilar Melchor and Gaborit with one by Goldberg. We show that our hybrid protocol uses less communication than either of these component protocols and that our scheme is particularly beneficial when the number of records in a database is large compared to the size of the records. This situation arises in applications such as TLS certificate verification, anonymous communications systems, private LDAP lookups, and others.
@inbook{Devet2014, author = {Devet, Casey and Goldberg, Ian}, editor = {De Cristofaro, Emiliano and Murdoch, StevenJ.}, pages = {63-82}, publisher = {Springer International Publishing}, title = {The Best of Both Worlds: Combining Information-Theoretic and Computational PIR for Communication Efficiency}, year = {2014}, isbn = {978-3-319-08505-0}, series = {Lecture Notes in Computer Science}, volume = {8555}, booktitle = {Privacy Enhancing Technologies}, doi = {10.1007/978-3-319-08506-7_4}, organization = {Springer International Publishing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-319-08506-7_4} }
[Herrmann2014] Censorship-Resistant and Privacy-Preserving Distributed Web Search

Herrmann, Michael, Zhang, Ren, Ning, Kai-Chun, and Diaz, Claudia

2014

abstract Bib

The vast majority of Internet users are relying on centralized search engine providers to conduct their web searches. However, search results can be censored and search queries can be recorded by these providers without the user’s knowledge. Distributed web search engines based on peer-to-peer networks have been proposed to mitigate these threats. In this paper we analyze the three most popular real-world distributed web search engines: Faroo, Seeks and Yacy, with respect to their censorship resistance and privacy protection. We show that none of them provides an adequate level of protection against an adversary with modest resources. Recognizing these flaws, we identify security properties a censorship-resistant and privacy-preserving distributed web search engine should provide. We propose two novel defense mechanisms called node density protocol and webpage verification protocol to achieve censorship resistance and show their effectiveness and feasibility with simulations. Finally, we elaborate on how state-of-the-art defense mechanisms achieve privacy protection in distributed web search engines.
@conference{Herrmann2014, author = {Herrmann, Michael and Zhang, Ren and Ning, Kai-Chun and Diaz, Claudia}, booktitle = {IEEE International Conference on Peer to Peer computing}, title = {Censorship-Resistant and Privacy-Preserving Distributed Web Search}, year = {2014}, owner = {tom}, timestamp = {2017-10-10} }
[Oya2014] Do Dummies Pay Off? Limits of Dummy Traffic Protection in Anonymous Communications

Oya, Simon, Troncoso, Carmela, and Pérez-González, Fernando

2014

DOI Website abstract Bib

Anonymous communication systems ensure that correspondence between senders and receivers cannot be inferred with certainty.However, when patterns are persistent, observations from anonymous communication systems enable the reconstruction of user behavioral profiles. Protection against profiling can be enhanced by adding dummy messages, generated by users or by the anonymity provider, to the communication. In this paper we study the limits of the protection provided by this countermeasure. We propose an analysis methodology based on solving a least squares problem that permits to characterize the adversary’s profiling error with respect to the user behavior, the anonymity provider behavior, and the dummy strategy. Focusing on the particular case of a timed pool mix we show how, given a privacy target, the performance analysis can be used to design optimal dummy strategies to protect this objective.
@inbook{Oya2014, author = {Oya, Simon and Troncoso, Carmela and P{\'e}rez-Gonz{\'a}lez, Fernando}, editor = {De Cristofaro, Emiliano and Murdoch, StevenJ.}, pages = {204-223}, publisher = {Springer International Publishing}, title = {Do Dummies Pay Off? Limits of Dummy Traffic Protection in Anonymous Communications}, year = {2014}, isbn = {978-3-319-08505-0}, series = {Lecture Notes in Computer Science}, volume = {8555}, booktitle = {Privacy Enhancing Technologies}, doi = {10.1007/978-3-319-08506-7_11}, keywords = {anonymous communications, disclosure attacks, dummies}, organization = {Springer International Publishing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-319-08506-7_11} }
[Borisov2014] DP5: A Private Presence Service

Borisov, Nikita, Danezis, George, and Goldberg, Ian

May 2014

abstract Bib

The recent NSA revelations have shown that “address book” and “buddy list” information are routinely targeted for mass interception. As a response to this threat, we present DP5, a cryptographic service that provides privacy-friendly indication of presence to support real-time communications. DP5 allows clients to register and query the online presence of their list of friends while keeping this list secret. Besides presence, high-integrity status updates are supported, to facilitate key update and rendezvous protocols. While infrastructure services are required for DP5 to operate, they are designed to not require any long-term secrets and provide perfect forward secrecy in case of compromise. We provide security arguments for the indistinguishability properties of the protocol, as well as an evaluation of its performance.
@article{Borisov2014, author = {Borisov, Nikita and Danezis, George and Goldberg, Ian}, journal = {Centre for Applied Cryptographic Research (CACR), University of Waterloo}, title = {DP5: A Private Presence Service}, year = {2014}, month = may, owner = {tom}, timestamp = {2017-10-10}, type = {Technical Report} }
[Chen2014] On the Effectiveness of Obfuscation Techniques in Online Social Networks

Chen, Terence, Boreli, Roksana, Kaafar, Mohamed-Ali, and Friedman, Arik

2014

DOI Website abstract Bib

Data obfuscation is a well-known technique for protecting user privacy against inference attacks, and it was studied in diverse settings, including search queries, recommender systems, location-based services and Online Social Networks (OSNs). However, these studies typically take the point of view of a single user who applies obfuscation, and focus on protection of a single target attribute. Unfortunately, while narrowing the scope simplifies the problem, it overlooks some significant challenges that effective obfuscation would need to address in a more realistic setting. First, correlations between attributes imply that obfuscation conducted to protect a certain attribute, may influence inference attacks targeted at other attributes. In addition, when multiple users conduct obfuscation simultaneously, the combined effect of their obfuscations may be significant enough to affect the inference mechanism to their detriment. In this work we focus on the OSN setting and use a dataset of 1.9 million Facebook profiles to demonstrate the severity of these problems and explore possible solutions. For example, we show that an obfuscation policy that would limit the accuracy of inference to 45% when applied by a single user, would result in an inference accuracy of 75% when applied by 10% of the users. We show that a dynamic policy, which is continuously adjusted to the most recent data in the OSN, may mitigate this problem. Finally, we report the results of a user study, which indicates that users are more willing to obfuscate their profiles using popular and high quality items. Accordingly, we propose and evaluate an obfuscation strategy that satisfies both user needs and privacy protection.
@inbook{Chen2014, author = {Chen, Terence and Boreli, Roksana and Kaafar, Mohamed-Ali and Friedman, Arik}, editor = {De Cristofaro, Emiliano and Murdoch, StevenJ.}, pages = {42-62}, publisher = {Springer International Publishing}, title = {On the Effectiveness of Obfuscation Techniques in Online Social Networks}, year = {2014}, isbn = {978-3-319-08505-0}, series = {Lecture Notes in Computer Science}, volume = {8555}, booktitle = {Privacy Enhancing Technologies}, doi = {10.1007/978-3-319-08506-7_3}, organization = {Springer International Publishing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-319-08506-7_3} }
[Lueks2014] Forward-Secure Distributed Encryption

Lueks, Wouter, Hoepman, Jaap-Henk, and Kursawe, Klaus

2014

DOI Website abstract Bib

Distributed encryption is a cryptographic primitive that implements revocable privacy. The primitive allows a recipient of a message to decrypt it only if enough senders encrypted that same message. We present a new distributed encryption scheme that is simpler than the previous solution by Hoepman and Galindo—in particular it does not rely on pairings—and that satisfies stronger security requirements. Moreover, we show how to achieve key evolution, which is necessary to ensure scalability in many practical applications, and prove that the resulting scheme is forward secure. Finally, we present a provably secure batched distributed encryption scheme that is much more efficient for small plaintext domains, but that requires more storage.
@inbook{Lueks2014, author = {Lueks, Wouter and Hoepman, Jaap-Henk and Kursawe, Klaus}, editor = {De Cristofaro, Emiliano and Murdoch, StevenJ.}, pages = {123-142}, publisher = {Springer International Publishing}, title = {Forward-Secure Distributed Encryption}, year = {2014}, isbn = {978-3-319-08505-0}, series = {Lecture Notes in Computer Science}, volume = {8555}, booktitle = {Privacy Enhancing Technologies}, doi = {10.1007/978-3-319-08506-7_7}, organization = {Springer International Publishing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-319-08506-7_7} }

[DBLP:conf/stoc/Ullman13] Answering n^2+o(1) Counting Queries with Differential Privacy is Hard

Ullman, Jonathan

2013

Bib

@conference{DBLP:conf/stoc/Ullman13,
  author = {Ullman, Jonathan},
  title = {Answering $n^{2+o(1)}$ Counting Queries with Differential Privacy is Hard},
  year = {2013},
  pages = {361{\textendash}370},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Chatzikokolakis2013] Broadening the Scope of Differential Privacy Using Metrics

Chatzikokolakis, Konstantinos, Andrés, MiguelE., Bordenabe, NicolásEmilio, and Palamidessi, Catuscia

2013

DOI Website abstract Bib

Differential Privacy is one of the most prominent frameworks used to deal with disclosure prevention in statistical databases. It provides a formal privacy guarantee, ensuring that sensitive information relative to individuals cannot be easily inferred by disclosing answers to aggregate queries. If two databases are adjacent, i.e. differ only for an individual, then the query should not allow to tell them apart by more than a certain factor. This induces a bound also on the distinguishability of two generic databases, which is determined by their distance on the Hamming graph of the adjacency relation. In this paper we explore the implications of differential privacy when the indistinguishability requirement depends on an arbitrary notion of distance. We show that we can naturally express, in this way, (protection against) privacy threats that cannot be represented with the standard notion, leading to new applications of the differential privacy framework. We give intuitive characterizations of these threats in terms of Bayesian adversaries, which generalize two interpretations of (standard) differential privacy from the literature. We revisit the well-known results stating that universally optimal mechanisms exist only for counting queries: We show that, in our extended setting, universally optimal mechanisms exist for other queries too, notably sum, average, and percentile queries. We explore various applications of the generalized definition, for statistical databases as well as for other areas, such that geolocation and smart metering.
@inbook{Chatzikokolakis2013, author = {Chatzikokolakis, Konstantinos and Andr{\'e}s, MiguelE. and Bordenabe, Nicol{\'a}sEmilio and Palamidessi, Catuscia}, editor = {De Cristofaro, Emiliano and Wright, Matthew}, pages = {82-102}, publisher = {Springer Berlin Heidelberg}, title = {Broadening the Scope of Differential Privacy Using Metrics}, year = {2013}, isbn = {978-3-642-39076-0}, series = {Lecture Notes in Computer Science}, volume = {7981}, booktitle = {Privacy Enhancing Technologies}, doi = {10.1007/978-3-642-39077-7_5}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-39077-7_5} }

[DBLP:conf/netys/BoutetFJKR13] FreeRec: An Anonymous and Distributed Personalization Architecture

Boutet, Antoine, Frey, Davide, Jegou, Arnaud, Kermarrec, Anne-Marie, and Ribeiro, Heverson B.

2013

Bib

@conference{DBLP:conf/netys/BoutetFJKR13,
  author = {Boutet, Antoine and Frey, Davide and Jegou, Arnaud and Kermarrec, Anne-Marie and Ribeiro, Heverson B.},
  title = {FreeRec: An Anonymous and Distributed Personalization Architecture},
  year = {2013},
  pages = {58{\textendash}73},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Al-Ameen2013] Persea: A Sybil-resistant Social DHT

Al-Ameen, Mahdi N., and Wright, Matthew

2013

DOI Website abstract Bib

P2P systems are inherently vulnerable to Sybil attacks, in which an attacker can have a large number of identities and use them to control a substantial fraction of the system. We propose Persea, a novel P2P system that is more robust against Sybil attacks than prior approaches. Persea derives its Sybil resistance by assigning IDs through a bootstrap tree, the graph of how nodes have joined the system through invitations. More specifically, a node joins Persea when it gets an invitation from an existing node in the system. The inviting node assigns a node ID to the joining node and gives it a chunk of node IDs for further distribution. For each chunk of ID space, the attacker needs to socially engineer a connection to another node already in the system. This hierarchical distribution of node IDs confines a large attacker botnet to a considerably smaller region of the ID space than in a normal P2P system. Persea uses a replication mechanism in which each (key,value) pair is stored in nodes that are evenly spaced over the network. Thus, even if a given region is occupied by attackers, the desired (key,value) pair can be retrieved from other regions. We compare our results with Kad, Whanau, and X-Vine and show that Persea is a better solution against Sybil attacks. collapse
@conference{Al-Ameen2013, author = {Al-Ameen, Mahdi N. and Wright, Matthew}, booktitle = {Proceedings of the Third ACM Conference on Data and Application Security and Privacy}, title = {Persea: A Sybil-resistant Social DHT}, year = {2013}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/2435349.2435372}, isbn = {978-1-4503-1890-7}, keywords = {security, social dht, Sybil attack}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org.eaccess.ub.tum.de/10.1145/2435349.2435372} }

[sep-privacy] Privacy

DeCew, Judith

2013

Bib

@inbook{sep-privacy,
  author = {DeCew, Judith},
  editor = {Zalta, Edward N.},
  title = {Privacy},
  year = {2013},
  edition = {{Fall 2013}},
  booktitle = {The Stanford Encyclopedia of Philosophy},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Toth2013b] Public Key Pinning for TLS Using a Trust on First Use Model

Toth, Gabor X

2013

abstract Bib

Although the Public Key Infrastructure (PKI) using X.509 is meant to prevent the occurrence of man-in-the-middle attacks on TLS, there are still situations in which such attacks are possible due to the large number of Certification Authorities (CA) that has to be trusted. Recent incidents involving CA compromises, which lead to issuance of rogue certificates indicate the weakness of the PKI model. Recently various public key pinning protocols – such as DANE or TACK – have been proposed to thwart man-in-the-middle attacks on TLS connections. It will take a longer time, however, until any of these protocols reach wide deployment. We present an approach intended as an interim solution to bridge this gap and provide protection for connections to servers not yet using a pinning protocol. The presented method is based on public key pinning with a trust on first use model, and can be combined with existing notary approaches as well.
@article{Toth2013b, author = {Toth, Gabor X}, title = {Public Key Pinning for TLS Using a Trust on First Use Model}, year = {2013}, editor = {Vlieg, Tjebbe}, keywords = {certificate, pinning, PKI, public key pinning, TLS, TOFU, trust on first use, X.509}, owner = {tom}, timestamp = {2017-10-10} }
[Uzunov2013] Speeding Up Tor with SPDY

Uzunov, Andrey

11/2013 2013

abstract Bib

SPDY is a rather new protocol which is an alternative to HTTP. It was designed to address inefficiencies in the latter and thereby improve latency and reduce bandwidth consumption. This thesis presents the design and implementation of a setup for utilizing SPDY within the anonymizing Tor network for reducing latency and traffic in the latter. A C library implementing the SPDY server protocol is introduced together with an HTTP to SPDY and a SPDY to HTTP proxy which are the base for the presented design. Furthermore, we focus on the SPDY server push feature which allows servers to send multiple responses to a single request for reducing latency and traffic on loading web pages. We propose a prediction algorithm for employing push at SPDY servers and proxies. The algorithm makes predictions based on previous requests and responses and initially does not know anything about the data which it will push. This thesis includes extensive measurement data highlighting the possible benefits of using SPDY instead of HTTP and HTTPS (1.0 or 1.1), especially with respect to networks experiencing latency or loss. Moreover, the real profit from using SPDY within the Tor network on loading some of the most popular web sites is presented. Finally, evaluations of the proposed push prediction algorithm are given for emphasizing the possible gain of employing it at SPDY reverse and forward proxies.
@mastersthesis{Uzunov2013, author = {Uzunov, Andrey}, school = {Technische Universitaet Muenchen}, title = {Speeding Up Tor with SPDY}, year = {2013}, address = {Garching bei Muenchen}, month = {11/2013}, type = {Master{\textquoteright}s}, keywords = {anonymity, HTTP, privacy, spdy, Tor}, owner = {tom}, pages = {124}, timestamp = {2021-01-27}, volume = {Master{\textquoteright}s in Computer Science} }
[Kermarrec2013] Towards a Personalized Internet: a Case for a Full Decentralization.

Kermarrec, Anne-Marie

Philosophical Transactions. Series A, Mathematical, Physical, and Engineering Sciences Mar 2013

DOI abstract Bib

The Web has become a user-centric platform where users post, share, annotate, comment and forward content be it text, videos, pictures, URLs, etc. This social dimension creates tremendous new opportunities for information exchange over the Internet, as exemplified by the surprising and exponential growth of social networks and collaborative platforms. Yet, niche content is sometimes difficult to retrieve using traditional search engines because they target the mass rather than the individual. Likewise, relieving users from useless notification is tricky in a world where there is so much information and so little of interest for each and every one of us. We argue that ultra-specific content could be retrieved and disseminated should search and notification be personalized to fit this new setting. We also argue that users’ interests should be implicitly captured by the system rather than relying on explicit classifications simply because the world is by nature unstructured, dynamic and users do not want to be hampered in their actions by a tight and static framework. In this paper, we review some existing personalization approaches, most of which are centralized. We then advocate the need for fully decentralized systems because personalization raises two main issues. Firstly, personalization requires information to be stored and maintained at a user granularity which can significantly hurt the scalability of a centralized solution. Secondly, at a time when the ‘big brother is watching you’ attitude is prominent, users may be more and more reluctant to give away their personal data to the few large companies that can afford such personalization. We start by showing how to achieve personalization in decentralized systems and conclude with the research agenda ahead.
@article{Kermarrec2013, author = {Kermarrec, Anne-Marie}, journal = {Philosophical Transactions. Series A, Mathematical, Physical, and Engineering Sciences}, title = {Towards a Personalized Internet: a Case for a Full Decentralization.}, year = {2013}, issn = {1364-503X}, month = mar, number = {1987}, volume = {371}, doi = {10.1098/rsta.2012.0380}, owner = {tom}, timestamp = {2017-10-10} }

[Biryukov2013] Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

Biryukov, A., Pustogarov, I., and Weinmann, R.

2013

@conference{Biryukov2013,
  author = {Biryukov, A. and Pustogarov, I. and Weinmann, R.},
  booktitle = {Security and Privacy (SP), 2013 IEEE Symposium on},
  title = {Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization},
  year = {2013},
  doi = {10.1109/SP.2013.15},
  keywords = {anonymity network, arbitrary hidden services, command and control channels, data privacy, deanonymize hidden services, DuckDuckGo search engine, hidden services, Internet, Internet service privacy, privacy, search engines, Silk Road, Tor, Tor hidden services, volunteer based anonymity network, volunteer operated relays},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Boutet2013] WhatsUp: A Decentralized Instant News Recommender

Boutet, Antoine, Frey, Davide, Guerraoui, Rachid, Jegou, Arnaud, and Kermarrec, Anne-Marie

2013

abstract Bib

We present WHATSUP, a collaborative filtering system for disseminating news items in a large-scale dynamic setting with no central authority. WHATSUP constructs an implicit social network based on user profiles that express the opinions of users about the news items they receive (like-dislike). Users with similar tastes are clustered using a similarity metric reflecting long-standing and emerging (dis)interests. News items are disseminated through a novel heterogeneous gossip protocol that (1) biases the orientation of its targets towards those with similar interests, and (2) amplifies dissemination based on the level of interest in every news item. We report on an extensive evaluation of WHATSUP through (a) simulations, (b) a ModelNet emulation on a cluster, and (c) a PlanetLab deployment based on real datasets. We show that WHATSUP outperforms various alternatives in terms of accurate and complete delivery of relevant news items while preserving the fundamental advantages of standard gossip: namely, simplicity of deployment and robustness.
@conference{Boutet2013, author = {Boutet, Antoine and Frey, Davide and Guerraoui, Rachid and Jegou, Arnaud and Kermarrec, Anne-Marie}, booktitle = {IEEE 27th International Symposium on Parallel \& Distributed Processing}, title = {WhatsUp: A Decentralized Instant News Recommender}, year = {2013}, organization = {IEEE}, publisher = {IEEE}, owner = {tom}, timestamp = {2017-10-10} }

[knight2012autonetkit] AutoNetkit: simplifying large scale, open-source network experimentation

Knight, Simon, Jaboldinov, Askar, Maennel, Olaf, Phillips, Iain, and Roughan, Matthew

SIGCOMM Comput. Commun. Rev. 2012

@article{knight2012autonetkit,
  author = {Knight, Simon and Jaboldinov, Askar and Maennel, Olaf and Phillips, Iain and Roughan, Matthew},
  journal = {SIGCOMM Comput. Commun. Rev.},
  title = {AutoNetkit: simplifying large scale, open-source network experimentation},
  year = {2012},
  issn = {0146-4833},
  number = {4},
  pages = {97{\textendash}98},
  volume = {42},
  address = {New York, NY, USA},
  doi = {10.1145/2377677.2377699},
  keywords = {automated configuration, emulation, Network management},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/2377677.2377699}
}

[Alaggan2012] BLIP: Non-interactive Differentially-Private Similarity Computation on Bloom filters

Alaggan, Mohammad, Gambs, Sébastien, and Kermarrec, Anne-Marie

2012

DOI Website abstract Bib

In this paper, we consider the scenario in which the profile of a user is represented in a compact way, as a Bloom filter, and the main objective is to privately compute in a distributed manner the similarity between users by relying only on the Bloom filter representation. In particular, we aim at providing a high level of privacy with respect to the profile even if a potentially unbounded number of similarity computations take place, thus calling for a non-interactive mechanism. To achieve this, we propose a novel non-interactive differentially private mechanism called BLIP (for BLoom-and-flIP) for randomizing Bloom filters. This approach relies on a bit flipping mechanism and offers high privacy guarantees while maintaining a small communication cost. Another advantage of this non-interactive mechanism is that similarity computation can take place even when the user is offline, which is impossible to achieve with interactive mechanisms. Another of our contributions is the definition of a probabilistic inference attack, called the “Profile Reconstruction attack”, that can be used to reconstruct the profile of an individual from his Bloom filter representation. More specifically, we provide an analysis of the protection offered by BLIP against this profile reconstruction attack by deriving an upper and lower bound for the required value of the differential privacy parameter ε.
@inbook{Alaggan2012, author = {Alaggan, Mohammad and Gambs, S{\'e}bastien and Kermarrec, Anne-Marie}, editor = {Richa, Andr{\'e}aW. and Scheideler, Christian}, pages = {202-216}, publisher = {Springer Berlin Heidelberg}, title = {BLIP: Non-interactive Differentially-Private Similarity Computation on Bloom filters}, year = {2012}, isbn = {978-3-642-33535-8}, series = {Lecture Notes in Computer Science}, volume = {7596}, booktitle = {Stabilization, Safety, and Security of Distributed Systems}, doi = {10.1007/978-3-642-33536-5_20}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-33536-5_20} }
[congestion-tor12] Congestion-aware Path Selection for Tor

Wang, Tao, Bauer, Kevin, Forero, Clara, and Goldberg, Ian

02/2012 2012

abstract Bib

Tor, an anonymity network formed by volunteer nodes, uses the estimated bandwidth of the nodes as a central feature of its path selection algorithm. The current load on nodes is not considered in this algorithm, however, and we ob- serve that some nodes persist in being under-utilized or congested. This can degrade the network’s performance, discourage Tor adoption, and consequently reduce the size of Tor’s anonymity set. In an effort to reduce congestion and improve load balancing, we propose a congestion-aware path selection algorithm. Using latency as an indicator of congestion, clients use opportunistic and lightweight active measurements to evaluate the congestion state of nodes, and reject nodes that appear congested. Through experiments conducted on the live Tor network, we verify our hypothesis that clients can infer congestion using latency and show that congestion-aware path selection can improve performance.
@conference{congestion-tor12, author = {Wang, Tao and Bauer, Kevin and Forero, Clara and Goldberg, Ian}, booktitle = {FC{\textquoteright}12 - Proceedings of the 16th International Conference in Financial Cryptography and Data Security}, title = {Congestion-aware Path Selection for Tor}, year = {2012}, address = {Bonaire}, month = {02/2012}, keywords = {algorithms, Tor, volunteer nodes}, owner = {tom}, timestamp = {2021-01-27} }

[Sadiq2012] CRISP: Collusion-resistant Incentive-compatible Routing and Forwarding in Opportunistic Networks

Sadiq, Umair, Kumar, Mohan, and Wright, Matthew

2012

@conference{Sadiq2012,
  author = {Sadiq, Umair and Kumar, Mohan and Wright, Matthew},
  booktitle = {Proceedings of the 15th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems},
  title = {CRISP: Collusion-resistant Incentive-compatible Routing and Forwarding in Opportunistic Networks},
  year = {2012},
  address = {New York, NY, USA},
  organization = {ACM},
  publisher = {ACM},
  doi = {10.1145/2387238.2387253},
  isbn = {978-1-4503-1628-6},
  keywords = {black-hole attack, collusion, credit schemes, delay tolerant networks, flooding, incentive schemes, mobile peer-to-peer networks, opportunistic networks},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/2387238.2387253}
}

[DBLP:journals/corr/abs-1202-4503] A Critical Look at Decentralized Personal Data Architectures

Narayanan, Arvind, Toubiana, Vincent, Barocas, Solon, Nissenbaum, Helen, and Boneh, Dan

CoRR 02/2012 2012

abstract Bib

While the Internet was conceived as a decentralized network, the most widely used web applications today tend toward centralization. Control increasingly rests with centralized service providers who, as a consequence, have also amassed unprecedented amounts of data about the behaviors and personalities of individuals. Developers, regulators, and consumer advocates have looked to alternative decentralized architectures as the natural response to threats posed by these centralized services. The result has been a great variety of solutions that include personal data stores (PDS), infomediaries, Vendor Relationship Management (VRM) systems, and federated and distributed social networks. And yet, for all these efforts, decentralized personal data architectures have seen little adoption. This position paper attempts to account for these failures, challenging the accepted wisdom in the web community on the feasibility and desirability of these approaches. We start with a historical discussion of the development of various categories of decentralized personal data architectures. Then we survey the main ideas to illustrate the common themes among these efforts. We tease apart the design characteristics of these systems from the social values that they (are intended to) promote. We use this understanding to point out numerous drawbacks of the decentralization paradigm, some inherent and others incidental. We end with recommendations for designers of these systems for working towards goals that are achievable, but perhaps more limited in scope and ambition.
@article{DBLP:journals/corr/abs-1202-4503, author = {Narayanan, Arvind and Toubiana, Vincent and Barocas, Solon and Nissenbaum, Helen and Boneh, Dan}, journal = {CoRR}, title = {A Critical Look at Decentralized Personal Data Architectures}, year = {2012}, month = {02/2012}, volume = {abs/1202.4503}, keywords = {distributed social networks, economics, personal data stores, policy, privacy, web}, owner = {tom}, timestamp = {2017-10-10} }
[Dodis2012] Differential Privacy with Imperfect Randomness

Dodis, Yevgeniy, López-Alt, Adriana, Mironov, Ilya, and Vadhan, Salil

2012

DOI Website abstract Bib

In this work we revisit the question of basing cryptography on imperfect randomness. Bosley and Dodis (TCC’07) showed that if a source of randomness R is “good enough” to generate a secret key capable of encrypting k bits, then one can deterministically extract nearly k almost uniform bits from R, suggesting that traditional privacy notions (namely, indistinguishability of encryption) requires an “extractable” source of randomness. Other, even stronger impossibility results are known for achieving privacy under specific “non-extractable” sources of randomness, such as the γ-Santha-Vazirani (SV) source, where each next bit has fresh entropy, but is allowed to have a small bias γ < 1 (possibly depending on prior bits). We ask whether similar negative results also hold for a more recent notion of privacy called differential privacy (Dwork et al., TCC’06), concentrating, in particular, on achieving differential privacy with the Santha-Vazirani source. We show that the answer is no. Specifically, we give a differentially private mechanism for approximating arbitrary “low sensitivity” functions that works even with randomness coming from a γ-Santha-Vazirani source, for any γ < 1. This provides a somewhat surprising “separation” between traditional privacy and differential privacy with respect to imperfect randomness. Interestingly, the design of our mechanism is quite different from the traditional “additive-noise” mechanisms (e.g., Laplace mechanism) successfully utilized to achieve differential privacy with perfect randomness. Indeed, we show that any (non-trivial) “SV-robust” mechanism for our problem requires a demanding property called consistent sampling, which is strictly stronger than differential privacy, and cannot be satisfied by any additive-noise mechanism.
@inbook{Dodis2012, author = {Dodis, Yevgeniy and L{\'o}pez-Alt, Adriana and Mironov, Ilya and Vadhan, Salil}, editor = {Safavi-Naini, Reihaneh and Canetti, Ran}, pages = {497-516}, publisher = {Springer Berlin Heidelberg}, title = {Differential Privacy with Imperfect Randomness}, year = {2012}, isbn = {978-3-642-32008-8}, series = {Lecture Notes in Computer Science}, volume = {7417}, booktitle = {Advances in Cryptology {\textendash} CRYPTO 2012}, doi = {10.1007/978-3-642-32009-5_29}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-32009-5_29} }

[gossipico2012] Gossip-based counting in dynamic networks

Bovenkamp, Ruud, Kuipers, Fernando, and Mieghem, Piet Van

05/2012 2012

Bib

@conference{gossipico2012,
  author = {van de Bovenkamp, Ruud and Kuipers, Fernando and Mieghem, Piet Van},
  booktitle = {IFIP International Conferences on Networking (Networking 2012)},
  title = {Gossip-based counting in dynamic networks},
  year = {2012},
  address = {Prague, CZ},
  month = {05/2012},
  organization = {Springer Verlag},
  pages = {404{\textendash}419},
  publisher = {Springer Verlag},
  keywords = {network size estimation},
  owner = {tom},
  timestamp = {2017-10-10}
}

[DBLP:conf/tridentcom/HermenierR12] How to Build a Better Testbed: Lessons from a Decade of Network Experiments on Emulab

Hermenier, Fabien, and Ricci, Robert

2012

Bib

@conference{DBLP:conf/tridentcom/HermenierR12,
  author = {Hermenier, Fabien and Ricci, Robert},
  booktitle = {TRIDENTCOM},
  title = {How to Build a Better Testbed: Lessons from a Decade of Network Experiments on Emulab},
  year = {2012},
  pages = {287-304},
  keywords = {emulab, emulation, testbed},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Guha2012] Koi: A Location-Privacy Platform for Smartphone Apps

Guha, Saikat, Jain, Mudit, and Padmanabhan, Venkata

Apr 2012

abstract Bib

With mobile phones becoming first-class citizens in the online world, the rich location data they bring to the table is set to revolutionize all aspects of online life including content delivery, recommendation systems, and advertising. However, user-tracking is a concern with such location-based services, not only because location data can be linked uniquely to individuals, but because the low-level nature of current location APIs and the resulting dependence on the cloud to synthesize useful representations virtually guarantees such tracking. In this paper, we propose privacy-preserving location-based matching as a fundamental platform primitive and as an alternative to exposing low-level, latitude-longitude (lat-long) coordinates to applications. Applications set rich location-based triggers and have these be fired based on location updates either from the local device or from a remote device (e.g., a friend’s phone). Our Koi platform, comprising a privacy-preserving matching service in the cloud and a phone-based agent, realizes this primitive across multiple phone and browser platforms. By masking low-level lat-long information from applications, Koi not only avoids leaking privacy-sensitive information, it also eases the task of programmers by providing a higher-level abstraction that is easier for applications to build upon. Koi’s privacy-preserving protocol prevents the cloud service from tracking users. We verify the non-tracking properties of Koi using a theorem prover, illustrate how privacy guarantees can easily be added to a wide range of location-based applications, and show that our public deployment is performant, being able to perform 12K matches per second on a single core.
@conference{Guha2012, author = {Guha, Saikat and Jain, Mudit and Padmanabhan, Venkata}, booktitle = {{Proceedings of the 9th Symposium on Networked Systems Design and Implementation (NSDI)}}, title = {Koi: A Location-Privacy Platform for Smartphone Apps}, year = {2012}, address = {San Jose, CA}, month = apr, keywords = {location privacy, matching}, owner = {tom}, timestamp = {2017-10-10} }
[oakland2012-lap] LAP: Lightweight Anonymity and Privacy

Hsiao, Hsu-Chun, Kim, Tiffany Hyun-Jin, Perrig, Adrian, Yamada, Akira, Nelson, Sam, Gruteser, Marco, and Ming, Wei

05/2012 2012

abstract Bib

Popular anonymous communication systems often require sending packets through a sequence of relays on dilated paths for strong anonymity protection. As a result, increased end-to-end latency renders such systems inadequate for the majority of Internet users who seek an intermediate level of anonymity protection while using latency-sensitive applications, such as Web applications. This paper serves to bridge the gap between communication systems that provide strong anonymity protection but with intolerable latency and non-anonymous communication systems by considering a new design space for the setting. More specifically, we explore how to achieve near-optimal latency while achieving an intermediate level of anonymity with a weaker yet practical adversary model (i.e., protecting an end-host’s identity and location from servers) such that users can choose between the level of anonymity and usability. We propose Lightweight Anonymity and Privacy (LAP), an efficient network-based solution featuring lightweight path establishment and stateless communication, by concealing an end-host’s topological location to enhance anonymity against remote tracking. To show practicality, we demonstrate that LAP can work on top of the current Internet and proposed future Internet architectures.
@conference{oakland2012-lap, author = {Hsiao, Hsu-Chun and Kim, Tiffany Hyun-Jin and Perrig, Adrian and Yamada, Akira and Nelson, Sam and Gruteser, Marco and Ming, Wei}, booktitle = {Proceedings of the 2012 IEEE Symposium on Security and Privacy}, title = {LAP: Lightweight Anonymity and Privacy}, year = {2012}, address = {San Francisco, CA, USA}, month = {05/2012}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, keywords = {anonymous communication anonymity protection, LAP}, owner = {tom}, timestamp = {2021-01-27} }
[oakland2012-lastor] LASTor: A Low-Latency AS-Aware Tor Client

Akhoondi, Masoud, Yu, Curtis, and Madhyastha, Harsha V.

05/2012 2012

abstract Bib

The widely used Tor anonymity network is designed to enable low-latency anonymous communication. However, in practice, interactive communication on Tor—which accounts for over 90% of connections in the Tor network [1]—incurs latencies over 5x greater than on the direct Internet path. In addition, since path selection to establish a circuit in Tor is oblivious to Internet routing, anonymity guarantees can breakdown in cases where an autonomous system (AS) can correlate traffic across the entry and exit segments of a circuit. In this paper, we show that both of these shortcomings in Tor can be addressed with only client-side modifications, i.e., without requiring a revamp of the entire Tor architecture. To this end, we design and implement a new Tor client, LASTor. First, we show that LASTor can deliver significant latency gains over the default Tor client by simply accounting for the inferred locations of Tor relays while choosing paths. Second, since the preference for low latency paths reduces the entropy of path selection, we design LASTor’s path selection algorithm to be tunable. A user can choose an appropriate tradeoff between latency and anonymity by specifying a value between 0 (lowest latency) and 1 (highest anonymity) for a single parameter. Lastly, we develop an efficient and accurate algorithm to identify paths on which an AS can correlate traffic between the entry and exit segments. This algorithm enables LASTor to avoid such paths and improve a user’s anonymity, while the low runtime of the algorithm ensures that the impact on end-to-end latency of communication is low. By applying our techniques to measurements of real Internet paths and by using LASTor to visit the top 200 websites from several geographically-distributed end-hosts, we show that, in comparison to the default Tor client, LASTor reduces median latencies by 25% while also reducing the false negative rate of not detecting a potential snooping AS from 57% to 11%.
@conference{oakland2012-lastor, author = {Akhoondi, Masoud and Yu, Curtis and Madhyastha, Harsha V.}, booktitle = {Proceedings of the 2012 IEEE Symposium on Security and Privacy}, title = {LASTor: A Low-Latency AS-Aware Tor Client}, year = {2012}, address = {San Francisco, CA, USA}, month = {05/2012}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, keywords = {anonymous communication, as, autonomous system, Tor}, owner = {tom}, timestamp = {2021-01-27} }
[De2012] Lower Bounds in Differential Privacy

De, Anindya

2012

DOI Website abstract Bib

This paper is about private data analysis, in which a trusted curator holding a confidential database responds to real vector-valued queries. A common approach to ensuring privacy for the database elements is to add appropriately generated random noise to the answers, releasing only these noisy responses. A line of study initiated in [7] examines the amount of distortion needed to prevent privacy violations of various kinds. The results in the literature vary according to several parameters, including the size of the database, the size of the universe from which data elements are drawn, the “amount” of privacy desired, and for the purposes of the current work, the arity of the query. In this paper we sharpen and unify these bounds. Our foremost result combines the techniques of Hardt and Talwar [11] and McGregor et al. [13] to obtain linear lower bounds on distortion when providing differential privacy for a (contrived) class of low-sensitivity queries. (A query has low sensitivity if the data of a single individual has small effect on the answer.) Several structural results follow as immediate corollaries: We separate so-called counting queries from arbitrary low-sensitivity queries, proving the latter requires more noise, or distortion, than does the former; We separate (ε,0)-differential privacy from its well-studied relaxation (ε,δ)-differential privacy, even when δ ∈ 2- o(n) is negligible in the size n of the database, proving the latter requires less distortion than the former; We demonstrate that (ε,δ)-differential privacy is much weaker than (ε,0)-differential privacy in terms of mutual information of the transcript of the mechanism with the database, even when δ ∈ 2- o(n) is negligible in the size n of the database. We also simplify the lower bounds on noise for counting queries in [11] and also make them unconditional. Further, we use a characterization of (ε,δ) differential privacy from [13] to obtain lower bounds on the distortion needed to ensure (ε,δ)-differential privacy for ε,δ > 0. We next revisit the LP decoding argument of [10] and combine it with a recent result of Rudelson [15] to improve on a result of Kasiviswanathan et al. [12] on noise lower bounds for privately releasing l-way marginals.
@inbook{De2012, author = {De, Anindya}, editor = {Cramer, Ronald}, pages = {321-338}, publisher = {Springer Berlin Heidelberg}, title = {Lower Bounds in Differential Privacy}, year = {2012}, isbn = {978-3-642-28913-2}, series = {Lecture Notes in Computer Science}, volume = {7194}, booktitle = {Theory of Cryptography}, doi = {10.1007/978-3-642-28914-9_18}, keywords = {Differential Privacy, LP decoding}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-28914-9_18} }

[rossi2012modelnet] ModelNet-TE: An emulation tool for the study of P2P and traffic engineering interaction dynamics

Rossi, D., Veglia, P., Sammarco, M., and Larroca, F.

Peer-to-Peer Networking and Applications 2012

Bib

@article{rossi2012modelnet,
  author = {Rossi, D. and Veglia, P. and Sammarco, M. and Larroca, F.},
  journal = {Peer-to-Peer Networking and Applications},
  title = {ModelNet-TE: An emulation tool for the study of P2P and traffic engineering interaction dynamics},
  year = {2012},
  pages = {1{\textendash}19},
  keywords = {emulation, ModelNet, P2P emulation, traffic engineering},
  owner = {tom},
  publisher = {Springer},
  timestamp = {2017-10-10}
}

[Halim2012] Monkey: Automated debugging of deployed distributed systems

Halim, Safey A.

07/2012 2012

abstract Bib

Debugging is tedious and time consuming work that, for certain types of bugs, can and should be automated. Debugging distributed systems is more complex due to time dependencies between interacting processes. Another related problem is duplicate bug reports in bug repositories. Finding bug duplicates is hard and wastes developers’ time which may affect the development team’s rate of bug fixes and new releases. In this master thesis we introduce Monkey, a new tool that provides a solution for automated classification, investigation and characterization of bugs, as well as a solution for comparing bug reports and avoiding duplicates. Our tool is particularly suitable for distributed systems due to its autonomy. We present Monkey’s key design goals and architecture and give experimental results demonstrating the viability of our approach.
@mastersthesis{Halim2012, author = {Halim, Safey A.}, school = {Technische Universitaet Muenchen}, title = {Monkey: Automated debugging of deployed distributed systems}, year = {2012}, address = {Garching bei Muenchen}, month = {07/2012}, type = {Masters}, keywords = {automation, debugging, distributed systems}, owner = {tom}, pages = {78}, timestamp = {2017-10-10}, volume = {M.S.} }
[Wander2012] NTALG - TCP NAT traversal with application-level gateways

Wander, M., Holzapfel, S., Wacker, A., and Weis, T.

2012

abstract Bib

Consumer computers or home communication devices are usually connected to the Internet via a Network Address Translation (NAT) router. This imposes restrictions for networking applications that require inbound connections. Existing solutions for NAT traversal can remedy the restrictions, but still there is a fraction of home users which lack support of it, especially when it comes to TCP. We present a framework for traversing NAT routers by exploiting their built-in FTP and IRC application-level gateways (ALG) for arbitrary TCP-based applications. While this does not work in every scenario, it significantly improves the success chance without requiring any user interaction at all. To demonstrate the framework, we show a small test setup with laptop computers and home NAT routers.
@conference{Wander2012, author = {Wander, M. and Holzapfel, S. and Wacker, A. and Weis, T.}, booktitle = {Consumer Communications and Networking Conference (CCNC), 2012 IEEE}, title = {NTALG - TCP NAT traversal with application-level gateways}, year = {2012}, keywords = {FTP-ALG, NAT}, owner = {tom}, timestamp = {2021-01-27} }

[Wang2012] Octopus: A Secure and Anonymous DHT Lookup

Wang, Qiyan, and Borisov, Nikita

CoRR 2012

@article{Wang2012,
  author = {Wang, Qiyan and Borisov, Nikita},
  journal = {CoRR},
  title = {Octopus: A Secure and Anonymous DHT Lookup},
  year = {2012},
  volume = {abs/1203.2668},
  keywords = {anonymity, distributed hash table},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dblp.uni-trier.de/db/journals/corr/corr1203.html$\#$abs-1203-2668}
}

[oakland2012-peekaboo] Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail

Dyer, Kevin P., Coull, Scott, Ristenpart, Thomas, and Shrimpton, Thomas

05/2012 2012

abstract Bib

We consider the setting of HTTP traffic over encrypted tunnels, as used to conceal the identity of websites visited by a user. It is well known that traffic analysis (TA) attacks can accurately identify the website a user visits despite the use of encryption, and previous work has looked at specific attack/countermeasure pairings. We provide the first comprehensive analysis of general-purpose TA countermeasures. We show that nine known countermeasures are vulnerable to simple attacks that exploit coarse features of traffic (e.g., total time and bandwidth). The considered countermeasures include ones like those standardized by TLS, SSH, and IPsec, and even more complex ones like the traffic morphing scheme of Wright et al. As just one of our results, we show that despite the use of traffic morphing, one can use only total upstream and downstream bandwidth to identify —with 98% accuracy— which of two websites was visited. One implication of what we find is that, in the context of website identification, it is unlikely that bandwidth-efficient, general- purpose TA countermeasures can ever provide the type of security targeted in prior work.
@conference{oakland2012-peekaboo, author = {Dyer, Kevin P. and Coull, Scott and Ristenpart, Thomas and Shrimpton, Thomas}, booktitle = {Proceedings of the 2012 IEEE Symposium on Security and Privacy}, title = {Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail}, year = {2012}, address = {San Francisco, CA, USA}, month = {05/2012}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, keywords = {encrypted traffic, machine learning, padding, privacy, traffic analysis countermeasures}, owner = {tom}, timestamp = {2021-01-27} }
[Toch2012] Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems

Toch, Eran, Wang, Yang, and Cranor, LorrieFaith

User Modeling and User-Adapted Interaction 2012

DOI Website abstract Bib

Personalization technologies offer powerful tools for enhancing the user experience in a wide variety of systems, but at the same time raise new privacy concerns. For example, systems that personalize advertisements according to the physical location of the user or according to the user’s friends’ search history, introduce new privacy risks that may discourage wide adoption of personalization technologies. This article analyzes the privacy risks associated with several current and prominent personalization trends, namely social-based personalization, behavioral profiling, and location-based personalization. We survey user attitudes towards privacy and personalization, as well as technologies that can help reduce privacy risks. We conclude with a discussion that frames risks and technical solutions in the intersection between personalization and privacy, as well as areas for further investigation. This frameworks can help designers and researchers to contextualize privacy challenges of solutions when designing personalization systems.
@article{Toch2012, author = {Toch, Eran and Wang, Yang and Cranor, LorrieFaith}, journal = {User Modeling and User-Adapted Interaction}, title = {Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems}, year = {2012}, issn = {0924-1868}, pages = {203-220}, volume = {22}, doi = {10.1007/s11257-011-9110-z}, keywords = {e-commerce, Human{\textendash}computer interaction, Location-based services, Personalization, privacy, social networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/s11257-011-9110-z} }

[DBLP:conf/focs/DworkNV12] The Privacy of the Analyst and the Power of the State

Dwork, Cynthia, Naor, Moni, and Vadhan, Salil P.

2012

Bib

@conference{DBLP:conf/focs/DworkNV12,
  author = {Dwork, Cynthia and Naor, Moni and Vadhan, Salil P.},
  title = {The Privacy of the Analyst and the Power of the State},
  year = {2012},
  pages = {400{\textendash}409},
  owner = {tom},
  timestamp = {2017-10-10}
}

[moin:tel-00724121] Recommendation and Visualization Techniques for Large Scale Data

Moin, Afshin

Jul 2012

Bib

@mastersthesis{moin:tel-00724121,
  author = {Moin, Afshin},
  school = {Universit{\'e} Rennes 1},
  title = {Recommendation and Visualization Techniques for Large Scale Data},
  year = {2012},
  month = jul,
  type = {phd},
  owner = {tom},
  timestamp = {2017-10-10}
}

[handigol2012reproducible] Reproducible network experiments using container based emulation

Handigol, N., Heller, B., Jeyakumar, V., Lantz, B., and McKeown, N.

Proc. CoNEXT 2012

Bib

@article{handigol2012reproducible,
  author = {Handigol, N. and Heller, B. and Jeyakumar, V. and Lantz, B. and McKeown, N.},
  journal = {Proc. CoNEXT},
  title = {Reproducible network experiments using container based emulation},
  year = {2012},
  keywords = {emulation, mininet, network, virtualization},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Pitoura2012] Saturn: Range Queries, Load Balancing and Fault Tolerance in DHT Data Systems

Pitoura, Theoni, Ntarmos, Nikos, and Triantafillou, Peter

IEEE Transactions on Knowledge and Data Engineering 07/2012 2012

abstract Bib

In this paper, we present Saturn, an overlay architecture for large-scale data networks maintained over Distributed Hash Tables (DHTs) that efficiently processes range queries and ensures access load balancing and fault-tolerance. Placing consecutive data values in neighboring peers is desirable in DHTs since it accelerates range query processing; however, such a placement is highly susceptible to load imbalances. At the same time, DHTs may be susceptible to node departures/failures and high data availability and fault tolerance are significant issues. Saturn deals effectively with these problems through the introduction of a novel multiple ring, order-preserving architecture. The use of a novel order-preserving hash function ensures fast range query processing. Replication across and within data rings (termed vertical and horizontal replication) forms the foundation over which our mechanisms are developed, ensuring query load balancing and fault tolerance, respectively. Our detailed experimentation study shows strong gains in range query processing efficiency, access load balancing, and fault tolerance, with low replication overheads. The significance of Saturn is not only that it effectively tackles all three issues together—i.e., supporting range queries, ensuring load balancing, and providing fault tolerance over DHTs—but also that it can be applied on top of any order-preserving DHT enabling it to dynamically handle replication and, thus, to trade off replication costs for fair load distribution and fault tolerance.
@article{Pitoura2012, author = {Pitoura, Theoni and Ntarmos, Nikos and Triantafillou, Peter}, journal = {IEEE Transactions on Knowledge and Data Engineering}, title = {Saturn: Range Queries, Load Balancing and Fault Tolerance in DHT Data Systems}, year = {2012}, month = {07/2012}, volume = {24}, chapter = {1313}, keywords = {distributed hash table, load balancing, range queries, Saturn}, owner = {tom}, timestamp = {2021-01-27} }
[Zhou2012] The state-of-the-art in personalized recommender systems for social networking

Zhou, Xujuan, Xu, Yue, Li, Yuefeng, Josang, Audun, and Cox, Clive

Artificial Intelligence Review 2012

DOI Website abstract Bib

With the explosion of Web 2.0 application such as blogs, social and professional networks, and various other types of social media, the rich online information and various new sources of knowledge flood users and hence pose a great challenge in terms of information overload. It is critical to use intelligent agent software systems to assist users in finding the right information from an abundance of Web data. Recommender systems can help users deal with information overload problem efficiently by suggesting items (e.g., information and products) that match users’ personal interests. The recommender technology has been successfully employed in many applications such as recommending films, music, books, etc. The purpose of this report is to give an overview of existing technologies for building personalized recommender systems in social networking environment, to propose a research direction for addressing user profiling and cold start problems by exploiting user-generated content newly available in Web 2.0.
@article{Zhou2012, author = {Zhou, Xujuan and Xu, Yue and Li, Yuefeng and Josang, Audun and Cox, Clive}, journal = {Artificial Intelligence Review}, title = {The state-of-the-art in personalized recommender systems for social networking}, year = {2012}, issn = {0269-2821}, pages = {119-132}, volume = {37}, doi = {10.1007/s10462-011-9222-1}, keywords = {recommender systems, Social networking, trust, User generated content, user profiles}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/s10462-011-9222-1} }
[Browne2012] A Survey of Monte Carlo Tree Search Methods

Browne, Cameron, Powley, Edward, Whitehouse, Daniel, Lucas, Simon, Cowling, Peter I., Rohlfshagen, Philipp, Tavener, Stephen, Perez, Diego, Samothrakis, Spyridon, and Colton, Simon

IEEE Transactions on Computational Intelligence and AI in Games 03/2012 2012

DOI abstract Bib

Monte Carlo tree search (MCTS) is a recently proposed search method that combines the precision of tree search with the generality of random sampling. It has received considerable interest due to its spectacular success in the difficult problem of computer Go, but has also proved beneficial in a range of other domains. This paper is a survey of the literature to date, intended to provide a snapshot of the state of the art after the first five years of MCTS research. We outline the core algorithm’s derivation, impart some structure on the many variations and enhancements that have been proposed, and summarize the results from the key game and nongame domains to which MCTS methods have been applied. A number of open research questions indicate that the field is ripe for future work.
@article{Browne2012, author = {Browne, Cameron and Powley, Edward and Whitehouse, Daniel and Lucas, Simon and Cowling, Peter I. and Rohlfshagen, Philipp and Tavener, Stephen and Perez, Diego and Samothrakis, Spyridon and Colton, Simon}, journal = {IEEE Transactions on Computational Intelligence and AI in Games}, title = {A Survey of Monte Carlo Tree Search Methods}, year = {2012}, issn = {1943-068X}, month = {03/2012}, pages = {1-43}, volume = {4}, doi = {10.1109/TCIAIG.2012.2186810}, keywords = {AI, artificial intelligence, bandit-based methods, computer go., game search, MCTS, monte carlo tree search, UCB, UCT, upper confidence bounds, upper confidence bounds for trees}, owner = {tom}, timestamp = {2017-10-10} }
[Tarkoma2012] Theory and Practice of Bloom Filters for Distributed Systems

Tarkoma, S., Rothenberg, C.E., and Lagerspetz, E.

Communications Surveys Tutorials, IEEE First 2012

DOI abstract Bib

Many network solutions and overlay networks utilize probabilistic techniques to reduce information processing and networking costs. This survey article presents a number of frequently used and useful probabilistic techniques. Bloom filters and their variants are of prime importance, and they are heavily used in various distributed systems. This has been reflected in recent research and many new algorithms have been proposed for distributed systems that are either directly or indirectly based on Bloom filters. In this survey, we give an overview of the basic and advanced techniques, reviewing over 20 variants and discussing their application in distributed systems, in particular for caching, peer-to-peer systems, routing and forwarding, and measurement data summarization.
@article{Tarkoma2012, author = {Tarkoma, S. and Rothenberg, C.E. and Lagerspetz, E.}, journal = {Communications Surveys Tutorials, IEEE}, title = {Theory and Practice of Bloom Filters for Distributed Systems}, year = {2012}, issn = {1553-877X}, month = {First}, pages = {131-155}, volume = {14}, doi = {10.1109/SURV.2011.031611.00024}, keywords = {Arrays, Bismuth, bloom filters, distributed systems, Filtering theory, filters, Fingerprint recognition, forwarding, information processing, measurement data summarization, networking costs, overlay networks, Peer to peer computing, peer-to-peer computing, Peer-to-peer systems, Probabilistic logic, probabilistic structures, probabilistic techniques, probability, routing, telecommunication network routing}, owner = {tom}, timestamp = {2017-10-10} }
[Zeng2012] User Interests Driven Web Personalization Based on Multiple Social Networks

Zeng, Yi, Zhong, Ning, Ren, Xu, and Wang, Yan

2012

DOI Website abstract Bib

User related data indicate user interests in a certain environment. In the context of massive data from the Web, if an application wants to provide more personalized service (e.g. search) for users, an investigation on user interests is needed. User interests are usually distributed in different sources. In order to provide a more comprehensive understanding, user related data from multiple sources need to be integrated together for deeper analysis. Web based social networks have become typical platforms for extracting user interests. In addition, there are various types of interests from these social networks. In this paper, we provide an algorithmic framework for retrieving semantic data based on user interests from multiple sources (such as multiple social networking sites). We design several algorithms to deal with interests based retrieval based on single and multiple types of interests. We utilize publication data from Semantic Web Dog Food (which can be considered as an academic collaboration based social network), and microblogging data from Twitter to validate our framework. The Active Academic Visit Recommendation Application (AAVRA) is developed as a concrete usecase to show the potential effectiveness of the proposed framework for user interests driven Web personalization based on multiple social networks.
@conference{Zeng2012, author = {Zeng, Yi and Zhong, Ning and Ren, Xu and Wang, Yan}, booktitle = {Proceedings of the 4th International Workshop on Web Intelligence \&\#38; Communities}, title = {User Interests Driven Web Personalization Based on Multiple Social Networks}, year = {2012}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/2189736.2189749}, isbn = {978-1-4503-1189-2}, keywords = {interest analysis, search refinement, web personalization}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/2189736.2189749} }
[pets2011-bagai] An Accurate System-Wide Anonymity Metric for Probabilistic Attacks

Bagai, Rajiv, Lu, Huabo, Li, Rong, and Tang, Bin

07/2011 2011

abstract Bib

We give a critical analysis of the system-wide anonymity metric of Edman et al. [3], which is based on the permanent value of a doubly-stochastic matrix. By providing an intuitive understanding of the permanent of such a matrix, we show that a metric that looks no further than this composite value is at best a rough indicator of anonymity. We identify situations where its inaccuracy is acute, and reveal a better anonymity indicator. Also, by constructing an information-preserving embedding of a smaller class of attacks into the wider class for which this metric was proposed, we show that this metric fails to possess desirable generalization properties. Finally, we present a new anonymity metric that does not exhibit these shortcomings. Our new metric is accurate as well as general.
@conference{pets2011-bagai, author = {Bagai, Rajiv and Lu, Huabo and Li, Rong and Tang, Bin}, booktitle = {PETS{\textquoteright}11 - Proceedings of the 11th Privacy Enhancing Technologies Symposium}, title = {An Accurate System-Wide Anonymity Metric for Probabilistic Attacks}, year = {2011}, address = {Waterloo, Canada}, month = {07/2011}, keywords = {combinatorial matrix theory, probabilistic attacks, system-wide anonymity metric}, owner = {tom}, timestamp = {2021-01-27} }
[bnymble11] BNymble: More anonymous blacklisting at almost no cost

Lofgren, Peter, and Hopper, Nicholas J.

02/2011 2011

abstract Bib

Anonymous blacklisting schemes allow online service providers to prevent future anonymous access by abusive users while preserving the privacy of all anonymous users (both abusive and non-abusive). The first scheme proposed for this purpose was Nymble, an extremely efficient scheme based only on symmetric primitives; however, Nymble relies on trusted third parties who can collude to de-anonymize users of the scheme. Two recently proposed schemes, Nymbler and Jack, reduce the trust placed in these third parties at the expense of using less-efficient asymmetric crypto primitives. We present BNymble, a scheme which matches the anonymity guarantees of Nymbler and Jack while (nearly) maintaining the efficiency of the original Nymble. The key insight of BNymble is that we can achieve the anonymity goals of these more recent schemes by replacing only the infrequent “User Registration” protocol from Nymble with asymmetric primitives. We prove the security of BNymble, and report on its efficiency.
@conference{bnymble11, author = {Lofgren, Peter and Hopper, Nicholas J.}, booktitle = {FC{\textquoteright}11 - Proceedings of Financial Cryptography and Data Security}, title = {BNymble: More anonymous blacklisting at almost no cost}, year = {2011}, address = {St. Lucia}, month = {02/2011}, keywords = {anonymous access, anonymous blacklisting, BNymble}, owner = {tom}, timestamp = {2021-01-27} }
[wpes11-bridgespa] BridgeSPA: Improving Tor Bridges with Single Packet Authorization

Smits, Rob, Jain, Divam, Pidcock, Sarah, Goldberg, Ian, and Hengartner, Urs

10/2011 2011

abstract Bib

Tor is a network designed for low-latency anonymous communications. Tor clients form circuits through relays that are listed in a public directory, and then relay their encrypted traffic through these circuits. This indirection makes it difficult for a local adversary to determine with whom a particular Tor user is communicating. In response, some local adversaries restrict access to Tor by blocking each of the publicly listed relays. To deal with such an adversary, Tor uses bridges, which are unlisted relays that can be used as alternative entry points into the Tor network. Unfortunately, issues with Tor’s bridge implementation make it easy to discover large numbers of bridges. An adversary that hoards this information may use it to determine when each bridge is online over time. If a bridge operator also browses with Tor on the same machine, this information may be sufficient to deanonymize him. We present BridgeSPA as a method to mitigate this issue. A client using BridgeSPA relies on innocuous single packet authorization (SPA) to present a time-limited key to a bridge. Before this authorization takes place, the bridge will not reveal whether it is online. We have implemented BridgeSPA as a working proof-of-concept, which is available under an open-source licence.
@conference{wpes11-bridgespa, author = {Smits, Rob and Jain, Divam and Pidcock, Sarah and Goldberg, Ian and Hengartner, Urs}, booktitle = {WPES{\textquoteright}11 - Proceedings of the Workshop on Privacy in the Electronic Society}, title = {BridgeSPA: Improving Tor Bridges with Single Packet Authorization}, year = {2011}, address = {Chicago, IL, United States}, month = {10/2011}, organization = {ACM}, publisher = {ACM}, owner = {tom}, timestamp = {2021-01-27} }
[ccs2011-cirripede] Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability

Houmansadr, Amir, Nguyen, Giang T. K., Caesar, Matthew, and Borisov, Nikita

10/2011 2011

abstract Bib

Many users face surveillance of their Internet communications and a significant fraction suffer from outright blocking of certain destinations. Anonymous communication systems allow users to conceal the destinations they communicate with, but do not hide the fact that the users are using them. The mere use of such systems may invite suspicion, or access to them may be blocked. We therefore propose Cirripede, a system that can be used for unobservable communication with Internet destinations. Cirripede is designed to be deployed by ISPs; it intercepts connections from clients to innocent-looking destinations and redirects them to the true destination requested by the client. The communication is encoded in a way that is indistinguishable from normal communications to anyone without the master secret key, while public-key cryptography is used to eliminate the need for any secret information that must be shared with Cirripede users. Cirripede is designed to work scalably with routers that handle large volumes of traffic while imposing minimal overhead on ISPs and not disrupting existing traffic. This allows Cirripede proxies to be strategically deployed at central locations, making access to Cirripede very difficult to block. We built a proof-of-concept implementation of Cirripede and performed a testbed evaluation of its performance properties.
@conference{ccs2011-cirripede, author = {Houmansadr, Amir and Nguyen, Giang T. K. and Caesar, Matthew and Borisov, Nikita}, booktitle = {CCS{\textquoteright}11 - Proceedings of the 18th ACM conference on Computer and Communications Security}, title = {Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability}, year = {2011}, address = {Chicago, IL, United States}, month = {10/2011}, organization = {ACM}, publisher = {ACM}, keywords = {censorship-resistance, unobservability}, owner = {tom}, timestamp = {2021-01-27} }
[Bai2011] Collaborative Personalized Top-k Processing

Bai, Xiao, Guerraoui, Rachid, Kermarrec, Anne-Marie, and Leroy, Vincent

ACM Trans. Database Syst. 2011

DOI Website abstract Bib

This article presents P4Q, a fully decentralized gossip-based protocol to personalize query processing in social tagging systems. P4Q dynamically associates each user with social acquaintances sharing similar tagging behaviors. Queries are gossiped among such acquaintances, computed on-the-fly in a collaborative, yet partitioned manner, and results are iteratively refined and returned to the querier. Analytical and experimental evaluations convey the scalability of P4Q for top-k query processing, as well its inherent ability to cope with users updating profiles and departing.
@article{Bai2011, author = {Bai, Xiao and Guerraoui, Rachid and Kermarrec, Anne-Marie and Leroy, Vincent}, journal = {ACM Trans. Database Syst.}, title = {Collaborative Personalized Top-k Processing}, year = {2011}, issn = {0362-5915}, pages = {26:1{\textendash}26:38}, volume = {36}, doi = {10.1145/2043652.2043659}, keywords = {gossip, Peer-to-peer networks, Personalization, top-k processing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/2043652.2043659} }
[Shapiro2011] A comprehensive study of Convergent and Commutative Replicated Data Types

Shapiro, Marc, Preguica, Nuno, Baquero, Carlos, and Zawirski, Marek

01/2011 2011

abstract Bib

Eventual consistency aims to ensure that replicas of some mutable shared object converge without foreground synchronisation. Previous approaches to eventual con- sistency are ad-hoc and error-prone. We study a principled approach: to base the design of shared data types on some simple formal conditions that are sufficient to guarantee even- tual consistency. We call these types Convergent or Commutative Replicated Data Types (CRDTs). This paper formalises asynchronous object replication, either state based or op- eration based, and provides a sufficient condition appropriate for each case. It describes several useful CRDTs, including container data types supporting both add and remove op- erations with clean semantics, and more complex types such as graphs, montonic DAGs, and sequences. It discusses some properties needed to implement non-trivial CRDTs.
@article{Shapiro2011, author = {Shapiro, Marc and Preguica, Nuno and Baquero, Carlos and Zawirski, Marek}, title = {A comprehensive study of Convergent and Commutative Replicated Data Types}, year = {2011}, month = {01/2011}, number = {7506}, address = {Le Chensay Cedex}, institution = {INRIA Rocquencourt}, isbn = {0249-6399}, keywords = {commutative operations, data replication, optimistic replication}, owner = {tom}, timestamp = {2021-01-27} }
[Furness2011] Considering Complex Search Techniques in DHTs under Churn

Furness, Jamie, and Kolberg, Mario

01/2011 2011

DOI abstract Bib

Traditionally complex queries have been performed over unstructured P2P networks by means of flooding, which is inherently inefficient due to the large number of redundant messages generated. While Distributed Hash Tables (DHTs) can provide very efficient look-up operations, they traditionally do not provide any methods for complex queries. By exploiting the structure inherent in DHTs we can perform complex querying over structured P2P networks by means of efficiently broadcasting the search query. This allows every node in the network to process the query locally, and hence is as powerful and flexible as flooding in unstructured networks, but without the inefficiency of redundant messages. While there have been various approaches proposed for broadcasting search queries over DHTs, the focus has not been on validation under churn. Comparing blind search methods for DHTs though simulation we see that churn, in particular nodes leaving the network, has a large impact on query success rate. In this paper we present novel results comparing blind search over Chord and Pastry while under varying levels of churn. We further consider how different data replication strategies can be used to enhance the query success rate.
@conference{Furness2011, author = {Furness, Jamie and Kolberg, Mario}, booktitle = {CCNC 2011 - IEEE Consumer Communications and Networking Conference}, title = {Considering Complex Search Techniques in DHTs under Churn}, year = {2011}, address = {Las Vegas, NV, USA}, month = {01/2011}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/CCNC.2011.5766542}, isbn = {978-1-4244-8789-9}, keywords = {churn, complex querie, distributed hash table, search techniques}, owner = {tom}, timestamp = {2017-10-10} }
[foci11-decoy] Decoy Routing: Toward Unblockable Internet Communication

Karlin, Josh, Ellard, Daniel, Jackson, Alden W., Jones, Christine E., Lauer, Greg, Mankins, David P., and Strayer, W. Timothy

08/2011 2011

abstract Bib

We present decoy routing, a mechanism capable of circumventing common network filtering strategies. Unlike other circumvention techniques, decoy routing does not require a client to connect to a specific IP address (which is easily blocked) in order to provide circumvention. We show that if it is possible for a client to connect to any unblocked host/service, then decoy routing could be used to connect them to a blocked destination without cooperation from the host. This is accomplished by placing the circumvention service in the network itself – where a single device could proxy traffic between a significant fraction of hosts – instead of at the edge.
@conference{foci11-decoy, author = {Karlin, Josh and Ellard, Daniel and Jackson, Alden W. and Jones, Christine E. and Lauer, Greg and Mankins, David P. and Strayer, W. Timothy}, booktitle = {FOCI{\textquoteright}11 - Proceedings of the USENIX Workshop on Free and Open Communications on the Internet}, title = {Decoy Routing: Toward Unblockable Internet Communication}, year = {2011}, address = {San Francisco, CA, USA}, month = {08/2011}, keywords = {decoy routing, Internet communication, network filter}, owner = {tom}, timestamp = {2021-01-27} }
[pets2011-defenestrator] DefenestraTor: Throwing out Windows in Tor

AlSabah, Mashael, Bauer, Kevin, Goldberg, Ian, Grunwald, Dirk, McCoy, Damon, Savage, Stefan, and Voelker, Geoffrey M.

07/2011 2011

abstract Bib

Tor is one of the most widely used privacy enhancing technologies for achieving online anonymity and resisting censorship. While conventional wisdom dictates that the level of anonymity offered by Tor increases as its user base grows, the most significant obstacle to Tor adoption continues to be its slow performance. We seek to enhance Tor’s performance by offering techniques to control congestion and improve flow control, thereby reducing unnecessary delays. To reduce congestion, we first evaluate small fixed-size circuit windows and a dynamic circuit window that adaptively re-sizes in response to perceived congestion. While these solutions improve web page response times and require modification only to exit routers, they generally offer poor flow control and slower downloads relative to Tor’s current design. To improve flow control while reducing congestion, we implement N23, an ATM-style per-link algorithm that allows Tor routers to explicitly cap their queue lengths and signal congestion via back-pressure. Our results show that N23 offers better congestion and flow control, resulting in improved web page response times and faster page loads compared to Tor’s current design and other window-based approaches. We also argue that our proposals do not enable any new attacks on Tor users’ privacy.
@conference{pets2011-defenestrator, author = {AlSabah, Mashael and Bauer, Kevin and Goldberg, Ian and Grunwald, Dirk and McCoy, Damon and Savage, Stefan and Voelker, Geoffrey M.}, booktitle = {PETS{\textquoteright}11 - Proceedings of the 11th Privacy Enhancing Technologies Symposium}, title = {DefenestraTor: Throwing out Windows in Tor}, year = {2011}, address = {Waterloo, Canada}, month = {07/2011}, keywords = {congestion, DefenestraTor, online anonymity, performance, privacy enhancing technologies, Tor, Windows}, owner = {tom}, timestamp = {2021-01-27} }
[Beimel2011] Distributed Private Data Analysis: On Simultaneously Solving How and What

Beimel, Amos, Nissim, Kobbi, and Omri, Eran

CoRR 2011

abstract Bib

We examine the combination of two directions in the field of privacy concerning computations over distributed private inputs - secure function evaluation (SFE) and differential privacy. While in both the goal is to privately evaluate some function of the individual inputs, the privacy requirements are significantly different. The general feasibility results for SFE suggest a natural paradigm for implementing differentially private analyses distributively: First choose what to compute, i.e., a differentially private analysis; Then decide how to compute it, i.e., construct an SFE protocol for this analysis. We initiate an examination whether there are advantages to a paradigm where both decisions are made simultaneously. In particular, we investigate under which accuracy requirements it is beneficial to adapt this paradigm for computing a collection of functions including binary sum, gap threshold, and approximate median queries. Our results imply that when computing the binary sum of n distributed inputs then: * When we require that the error is o(n√) and the number of rounds is constant, there is no benefit in the new paradigm. * When we allow an error of O(n√), the new paradigm yields more efficient protocols when we consider protocols that compute symmetric functions. Our results also yield new separations between the local and global models of computations for private data analysis.
@article{Beimel2011, author = {Beimel, Amos and Nissim, Kobbi and Omri, Eran}, journal = {CoRR}, title = {Distributed Private Data Analysis: On Simultaneously Solving How and What}, year = {2011}, volume = {abs/1103.2626}, owner = {tom}, timestamp = {2017-10-10} }
[cset11-experimentor] ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation

Bauer, Kevin, Sherr, Micah, McCoy, Damon, and Grunwald, Dirk

08/2011 2011

abstract Bib

Tor is one of the most widely-used privacy enhancing technologies for achieving online anonymity and resisting censorship. Simultaneously, Tor is also an evolving research network on which investigators perform experiments to improve the network’s resilience to attacks and enhance its performance. Existing methods for studying Tor have included analytical modeling, simulations, small-scale network emulations, small-scale PlanetLab deployments, and measurement and analysis of the live Tor network. Despite the growing body of work concerning Tor, there is no widely accepted methodology for conducting Tor research in a manner that preserves realism while protecting live users’ privacy. In an effort to propose a standard, rigorous experimental framework for conducting Tor research in a way that ensures safety and realism, we present the design of ExperimenTor, a large-scale Tor network emulation toolkit and testbed. We also report our early experiences with prototype testbeds currently deployed at four research institutions.
@conference{cset11-experimentor, author = {Bauer, Kevin and Sherr, Micah and McCoy, Damon and Grunwald, Dirk}, booktitle = {CSET{\textquoteright}11 - Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test}, title = {ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation}, year = {2011}, address = {San Francisco, CA, USA}, month = {08/2011}, keywords = {experimentation, ExperimenTor, privacy enhancing technologies, Tor}, owner = {tom}, timestamp = {2021-01-27} }
[acsac11-tortoise] Exploring the Potential Benefits of Expanded Rate Limiting in Tor: Slow and Steady Wins the Race With Tortoise

Moore, W. Brad, Wacek, Chris, and Sherr, Micah

12/2011 2011

abstract Bib

Tor is a volunteer-operated network of application-layer relays that enables users to communicate privately and anonymously. Unfortunately, Tor often exhibits poor performance due to congestion caused by the unbalanced ratio of clients to available relays, as well as a disproportionately high consumption of network capacity by a small fraction of filesharing users. This paper argues the very counterintuitive notion that slowing down traffic on Tor will increase the bandwidth capacity of the network and consequently improve the experience of interactive web users. We introduce Tortoise, a system for rate limiting Tor at its ingress points. We demonstrate that Tortoise incurs little penalty for interactive web users, while significantly decreasing the throughput for filesharers. Our techniques provide incentives to filesharers to configure their Tor clients to also relay traffic, which in turn improves the network’s overall performance. We present large-scale emulation results that indicate that interactive users will achieve a significant speedup if even a small fraction of clients opt to run relays.
@conference{acsac11-tortoise, author = {Moore, W. Brad and Wacek, Chris and Sherr, Micah}, booktitle = {ACSAC{\textquoteright}11 - Proceedings of 2011 Annual Computer Security Applications Conference}, title = {Exploring the Potential Benefits of Expanded Rate Limiting in Tor: Slow and Steady Wins the Race With Tortoise}, year = {2011}, address = {Orlando, FL, USA}, month = {12/2011}, keywords = {anonymity, performance, Tor}, owner = {tom}, timestamp = {2021-01-27} }
[acsac11-backlit] Exposing Invisible Timing-based Traffic Watermarks with BACKLIT

Luo, Xiapu, Zhou, Peng, Zhang, Junjie, Perdisci, Roberto, Lee, Wenke, and Chang, Rocky K. C.

12/2011 2011

abstract Bib

Traffic watermarking is an important element in many network security and privacy applications, such as tracing botnet C&C communications and deanonymizing peer-to-peer VoIP calls. The state-of-the-art traffic watermarking schemes are usually based on packet timing information and they are notoriously difficult to detect. In this paper, we show for the first time that even the most sophisticated timing-based watermarking schemes (e.g., RAINBOW and SWIRL) are not invisible by proposing a new detection system called BACKLIT. BACKLIT is designed according to the observation that any practical timing-based traffic watermark will cause noticeable alterations in the intrinsic timing features typical of TCP flows. We propose five metrics that are sufficient for detecting four state-of-the-art traffic watermarks for bulk transfer and interactive traffic. BACKLIT can be easily deployed in stepping stones and anonymity networks (e.g., Tor), because it does not rely on strong assumptions and can be realized in an active or passive mode. We have conducted extensive experiments to evaluate BACKLIT’s detection performance using the PlanetLab platform. The results show that BACKLIT can detect watermarked network flows with high accuracy and few false positives.
@conference{acsac11-backlit, author = {Luo, Xiapu and Zhou, Peng and Zhang, Junjie and Perdisci, Roberto and Lee, Wenke and Chang, Rocky K. C.}, booktitle = {ACSAC{\textquoteright}11 - Proceedings of 2011 Annual Computer Security Applications Conference}, title = {Exposing Invisible Timing-based Traffic Watermarks with BACKLIT}, year = {2011}, address = {Orlando, FL, USA}, month = {12/2011}, keywords = {BACKLIT, detection system, invisible, network security, packet timing information, privacy, traffic watermark}, owner = {tom}, timestamp = {2021-01-27} }
[wpes11-faust] FAUST: Efficient, TTP-Free Abuse Prevention by Anonymous Whitelisting

Lofgren, Peter, and Hopper, Nicholas J.

10/2011 2011

abstract Bib

We introduce Faust, a solution to the “anonymous blacklisting problem:” allow an anonymous user to prove that she is authorized to access an online service such that if the user misbehaves, she retains her anonymity but will be unable to authenticate in future sessions. Faust uses no trusted third parties and is one to two orders of magnitude more efficient than previous schemes without trusted third parties. The key idea behind Faust is to eliminate the explicit blacklist used in all previous approaches, and rely instead on an implicit whitelist, based on blinded authentication tokens.
@conference{wpes11-faust, author = {Lofgren, Peter and Hopper, Nicholas J.}, booktitle = {WPES{\textquoteright}11 - Proceedings of the Workshop on Privacy in the Electronic Society}, title = {FAUST: Efficient, TTP-Free Abuse Prevention by Anonymous Whitelisting}, year = {2011}, address = {Chicago, IL, United States}, month = {10/2011}, organization = {ACM}, publisher = {ACM}, keywords = {anonymous authentication, anonymous blacklisting, privacy-enhancing revocation}, owner = {tom}, timestamp = {2021-01-27} }
[Prusty:2011:FIO:2046707.2046731] Forensic investigation of the OneSwarm anonymous filesharing system

Prusty, Swagatika, Levine, Brian Neil, and Liberatore, Marc

2011

DOI abstract Bib

OneSwarm is a system for anonymous p2p file sharing in use by thousands of peers. It aims to provide Onion Routing-like privacy and BitTorrent-like performance. We demonstrate several flaws in OneSwarm’s design and implementation through three different attacks available to forensic investigators. First, we prove that the current design is vulnerable to a novel timing attack that allows just two attackers attached to the same target to determine if it is the source of queried content. When attackers comprise 15% of OneSwarm peers, we expect over 90% of remaining peers will be attached to two attackers and therefore vulnerable. Thwarting the attack increases OneSwarm query response times, making them longer than the equivalent in Onion Routing. Second, we show that OneSwarm’s vulnerability to traffic analysis by colluding attackers is much greater than was previously reported, and is much worse than Onion Routing. We show for this second attack that when investigators comprise 25% of peers, over 40% of the network can be investigated with 80% precision to find the sources of content. Our examination of the OneSwarm source code found differences with the technical paper that significantly reduce security. For the implementation in use by thousands of people, attackers that comprise 25% of the network can successfully use this second attack against 98% of remaining peers with 95% precision. Finally, we show that a novel application of a known TCP-based attack allows a single attacker to identify whether a neighbor is the source of data or a proxy for it. Users that turn off the default rate-limit setting are exposed. Each attack can be repeated as investigators leave and rejoin the network. All of our attacks are successful in a forensics context: Law enforcement can use them legally ahead of a warrant. Furthermore, private investigators, who have fewer restrictions on their behavior, can use them more easily in pursuit of evidence for such civil suits as copyright infringement.
@conference{Prusty:2011:FIO:2046707.2046731, author = {Prusty, Swagatika and Levine, Brian Neil and Liberatore, Marc}, booktitle = {Proceedings of the 18th ACM conference on Computer and communications security}, title = {Forensic investigation of the OneSwarm anonymous filesharing system}, year = {2011}, address = {New York, NY, USA}, organization = {ACM}, pages = {201{\textendash}214}, publisher = {ACM}, series = {CCS {\textquoteright}11}, doi = {http://doi.acm.org/10.1145/2046707.2046731}, isbn = {978-1-4503-0948-6}, keywords = {anonymity, OneSwarm, p2p network}, owner = {tom}, timestamp = {2017-10-10} }
[oakland11-formalizing] Formalizing Anonymous Blacklisting Systems

Henry, Ryan, and Goldberg, Ian

05/2011 2011

abstract Bib

Anonymous communications networks, such as Tor, help to solve the real and important problem of enabling users to communicate privately over the Internet. However, in doing so, anonymous communications networks introduce an entirely new problem for the service providers—such as websites, IRC networks or mail servers—with which these users interact; in particular, since all anonymous users look alike, there is no way for the service providers to hold individual misbehaving anonymous users accountable for their actions. Recent research efforts have focused on using anonymous blacklisting systems (which are sometimes called anonymous revocation systems) to empower service providers with the ability to revoke access from abusive anonymous users. In contrast to revocable anonymity systems, which enable some trusted third party to deanonymize users, anonymous blacklisting systems provide users with a way to authenticate anonymously with a service provider, while enabling the service provider to revoke access from any users that misbehave, without revealing their identities. In this paper, we introduce the anonymous blacklisting problem and survey the literature on anonymous blacklisting systems, comparing and contrasting the architecture of various existing schemes, and discussing the tradeoffs inherent with each design. The literature on anonymous blacklisting systems lacks a unified set of definitions; each scheme operates under different trust assumptions and provides different security and privacy guarantees. Therefore, before we discuss the existing approaches in detail, we first propose a formal definition for anonymous blacklisting systems, and a set of security and privacy properties that these systems should possess. We also outline a set of new performance requirements that anonymous blacklisting systems should satisfy to maximize their potential for real-world adoption, and give formal definitions for several optional features already supported by some schemes in the literature.
@conference{oakland11-formalizing, author = {Henry, Ryan and Goldberg, Ian}, booktitle = {Proceedings of the 2011 IEEE Symposium on Security and Privacy}, title = {Formalizing Anonymous Blacklisting Systems}, year = {2011}, address = {San Francisco, CA, USA}, month = {05/2011}, keywords = {anonymity, anonymous blacklisting, authentication, privacy enhancing technologies, privacy-enhanced revocation.}, owner = {tom}, timestamp = {2021-01-27} }
[Lee2011] How Much Is Enough? Choosing ε for Differential Privacy

Lee, Jaewoo, and Clifton, Chris

2011

DOI Website abstract Bib

Differential privacy is a recent notion, and while it is nice conceptually it has been difficult to apply in practice. The parameters of differential privacy have an intuitive theoretical interpretation, but the implications and impacts on the risk of disclosure in practice have not yet been studied, and choosing appropriate values for them is non-trivial. Although the privacy parameter ε in differential privacy is used to quantify the privacy risk posed by releasing statistics computed on sensitive data, ε is not an absolute measure of privacy but rather a relative measure. In effect, even for the same value of ε , the privacy guarantees enforced by differential privacy are different based on the domain of attribute in question and the query supported. We consider the probability of identifying any particular individual as being in the database, and demonstrate the challenge of setting the proper value of ε given the goal of protecting individuals in the database with some fixed probability.
@inbook{Lee2011, author = {Lee, Jaewoo and Clifton, Chris}, editor = {Lai, Xuejia and Zhou, Jianying and Li, Hui}, pages = {325-340}, publisher = {Springer Berlin Heidelberg}, title = {How Much Is Enough? Choosing ε for Differential Privacy}, year = {2011}, isbn = {978-3-642-24860-3}, series = {Lecture Notes in Computer Science}, volume = {7001}, booktitle = {Information Security}, doi = {10.1007/978-3-642-24861-0_22}, keywords = {Differential Privacy, Privacy Parameter, ε}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-24861-0_22} }
[kevin-thesis] Improving Security and Performance in Low Latency Anonymity Networks

Bauer, Kevin

05/2011 2011

abstract Bib

Conventional wisdom dictates that the level of anonymity offered by low latency anonymity networks increases as the user base grows. However, the most significant obstacle to increased adoption of such systems is that their security and performance properties are perceived to be weak. In an effort to help foster adoption, this dissertation aims to better understand and improve security, anonymity, and performance in low latency anonymous communication systems. To better understand the security and performance properties of a popular low latency anonymity network, we characterize Tor, focusing on its application protocol distribution, geopolitical client and router distributions, and performance. For instance, we observe that peer-to-peer file sharing protocols use an unfair portion of the network’s scarce bandwidth. To reduce the congestion produced by bulk downloaders in networks such as Tor, we design, implement, and analyze an anonymizing network tailored specifically for the BitTorrent peer-to-peer file sharing protocol. We next analyze Tor’s security and anonymity properties and empirically show that Tor is vulnerable to practical end-to-end traffic correlation attacks launched by relatively weak adversaries that inflate their bandwidth claims to attract traffic and thereby compromise key positions on clients’ paths. We also explore the security and performance trade-offs that revolve around path length design decisions and we show that shorter paths offer performance benefits and provide increased resilience to certain attacks. Finally, we discover a source of performance degradation in Tor that results from poor congestion and flow control. To improve Tor’s performance and grow its user base, we offer a fresh approach to congestion and flow control inspired by techniques from IP and ATM networks.
@mastersthesis{kevin-thesis, author = {Bauer, Kevin}, school = {University of Colorado}, title = {Improving Security and Performance in Low Latency Anonymity Networks}, year = {2011}, month = {05/2011}, type = {PhD}, keywords = {low latency anonymous networks, performance, security}, owner = {tom}, pages = {240}, timestamp = {2017-10-10} }
[wk11-malice-vs-anon] Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection

Westermann, Benedikt, and Kesdogan, Dogan

02/2011 2011

abstract Bib

In this paper we investigate the impact of missing replay protection as well as missing integrity protection concerning a local attacker in AN.ON. AN.ON is a low latency anonymity network mostly used to anonymize web traffic. We demonstrate that both protection mechanisms are important by presenting two attacks that become feasible as soon as the mechanisms are missing. We mount both attacks on the AN.ON network which neither implements replay protection nor integrity protection yet.
@conference{wk11-malice-vs-anon, author = {Westermann, Benedikt and Kesdogan, Dogan}, booktitle = {FC{\textquoteright}11 - Proceedings of Financial Cryptography and Data Security}, title = {Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection}, year = {2011}, address = {St. Lucia}, month = {02/2011}, keywords = {AN.ON, anonymity network, integrity protection, replay protection}, owner = {tom}, timestamp = {2021-01-27} }

[Tariq:2011:MSQ:2063320.2063330] Meeting subscriber-defined QoS constraints in publish/subscribe systems

Tariq, Muhammad Adnan, Koldehofe, Boris, Koch, Gerald G., Khan, Imran, and Rothermel, Kurt

Concurr. Comput. : Pract. Exper. 2011

@article{Tariq:2011:MSQ:2063320.2063330,
  author = {Tariq, Muhammad Adnan and Koldehofe, Boris and Koch, Gerald G. and Khan, Imran and Rothermel, Kurt},
  journal = {Concurr. Comput. : Pract. Exper.},
  title = {Meeting subscriber-defined QoS constraints in publish/subscribe systems},
  year = {2011},
  issn = {1532-0626},
  number = {17},
  pages = {2140{\textendash}2153},
  volume = {23},
  address = {Chichester, UK},
  doi = {10.1002/cpe.1751},
  keywords = {content-based, publish/subscribe, QoS},
  owner = {tom},
  publisher = {John Wiley and Sons Ltd.},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1002/cpe.1751}
}

[Das2011] Multi-objective optimization based privacy preserving distributed data mining in Peer-to-Peer networks

Das, Kamalika, Bhaduri, Kanishka, and Kargupta, Hillol

Peer-to-Peer Networking and Applications 2011

DOI Website abstract Bib

This paper proposes a scalable, local privacy-preserving algorithm for distributed Peer-to-Peer (P2P) data aggregation useful for many advanced data mining/analysis tasks such as average/sum computation, decision tree induction, feature selection, and more. Unlike most multi-party privacy-preserving data mining algorithms, this approach works in an asynchronous manner through local interactions and it is highly scalable. It particularly deals with the distributed computation of the sum of a set of numbers stored at different peers in a P2P network in the context of a P2P web mining application. The proposed optimization-based privacy-preserving technique for computing the sum allows different peers to specify different privacy requirements without having to adhere to a global set of parameters for the chosen privacy model. Since distributed sum computation is a frequently used primitive, the proposed approach is likely to have significant impact on many data mining tasks such as multi-party privacy-preserving clustering, frequent itemset mining, and statistical aggregate computation.
@article{Das2011, author = {Das, Kamalika and Bhaduri, Kanishka and Kargupta, Hillol}, journal = {Peer-to-Peer Networking and Applications}, title = {Multi-objective optimization based privacy preserving distributed data mining in Peer-to-Peer networks}, year = {2011}, issn = {1936-6442}, pages = {192-209}, volume = {4}, doi = {10.1007/s12083-010-0075-1}, keywords = {Data mining, peer-to-peer, Privacy preserving}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/s12083-010-0075-1} }
[LEBLOND:2011:INRIA-00574178:1] One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users

Le Blond, Stevens, Manils, Pere, Abdelberi, Chaabane, Kaafar, Mohamed Ali, Castelluccia, Claude, Legout, Arnaud, and Dabbous, Walid

Mar 2011

Website abstract Bib

Tor is a popular low-latency anonymity network. However, Tor does not protect against the exploitation of an insecure application to reveal the IP address of, or trace, a TCP stream. In addition, because of the linkability of Tor streams sent together over a single circuit, tracing one stream sent over a circuit traces them all. Surprisingly, it is unknown whether this linkability allows in practice to trace a significant number of streams originating from secure (i.e., proxied) applications. In this paper, we show that linkability allows us to trace 193% of additional streams, including 27% of HTTP streams possibly originating from ‘‘secure’’ browsers. In particular, we traced 9% of Tor streams carried by our instrumented exit nodes. Using BitTorrent as the insecure application, we design two attacks tracing BitTorrent users on Tor. We run these attacks in the wild for 23 days and reveal 10,000 IP addresses of Tor users. Using these IP addresses, we then profile not only the BitTorrent downloads but also the websites visited per country of origin of Tor users. We show that BitTorrent users on Tor are over-represented in some countries as compared to BitTorrent users outside of Tor. By analyzing the type of content downloaded, we then explain the observed behaviors by the higher concentration of pornographic content downloaded at the scale of a country. Finally, we present results suggesting the existence of an underground BitTorrent ecosystem on Tor.
@conference{LEBLOND:2011:INRIA-00574178:1, author = {Le Blond, Stevens and Manils, Pere and Abdelberi, Chaabane and Kaafar, Mohamed Ali and Castelluccia, Claude and Legout, Arnaud and Dabbous, Walid}, booktitle = {4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET {\textquoteright}11)}, title = {One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users}, year = {2011}, address = {Boston, United States}, month = mar, organization = {USENIX}, publisher = {USENIX}, keywords = {anonymity, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://hal.inria.fr/inria-00574178/PDF/btor.pdf} }
[perea-tissec11] PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users

Au, Man Ho, Tsang, Patrick P., and Kapadia, Apu

ACM Transactions on Information and System Security (ACM TISSEC) 12/2011 2011

DOI Website abstract Bib

Several anonymous authentication schemes allow servers to revoke a misbehaving user’s future accesses. Traditionally, these schemes have relied on powerful Trusted Third Parties (TTPs) capable of deanonymizing (or linking) users’ connections. Such TTPs are undesirable because users’ anonymity is not guaranteed, and users must trust them to judge ‘misbehavior’ fairly. Recent schemes such as Blacklistable Anonymous Credentials (BLAC) and Enhanced Privacy ID (EPID) support “privacy-enhanced revocation” — servers can revoke misbehaving users without a TTP’s involvement, and without learning the revoked users’ identities. In BLAC and EPID, however, the computation required for authentication at the server is linear in the size (L) of the revocation list, which is impractical as the size approaches thousands of entries. We propose PEREA, a new anonymous authentication scheme for which this bottleneck of computation is independent of the size of the revocation list. Instead, the time complexity of authentication is linear in the size of a revocation window K L, the number of subsequent authentications before which a user’s misbehavior must be recognized if the user is to be revoked. We extend PEREA to support more complex revocation policies that take the severity of misbehaviors into account. Users can authenticate anonymously if their naughtiness, i.e., the sum of the severities of their blacklisted misbehaviors, is below a certain naughtiness threshold. We call our extension PEREA-Naughtiness. We prove the security of our constructions, and validate their efficiency as compared to BLAC both analytically and quantitatively.
@article{perea-tissec11, author = {Au, Man Ho and Tsang, Patrick P. and Kapadia, Apu}, journal = {ACM Transactions on Information and System Security ({ACM TISSEC})}, title = {PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users}, year = {2011}, issn = {1094-9224}, month = {12/2011}, pages = {29:1{\textendash}29:34}, volume = {14}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/2043628.2043630}, keywords = {anonymous authentication, anonymous blacklisting, privacy, privacy-enhanced revocation, user misbehavior}, owner = {tom}, publisher = {ACM}, timestamp = {2021-01-27}, url = {http://doi.acm.org/10.1145/2043628.2043630} }
[usenix11-pirtor] PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval

Mittal, Prateek, Olumofin, Femi, Troncoso, Carmela, Borisov, Nikita, and Goldberg, Ian

08/2011 2011

abstract Bib

Existing anonymous communication systems like Tor do not scale well as they require all users to maintain up-to-date information about all available Tor relays in the system. Current proposals for scaling anonymous communication advocate a peer-to-peer (P2P) approach. While the P2P paradigm scales to millions of nodes, it provides new opportunities to compromise anonymity. In this paper, we step away from the P2P paradigm and advocate a client-server approach to scalable anonymity. We propose PIR-Tor, an architecture for the Tor network in which users obtain information about only a few onion routers using private information retrieval techniques. Obtaining information about only a few onion routers is the key to the scalability of our approach, while the use of private retrieval information techniques helps preserve client anonymity. The security of our architecture depends on the security of PIR schemes which are well understood and relatively easy to analyze, as opposed to peer-to-peer designs that require analyzing extremely complex and dynamic systems. In particular, we demonstrate that reasonable parameters of our architecture provide equivalent security to that of the Tor network. Moreover, our experimental results show that the overhead of PIR-Tor is manageable even when the Tor network scales by two orders of magnitude.
@conference{usenix11-pirtor, author = {Mittal, Prateek and Olumofin, Femi and Troncoso, Carmela and Borisov, Nikita and Goldberg, Ian}, booktitle = {Proceedings of the 20th USENIX Security Symposium}, title = {PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval}, year = {2011}, address = {San Francisco, CA, USA}, month = {08/2011}, keywords = {anonymous communication, peer to peer, PIR-Tor}, owner = {tom}, timestamp = {2021-01-27} }
[DK11] Practical Privacy-Preserving Multiparty Linear Programming Based on Problem Transformation

Dreier, Jannik, and Kerschbaum, Florian

10/2011 2011

abstract Bib

Cryptographic solutions to privacy-preserving multiparty linear programming are slow. This makes them unsuitable for many economically important applications, such as supply chain optimization, whose size exceeds their practically feasible input range. In this paper we present a privacy-preserving trans- formation that allows secure outsourcing of the linear program computation in an ef?cient manner. We evaluate security by quantifying the leakage about the input after the transformation and present implementation results. Using this transformation, we can mostly replace the costly cryptographic operations and securely solve problems several orders of magnitude larger.
@conference{DK11, author = {Dreier, Jannik and Kerschbaum, Florian}, booktitle = {PASSAT{\textquoteright}11 - Proceedings of the Third IEEE International Conference on Information Privacy, Security, Risk and Trust}, title = {Practical Privacy-Preserving Multiparty Linear Programming Based on Problem Transformation}, year = {2011}, address = {Boston, Massachusetts, USA}, month = {10/2011}, organization = {IEEE Computer Society}, pages = {916-924}, publisher = {IEEE Computer Society}, keywords = {cryptography, SMC}, owner = {tom}, timestamp = {2017-10-10} }
[Herrmann2011] Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P

Herrmann, Michael

03/2011 2011

abstract Bib

The Invisible Internet Project (I2P) is one of the most widely used anonymizing Peer-to-Peer networks on the Internet today. Like Tor, it uses onion routing to build tunnels between peers as the basis for providing anonymous communication channels. Unlike Tor, I2P integrates a range of anonymously hosted services directly with the platform. This thesis presents a new attack on the I2P Peer-to-Peer network, with the goal of determining the identity of peers that are anonymously hosting HTTP (Eepsite) services in the network. Key design choices made by I2P developers, in particular performance-based peer selection, enable a sophisticated adversary with modest resources to break key security assumptions. Our attack first obtains an estimate of the victim’s view of the network. Then, the adversary selectively targets a small number of peers used by the victim with a denial-of-service attack while giving the victim the opportunity to replace those peers with other peers that are controlled by the adversary. Finally, the adversary performs some simple measurements to determine the identity of the peer hosting the service. This thesis provides the necessary background on I2P, gives details on the attack — including experimental data from measurements against the actual I2P network — and discusses possible solutions.
@mastersthesis{Herrmann2011, author = {Herrmann, Michael}, school = {Technische Universit{\"a}t M{\"u}nchen}, title = {Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P}, year = {2011}, address = {Garching bei M{\"u}nchen}, month = {03/2011}, type = {M.S.}, keywords = {anonymity, attack, denial-of-service, I2P}, owner = {tom}, pages = {59}, timestamp = {2021-01-27}, volume = {M.S.} }
[herrmann2010pet] Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P

Herrmann, Michael, and Grothoff, Christian

04/2011 2011

abstract Bib

I2P is one of the most widely used anonymizing Peer-to-Peer networks on the Internet today. Like Tor, it uses onion routing to build tunnels between peers as the basis for providing anonymous communication channels. Unlike Tor, I2P integrates a range of anonymously hosted services directly with the platform. This paper presents a new attack on the I2P Peer-to-Peer network, with the goal of determining the identity of peers that are anonymously hosting HTTP services (Eepsite) in the network. Key design choices made by I2P developers, in particular performance-based peer selection, enable a sophisticated adversary with modest resources to break key security assumptions. Our attack first obtains an estimate of the victim’s view of the network. Then, the adversary selectively targets a small number of peers used by the victim with a denial-of-service attack while giving the victim the opportunity to replace those peers with other peers that are controlled by the adversary. Finally, the adversary performs some simple measurements to determine the identity of the peer hosting the service. This paper provides the necessary background on I2P, gives details on the attack — including experimental data from measurements against the actual I2P network — and discusses possible solutions.
@conference{herrmann2010pet, author = {Herrmann, Michael and Grothoff, Christian}, booktitle = {Privacy Enhancing Technologies Symposium (PETS 2011)}, title = {Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P}, year = {2011}, address = {Waterloo, Canada}, month = {04/2011}, organization = {Springer Verlag}, publisher = {Springer Verlag}, keywords = {anonymity, attack, Guard, I2P, onion routing}, owner = {tom}, timestamp = {2017-10-10} }
[Alaggan2011] Private Similarity Computation in Distributed Systems: From Cryptography to Differential Privacy

Alaggan, Mohammad, Gambs, Sébastien, and Kermarrec, Anne-Marie

2011

DOI Website abstract Bib

In this paper, we address the problem of computing the similarity between two users (according to their profiles) while preserving their privacy in a fully decentralized system and for the passive adversary model. First, we introduce a two-party protocol for privately computing a threshold version of the similarity and apply it to well-known similarity measures such as the scalar product and the cosine similarity. The output of this protocol is only one bit of information telling whether or not two users are similar beyond a predetermined threshold. Afterwards, we explore the computation of the exact and threshold similarity within the context of differential privacy. Differential privacy is a recent notion developed within the field of private data analysis guaranteeing that an adversary that observes the output of the differentially private mechanism, will only gain a negligible advantage (up to a privacy parameter) from the presence (or absence) of a particular item in the profile of a user. This provides a strong privacy guarantee that holds independently of the auxiliary knowledge that the adversary might have. More specifically, we design several differentially private variants of the exact and threshold protocols that rely on the addition of random noise tailored to the sensitivity of the considered similarity measure. We also analyze their complexity as well as their impact on the utility of the resulting similarity measure. Finally, we provide experimental results validating the effectiveness of the proposed approach on real datasets.
@inbook{Alaggan2011, author = {Alaggan, Mohammad and Gambs, S{\'e}bastien and Kermarrec, Anne-Marie}, editor = {Fern{\`a}ndez Anta, Antonio and Lipari, Giuseppe and Roy, Matthieu}, pages = {357-377}, publisher = {Springer Berlin Heidelberg}, title = {Private Similarity Computation in Distributed Systems: From Cryptography to Differential Privacy}, year = {2011}, isbn = {978-3-642-25872-5}, series = {Lecture Notes in Computer Science}, volume = {7109}, booktitle = {Principles of Distributed Systems}, doi = {10.1007/978-3-642-25873-2_25}, keywords = {Differential Privacy, homomorphic encryption, privacy, similarity measure}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-25873-2_25} }
[proximax11] Proximax: Fighting Censorship With an Adaptive System for Distribution of Open Proxies

Levchenko, Kirill, and McCoy, Damon

02/2011 2011

abstract Bib

Many people currently use proxies to circumvent government censorship that blocks access to content on the Internet. Unfortunately, the dissemination channels used to distribute proxy server locations are increasingly being monitored to discover and quickly block these proxies. This has given rise to a large number of ad hoc dissemination channels that leverage trust networks to reach legitimate users and at the same time prevent proxy server addresses from falling into the hands of censors. To address this problem in a more principled manner, we present Proximax, a robust system that continuously distributes pools of proxies to a large number of channels. The key research challenge in Proximax is to distribute the proxies among the different channels in a way that maximizes the usage of these proxies while minimizing the risk of having them blocked. This is challenging because of two conflicting goals: widely disseminating the location of the proxies to fully utilize their capacity and preventing (or at least delaying) their discovery by censors. We present a practical system that lays out a design and analytical model that balances these factors.
@conference{proximax11, author = {Levchenko, Kirill and McCoy, Damon}, booktitle = {FC{\textquoteright}11 - Proceedings of Financial Cryptography and Data Security}, title = {Proximax: Fighting Censorship With an Adaptive System for Distribution of Open Proxies}, year = {2011}, address = {St. Lucia}, month = {02/2011}, keywords = {government censorship, Proximax, proxy}, owner = {tom}, timestamp = {2021-01-27} }

[DBLP:conf/dbsec/Kerschbaum11] Public-Key Encrypted Bloom Filters with Applications to Supply Chain Integrity

Kerschbaum, Florian

2011

Bib

@conference{DBLP:conf/dbsec/Kerschbaum11,
  author = {Kerschbaum, Florian},
  title = {Public-Key Encrypted Bloom Filters with Applications to Supply Chain Integrity},
  year = {2011},
  pages = {60{\textendash}75},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Alvim2011] On the Relation Between Differential Privacy and Quantitative Information Flow

Alvim, Mário S., and Andrés, Miguel E.

2011

Website abstract Bib

Differential privacy is a notion that has emerged in the community of statistical databases, as a response to the problem of protecting the privacy of the database’s participants when performing statistical queries. The idea is that a randomized query satisfies differential privacy if the likelihood of obtaining a certain answer for a database x is not too different from the likelihood of obtaining the same answer on adjacent databases, i.e. databases which differ from x for only one individual. Information flow is an area of Security concerned with the problem of controlling the leakage of confidential information in programs and protocols. Nowadays, one of the most established approaches to quantify and to reason about leakage is based on the R ́enyi min entropy version of information theory. In this paper, we analyze critically the notion of differential privacy in light of the conceptual framework provided by the R ́enyi min information theory. We show that there is a close relation between differential privacy and leakage, due to the graph symmetries induced by the adjacency relation. Furthermore, we consider the utility of the randomized answer, which measures its expected degree of accuracy. We focus on certain kinds of utility functions called “binary”, which have a close correspondence with the R ́enyi min mutual information. Again, it turns out that there can be a tight correspondence between differential privacy and utility, depending on the symmetries induced by the adjacency relation and by the query. Depending on these symmetries we can also build an optimal-utility randomization mechanism while preserving the required level of differential privacy. Our main contribution is a study of the kind of structures that can be induced by the adjacency relation and the query, and how to use them to derive bounds on the leakage and achieve the optimal utility.
@conference{Alvim2011, author = {Alvim, M{\'a}rio S. and Andr{\'e}s, Miguel E.}, booktitle = {Proceedings of the 38th International Conference on Automata, Languages and Programming - Volume Part II}, title = {On the Relation Between Differential Privacy and Quantitative Information Flow}, year = {2011}, address = {Berlin, Heidelberg}, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, isbn = {978-3-642-22011-1}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=2027223.2027228} }
[cryptoeprint:2011:232] Remote Timing Attacks are Still Practical

Brumley, Billy Bob, and Tuveri, Nicola

04/2011 2011

Website abstract Bib

For over two decades, timing attacks have been an active area of research within applied cryptography. These attacks exploit cryptosystem or protocol implementations that do not run in constant time. When implementing an elliptic curve cryptosystem with a goal to provide side-channel resistance, the scalar multiplication routine is a critical component. In such instances, one attractive method often suggested in the literature is Montgomery’s ladder that performs a fixed sequence of curve and field operations. This paper describes a timing attack vulnerability in OpenSSL’s ladder implementation for curves over binary fields. We use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, we mount a lattice attack that recovers the private key. Finally, we describe and implement an effective countermeasure.
@article{cryptoeprint:2011:232, author = {Brumley, Billy Bob and Tuveri, Nicola}, title = {Remote Timing Attacks are Still Practical}, year = {2011}, issn = {2011/232}, month = {04/2011}, note = {\url{http://eprint.iacr.org/}}, institution = {Cryptology ePrint Archive}, keywords = {elliptic curve cryptography, lattice attacks, public-key cryptography, side-channel attacks, timing attacks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://eprint.iacr.org/2011/232} }
[Murillo:2011:SCT:1938287.1938323] Schedule coordination through egalitarian recurrent multi-unit combinatorial auctions

Murillo, Javier, Muñoz, Vı́ctor, Busquets, Dı́dac, and López, Beatriz

Applied Intelligence 04/2009 2011

DOI Website abstract Bib

When selfish industries are competing for limited shared resources, they need to coordinate their activities to handle possible conflicting situations. Moreover, this coordination should not affect the activities already planned by the industries, since this could have negative effects on their performance. Although agents may have buffers that allow them to delay the use of resources, these are of a finite capacity, and therefore cannot be used indiscriminately. Thus, we are faced with the problem of coordinating schedules that have already been generated by the agents. To address this task, we propose to use a recurrent auction mechanism to mediate between the agents. Through this auction mechanism, the agents can express their interest in using the resources, thus helping the scheduler to find the best distribution. We also introduce a priority mechanism to add fairness to the coordination process. The proposed coordination mechanism has been applied to a waste water treatment system scenario, where different industries need to discharge their waste. We have simulated the behavior of the system, and the results show that using our coordination mechanism the waste water treatment plant can successfully treat most of the discharges, while the production activity of the industries is almost not affected by it.
@article{Murillo:2011:SCT:1938287.1938323, author = {Murillo, Javier and Mu{\~n}oz, V{\'\i}ctor and Busquets, D{\'\i}dac and L{\'o}pez, Beatriz}, journal = {Applied Intelligence}, title = {Schedule coordination through egalitarian recurrent multi-unit combinatorial auctions}, year = {2011}, issn = {0924-669X}, month = {04/2009}, number = {1}, pages = {47{\textendash}63}, volume = {34}, address = {Hingham, MA, USA}, doi = {10.1007/s10489-009-0178-7}, keywords = {auction mechanisms, auctions, economy, egalitarism, schedule coordination}, owner = {tom}, publisher = {Kluwer Academic Publishers}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/s10489-009-0178-7} }
[Pibernik2011] Secure collaborative supply chain planning and inverse optimization - The JELS model

Pibernik, Richard, Zhang, Yingying, Kerschbaum, Florian, and Schröpfer, Axel

European Journal of Operations Research 01/2011 2011

DOI Website abstract Bib

It is a well-acknowledged fact that collaboration between different members of a supplychain yields a significant potential to increase overall supplychain performance. Sharing private information has been identified as prerequisite for collaboration and, at the same time, as one of its major obstacles. One potential avenue for overcoming this obstacle is Secure Multi-Party Computation (SMC). SMC is a cryptographic technique that enables the computation of any (well-defined) mathematical function by a number of parties without any party having to disclose its input to another party. In this paper, we show how SMC can be successfully employed to enable joint decision-making and benefit sharing in a simple supplychain setting. We develop secure protocols for implementing the well-known “Joint Economic Lot Size (JELS) Model” with benefit sharing in such a way that none of the parties involved has to disclose any private (cost and capacity) data. Thereupon, we show that although computation of the model’s outputs can be performed securely, the approach still faces practical limitations. These limitations are caused by the potential of “inverseoptimization”, i.e., a party can infer another party’s private data from the output of a collaborativeplanning scheme even if the computation is performed in a secure fashion. We provide a detailed analysis of “inverseoptimization” potentials and introduce the notion of “stochastic security”, a novel approach to assess the additional information a party may learn from joint computation and benefit sharing. Based on our definition of “stochastic security” we propose a stochastic benefit sharing rule, develop a secure protocol for this benefit sharing rule, and assess under which conditions stochastic benefit sharing can guarantee secure collaboration.
@article{Pibernik2011, author = {Pibernik, Richard and Zhang, Yingying and Kerschbaum, Florian and Schr{\"o}pfer, Axel}, journal = {European Journal of Operations Research}, title = {Secure collaborative supply chain planning and inverse optimization - The JELS model}, year = {2011}, month = {01/2011}, pages = {75 - 85}, volume = {208}, doi = {http://dx.doi.org/10.1016/j.ejor.2010.08.018}, keywords = {collaboration, information sharing, secure multi-party computation, SMC, supplychain management}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.sciencedirect.com/science/article/pii/S0377221710005552} }
[conf/ndss/BackesMP11] A Security API for Distributed Social Networks.

Backes, Michael, Maffei, Matteo, and Pecina, Kim

02/2011 2011

Website abstract Bib

We present a cryptographic framework to achieve access control, privacy of social relations, secrecy of resources, and anonymity of users in social networks. We illustrate our technique on a core API for social networking, which includes methods for establishing social relations and for sharing resources. The cryptographic protocols implementing these methods use pseudonyms to hide user identities, signatures on these pseudonyms to establish social relations, and zero-knowledge proofs of knowledge of such signatures to demonstrate the existence of social relations without sacrificing user anonymity. As we do not put any constraints on the underlying social network, our framework is generally applicable and, in particular, constitutes an ideal plug-in for decentralized social networks. We analyzed the security of our protocols by developing formal definitions of the aforementioned security properties and by verifying them using ProVerif, an automated theorem prover for cryptographic protocols. Finally, we built a prototypical implementation and conducted an experimental evaluation to demonstrate the efficiency and the scalability of our framework.
@conference{conf/ndss/BackesMP11, author = {Backes, Michael and Maffei, Matteo and Pecina, Kim}, booktitle = {NDSS{\textquoteright}11 - Proceedings of the Network and Distributed Security Symposium}, title = {A Security API for Distributed Social Networks.}, year = {2011}, address = {San Diego, CA, USA}, month = {02/2011}, organization = {The Internet Society}, publisher = {The Internet Society}, keywords = {API, online-social-networks, security}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.lbs.cs.uni-saarland.de/publications/sapi.pdf} }

[DBLP:conf/sigecom/GhoshR11] Selling Privacy at Auction

Ghosh, Arpita, and Roth, Aaron

2011

Bib

@conference{DBLP:conf/sigecom/GhoshR11,
  author = {Ghosh, Arpita and Roth, Aaron},
  title = {Selling Privacy at Auction},
  year = {2011},
  pages = {199{\textendash}208},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Frey2011] Social Market: Combining Explicit and Implicit Social Networks

Frey, Davide, Jégou, Arnaud, and Kermarrec, Anne-Marie

2011

DOI Website abstract Bib

The pervasiveness of the Internet has lead research and applications to focus more and more on their users. Online social networks such as Facebook provide users with the ability to maintain an unprecedented number of social connections. Recommendation systems exploit the opinions of other users to suggest movies or products based on our similarity with them. This shift from machines to users motivates the emergence of novel applications and research challenges. In this paper, we embrace the social aspects of the Web 2.0 by considering a novel problem. We build a distributed social market that combines interest-based social networks with explicit networks like Facebook. Our Social Market (SM) allows users to identify and build connections to other users that can provide interesting goods, or information. At the same time, it backs up these connections with trust, by associating them with paths of trusted users that connect new acquaintances through the explicit network. This convergence of implicit and explicit networks yields TAPS, a novel gossip protocol that can be applied in applications devoted to commercial transactions, or to add robustness to standard gossip applications like dissemination or recommendation systems.
@inbook{Frey2011, author = {Frey, Davide and J{\'e}gou, Arnaud and Kermarrec, Anne-Marie}, editor = {D{\'e}fago, Xavier and Petit, Franck and Villain, Vincent}, pages = {193-207}, publisher = {Springer Berlin Heidelberg}, title = {Social Market: Combining Explicit and Implicit Social Networks}, year = {2011}, isbn = {978-3-642-24549-7}, series = {Lecture Notes in Computer Science}, volume = {6976}, booktitle = {Stabilization, Safety, and Security of Distributed Systems}, doi = {10.1007/978-3-642-24550-3_16}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-24550-3_16} }
[ccs2011-stealthy] Stealthy Traffic Analysis of Low-Latency Anonymous Communication Using Throughput Fingerprinting

Mittal, Prateek, Khurshid, Ahmed, Juen, Joshua, Caesar, Matthew, and Borisov, Nikita

10/2011 2011

abstract Bib

Anonymity systems such as Tor aim to enable users to communicate in a manner that is untraceable by adversaries that control a small number of machines. To provide efficient service to users, these anonymity systems make full use of forwarding capacity when sending traffic between intermediate relays. In this paper, we show that doing this leaks information about the set of Tor relays in a circuit (path). We present attacks that, with high confidence and based solely on throughput information, can (a) reduce the attacker’s uncertainty about the bottleneck relay of any Tor circuit whose throughput can be observed, (b) exactly identify the guard relay(s) of a Tor user when circuit throughput can be observed over multiple connections, and (c) identify whether two concurrent TCP connections belong to the same Tor user, breaking unlinkability. Our attacks are stealthy, and cannot be readily detected by a user or by Tor relays. We validate our attacks using experiments over the live Tor network. We find that the attacker can substantially reduce the entropy of a bottleneck relay distribution of a Tor circuit whose throughput can be observed—the entropy gets reduced by a factor of 2 in the median case. Such information leaks from a single Tor circuit can be combined over multiple connections to exactly identify a user’s guard relay(s). Finally, we are also able to link two connections from the same initiator with a crossover error rate of less than 1.5% in under 5 minutes. Our attacks are also more accurate and require fewer resources than previous attacks on Tor.
@conference{ccs2011-stealthy, author = {Mittal, Prateek and Khurshid, Ahmed and Juen, Joshua and Caesar, Matthew and Borisov, Nikita}, booktitle = {CCS{\textquoteright}11 - Proceedings of the 18th ACM conference on Computer and Communications Security}, title = {Stealthy Traffic Analysis of Low-Latency Anonymous Communication Using Throughput Fingerprinting}, year = {2011}, address = {Chicago, IL, United States}, month = {10/2011}, organization = {ACM}, publisher = {ACM}, keywords = {anonymity, attacks, throughput}, owner = {tom}, timestamp = {2021-01-27} }
[Houmansadr2011] SWIRL: A Scalable Watermark to Detect Correlated Network Flows

Houmansadr, Amir, and Borisov, Nikita

02/2011 2011

abstract Bib

Flow watermarks are active traffic analysis techniques that help establish a causal connection between two network flows by content-independent manipulations, e.g., altering packet timings. Watermarks provide a much more scalable approach for flow correlation than passive traffic analysis. Previous designs of scalable watermarks, however, were subject to multi-flow attacks. They also introduced delays too large to be used in most environments. We design SWIRL, a Scalable Watermark that is Invisible and Resilient to packet Losses. SWIRL is the first watermark that is practical to use for large-scale traffic analysis. SWIRL uses a flow-dependent approach to resist multi-flow attacks, marking each flow with a different pattern. SWIRL is robust to packet losses and network jitter, yet it introduces only small delays that are invisible to both benign users and determined adversaries. We analyze the performance of SWIRL both analytically and on the PlanetLab testbed, demonstrating very low error rates. We consider applications of SWIRL to stepping stone detection and linking anonymous communication. We also propose a novel application of watermarks to defend against congestion attacks on Tor.
@conference{Houmansadr2011, author = {Houmansadr, Amir and Borisov, Nikita}, booktitle = {NDSS{\textquoteright}11 - Proceedings of the Network and Distributed Security Symposium}, title = {SWIRL: A Scalable Watermark to Detect Correlated Network Flows}, year = {2011}, address = {San Diego, CA, USA}, month = {02/2011}, keywords = {anonymity, SWIRL, traffic analysis, watermarking}, owner = {tom}, timestamp = {2021-01-27} }
[usenix11-telex] Telex: Anticensorship in the Network Infrastructure

Wustrow, Eric, Wolchok, Scott, Goldberg, Ian, and Halderman, J. Alex

08/2005 2011

abstract Bib

In this paper, we present Telex, a new approach to resisting state-level Internet censorship. Rather than attempting to win the cat-and-mouse game of finding open proxies, we leverage censors’ unwillingness to completely block day-to-day Internet access. In effect, Telex converts innocuous, unblocked websites into proxies, without their explicit collaboration. We envision that friendly ISPs would deploy Telex stations on paths between censors’ networks and popular, uncensored Internet destinations. Telex stations would monitor seemingly innocuous flows for a special “tag” and transparently divert them to a forbidden website or service instead. We propose a new cryptographic scheme based on elliptic curves for tagging TLS handshakes such that the tag is visible to a Telex station but not to a censor. In addition, we use our tagging scheme to build a protocol that allows clients to connect to Telex stations while resisting both passive and active attacks. We also present a proof-of-concept implementation that demonstrates the feasibility of our system.
@conference{usenix11-telex, author = {Wustrow, Eric and Wolchok, Scott and Goldberg, Ian and Halderman, J. Alex}, booktitle = {Proceedings of the 20th USENIX Security Symposium}, title = {Telex: Anticensorship in the Network Infrastructure}, year = {2011}, address = {San Francisco, CA, USA}, month = {08/2005}, keywords = {anticensorship, network infrastructure state-level censorship, proxy, telex}, owner = {tom}, timestamp = {2021-01-27} }
[ccs2011-trust] Trust-based Anonymous Communication: Adversary Models and Routing Algorithms

Johnson, Aaron, Syverson, Paul, Dingledine, Roger, and Mathewson, Nick

10/2011 2011

abstract Bib

We introduce a novel model of routing security that incorporates the ordinarily overlooked variations in trust that users have for different parts of the network. We focus on anonymous communication, and in particular onion routing, although we expect the approach to apply more broadly. This paper provides two main contributions. First, we present a novel model to consider the various security concerns for route selection in anonymity networks when users vary their trust over parts of the network. Second, to show the usefulness of our model, we present as an example a new algorithm to select paths in onion routing. We analyze its effectiveness against deanonymization and other information leaks, and particularly how it fares in our model versus existing algorithms, which do not consider trust. In contrast to those, we find that our trust-based routing strategy can protect anonymity against an adversary capable of attacking a significant fraction of the network.
@conference{ccs2011-trust, author = {Johnson, Aaron and Syverson, Paul and Dingledine, Roger and Mathewson, Nick}, booktitle = {CCS{\textquoteright}11 - Proceedings of the 18th ACM conference on Computer and Communications Security}, title = {Trust-based Anonymous Communication: Adversary Models and Routing Algorithms}, year = {2011}, address = {Chicago, IL, United States}, month = {10/2011}, organization = {ACM}, publisher = {ACM}, keywords = {anonymous communication, onion routing, privacy, trust}, owner = {tom}, timestamp = {2021-01-27} }
[Yang:2011:USN:2068816.2068841] Uncovering social network sybils in the wild

Yang, Zhi, Wilson, Christo, Wang, Xiao, Gao, Tingting, Zhao, Ben Y., and Dai, Yafei

11/2011 2011

DOI Website abstract Bib

Sybil accounts are fake identities created to unfairly increase the power or resources of a single user. Researchers have long known about the existence of Sybil accounts in online communities such as file-sharing systems, but have not been able to perform large scale measurements to detect them or measure their activities. In this paper, we describe our efforts to detect, characterize and understand Sybil account activity in the Renren online social network (OSN). We use ground truth provided by Renren Inc. to build measurement based Sybil account detectors, and deploy them on Renren to detect over 100,000 Sybil accounts. We study these Sybil accounts, as well as an additional 560,000 Sybil accounts caught by Renren, and analyze their link creation behavior. Most interestingly, we find that contrary to prior conjecture, Sybil accounts in OSNs do not form tight-knit communities. Instead, they integrate into the social graph just like normal users. Using link creation timestamps, we verify that the large majority of links between Sybil accounts are created accidentally, unbeknownst to the attacker. Overall, only a very small portion of Sybil accounts are connected to other Sybils with social links. Our study shows that existing Sybil defenses are unlikely to succeed in today’s OSNs, and we must design new techniques to effectively detect and defend against Sybil attacks.
@conference{Yang:2011:USN:2068816.2068841, author = {Yang, Zhi and Wilson, Christo and Wang, Xiao and Gao, Tingting and Zhao, Ben Y. and Dai, Yafei}, booktitle = {Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference}, title = {Uncovering social network sybils in the wild}, year = {2011}, address = {Berlin, Germany}, month = {11/2011}, organization = {ACM}, pages = {259{\textendash}268}, publisher = {ACM}, series = {IMC {\textquoteright}11}, doi = {10.1145/2068816.2068841}, isbn = {978-1-4503-1013-0}, keywords = {online social networks, sybil, sybil accountsm}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/2068816.2068841} }
[wpes11-panchenko] Website Fingerprinting in Onion Routing Based Anonymization Networks

Panchenko, Andriy, Niessen, Lukas, Zinnen, Andreas, and Engel, Thomas

10/2011 2011

abstract Bib

Low-latency anonymization networks such as Tor and JAP claim to hide the recipient and the content of communications from a local observer, i.e., an entity that can eavesdrop the traffic between the user and the first anonymization node. Especially users in totalitarian regimes strongly depend on such networks to freely communicate. For these people, anonymity is particularly important and an analysis of the anonymization methods against various attacks is necessary to ensure adequate protection. In this paper we show that anonymity in Tor and JAP is not as strong as expected so far and cannot resist website fingerprinting attacks under certain circumstances. We first define features for website fingerprinting solely based on volume, time, and direction of the traffic. As a result, the subsequent classification becomes much easier. We apply support vector machines with the introduced features. We are able to improve recognition results of existing works on a given state-of-the-art dataset in Tor from 3% to 55% and in JAP from 20% to 80%. The datasets assume a closed-world with 775 websites only. In a next step, we transfer our findings to a more complex and realistic open-world scenario, i.e., recognition of several websites in a set of thousands of random unknown websites. To the best of our knowledge, this work is the first successful attack in the open-world scenario. We achieve a surprisingly high true positive rate of up to 73% for a false positive rate of 0.05%. Finally, we show preliminary results of a proof-of-concept implementation that applies camouflage as a countermeasure to hamper the fingerprinting attack. For JAP, the detection rate decreases from 80% to 4% and for Tor it drops from 55% to about 3%.
@conference{wpes11-panchenko, author = {Panchenko, Andriy and Niessen, Lukas and Zinnen, Andreas and Engel, Thomas}, booktitle = {WPES{\textquoteright}11 - Proceedings of the Workshop on Privacy in the Electronic Society}, title = {Website Fingerprinting in Onion Routing Based Anonymization Networks}, year = {2011}, address = {Chicago, IL, United States}, month = {10/2011}, organization = {ACM}, publisher = {ACM}, keywords = {anonymous communication, pattern recognition, privacy, traffic analysis, website fingerprinting}, owner = {tom}, timestamp = {2021-01-27} }
[Mittal2011] X-Vine: Secure and Pseudonymous Routing Using Social Networks

Mittal, Prateek, Caesar, Matthew, and Borisov, Nikita

Computer Research Repository 9/2011 2011

Website abstract Bib PDF

Distributed hash tables suffer from several security and privacy vulnerabilities, including the problem of Sybil attacks. Existing social network-based solutions to mitigate the Sybil attacks in DHT routing have a high state requirement and do not provide an adequate level of privacy. For instance, such techniques require a user to reveal their social network contacts. We design X-Vine, a protection mechanism for distributed hash tables that operates entirely by communicating over social network links. As with traditional peer-to-peer systems, X-Vine provides robustness, scalability, and a platform for innovation. The use of social network links for communication helps protect participant privacy and adds a new dimension of trust absent from previous designs. X-Vine is resilient to denial of service via Sybil attacks, and in fact is the first Sybil defense that requires only a logarithmic amount of state per node, making it suitable for large-scale and dynamic settings. X-Vine also helps protect the privacy of users social network contacts and keeps their IP addresses hidden from those outside of their social circle, providing a basis for pseudonymous communication. We first evaluate our design with analysis and simulations, using several real world large-scale social networking topologies. We show that the constraints of X-Vine allow the insertion of only a logarithmic number of Sybil identities per attack edge; we show this mitigates the impact of malicious attacks while not affecting the performance of honest nodes. Moreover, our algorithms are efficient, maintain low stretch, and avoid hot spots in the network. We validate our design with a PlanetLab implementation and a Facebook plugin.
@article{Mittal2011, author = {Mittal, Prateek and Caesar, Matthew and Borisov, Nikita}, journal = {Computer Research Repository}, title = {X-Vine: Secure and Pseudonymous Routing Using Social Networks}, year = {2011}, month = {9/2011}, volume = {abs/1109.0971}, keywords = {anonymity, cryptography, dblp, distributed hash table, for:isp, routing, security, social-network-routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dblp.uni-trier.de/db/journals/corr/corr1109.html$\#$abs-1109-0971} }
[Calandrino2011] "You Might Also Like:" Privacy Risks of Collaborative Filtering

Calandrino, J.A., Kilzer, A., Narayanan, A., Felten, E.W., and Shmatikov, V.

May 2011

DOI abstract Bib

Many commercial websites use recommender systems to help customers locate products and content. Modern recommenders are based on collaborative filtering: they use patterns learned from users’ behavior to make recommendations, usually in the form of related-items lists. The scale and complexity of these systems, along with the fact that their outputs reveal only relationships between items (as opposed to information about users), may suggest that they pose no meaningful privacy risk. In this paper, we develop algorithms which take a moderate amount of auxiliary information about a customer and infer this customer’s transactions from temporal changes in the public outputs of a recommender system. Our inference attacks are passive and can be carried out by any Internet user. We evaluate their feasibility using public data from popular websites Hunch, Last.fm, LibraryThing, and Amazon.
@conference{Calandrino2011, author = {Calandrino, J.A. and Kilzer, A. and Narayanan, A. and Felten, E.W. and Shmatikov, V.}, booktitle = {Security and Privacy (SP), 2011 IEEE Symposium on}, title = {"You Might Also Like:" Privacy Risks of Collaborative Filtering}, year = {2011}, month = may, doi = {10.1109/SP.2011.40}, keywords = {accuracy, Amazon, collaboration, collaborative filtering, commercial Web sites, consumer behaviour, Covariance matrix, customer transactions, data privacy, groupware, History, Hunch, Inference algorithms, inference attacks, inference mechanisms, information filtering, Internet, Internet user, Last.fm, Library Thing, privacy, privacy risks, recommender systems, Web sites}, owner = {tom}, timestamp = {2017-10-10} }

[Kermarrec2010] Application of Random Walks to Decentralized Recommender Systems

Kermarrec, Anne-Marie, Leroy, Vincent, Moin, Afshin, and Thraves, Christopher

09/2010 2010

Bib

@conference{Kermarrec2010,
  author = {Kermarrec, Anne-Marie and Leroy, Vincent and Moin, Afshin and Thraves, Christopher},
  booktitle = {14th International Conference on Principles of Distributed Systems},
  title = {Application of Random Walks to Decentralized Recommender Systems},
  year = {2010},
  month = {09/2010},
  keywords = {random walks, recommender system},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Huebsch2010] The Ariba Framework for Application Development using Service Overlays

Hübsch, Christian, Mayer, Christoph P., and Waldhorst, Oliver

Praxis der Informationsverarbeitung und Kommunikation 2010

DOI Website abstract Bib

Developing new network services in the Internet is complex and costly. This high entrance barrier has prevented new innovation in the network itself, and stuck the Internet as being mainly browser-based client/server systems. End-system based decentralized services are cheaper, but have a complexity several orders of magnitude higher than centralized systems in terms of structure and protocols. To foster development of such decentralized network services, we present the ariba framework. We show how ariba can facilitate development of end-system based decentralized services through self-organizing service overlays–flexibly deployed purely on end-systems without the need for costly infrastructure.
@article{Huebsch2010, author = {H{\"u}bsch, Christian and Mayer, Christoph P. and Waldhorst, Oliver}, journal = {Praxis der Informationsverarbeitung und Kommunikation}, title = {The Ariba Framework for Application Development using Service Overlays}, year = {2010}, issn = {1865-8342}, pages = {7-11}, volume = {33}, doi = {10.1515/piko.2010.003}, keywords = {overlay networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.reference-global.com/doi/abs/10.1515/piko.2010.003} }
[Yeoh:2008:BAB:1402298.1402307] BnB-ADOPT: an asynchronous branch-and-bound DCOP algorithm

Yeoh, William, Felner, Ariel, and Koenig, Sven

Journal of Artificial Intelligence Research 2010

DOI Website abstract Bib

Distributed constraint optimization (DCOP) problems are a popular way of formulating and solving agent-coordination problems. It is often desirable to solve DCOP problems optimally with memory-bounded and asynchronous algorithms. We introduce Branch-and-Bound ADOPT (BnB-ADOPT), a memory-bounded asynchronous DCOP algorithm that uses the message passing and communication framework of ADOPT, a well known memory-bounded asynchronous DCOP algorithm, but changes the search strategy of ADOPT from best-first search to depth-first branch-and-bound search. Our experimental results show that BnB-ADOPT is up to one order of magnitude faster than ADOPT on a variety of large DCOP problems and faster than NCBB, a memory-bounded synchronous DCOP algorithm, on most of these DCOP problems.
@article{Yeoh:2008:BAB:1402298.1402307, author = {Yeoh, William and Felner, Ariel and Koenig, Sven}, journal = {Journal of Artificial Intelligence Research}, title = {BnB-ADOPT: an asynchronous branch-and-bound DCOP algorithm}, year = {2010}, issn = {1076-9757}, pages = {85-133}, volume = {38}, address = {Richland, SC}, doi = {10.1613/jair.2849}, keywords = {agent cooperation, BnB-ADOPT, DCOP, distributed constraint optimization, distributed problem solving}, owner = {tom}, publisher = {International Foundation for Autonomous Agents and Multiagent Systems}, timestamp = {2017-10-10}, url = {http://www.jair.org/papers/paper2849.html} }
[incentives-fc10] Building Incentives into Tor

Ngan, Tsuen-Wan ‘‘Johnny’’, Dingledine, Roger, and Wallach, Dan S.

Jan 2010

abstract Bib

Distributed anonymous communication networks like Tor depend on volunteers to donate their resources. However, the efforts of Tor volunteers have not grown as fast as the demands on the Tor network.We explore techniques to incentivize Tor users to relay Tor traffic too; if users contribute resources to the Tor overlay, they should receive faster service in return. In our design, the central Tor directory authorities measure performance and publish a list of Tor relays that should be given higher priority when establishing circuits. Simulations of our proposed design show that conforming users receive significant improvements in performance, in some cases experiencing twice the network throughput of selfish users who do not relay traffic for the Tor network.
@conference{incentives-fc10, author = {Ngan, Tsuen-Wan {\textquoteleft}{\textquoteleft}Johnny{\textquoteright}{\textquoteright} and Dingledine, Roger and Wallach, Dan S.}, booktitle = {Proceedings of Financial Cryptography (FC {\textquoteright}10)}, title = {Building Incentives into Tor}, year = {2010}, editor = {Sion, Radu}, month = jan, keywords = {Tor}, owner = {tom}, timestamp = {2017-10-10} }
[1827424] Cordies: expressive event correlation in distributed systems

Koch, Gerald G., Koldehofe, Boris, and Rothermel, Kurt

2010

DOI Website abstract Bib

Complex Event Processing (CEP) is the method of choice for the observation of system states and situations by means of events. A number of systems have been introduced that provide CEP in selected environments. Some are restricted to centralised systems, or to systems with synchronous communication, or to a limited space of event relations that are defined in advance. Many modern systems, though, are inherently distributed and asynchronous, and require a more powerful CEP. We present Cordies, a distributed system for the detection of correlated events that is designed for the operation in large-scale, heterogeneous networks and adapts dynamically to changing network conditions. With its expressive language to describe event relations, it is suitable for environments where neither the event space nor the situations of interest are predefined but are constantly adapted. In addition, Cordies supports Quality-of-Service (QoS) for communication in distributed event correlation detection.
@conference{1827424, author = {Koch, Gerald G. and Koldehofe, Boris and Rothermel, Kurt}, booktitle = {DEBS {\textquoteright}10: Proceedings of the Fourth ACM International Conference on Distributed Event-Based Systems}, title = {Cordies: expressive event correlation in distributed systems}, year = {2010}, address = {New York, NY, USA}, organization = {ACM}, pages = {26{\textendash}37}, publisher = {ACM}, doi = {10.1145/1827418.1827424}, isbn = {978-1-60558-927-5}, keywords = {QoS}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1827424\&dl=GUIDE\&coll=portal\&CFID=97675623\&CFTOKEN=70931453$\#$} }

[continual] Differential Privacy Under Continual Observation

Dwork, Cynthia, Naor, Moni, Pitassi, Toniann, and Rothblum, Guy N.

Jun 2010

Bib

@conference{continual,
  author = {Dwork, Cynthia and Naor, Moni and Pitassi, Toniann and Rothblum, Guy N.},
  booktitle = {Proceedings of the 42nd ACM Symposium on Theory of Computing (STOC{\textquoteright}10)},
  title = {Differential Privacy Under Continual Observation},
  year = {2010},
  month = jun,
  pages = {715{\textendash}724},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Dwork2010] On the Difficulties of Disclosure Prevention in Statistical Databases or The Case for Differential Privacy

Dwork, Cynthia, and Naor, Moni

Journal of Privacy and Confidentiality 2010

Website abstract Bib

In 1977 Tore Dalenius articulated a desideratum for statistical databases: nothing about an individual should be learnable from the database that cannot be learned without access to the database. We give a general impossibility result showing that a natural formalization of Dalenius’ goal cannot be achieved if the database is useful. The key obstacle is the side information that may be available to an adversary. Our results hold under very general conditions regarding the database, the notion of privacy violation, and the notion of utility.

Contrary to intuition, a variant of the result threatens the privacy even of someone not in the database. This state of affairs motivated the notion of differential privacy [15, 16], a strong ad omnia privacy which, intuitively, captures the increased risk to one’s privacy incurred by participating in a database.
@article{Dwork2010, author = {Dwork, Cynthia and Naor, Moni}, journal = {Journal of Privacy and Confidentiality}, title = {On the Difficulties of Disclosure Prevention in Statistical Databases or The Case for Differential Privacy}, year = {2010}, pages = {93-107}, volume = {2}, owner = {tom}, timestamp = {2017-10-10}, url = {http://research.microsoft.com/apps/pubs/default.aspx?id=135704} }

[vleroythesis] Distributing social applications

Leroy, Vincent

Dec 2010

Bib

@mastersthesis{vleroythesis,
  author = {Leroy, Vincent},
  school = {IRISA},
  title = {Distributing social applications},
  year = {2010},
  month = dec,
  type = {phd},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Danezis2010] Drac: An Architecture for Anonymous Low-Volume Communications

Danezis, George, Diaz, Claudia, Troncoso, Carmela, and Laurie, Ben

2010

@inbook{Danezis2010,
  author = {Danezis, George and Diaz, Claudia and Troncoso, Carmela and Laurie, Ben},
  editor = {Atallah, MikhailJ. and Hopper, NicholasJ.},
  pages = {202-219},
  publisher = {Springer Berlin Heidelberg},
  title = {Drac: An Architecture for Anonymous Low-Volume Communications},
  year = {2010},
  isbn = {978-3-642-14526-1},
  series = {Lecture Notes in Computer Science},
  volume = {6205},
  booktitle = {Privacy Enhancing Technologies},
  doi = {10.1007/978-3-642-14527-8_12},
  keywords = {anonymous communication, anonymous IM, anonymous voice, Drac, F2F},
  organization = {Springer Berlin Heidelberg},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/978-3-642-14527-8_12}
}

[Cholez2010] Efficient DHT attack mitigation through peers’ ID distribution

Cholez, Thibault, Chrisment, Isabelle, and Festor, Olivier

04/2010 2010

abstract Bib

We present a new solution to protect the widely deployed KAD DHT against localized attacks which can take control over DHT entries. We show through measurements that the IDs distribution of the best peers found after a lookup process follows a geometric distribution. We then use this result to detect DHT attacks by comparing real peers’ ID distributions to the theoretical one thanks to the Kullback-Leibler divergence. When an attack is detected, we propose countermeasures that progressively remove suspicious peers from the list of possible contacts to provide a safe DHT access. Evaluations show that our method detects the most efficient attacks with a very small false-negative rate, while countermeasures successfully filter almost all malicious peers involved in an attack. Moreover, our solution completely fits the current design of the KAD network and introduces no network overhead.
@conference{Cholez2010, author = {Cholez, Thibault and Chrisment, Isabelle and Festor, Olivier}, booktitle = {HOTP2P{\textquoteright}10 - International Workshop on Hot Topics in Peer-to-Peer Systems}, title = {Efficient DHT attack mitigation through peers{\textquoteright} ID distribution}, year = {2010}, address = {Atlanta, Georgia, USA}, month = {04/2010}, keywords = {attack detection, attack mitigation, distributed hash table, IDs distribution, KAD, Sybil attack}, owner = {tom}, timestamp = {2021-01-27} }

[Koch:2010:EPL:1827418.1827440] Event processing for large-scale distributed games

Koch, Gerald G., Tariq, Muhammad Adnan, Koldehofe, Boris, and Rothermel, Kurt

2010

Novel peer-to-peer-based multiplayer online games are instantiated in an ad-hoc manner without the support of dedicated infrastructure and maintain their state in a distributed manner. Although their employed communication paradigms provide efficient access to sections of distributed state, such communication fails if the participants need to access large subsets of the application state in order to detect high-level situations. We propose a demonstration that shows how multiplayer online games can benefit from using publish/subscribe communication and complex event processing alongside their traditional communication paradigm.

@conference{Koch:2010:EPL:1827418.1827440,
  author = {Koch, Gerald G. and Tariq, Muhammad Adnan and Koldehofe, Boris and Rothermel, Kurt},
  booktitle = {Proceedings of the Fourth ACM International Conference on Distributed Event-Based Systems},
  title = {Event processing for large-scale distributed games},
  year = {2010},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {103{\textendash}104},
  publisher = {ACM},
  series = {DEBS {\textquoteright}10},
  doi = {http://doi.acm.org/10.1145/1827418.1827440},
  isbn = {978-1-60558-927-5},
  keywords = {content-based publish/subscribe, distributed complex event processing, multi-player online game},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1827418.1827440}
}

[DBLP:conf/middleware/BertierFGKL10] The Gossple Anonymous Social Network

Bertier, Marin, Frey, Davide, Guerraoui, Rachid, Kermarrec, Anne-Marie, and Leroy, Vincent

2010

abstract Bib

While social networks provide news from old buddies, you can learn a lot more from people you do not know, but with whom you share many interests. We show in this paper how to build a network of anonymous social acquaintances using a gossip protocol we call Gossple, and how to leverage such a network to enhance navigation within Web 2.0 collaborative applications, à la LastFM and Delicious. Gossple nodes (users) periodically gossip digests of their interest profiles and compute their distances (in terms of interest) with respect to other nodes. This is achieved with little bandwidth and storage, fast convergence, and without revealing which profile is associated with which user. We evaluate Gossple on real traces from various Web 2.0 applications with hundreds of PlanetLab hosts and thousands of simulated nodes.
@conference{DBLP:conf/middleware/BertierFGKL10, author = {Bertier, Marin and Frey, Davide and Guerraoui, Rachid and Kermarrec, Anne-Marie and Leroy, Vincent}, booktitle = {Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware}, title = {The Gossple Anonymous Social Network}, year = {2010}, organization = {ACM/IFIP/USENIX}, pages = {191{\textendash}211}, publisher = {ACM/IFIP/USENIX}, keywords = {gossple, social networks}, owner = {tom}, timestamp = {2017-10-10} }
[duminuco:hierarchical] Hierarchical codes: A flexible trade-off for erasure codes in peer-to-peer storage systems.

Duminuco, Alessandro, and Biersack, E W

Peer-to-Peer Networking and Applications 03/2009 2010

DOI abstract Bib

Redundancy is the basic technique to provide reliability in storage systems consisting of multiple components. A redundancy scheme defines how the redundant data are produced and maintained. The simplest redundancy scheme is replication, which however suffers from storage inefficiency. Another approach is erasure coding, which provides the same level of reliability as replication using a significantly smaller amount of storage. When redundant data are lost, they need to be replaced. While replacing replicated data consists in a simple copy, it becomes a complex operation with erasure codes: new data are produced performing a coding over some other available data. The amount of data to be read and coded is d times larger than the amount of data produced, where d, called repair degree, is larger than 1 and depends on the structure of the code. This implies that coding has a larger computational and I/O cost, which, for distributed storage systems, translates into increased network traffic. Participants of Peer-to-Peer systems often have ample storage and CPU power, but their network bandwidth may be limited. For these reasons existing coding techniques are not suitable for P2P storage. This work explores the design space between replication and the existing erasure codes. We propose and evaluate a new class of erasure codes, called Hierarchical Codes, which allows to reduce the network traffic due to maintenance without losing the benefits given by traditional erasure codes.
@article{duminuco:hierarchical, author = {Duminuco, Alessandro and Biersack, E W}, journal = {Peer-to-Peer Networking and Applications}, title = {Hierarchical codes: A flexible trade-off for erasure codes in peer-to-peer storage systems.}, year = {2010}, month = {03/2009}, pages = {52-66}, volume = {3}, doi = {10.1007/s12083-009-0044-8}, keywords = {dependability, erasure codes, peer-to-peer networking, reliability, storage}, owner = {tom}, timestamp = {2017-10-10} }
[Wen2010] How Accurately Can One’s Interests Be Inferred from Friends?

Wen, Zhen, and Lin, Ching-Yung

2010

DOI Website abstract Bib

Search and recommendation systems must effectively model user interests in order to provide personalized results. The proliferation of social software makes social network an increasingly important source for user interest modeling, be- cause of the social influence and correlation among friends. However, there are large variations in people’s contribution of social content. Therefore, it is impractical to accurately model interests for all users. As a result, applications need to decide whether to utilize a user interest model based on its accuracy. To address this challenge, we present a study on the accuracy of user interests inferred from three types of social content: social bookmarking, file sharing, and electronic communication, in an organizational social network within a large-scale enterprise. First, we demonstrate that combining different types of social content to infer user interests outperforms methods that use only one type of social content. Second, we present a technique to predict the inference accuracy based on easily observed network characteristics, including user activeness, network in-degree, out-degree, and betweenness centrality.
@conference{Wen2010, author = {Wen, Zhen and Lin, Ching-Yung}, booktitle = {Proceedings of the 19th International Conference on World Wide Web}, title = {How Accurately Can One{\textquoteright}s Interests Be Inferred from Friends?}, year = {2010}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1772690.1772875}, isbn = {978-1-60558-799-8}, keywords = {accuracy, social networks, user modeling}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1772690.1772875} }
[tissec-latency-leak] How Much Anonymity does Network Latency Leak?

Hopper, Nicholas J., Vasserman, Eugene Y., and Chan-Tin, Eric

ACM Transactions on Information and System Security Forthcoming 2010

DOI Website abstract Bib

Low-latency anonymity systems such as Tor, AN.ON, Crowds, and Anonymizer.com aim to provide anonymous connections that are both untraceable by "local" adversaries who control only a few machines, and have low enough delay to support anonymous use of network services like web browsing and remote login. One consequence of these goals is that these services leak some information about the network latency between the sender and one or more nodes in the system. This paper reports on three experiments that partially measure the extent to which such leakage can compromise anonymity. First, using a public dataset of pairwise round-trip times (RTTs) between 2000 Internet hosts, we estimate that on average, knowing the network location of host A and the RTT to host B leaks 3.64 bits of information about the network location of B. Second, we describe an attack that allows a pair of colluding web sites to predict, based on local timing information and with no additional resources, whether two connections from the same Tor exit node are using the same circuit with 17% equal error rate. Finally, we describe an attack that allows a malicious website, with access to a network coordinate system and one corrupted Tor router, to recover roughly 6.8 bits of network location per hour.
@article{tissec-latency-leak, author = {Hopper, Nicholas J. and Vasserman, Eugene Y. and Chan-Tin, Eric}, journal = {ACM Transactions on Information and System Security}, title = {How Much Anonymity does Network Latency Leak?}, year = {2010}, month = {forthcoming}, pages = {82 - 91}, doi = {10.1145/1315245.1315257}, isbn = {978-1-59593-703-2}, keywords = {anonymity, latency, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1315245.1315257} }

[DBLP:conf/tridentcom/NguyenRKFMB10] How to Build Complex, Large-Scale Emulated Networks

Nguyen, Hung X., Roughan, Matthew, Knight, Simon, Falkner, Nick, Maennel, Olaf, and Bush, Randy

2010

Bib

@conference{DBLP:conf/tridentcom/NguyenRKFMB10,
  author = {Nguyen, Hung X. and Roughan, Matthew and Knight, Simon and Falkner, Nick and Maennel, Olaf and Bush, Randy},
  booktitle = {TRIDENTCOM},
  title = {How to Build Complex, Large-Scale Emulated Networks},
  year = {2010},
  pages = {3-18},
  keywords = {autonetkit, emulation, netkit, network, testbed, virtualization},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Gamiochipi2010] Incentive-driven QoS in peer-to-peer overlays

Gamiochipi, Raul Leonardo Landa

05/2010 2010

Website abstract Bib

A well known problem in peer-to-peer overlays is that no single entity has control over the software, hardware and configuration of peers. Thus, each peer can selfishly adapt its behaviour to maximise its benefit from the overlay. This thesis is concerned with the modelling and design of incentive mechanisms for QoS-overlays: resource allocation protocols that provide strategic peers with participation incentives, while at the same time optimising the performance of the peer-to-peer distribution overlay. The contributions of this thesis are as follows. First, we present PledgeRoute, a novel contribution accounting system that can be used, along with a set of reciprocity policies, as an incentive mechanism to encourage peers to contribute resources even when users are not actively consuming overlay services. This mechanism uses a decentralised credit network, is resilient to sybil attacks, and allows peers to achieve time and space deferred contribution reciprocity. Then, we present a novel, QoS-aware resource allocation model based on Vickrey auctions that uses PledgeRoute as a substrate. It acts as an incentive mechanism by providing efficient overlay construction, while at the same time allocating increasing service quality to those peers that contribute more to the network. The model is then applied to lagsensitive chunk swarming, and some of its properties are explored for different peer delay distributions. When considering QoS overlays deployed over the best-effort Internet, the quality received by a client cannot be adjudicated completely to either its serving peer or the intervening network between them. By drawing parallels between this situation and well-known hidden action situations in microeconomics, we propose a novel scheme to ensure adherence to advertised QoS levels. We then apply it to delay-sensitive chunk distribution overlays and present the optimal contract payments required, along with a method for QoS contract enforcement through reciprocative strategies. We also present a probabilistic model for application-layer delay as a function of the prevailing network conditions. Finally, we address the incentives of managed overlays, and the prediction of their behaviour. We propose two novel models of multihoming managed overlay incentives in which overlays can freely allocate their traffic flows between different ISPs. One is obtained by optimising an overlay utility function with desired properties, while the other is designed for data-driven least-squares fitting of the cross elasticity of demand. This last model is then used to solve for ISP profit maximisation.
@mastersthesis{Gamiochipi2010, author = {Gamiochipi, Raul Leonardo Landa}, school = {University College London}, title = {Incentive-driven QoS in peer-to-peer overlays}, year = {2010}, address = {London}, month = {05/2010}, keywords = {BitTorrent, Freeloading, game theory, incentives, PeerLive, prices, QoS}, owner = {tom}, pages = {209}, timestamp = {2017-10-10}, url = {http://eprints.ucl.ac.uk/19490/}, volume = {PhD} }
[Chan2010] Malugo: A peer-to-peer storage system

Chan, Yu-Wei, Ho, Tsung-Hsuan, Shih, Po-Chi, and Chung, Yeh-Ching

2010

DOI Website abstract Bib

We consider the problem of routing locality in peer-to-peer storage systems where peers store and exchange data among themselves. With the global information, peers will take the data locality into consideration when they implement their replication mechanisms to keep a number of file replicas all over the systems. In this paper, we mainly propose a peer-to-peer storage system - Malugo. Algorithms for the implementation of the peers’ locating and file operation processes are also presented. Simulation results show that the proposed system successfully constructs an efficient and stable peer-to-peer storage environment with considerations of data and routing locality among peers.
@article{Chan2010, author = {Chan, Yu-Wei and Ho, Tsung-Hsuan and Shih, Po-Chi and Chung, Yeh-Ching}, title = {Malugo: A peer-to-peer storage system}, year = {2010}, doi = {10.1504/IJAHUC.2010.032995}, keywords = {distributed storage, Malugo, peer-to-peer storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.ingentaconnect.com/content/ind/ijahuc/2010/00000005/00000004/art00002;jsessionid=kcpun0o76hoe.alexandra} }

[DBLP:conf/tridentcom/AlbrechtH10] Managing Distributed Applications Using Gush

Albrecht, Jeannie R., and Huang, Danny Yuxing

2010

Bib

@conference{DBLP:conf/tridentcom/AlbrechtH10,
  author = {Albrecht, Jeannie R. and Huang, Danny Yuxing},
  booktitle = {TRIDENTCOM},
  title = {Managing Distributed Applications Using Gush},
  year = {2010},
  pages = {401-411},
  keywords = {distributed applications, emulation, GENI, PlanetLab, testbed},
  owner = {tom},
  timestamp = {2017-10-10}
}

[DBLP:conf/tridentcom/PeralaPML10] A Novel Testbed for P2P Networks

Perälä, Pekka H. J., Paananen, Jori P., Mukhopadhyay, Milton, and Laulajainen, Jukka-Pekka

2010

Bib

@conference{DBLP:conf/tridentcom/PeralaPML10,
  author = {Per{\"a}l{\"a}, Pekka H. J. and Paananen, Jori P. and Mukhopadhyay, Milton and Laulajainen, Jukka-Pekka},
  booktitle = {TRIDENTCOM},
  title = {A Novel Testbed for P2P Networks},
  year = {2010},
  pages = {69-83},
  keywords = {emulation, P2P, testbed},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Locher:2010:PKN:2018057.2018085] Poisoning the Kad network

Locher, Thomas, Mysicka, David, Schmid, Stefan, and Wattenhofer, Roger

01/2010 2010

DOI Website abstract Bib

Since the demise of the Overnet network, the Kad network has become not only the most popular but also the only widely used peer-to-peer system based on a distributed hash table. It is likely that its user base will continue to grow in numbers over the next few years as, unlike the eDonkey network, it does not depend on central servers, which increases scalability and reliability. Moreover, the Kad network is more efficient than unstructured systems such as Gnutella. However, we show that today’s Kad network can be attacked in several ways by carrying out several (well-known) attacks on the Kad network. The presented attacks could be used either to hamper the correct functioning of the network itself, to censor contents, or to harm other entities in the Internet not participating in the Kad network such as ordinary web servers. While there are simple heuristics to reduce the impact of some of the attacks, we believe that the presented attacks cannot be thwarted easily in any fully decentralized peer-to-peer system without some kind of a centralized certification and verification authority.
@conference{Locher:2010:PKN:2018057.2018085, author = {Locher, Thomas and Mysicka, David and Schmid, Stefan and Wattenhofer, Roger}, booktitle = {ICDCN{\textquoteright}10 - Proceedings of the 11th International Conference on Distributed Computing and Networking}, title = {Poisoning the Kad network}, year = {2010}, address = {Kolkata, India}, month = {01/2010}, organization = {Springer-Verlag}, pages = {195{\textendash}206}, publisher = {Springer-Verlag}, series = {ICDCN{\textquoteright}10}, doi = {http://dx.doi.org/10.1007/978-3-642-11322-2_22}, isbn = {3-642-11321-4, 978-3-642-11321-5}, keywords = {distributed hash table, KAD}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=2018057.2018085} }

[FessiIPTComm2010] Pr2-P2PSIP: Privacy Preserving P2P Signaling for VoIP and IM

Fessi, Ali, Evans, Nathan S, Niedermayer, Heiko, and Holz, Ralph

Aug 2010

Bib

@conference{FessiIPTComm2010,
  author = {Fessi, Ali and Evans, Nathan S and Niedermayer, Heiko and Holz, Ralph},
  booktitle = {Principles, Systems and Applications of IP Telecommunications (IPTComm), Munich},
  title = {Pr2-P2PSIP: Privacy Preserving P2P Signaling for VoIP and IM},
  year = {2010},
  address = {Munich, Germany},
  month = aug,
  pages = {141{\textendash}152},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Isdal:2010:PPD:1851275.1851198] Privacy-preserving P2P data sharing with OneSwarm

Isdal, Tomas, Piatek, Michael, Krishnamurthy, Arvind, and Anderson, Thomas

SIGCOMM Comput. Commun. Rev. 2010

@article{Isdal:2010:PPD:1851275.1851198,
  author = {Isdal, Tomas and Piatek, Michael and Krishnamurthy, Arvind and Anderson, Thomas},
  journal = {SIGCOMM Comput. Commun. Rev.},
  title = {Privacy-preserving P2P data sharing with OneSwarm},
  year = {2010},
  issn = {0146-4833},
  number = {4},
  pages = {111{\textendash}122},
  volume = {40},
  address = {New York, NY, USA},
  doi = {10.1145/1851275.1851198},
  keywords = {anonymity, OneSwarm, p2p network},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1851275.1851198}
}

[1667071] Privacy-preserving similarity-based text retrieval

Pang, Hweehwa, Shen, Jialie, and Krishnan, Ramayya

ACM Trans. Internet Technol. 2010

DOI abstract Bib

Users of online services are increasingly wary that their activities could disclose confidential information on their business or personal activities. It would be desirable for an online document service to perform text retrieval for users, while protecting the privacy of their activities. In this article, we introduce a privacy-preserving, similarity-based text retrieval scheme that (a) prevents the server from accurately reconstructing the term composition of queries and documents, and (b) anonymizes the search results from unauthorized observers. At the same time, our scheme preserves the relevance-ranking of the search server, and enables accounting of the number of documents that each user opens. The effectiveness of the scheme is verified empirically with two real text corpora.
@article{1667071, author = {Pang, Hweehwa and Shen, Jialie and Krishnan, Ramayya}, journal = {ACM Trans. Internet Technol.}, title = {Privacy-preserving similarity-based text retrieval}, year = {2010}, issn = {1533-5399}, number = {1}, pages = {1{\textendash}39}, volume = {10}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1667067.1667071}, keywords = {keywords, privacy, search, text mining}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10} }
[Inan2010] Private Record Matching Using Differential Privacy

Inan, Ali, Kantarcioglu, Murat, Ghinita, Gabriel, and Bertino, Elisa

2010

DOI Website abstract Bib

Private matching between datasets owned by distinct parties is a challenging problem with several applications. Private matching allows two parties to identify the records that are close to each other according to some distance functions, such that no additional information other than the join result is disclosed to any party. Private matching can be solved securely and accurately using secure multi-party computation (SMC) techniques, but such an approach is prohibitively expensive in practice. Previous work proposed the release of sanitized versions of the sensitive datasets which allows blocking, i.e., filtering out sub-sets of records that cannot be part of the join result. This way, SMC is applied only to a small fraction of record pairs, reducing the matching cost to acceptable levels. The blocking step is essential for the privacy, accuracy and efficiency of matching. However, the state-of-the-art focuses on sanitization based on k-anonymity, which does not provide sufficient privacy. We propose an alternative design centered on differential privacy, a novel paradigm that provides strong privacy guarantees. The realization of the new model presents difficult challenges, such as the evaluation of distance-based matching conditions with the help of only a statistical queries interface. Specialized versions of data indexing structures (e.g., kd-trees) also need to be devised, in order to comply with differential privacy. Experiments conducted on the real-world Census-income dataset show that, although our methods provide strong privacy, their effectiveness in reducing matching cost is not far from that of k-anonymity based counterparts.
@conference{Inan2010, author = {Inan, Ali and Kantarcioglu, Murat and Ghinita, Gabriel and Bertino, Elisa}, booktitle = {Proceedings of the 13th International Conference on Extending Database Technology}, title = {Private Record Matching Using Differential Privacy}, year = {2010}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1739041.1739059}, isbn = {978-1-60558-945-9}, keywords = {Differential Privacy, privacy, record matching, security}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1739041.1739059} }
[1827425] Providing basic security mechanisms in broker-less publish/subscribe systems

Tariq, Muhammad Adnan, Koldehofe, Boris, Altaweel, Ala, and Rothermel, Kurt

2010

DOI Website abstract Bib

The provisioning of basic security mechanisms such as authentication and confidentiality is highly challenging in a content-based publish/subscribe system. Authentication of publishers and subscribers is difficult to achieve due to the loose coupling of publishers and subscribers. Similarly, confidentiality of events and subscriptions conflicts with content-based routing. In particular, content-based approaches in broker-less environments do not address confidentiality at all. This paper presents a novel approach to provide confidentiality and authentication in a broker-less content-based publish-subscribe system. The authentication of publishers and subscribers as well as confidentiality of events is ensured, by adapting the pairing-based cryptography mechanisms, to the needs of a publish/subscribe system. Furthermore, an algorithm to cluster subscribers according to their subscriptions preserves a weak notion of subscription confidentiality. Our approach provides fine grained key management and the cost for encryption, decryption and routing is in the order of subscribed attributes. Moreover, the simulation results verify that supporting security is affordable with respect to the cost for overlay construction and event dissemination latencies, thus preserving scalability of the system.
@conference{1827425, author = {Tariq, Muhammad Adnan and Koldehofe, Boris and Altaweel, Ala and Rothermel, Kurt}, booktitle = {DEBS {\textquoteright}10: Proceedings of the Fourth ACM International Conference on Distributed Event-Based Systems}, title = {Providing basic security mechanisms in broker-less publish/subscribe systems}, year = {2010}, address = {New York, NY, USA}, organization = {ACM}, pages = {38{\textendash}49}, publisher = {ACM}, doi = {10.1145/1827418.1827425}, isbn = {978-1-60558-927-5}, keywords = {P2P, publish/subscribe}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1827418.1827425\&coll=portal\&dl=GUIDE$\#$} }

[1672334] Reconnecting the internet with ariba: self-organizing provisioning of end-to-end connectivity in heterogeneous networks

Hübsch, Christian, Mayer, Christoph P., Mies, Sebastian, Bless, Roland, Waldhorst, Oliver, and Zitterbart, Martina

SIGCOMM Comput. Commun. Rev. 2010

End-to-End connectivity in today’s Internet can no longer be taken for granted. Middleboxes, mobility, and protocol heterogeneity complicate application development and often result in application-specific solutions. In our demo we present ariba: an overlay-based approach to handle such network challenges and to provide consistent homogeneous network primitives in order to ease application and service development.

@article{1672334,
  author = {H{\"u}bsch, Christian and Mayer, Christoph P. and Mies, Sebastian and Bless, Roland and Waldhorst, Oliver and Zitterbart, Martina},
  journal = {SIGCOMM Comput. Commun. Rev.},
  title = {Reconnecting the internet with ariba: self-organizing provisioning of end-to-end connectivity in heterogeneous networks},
  year = {2010},
  issn = {0146-4833},
  number = {1},
  pages = {131{\textendash}132},
  volume = {40},
  address = {New York, NY, USA},
  doi = {10.1145/1672308.1672334},
  keywords = {heterogeneity, overlay networks, P2P},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?doid=1672308.1672334$\#$}
}

[Huebsch2010a] On Runtime Adaptation of Application-Layer Multicast Protocol Parameters

Hübsch, Christian, Mayer, Christoph P., and Waldhorst, Oliver

2010

@conference{Huebsch2010a,
  author = {H{\"u}bsch, Christian and Mayer, Christoph P. and Waldhorst, Oliver},
  booktitle = {Proceedings of Networked Services and Applications {\textendash} Engineering, Control and Management (EUNICE)},
  title = {On Runtime Adaptation of Application-Layer Multicast Protocol Parameters},
  year = {2010},
  address = {Trondheim, Norway},
  note = {{to appear}},
  organization = {Springer},
  publisher = {Springer},
  series = {{Lecture Notes in Computer Science}},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.tm.uni-karlsruhe.de/itm/WebMan/view.php?view=publikationen_detail\&id=389\&lang=en}
}

[Krause2010] Scalable Application-Layer Multicast Simulations with OverSim

Krause, Stephan, and Hübsch, Christian

2010

abstract Bib

Application-Layer Multicast has become a promising class of protocols since IP Multicast has not found wide area deployment in the Internet. Developing such protocols requires in-depth analysis of their properties even with large numbers of participants–-a characteristic which is at best hard to achieve in real network experiments. Several well-known simulation frameworks have been developed and used in recent years, but none has proved to be fitting the requirements for analyzing large-scale application-layer networks. In this paper we propose the OverSim framework as a promising simulation environment for scalabe Application-Layer Multicast research. We show that OverSim is able to manage even overlays with several thousand participants in short time while consuming comparably little memory. We compare the framework’s runtime properties with the two exemplary Application-Layer Mutlicast protocols Scribe and NICE. The results show that both simulation time and memory consumption grow linearly with the number of nodes in highly feasible dimensions.
@conference{Krause2010, author = {Krause, Stephan and H{\"u}bsch, Christian}, booktitle = {7th Annual IEEE Consumer Communiations \& Networking Conference}, title = {Scalable Application-Layer Multicast Simulations with OverSim}, year = {2010}, keywords = {multicast, NICE, OverSim, Scribe}, owner = {tom}, timestamp = {2017-10-10} }
[Burkhart:2010:SPA:1929820.1929840] SEPIA: privacy-preserving aggregation of multi-domain network events and statistics

Burkhart, Martin, Strasser, Mario, Many, Dilip, and Dimitropoulos, Xenofontas

08/2010 2010

Website abstract Bib

Secure multiparty computation (MPC) allows joint privacy-preserving computations on data of multiple parties. Although MPC has been studied substantially, building solutions that are practical in terms of computation and communication cost is still a major challenge. In this paper, we investigate the practical usefulness of MPC for multi-domain network security and monitoring. We first optimize MPC comparison operations for processing high volume data in near real-time. We then design privacy-preserving protocols for event correlation and aggregation of network traffic statistics, such as addition of volume metrics, computation of feature entropy, and distinct item count. Optimizing performance of parallel invocations, we implement our protocols along with a complete set of basic operations in a library called SEPIA. We evaluate the running time and bandwidth requirements of our protocols in realistic settings on a local cluster as well as on PlanetLab and show that they work in near real-time for up to 140 input providers and 9 computation nodes. Compared to implementations using existing general-purpose MPC frameworks, our protocols are significantly faster, requiring, for example, 3 minutes for a task that takes 2 days with general-purpose frameworks. This improvement paves the way for new applications of MPC in the area of networking. Finally, we run SEPIA’s protocols on real traffic traces of 17 networks and show how they provide new possibilities for distributed troubleshooting and early anomaly detection.
@conference{Burkhart:2010:SPA:1929820.1929840, author = {Burkhart, Martin and Strasser, Mario and Many, Dilip and Dimitropoulos, Xenofontas}, booktitle = {Proceedings of the 19th USENIX conference on Security}, title = {SEPIA: privacy-preserving aggregation of multi-domain network events and statistics}, year = {2010}, address = {Washington, DC, USA}, month = {08/2010}, organization = {USENIX Association}, pages = {15{\textendash}15}, publisher = {USENIX Association}, series = {USENIX Security{\textquoteright}10}, isbn = {888-7-6666-5555-4}, keywords = {privacy, secure multi-party computation, SMC}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1929820.1929840} }

[Marks2010a] Unleashing Tor, BitTorrent & Co.: How to Relieve TCP Deficiencies in Overlays

Marks, Daniel, Tschorsch, Florian, and Scheuermann, Bjoern

2010

Bib

@conference{Marks2010a,
  author = {Marks, Daniel and Tschorsch, Florian and Scheuermann, Bjoern},
  booktitle = {LCN 2010: Proceedings of the 35th IEEE Conference on Local Computer Networks},
  title = {Unleashing Tor, BitTorrent \& Co.: How to Relieve TCP Deficiencies in Overlays},
  year = {2010},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Huebsch2010b] User-perceived Performance of the NICE Application Layer Multicast Protocol in Large and Highly Dynamic Groups

Hübsch, Christian, Mayer, Christoph P., and Waldhorst, Oliver

2010 2010

DOI Website abstract Bib

The presentation of a landmark paper by Chu et al. at SIGMETRICS 2000 introduced application layer multicast (ALM) as completely new area of network research. Many researchers have since proposed ALM protocols, and have shown that these protocols only put a small burden on the network in terms of link-stress and -stretch. However, since the network is typically not a bottleneck, user acceptance remains the limiting factor for the deployment of ALM. In this paper we present an in-depth study of the user-perceived performance of the NICE ALM protocol. We use the OverSim simulation framework to evaluate delay experienced by a user and bandwidth consumption on the user’s access link in large multicast groups and under aggressive churn models. Our major results are (1) latencies grow moderate with increasing number of nodes as clusters get optimized, (2) join delays get optimized over time, and (3) despite being a tree-dissemination protocol NICE handles churn surprisingly well when adjusting heartbeat intervals accordingly. We conclude that NICE comes up to the user’s expectations even for large groups and under high churn. This work was partially funded as part of the Spontaneous Virtual Networks (SpoVNet) project by the Landesstiftung Baden-Württemberg within the BW-FIT program and as part of the Young Investigator Group Controlling Heterogeneous and Dynamic Mobile Grid and Peer-to-Peer Systems (CoMoGriP) by the Concept for the Future of Karlsruhe Institute of Technology (KIT) within the framework of the German Excellence Initiative.
@conference{Huebsch2010b, author = {H{\"u}bsch, Christian and Mayer, Christoph P. and Waldhorst, Oliver}, booktitle = {Proceedings of 15th International GI/ITG Conference on "Measurement, Modelling and Evaluation of Computing Systems"}, title = {User-perceived Performance of the NICE Application Layer Multicast Protocol in Large and Highly Dynamic Groups}, year = {2010}, address = {Essen, Germany}, month = {2010}, note = {{Best Paper Award}}, organization = {Springer Berlin, Heidelberg}, pages = {62{\textendash}77}, publisher = {Springer Berlin, Heidelberg}, doi = {10.1007/978-3-642-12104-3}, isbn = {978-3-642-12103-6}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/t6k421560103540n/} }

[Huebsch2010c] Using Legacy Applications in Future Heterogeneous Networks with ariba

Hübsch, Christian, Mayer, Christoph P., Mies, Sebastian, Bless, Roland, Waldhorst, Oliver, and Zitterbart, Martina

2010

Bib

@conference{Huebsch2010c,
  author = {H{\"u}bsch, Christian and Mayer, Christoph P. and Mies, Sebastian and Bless, Roland and Waldhorst, Oliver and Zitterbart, Martina},
  booktitle = {Proceedings of IEEE INFOCOM},
  title = {Using Legacy Applications in Future Heterogeneous Networks with ariba},
  year = {2010},
  address = {San Diego, CA, USA},
  note = {{Demo}},
  owner = {tom},
  timestamp = {2017-10-10}
}

[DBLP:conf/ccs/EdmanS09] AS-awareness in Tor path selection

Edman, Matthew, and Syverson, Paul

2009

DOI Website abstract Bib

Tor is an anonymous communications network with thousands of router nodes worldwide. An intuition reflected in much of the literature on anonymous communications is that, as an anonymity network grows, it becomes more secure against a given observer because the observer will see less of the network. In particular, as the Tor network grows from volunteers operating relays all over the world, it becomes less and less likely for a single autonomous system (AS) to be able to observe both ends of an anonymous connection. Yet, as the network continues to grow significantly, no analysis has been done to determine if this intuition is correct. Further, modifications to Tor’s path selection algorithm to help clients avoid an AS-level observer have not been proposed and analyzed. Five years ago a previous study examined the AS-level threat against client and destination addresses chosen a priori to be likely or interesting to examine. Using an AS-level path inference algorithm with improved accuracy, more extensive Internet routing data, and, most importantly, a model of typical Tor client AS-level sources and destinations based on data gathered from the live network, we demonstrate that the threat of a single AS observing both ends of an anonymous Tor connection is greater than previously thought. We look at the growth of the Tor network over the past five years and show that its explosive growth has had only a small impact on the network’s robustness against an AS-level attacker. Finally, we propose and evaluate the effectiveness of some simple, AS-aware path selection algorithms that avoid the computational overhead imposed by full AS-level path inference algorithms. Our results indicate that a novel heuristic we propose is more effective against an AS-level observer than other commonly proposed heuristics for improving location diversity in path selection.
@conference{DBLP:conf/ccs/EdmanS09, author = {Edman, Matthew and Syverson, Paul}, booktitle = {Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9-13, 2009}, title = {AS-awareness in Tor path selection}, year = {2009}, editor = {Al-Shaer, Ehab and Jha, Somesh and Keromytis, Angelos D.}, organization = {ACM}, pages = {380{\textendash}389}, publisher = {ACM}, doi = {10.1145/1653662.1653708}, isbn = {978-1-60558-894-0}, keywords = {anonymity, autonomous systems, privacy, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1653662.1653708} }
[Attrapadung:2009:AES:1696791.1696811] Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes

Attrapadung, Nuttapong, and Imai, Hideki

12/2009 2009

DOI Website abstract Bib

Attribute-based encryption (ABE) enables an access control mechanism over encrypted data by specifying access policies among private keys and ciphertexts. In this paper, we focus on ABE that supports revocation. Currently, there are two available revocable ABE schemes in the literature. Their revocation mechanisms, however, differ in the sense that they can be considered as direct and indirect methods. Direct revocation enforces revocation directly by the sender who specifies the revocation list while encrypting. Indirect revocation enforces revocation by the key authority who releases a key update material periodically in such a way that only non-revoked users can update their keys (hence, revoked users’ keys are implicitly rendered useless). An advantage of the indirect method over the direct one is that it does not require senders to know the revocation list. In contrast, an advantage of the direct method over the other is that it does not involve key update phase for all non-revoked users interacting with the key authority. In this paper, we present the first Hybrid Revocable ABE scheme that allows senders to select on-the-fly when encrypting whether to use either direct or indirect revocation mode; therefore, it combines best advantages from both methods.
@conference{Attrapadung:2009:AES:1696791.1696811, author = {Attrapadung, Nuttapong and Imai, Hideki}, booktitle = {Proceedings of the 12th IMA International Conference on Cryptography and Coding}, title = {Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes}, year = {2009}, address = {Cirencester, UK}, month = {12/2009}, organization = {Springer-Verlag}, pages = {278{\textendash}300}, publisher = {Springer-Verlag}, series = {Cryptography and Coding {\textquoteright}09}, doi = {http://dx.doi.org/10.1007/978-3-642-10868-6_17}, isbn = {978-3-642-10867-9}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-10868-6_17} }
[DBLP:conf/ccs/TroncosoD09] The bayesian traffic analysis of mix networks

Troncoso, Carmela, and Danezis, George

2009

DOI Website abstract Bib

This work casts the traffic analysis of anonymity systems, and in particular mix networks, in the context of Bayesian inference. A generative probabilistic model of mix network architectures is presented, that incorporates a number of attack techniques in the traffic analysis literature. We use the model to build an Markov Chain Monte Carlo inference engine, that calculates the probabilities of who is talking to whom given an observation of network traces. We provide a thorough evaluation of its correctness and performance, and confirm that mix networks with realistic parameters are secure. This approach enables us to apply established information theoretic anonymity metrics on complex mix networks, and extract information from anonymised traffic traces optimally.
@conference{DBLP:conf/ccs/TroncosoD09, author = {Troncoso, Carmela and Danezis, George}, booktitle = {Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9-13, 2009}, title = {The bayesian traffic analysis of mix networks}, year = {2009}, editor = {Al-Shaer, Ehab and Jha, Somesh and Keromytis, Angelos D.}, organization = {ACM}, pages = {369{\textendash}379}, publisher = {ACM}, doi = {10.1145/1653662.1653707}, isbn = {978-1-60558-894-0}, keywords = {anonymity, Markov chain, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1653662.1653707} }
[1659021] Bloom filters and overlays for routing in pocket switched networks

Mayer, Christoph P.

2009

DOI Website abstract Bib

Pocket Switched Networks (PSN) [3] have become a promising approach for providing communication between scarcely connected human-carried devices. Such devices, e.g. mobile phones or sensor nodes, are exposed to human mobility and can therewith leverage inter-human contacts for store-and-forward routing. Efficiently routing in such delay tolerant networks is complex due to incomplete knowledge about the network, and high dynamics of the network. In this work we want to develop an extension of Bloom filters for resource-efficient routing in pocket switched networks. Furthermore, we argue that PSNs may become densely populated in special situations. We want to exploit such situations to perform collaborative calculations of forwarding-decisions. In this paper we present a simple scheme for distributed decision calculation using overlays and a DHT-based distributed variant of Bloom filters.
@conference{1659021, author = {Mayer, Christoph P.}, booktitle = {Co-Next Student Workshop {\textquoteright}09: Proceedings of the 5th international student workshop on Emerging networking experiments and technologies}, title = {Bloom filters and overlays for routing in pocket switched networks}, year = {2009}, address = {New York, NY, USA}, organization = {ACM}, pages = {43{\textendash}44}, publisher = {ACM}, doi = {10.1145/1658997.1659021}, isbn = {978-1-60558-751-6}, keywords = {Bloom filter, overlay networks, pocket switched network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?doid=1658997.1659021$\#$} }
[Knoll:2009:BPS:1590968.1591829] Bootstrapping Peer-to-Peer Systems Using IRC

Knoll, Mirko, Helling, Matthias, Wacker, Arno, Holzapfel, Sebastian, and Weis, Torben

06/2009 2009

DOI Website abstract Bib

Research in the area of peer-to-peer systems is mainly focused on structuring the overlay network. Little attention is paid to the process of setting up and joining a peer-to-peer overlay network, i.e. the bootstrapping of peer-to-peer networks. The major challenge is to get hold of one peer that is already in the overlay. Otherwise, the first peer must be able to detect that the overlay is currently empty. Successful P2P applications either provide a centralized server for this task (Skype) or they simply put the burden on the user (eMule). We propose an automatic solution which does not require any user intervention and does not exhibit a single point of failure. Such decentralized bootstrapping protocols are especially important for open non-commercial peer-to-peer systems which cannot provide a server infrastructure for bootstrapping. The algorithm we are proposing builds on the Internet Relay Chat (IRC), a highly available, open,and distributed network of chat servers. Our algorithm is designed to put only a very minimal load on the IRC servers.In measurements we show that our bootstrapping protocol scales very well, handles flash crowds, and does only put a constant load on the IRC system disregarding of the peer-to-peer overlay size.
@conference{Knoll:2009:BPS:1590968.1591829, author = {Knoll, Mirko and Helling, Matthias and Wacker, Arno and Holzapfel, Sebastian and Weis, Torben}, booktitle = {WETICE{\textquoteright}09 - Proceedings of the 18th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises}, title = {Bootstrapping Peer-to-Peer Systems Using IRC}, year = {2009}, address = {Groningen, The Netherlands}, month = {06/2009}, organization = {IEEE Computer Society}, pages = {122{\textendash}127}, publisher = {IEEE Computer Society}, series = {WETICE {\textquoteright}09}, doi = {http://dx.doi.org/10.1109/WETICE.2009.40}, isbn = {978-0-7695-3683-5}, keywords = {automated, bootstrapping, decentralized, efficient, IRC, P2P, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/WETICE.2009.40} }

[Bortnikov2009] Brahms: Byzantine Resilient Random Membership Sampling

Bortnikov, Edward, Gurevich, Maxim, Keidar, Idit, Kliot, Gabriel, and Shraer, Alexander

Computer Networks Journal (COMNET), Special Issue on Gossiping in Distributed Systems Apr 2009

Bib

@article{Bortnikov2009,
  author = {Bortnikov, Edward and Gurevich, Maxim and Keidar, Idit and Kliot, Gabriel and Shraer, Alexander},
  journal = {Computer Networks Journal (COMNET), Special Issue on Gossiping in Distributed Systems},
  title = {Brahms: Byzantine Resilient Random Membership Sampling},
  year = {2009},
  month = apr,
  keywords = {Byzantine Resilient Sampling, Random Membership, random sampling},
  owner = {tom},
  timestamp = {2017-10-10}
}

[DBLP:conf/sss/Kermarrec09] Challenges in Personalizing and Decentralizing the Web: An Overview of GOSSPLE

Kermarrec, Anne-Marie

2009

Bib

@conference{DBLP:conf/sss/Kermarrec09,
  author = {Kermarrec, Anne-Marie},
  title = {Challenges in Personalizing and Decentralizing the Web: An Overview of GOSSPLE},
  year = {2009},
  pages = {1{\textendash}16},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Holz2009] CLIO/UNISONO: practical distributed and overlay- wide network measurement

Holz, Ralph, and Haage, Dirk

2009

abstract Bib

Building on previous work, we present an early version of our CLIO/UNISONO framework for distributed network measurements. CLIO/UNISONO is a generic measurement framework specifically aimed at overlays that need measurements for optimization purposes. In this talk, we briefly introduce the most important concepts and then focus on some more advanced mechanisms like measurements across connectivity domains and remote orders.
@conference{Holz2009, author = {Holz, Ralph and Haage, Dirk}, title = {CLIO/UNISONO: practical distributed and overlay- wide network measurement}, year = {2009}, owner = {tom}, timestamp = {2017-10-10} }
[Melchor2009] A Collusion-Resistant Distributed Scalar Product Protocol with Application to Privacy-Preserving Computation of Trust

Melchor, C.A., Ait-Salem, B., and Gaborit, P.

Jul 2009

DOI abstract Bib

Private scalar product protocols have proved to be interesting in various applications such as data mining, data integration, trust computing, etc. In 2007, Yao et al. proposed a distributed scalar product protocol with application to privacy-preserving computation of trust [1]. This protocol is split in two phases: an homorphic encryption computation; and a private multi-party summation protocol. The summation protocol has two drawbacks: first, it generates a non-negligible communication overhead; and second, it introduces a security flaw. The contribution of this present paper is two-fold. We first prove that the protocol of [1] is not secure in the semi-honest model by showing that it is not resistant to collusion attacks and we give an example of a collusion attack, with only four participants. Second, we propose to use a superposed sending round as an alternative to the multi-party summation protocol, which results in better security properties and in a reduction of the communication costs. In particular, regarding security, we show that the previous scheme was vulnerable to collusions of three users whereas in our proposal we can t isin [1..n - 1] and define a protocol resisting to collusions of up to t users.
@conference{Melchor2009, author = {Melchor, C.A. and Ait-Salem, B. and Gaborit, P.}, booktitle = {Network Computing and Applications, 2009. NCA 2009. Eighth IEEE International Symposium on}, title = {A Collusion-Resistant Distributed Scalar Product Protocol with Application to Privacy-Preserving Computation of Trust}, year = {2009}, month = jul, doi = {10.1109/NCA.2009.48}, keywords = {collaboration, collusion-resistant distributed protocol, Computer applications, computer networks, cryptographic protocols, cryptography, data privacy, distributed computing, homorphic encryption computation, Laboratories, Portable media players, privacy-preserving computation, Privacy-preserving computation of trust, private multiparty summation protocol, scalar product protocol, secure multi-party computation, Secure scalar product, security, Superposed sending., Telephony, trust computation}, owner = {tom}, timestamp = {2017-10-10} }

[DBLP:journals/tdp/NojimaK09] Cryptographically secure Bloom-filters

Nojima, Ryo, and Kadobayashi, Youki

Transactions on Data Privacy 2009

Bib

@article{DBLP:journals/tdp/NojimaK09,
  author = {Nojima, Ryo and Kadobayashi, Youki},
  journal = {Transactions on Data Privacy},
  title = {Cryptographically secure Bloom-filters},
  year = {2009},
  number = {2},
  pages = {131{\textendash}139},
  volume = {2},
  owner = {tom},
  timestamp = {2017-10-10}
}

[DBLP:conf/sp/NarayananS09] De-anonymizing Social Networks

Narayanan, Arvind, and Shmatikov, Vitaly

2009

Website abstract Bib

Operators of online social networks are increasingly sharing potentially sensitive information about users and their relationships with advertisers, application developers, and data-mining researchers. Privacy is typically protected by anonymization, i.e., removing names, addresses, etc. We present a framework for analyzing privacy and anonymity in social networks and develop a new re-identification algorithm targeting anonymized social-network graphs. To demonstrate its effectiveness on real-world networks, we show that a third of the users who can be verified to have accounts on both Twitter, a popular microblogging service, and Flickr, an online photo-sharing site, can be re-identified in the anonymous Twitter graph with only a 12% error rate. Our de-anonymization algorithm is based purely on the network topology, does not require creation of a large number of dummy "sybil" nodes, is robust to noise and all existing defenses, and works even when the overlap between the target network and the adversary’s auxiliary information is small.
@conference{DBLP:conf/sp/NarayananS09, author = {Narayanan, Arvind and Shmatikov, Vitaly}, booktitle = {Proceedings of the 30th IEEE Symposium on Security and Privacy (S\&P 2009), 17-20 May, Oakland, California, USA}, title = {De-anonymizing Social Networks}, year = {2009}, organization = {IEEE Computer Society}, pages = {173{\textendash}187}, publisher = {IEEE Computer Society}, isbn = {978-0-7695-3633-0}, keywords = {anonymity, network topology, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://randomwalker.info/social-networks/} }
[Badishi:2009:DFC:1550962.1551186] Deleting files in the Celeste peer-to-peer storage system

Badishi, Gal, Caronni, Germano, Keidar, Idit, Rom, Raphael, and Scott, Glenn

Journal of Parallel and Distributed Computing 07/2009 2009

DOI Website abstract Bib

Celeste is a robust peer-to-peer object store built on top of a distributed hash table (DHT). Celeste is a working system, developed by Sun Microsystems Laboratories. During the development of Celeste, we faced the challenge of complete object deletion, and moreover, of deleting ’’files’’ composed of several different objects. This important problem is not solved by merely deleting meta-data, as there are scenarios in which all file contents must be deleted, e.g., due to a court order. Complete file deletion in a realistic peer-to-peer storage system has not been previously dealt with due to the intricacy of the problem - the system may experience high churn rates, nodes may crash or have intermittent connectivity, and the overlay network may become partitioned at times. We present an algorithm that eventually deletes all file contents, data and meta-data, in the aforementioned complex scenarios. The algorithm is fully functional and has been successfully integrated into Celeste.
@article{Badishi:2009:DFC:1550962.1551186, author = {Badishi, Gal and Caronni, Germano and Keidar, Idit and Rom, Raphael and Scott, Glenn}, journal = {Journal of Parallel and Distributed Computing}, title = {Deleting files in the Celeste peer-to-peer storage system}, year = {2009}, issn = {0743-7315}, month = {07/2009}, pages = {613{\textendash}622}, volume = {69}, address = {Orlando, FL, USA}, doi = {10.1016/j.jpdc.2009.03.003}, keywords = {Celeste, fault-tolerance, peer-to-peer networking, storage}, owner = {tom}, publisher = {Academic Press, Inc.}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1550962.1551186} }
[McSherry2009] Differentially Private Recommender Systems: Building Privacy into the Netflix Prize Contenders

McSherry, Frank, and Mironov, Ilya

2009

DOI Website abstract Bib

We consider the problem of producing recommendations from collective user behavior while simultaneously providing guarantees of privacy for these users. Specifically, we consider the Netflix Prize data set, and its leading algorithms, adapted to the framework of differential privacy. Unlike prior privacy work concerned with cryptographically securing the computation of recommendations, differential privacy constrains a computation in a way that precludes any inference about the underlying records from its output. Such algorithms necessarily introduce uncertainty–i.e., noise–to computations, trading accuracy for privacy. We find that several of the leading approaches in the Netflix Prize competition can be adapted to provide differential privacy, without significantly degrading their accuracy. To adapt these algorithms, we explicitly factor them into two parts, an aggregation/learning phase that can be performed with differential privacy guarantees, and an individual recommendation phase that uses the learned correlations and an individual’s data to provide personalized recommendations. The adaptations are non-trivial, and involve both careful analysis of the per-record sensitivity of the algorithms to calibrate noise, as well as new post-processing steps to mitigate the impact of this noise. We measure the empirical trade-off between accuracy and privacy in these adaptations, and find that we can provide non-trivial formal privacy guarantees while still outperforming the Cinematch baseline Netflix provides.
@conference{McSherry2009, author = {McSherry, Frank and Mironov, Ilya}, booktitle = {Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining}, title = {Differentially Private Recommender Systems: Building Privacy into the Netflix Prize Contenders}, year = {2009}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1557019.1557090}, isbn = {978-1-60558-495-9}, keywords = {Differential Privacy, Netflix, recommender systems}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1557019.1557090} }
[Huebsch2009] Enhancing Application-Layer Multicast Solutions by Wireless Underlay Support

Hübsch, Christian, and Waldhorst, Oliver

2009

Website abstract Bib

Application Layer Multicast (ALM) is an attractive solution to overcome the deployment problems of IP-Multicast. We show how to cope with the challenges of incorporating wireless devices into ALM protocols. As a rst approach we extend the NICE protocol, significantly increasing its performance in scenarios with many devices connected through wireless LAN.
@conference{Huebsch2009, author = {H{\"u}bsch, Christian and Waldhorst, Oliver}, booktitle = {Kommunikation in Verteilten Systemen (KiVS) 2009, Kassel, Germany}, title = {Enhancing Application-Layer Multicast Solutions by Wireless Underlay Support}, year = {2009}, keywords = {multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.143.2935} }

[Bucher2009] Evaluation of Current P2P-SIP Proposals with Respect to the Igor/SSR API

Bucher, Markus

2009

Bib

@mastersthesis{Bucher2009,
  author = {Bucher, Markus},
  school = {Technische Universit{\"a}t M{\"u}nchen},
  title = {Evaluation of Current P2P-SIP Proposals with Respect to the Igor/SSR API},
  year = {2009},
  address = {Munich, Germany},
  type = {Diplomarbeit},
  owner = {tom},
  timestamp = {2017-10-10},
  volume = {Computer Science}
}

[Cholez:2009:ESA:1574663.1574671] Evaluation of Sybil Attacks Protection Schemes in KAD

Cholez, Thibault, Chrisment, Isabelle, and Festor, Olivier

06/2009 2009

In this paper, we assess the protection mechanisms entered into recent clients to fight against the Sybil attack in KAD, a widely deployed Distributed Hash Table. We study three main mechanisms: a protection against flooding through packet tracking, an IP address limitation and a verification of identities. We evaluate their efficiency by designing and adapting an attack for several KAD clients with different levels of protection. Our results show that the new security rules mitigate the Sybil attacks previously launched. However, we prove that it is still possible to control a small part of the network despite the new inserted defenses with a distributed eclipse attack and limited resources.

@conference{Cholez:2009:ESA:1574663.1574671,
  author = {Cholez, Thibault and Chrisment, Isabelle and Festor, Olivier},
  booktitle = {AIMS{\textquoteright}09 - Proceedings of the 3rd International Conference on Autonomous Infrastructure, Management and Security: Scalability of Networks and Services},
  title = {Evaluation of Sybil Attacks Protection Schemes in KAD},
  year = {2009},
  address = {Enschede, The Netherlands},
  month = {06/2009},
  organization = {Springer-Verlag},
  pages = {70{\textendash}82},
  publisher = {Springer-Verlag},
  series = {Lecture Notes in Computer Science},
  volume = {5637},
  doi = {http://dx.doi.org/10.1007/978-3-642-02627-0_6},
  isbn = {978-3-642-02626-3},
  keywords = {defense, distributed hash table, KAD, p2p network, security, Sybil attack},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/978-3-642-02627-0_6}
}

[Bogetoft:2009:SMC:1601990.1602018] Financial Cryptography and Data Security

Bogetoft, Peter, Christensen, Dan Lund, Damgárd, Ivan, Geisler, Martin, Jakobsen, Thomas, Krøigaard, Mikkel, Nielsen, Janus Dam, Nielsen, Jesper Buus, Nielsen, Kurt, Pagter, Jakob, Schwartzbach, Michael, and Toft, Tomas

2009

This book constitutes the thoroughly refereed post-conference proceedings of the 14th International Conference on Financial Cryptography and Data Security, FC 2010, held in Tenerife, Canary Islands, Spain in January 2010. The 19 revised full papers and 15 revised short papers presented together with 1 panel report and 7 poster papers were carefully reviewed and selected from 130 submissions. The papers cover all aspects of securing transactions and systems and feature current research focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security.

@inbook{Bogetoft:2009:SMC:1601990.1602018,
  author = {Bogetoft, Peter and Christensen, Dan Lund and Damg{\'a}rd, Ivan and Geisler, Martin and Jakobsen, Thomas and Kr{\o}igaard, Mikkel and Nielsen, Janus Dam and Nielsen, Jesper Buus and Nielsen, Kurt and Pagter, Jakob and Schwartzbach, Michael and Toft, Tomas},
  chapter = {Secure Multiparty Computation Goes Live},
  editor = {Dingledine, Roger and Golle, Philippe},
  pages = {325{\textendash}343},
  publisher = {Springer-Verlag},
  title = {Financial Cryptography and Data Security},
  year = {2009},
  address = {Berlin, Heidelberg},
  edition = {1st},
  isbn = {978-3-642-03548-7},
  series = {Lecture Notes in Computer Science},
  volume = {6052},
  booktitle = {Financial Cryptography and Data Security},
  doi = {10.1007/978-3-642-03549-4_20},
  keywords = {anonymous credentials, bilinear gruop, privacy, secret sharing, SMC, symbolic evaluation},
  organization = {Springer-Verlag},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/978-3-642-03549-4_20}
}

[wpes09-dht-attack] Hashing it out in public: Common failure modes of DHT-based anonymity schemes

Tran, Andrew, Hopper, Nicholas J., and Kim, Yongdae

Nov 2009

DOI Website abstract Bib

We examine peer-to-peer anonymous communication systems that use Distributed Hash Table algorithms for relay selection. We show that common design flaws in these schemes lead to highly effective attacks against the anonymity provided by the schemes. These attacks stem from attacks on DHT routing, and are not mitigated by the well-known DHT security mechanisms due to a fundamental mismatch between the security requirements of DHT routing’s put/get functionality and anonymous routing’s relay selection functionality. Our attacks essentially allow an adversary that controls only a small fraction of the relays to function as a global active adversary. We apply these attacks in more detail to two schemes: Salsa and Cashmere. In the case of Salsa, we show that an attacker that controls 10% of the relays in a network of size 10,000 can compromise more than 80% of all completed circuits; and in the case of Cashmere, we show that an attacker that controls 20% of the relays in a network of size 64000 can compromise 42% of the circuits.
@conference{wpes09-dht-attack, author = {Tran, Andrew and Hopper, Nicholas J. and Kim, Yongdae}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2009)}, title = {Hashing it out in public: Common failure modes of DHT-based anonymity schemes}, year = {2009}, month = nov, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1655188.1655199}, isbn = {978-1-60558-783-7}, keywords = {anonymity, denial-of-service, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1655188.1655199} }
[1656984] Heterogeneous gossip

Frey, Davide, Guerraoui, Rachid, Kermarrec, Anne-Marie, Koldehofe, Boris, Mogensen, Martin, Monod, Maxime, and Quéma, Vivien

2009

Website abstract Bib

Gossip-based information dissemination protocols are considered easy to deploy, scalable and resilient to network dynamics. Load-balancing is inherent in these protocols as the dissemination work is evenly spread among all nodes. Yet, large-scale distributed systems are usually heterogeneous with respect to network capabilities such as bandwidth. In practice, a blind load-balancing strategy might significantly hamper the performance of the gossip dissemination. This paper presents HEAP, HEterogeneity-Aware gossip Protocol, where nodes dynamically adapt their contribution to the gossip dissemination according to their bandwidth capabilities. Using a continuous, itself gossip-based, approximation of relative bandwidth capabilities, HEAP dynamically leverages the most capable nodes by increasing their fanout, while decreasing by the same proportion that of less capable nodes. HEAP preserves the simple and proactive (churn adaptation) nature of gossip, while significantly improving its effectiveness. We extensively evaluate HEAP in the context of a video streaming application on a testbed of 270 PlanetLab nodes. Our results show that HEAP significantly improves the quality of the streaming over standard homogeneous gossip protocols, especially when the stream rate is close to the average available bandwidth.
@conference{1656984, author = {Frey, Davide and Guerraoui, Rachid and Kermarrec, Anne-Marie and Koldehofe, Boris and Mogensen, Martin and Monod, Maxime and Qu{\'e}ma, Vivien}, booktitle = {Middleware {\textquoteright}09: Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware}, title = {Heterogeneous gossip}, year = {2009}, address = {New York, NY, USA}, organization = {Springer-Verlag New York, Inc.}, pages = {1{\textendash}20}, publisher = {Springer-Verlag New York, Inc.}, keywords = {heterogeneity, load balancing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1656984$\#$} }
[EURECOM+2885] Long term study of peer behavior in the KAD DHT

Steiner, Moritz, En-Najjary, Taoufik, and Biersack, E W

IEEE/ACM Transactions on Networking 05/2009 2009

abstract Bib

Distributed hash tables (DHTs) have been actively studied in literature and many different proposals have been made on how to organize peers in a DHT. However, very few DHTs have been implemented in real systems and deployed on a large scale. One exception is KAD, a DHT based on Kademlia, which is part of eDonkey, a peer-to-peer file sharing system with several million simultaneous users. We have been crawling a representative subset of KAD every five minutes for six months and obtained information about geographical distribution of peers, session times, daily usage, and peer lifetime. We have found that session times are Weibull distributed and we show how this information can be exploited to make the publishing mechanism much more efficient. Peers are identified by the so-called KAD ID, which up to now was assumed to be persistent. However, we observed that a fraction of peers changes their KAD ID as frequently as once a session. This change of KAD IDs makes it difficult to characterize end-user behavior. For this reason we have been crawling the entire KAD network once a day for more than a year to track end-users with static IP addresses, which allows us to estimate end-user lifetime and the fraction of end-users changing their KAD ID.
@article{EURECOM+2885, author = {Steiner, Moritz and En-Najjary, Taoufik and Biersack, E W}, journal = {IEEE/ACM Transactions on Networking}, title = {Long term study of peer behavior in the KAD DHT}, year = {2009}, issn = {1063-6692}, month = {05/2009}, volume = {17}, chapter = {1371}, keywords = {churn, distributed hash table, KAD, Kademlia}, owner = {tom}, timestamp = {2017-10-10} }
[1551621] Maintaining reference graphs of globally accessible objects in fully decentralized distributed systems

Saballus, Bjoern, and Fuhrmann, Thomas

2009

DOI Website abstract Bib

Since the advent of electronic computing, the processors’ clock speed has risen tremendously. Now that energy efficiency requirements have stopped that trend, the number of processing cores per machine started to rise. In near future, these cores will become more specialized, and their inter-connections will form complex networks, both on-chip and beyond. This trend opens new fields of applications for high performance computing: Heterogeneous architectures offer different functionalities and thus support a wider range of applications. The increased compute power of these systems allows more complex simulations and numerical computations. Falling costs enable even small companies to invest in multi-core systems and clusters. However, the growing complexity might impede this growth. Imagine a cluster of thousands of interconnected heterogeneous processor cores. A software developer will need a deep knowledge about the underlying infrastructure as well as the data and communication dependencies in her application to partition it optimally across the available cores. Moreover, a predetermined partitioning scheme cannot reflect failing processors or additionally provided resources. In our poster, we introduce J-Cell, a project that aims at simplifying high performance distributed computing. J-Cell offers a single system image, which allows applications to run transparently on heterogeneous multi-core machines. It distributes code, objects and threads onto the compute resources which may be added or removed at run-time. This dynamic property leads to an ad-hoc network of processors and cores. In this network, a fully decentralized object localization and retrieval algorithm guarantees the access to distributed shared objects.
@conference{1551621, author = {Saballus, Bjoern and Fuhrmann, Thomas}, booktitle = {HPDC {\textquoteright}09: Proceedings of the 18th ACM international symposium on High performance distributed computing}, title = {Maintaining reference graphs of globally accessible objects in fully decentralized distributed systems}, year = {2009}, address = {New York, NY, USA}, organization = {ACM}, pages = {59{\textendash}60}, publisher = {ACM}, doi = {10.1145/1551609.1551621}, isbn = {978-1-60558-587-1}, keywords = {globally accessible objects, single system image}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1551609.1551621$\#$} }
[moscibroda:on] On Mechanism Design without Payments for Throughput Maximization.

Moscibroda, Thomas, and Schmid, Stefan

04/2009 2009

DOI abstract Bib

It is well-known that the overall efficiency of a distributed system can suffer if the participating entities seek to maximize their individual performance. Consequently, mechanisms have been designed that force the participants to behave more cooperatively. Most of these game-theoretic solutions rely on payments between participants. Unfortunately, such payments are often cumbersome to implement in practice, especially in dynamic networks and where transaction costs are high. In this paper, we investigate the potential of mechanisms which work without payments. We consider the problem of throughput maximization in multi-channel environments and shed light onto the throughput increase that can be achieved with and without payments. We introduce and analyze two different concepts: the worst-case leverage where we assume that players end up in the worst rational strategy profile, and the average-case leverage where player select a random non-dominated strategy. Our theoretical insights are complemented by simulations.
@conference{moscibroda:on, author = {Moscibroda, Thomas and Schmid, Stefan}, booktitle = {INFOCOM{\textquoteright}09. Proceedings of the 28th IEEE International Conference on Computer Communications}, title = {On Mechanism Design without Payments for Throughput Maximization.}, year = {2009}, address = {Rio de Janeiro, Brazil}, month = {04/2009}, organization = {IEEE Computer Society}, pages = {972-980}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/INFCOM.2009.5062008}, isbn = {978-1-4244-3512-8}, keywords = {distributed systems, game-theoretic, individual performance, mechanism design, payment, throughtput maximization}, owner = {tom}, timestamp = {2021-01-27} }

[DBLP:conf/ccs/VassermanJTHK09] Membership-concealing overlay networks

Vasserman, Eugene Y., Jansen, Rob, Tyra, James, Hopper, Nicholas J., and Kim, Yongdae

2009

@conference{DBLP:conf/ccs/VassermanJTHK09,
  author = {Vasserman, Eugene Y. and Jansen, Rob and Tyra, James and Hopper, Nicholas J. and Kim, Yongdae},
  booktitle = {Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, November 9-13, 2009},
  title = {Membership-concealing overlay networks},
  year = {2009},
  editor = {Al-Shaer, Ehab and Jha, Somesh and Keromytis, Angelos D.},
  organization = {ACM},
  pages = {390{\textendash}399},
  publisher = {ACM},
  doi = {10.1145/1653662.1653709},
  isbn = {978-1-60558-894-0},
  keywords = {membership concealment, P2P, privacy},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1653662.1653709}
}

[Schadd2009] Monte-Carlo Search Techniques in the Modern Board Game Thurn and Taxis

Schadd, Frederik Christiaan

12/2009 2009

abstract Bib

Modern board games present a new and challenging field when researching search techniques in the field of Artificial Intelligence. These games differ to classic board games, such as chess, in that they can be non-deterministic, have imperfect information or more than two players. While tree-search approaches, such as alpha-beta pruning, have been quite successful in playing classic board games, by for instance defeating the then reigning world champion Gary Kasparov in Chess, these techniques are not as effective when applied to modern board games. This thesis investigates the effectiveness of Monte-Carlo Tree Search when applied to a modern board game, for which the board game Thurn and Taxis was used. This is a non-deterministic modern board game with imperfect information that can be played with more than 2 players, and is hence suitable for research. First, the state-space and game-tree complexities of this game are computed, from which the conclusion can be drawn that the two-player version of the game has a complexity similar to the game Shogi. Several techniques are investigated in order to improve the sampling process, for instance by adding domain knowledge. Given the results of the experiments, one can conclude that Monte-Carlo Tree Search gives a slight performance increase over standard Monte-Carlo search. In addition, the most effective improvements appeared to be the application of pseudo-random simulations and limiting simulation lengths, while other techniques have been shown to be less effective or even ineffective. Overall, when applying the best performing techniques, an AI with advanced playing strength has been created, such that further research is likely to push this performance to a strength of expert level.
@mastersthesis{Schadd2009, author = {Schadd, Frederik Christiaan}, school = {Maastricht University}, title = {Monte-Carlo Search Techniques in the Modern Board Game Thurn and Taxis}, year = {2009}, address = {Maastricht, Netherlands}, month = {12/2009}, type = {Master Thesis}, keywords = {artificial intelligence, MCTS, modern board game, Monte-Carlo Tree Search, search techniques}, owner = {tom}, pages = {93}, timestamp = {2021-01-27}, volume = {Master Science of Artificial Intelligence} }
[SathyaNarayanan2009] Multi Party Distributed Private Matching, Set Disjointness and Cardinality of Set Intersection with Information Theoretic Security

Sathya Narayanan, G., Aishwarya, T., Agrawal, Anugrah, Patra, Arpita, Choudhary, Ashish, and Pandu Rangan, C.

2009

DOI Website abstract Bib

In this paper, we focus on the specific problems of Private Matching, Set Disjointness and Cardinality of Set Intersection in information theoretic settings. Specifically, we give perfectly secure protocols for the above problems in n party settings, tolerating a computationally unbounded semi-honest adversary, who can passively corrupt at most t < n/2 parties. To the best of our knowledge, these are the first such information theoretically secure protocols in a multi-party setting for all the three problems. Previous solutions for Distributed Private Matching and Cardinality of Set Intersection were cryptographically secure and the previous Set Disjointness solution, though information theoretically secure, is in a two party setting. We also propose a new model for Distributed Private matching which is relevant in a multi-party setting.
@inbook{SathyaNarayanan2009, author = {Sathya Narayanan, G. and Aishwarya, T. and Agrawal, Anugrah and Patra, Arpita and Choudhary, Ashish and Pandu Rangan, C.}, editor = {Garay, JuanA. and Miyaji, Atsuko and Otsuka, Akira}, pages = {21-40}, publisher = {Springer Berlin Heidelberg}, title = {Multi Party Distributed Private Matching, Set Disjointness and Cardinality of Set Intersection with Information Theoretic Security}, year = {2009}, isbn = {978-3-642-10432-9}, series = {Lecture Notes in Computer Science}, volume = {5888}, booktitle = {Cryptology and Network Security}, doi = {10.1007/978-3-642-10433-6_2}, keywords = {Multiparty Computation, Privacy preserving Set operations}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-10433-6_2} }
[nymble-tdsc] Nymble: Blocking Misbehaving Users in Anonymizing Networks

Tsang, Patrick P., Kapadia, Apu, Cornelius, Cory, and Smith, Sean

IEEE Transactions on Dependable and Secure Computing (TDSC) Sep 2009

DOI Website abstract Bib

Anonymizing networks such as Tor allow users to access Internet services privately by using a series of routers to hide the client’s IP address from the server. The success of such networks, however, has been limited by users employing this anonymity for abusive purposes such as defacing popular websites. Website administrators routinely rely on IP-address blocking for disabling access to misbehaving users, but blocking IP addresses is not practical if the abuser routes through an anonymizing network. As a result, administrators block \em all known exit nodes of anonymizing networks, denying anonymous access to honest and dishonest users alike. To address this problem, we present Nymble, a system in which \emphservers can blacklist misbehaving users without compromising their anonymity. Our system is thus agnostic to different servers’ definitions of misbehavior — servers can block users for whatever reason, and the privacy of blacklisted users is maintained.
@article{nymble-tdsc, author = {Tsang, Patrick P. and Kapadia, Apu and Cornelius, Cory and Smith, Sean}, journal = {IEEE Transactions on Dependable and Secure Computing (TDSC)}, title = {Nymble: Blocking Misbehaving Users in Anonymizing Networks}, year = {2009}, issn = {1545-5971}, month = sep, doi = {10.1109/TDSC.2009.38}, keywords = {authentication, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.computer.org/portal/web/csdl/doi/10.1109/TDSC.2009.38} }
[Moran2009] An Optimally Fair Coin Toss

Moran, Tal, Naor, Moni, and Segev, Gil

2009

DOI Website abstract Bib

We address one of the foundational problems in cryptography: the bias of coin-flipping protocols. Coin-flipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of the honest party. A classical result by Cleve [STOC ’86] showed that for any two-party r-round coin-flipping protocol there exists an efficient adversary that can bias the output of the honest party by Ω(1/r). However, the best previously known protocol only guarantees O(1/√r) bias, and the question of whether Cleve’s bound is tight has remained open for more than twenty years. In this paper we establish the optimal trade-off between the round complexity and the bias of two-party coin-flipping protocols. Under standard assumptions (the existence of oblivious transfer), we show that Cleve’s lower bound is tight: we construct an r-round protocol with bias O(1/r).
@inbook{Moran2009, author = {Moran, Tal and Naor, Moni and Segev, Gil}, editor = {Reingold, Omer}, pages = {1-18}, publisher = {Springer Berlin Heidelberg}, title = {An Optimally Fair Coin Toss}, year = {2009}, isbn = {978-3-642-00456-8}, series = {Lecture Notes in Computer Science}, volume = {5444}, booktitle = {Theory of Cryptography}, doi = {10.1007/978-3-642-00457-5_1}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-642-00457-5_1} }
[2009a] Optimization of distributed services with UNISONO

2009

Website abstract Bib

Distributed services are a special case of P2P networks where nodes have several distinctive tasks. Based on previous work, we show how UNISONO provides a way to optimize these services to increase performance, efficiency and user experience. UNISONO is a generic framework for host-based distributed network measurements. In this talk, we present UNISONO as an Enabler for self-organizing Service Delivery Plattforms. We give a short overview of the UNISONO concept and show how distributed services benefit from its usage.
@conference{2009a, booktitle = {GI/ITG KuVS Fachgespr{\"a}ch NGN Service Delivery Platforms \& Service Overlay Networks}, title = {Optimization of distributed services with UNISONO}, year = {2009}, keywords = {distributed systems, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.net.in.tum.de/de/mitarbeiter/holz/} }

[Schimmer2009] Peer Profiling and Selection in the I2P Anonymous Network

Schimmer, Lars

03/2009 2009

Bib

@conference{Schimmer2009,
  author = {Schimmer, Lars},
  booktitle = {PET-CON 2009.1.},
  title = {Peer Profiling and Selection in the I2P Anonymous Network},
  year = {2009},
  address = {TU Dresden, Germany},
  month = {03/2009},
  keywords = {I2P},
  owner = {tom},
  timestamp = {2017-10-10}
}

[p2p09-peersim] PeerSim: A Scalable P2P Simulator

Montresor, Alberto, Jelasity, Márk, Jesi, Gian Paolo, and Voulgaris, Spyros

09/2009 2009

DOI Website abstract Bib

The key features of peer-to-peer (P2P) systems are scalability and dynamism. The evaluation of a P2P protocol in realistic environments is very expensive and difficult to reproduce, so simulation is crucial in P2P research. PeerSim is an extremely scalable simulation environment that supports dynamic scenarios such as churn and other failure models. Protocols need to be specifically implemented for the PeerSim Java API, but with a reasonable effort they can be evolved into a real implementation. Testing in specified parameter-spaces is supported as well. PeerSim started out as a tool for our own research.
@conference{p2p09-peersim, author = {Montresor, Alberto and Jelasity, M{\'a}rk and Jesi, Gian Paolo and Voulgaris, Spyros}, booktitle = {P2P{\textquoteright}09 - Proceedings of the 9th International Conference on Peer-to-Peer}, title = {PeerSim: A Scalable P2P Simulator}, year = {2009}, address = {Seattle, WA}, month = {09/2009}, pages = {99-100}, doi = {http://dx.doi.org/10.1109/P2P.2009.5284506}, isbn = {978-1-4244-5066-4}, keywords = {P2P, peer-to-peer networking, PeerSim, simulation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://peersim.sourceforge.net/} }
[Plank:2009:PEE:1525908.1525927] A performance evaluation and examination of open-source erasure coding libraries for storage

Plank, James S., Luo, Jianqiang, Schuman, Catherine D., Xu, Lihao, and Wilcox-O’Hearn, Zooko

02/2009 2009

Website abstract Bib

Over the past five years, large-scale storage installations have required fault-protection beyond RAID-5, leading to a flurry of research on and development of erasure codes for multiple disk failures. Numerous open-source implementations of various coding techniques are available to the general public. In this paper, we perform a head-to-head comparison of these implementations in encoding and decoding scenarios. Our goals are to compare codes and implementations, to discern whether theory matches practice, and to demonstrate how parameter selection, especially as it concerns memory, has a significant impact on a code’s performance. Additional benefits are to give storage system designers an idea of what to expect in terms of coding performance when designing their storage systems, and to identify the places where further erasure coding research can have the most impact.
@conference{Plank:2009:PEE:1525908.1525927, author = {Plank, James S. and Luo, Jianqiang and Schuman, Catherine D. and Xu, Lihao and Wilcox-O{\textquoteright}Hearn, Zooko}, booktitle = {FAST{\textquoteright}09 - Proccedings of the 7th Conference on File and Storage Technologies}, title = {A performance evaluation and examination of open-source erasure coding libraries for storage}, year = {2009}, address = {San Francisco, CA, USA}, month = {02/2009}, organization = {USENIX Association}, pages = {253{\textendash}265}, publisher = {USENIX Association}, keywords = {erasure coding, libraries, open-source, storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.usenix.org/event/fast09/tech/full_papers/plank/plank_html/} }
[5328076] Performance Evaluation of On-Demand Multipath Distance Vector Routing Protocol under Different Traffic Models

Malarkodi, B., Rakesh, P., and Venkataramani, B.

Oct 2009

DOI abstract Bib

Traffic models are the heart of any performance evaluation of telecommunication networks. Understanding the nature of traffic in high speed, high bandwidth communication system is essential for effective operation and performance evaluation of the networks. Many routing protocols reported in the literature for Mobile ad hoc networks(MANETS) have been primarily designed and analyzed under the assumption of CBR traffic models, which is unable to capture the statistical characteristics of the actual traffic. It is necessary to evaluate the performance properties of MANETs in the context of more realistic traffic models. In an effort towards this end, this paper evaluates the performance of adhoc on demand multipath distance vector (AOMDV) routing protocol in the presence of poisson and bursty self similar traffic and compares them with that of CBR traffic. Different metrics are considered in analyzing the performance of routing protocol including packet delivery ratio, throughput and end to end delay. Our simulation results indicate that the packet delivery fraction and throughput in AOMDV is increased in the presence of self similar traffic compared to other traffic. Moreover, it is observed that the end to end delay in the presence of self similar traffic is lesser than that of CBR and higher than that of poisson traffic.
@conference{5328076, author = {Malarkodi, B. and Rakesh, P. and Venkataramani, B.}, booktitle = {International Conference on Advances in Recent Technologies in Communication and Computing, 2009. ARTCom {\textquoteright}09.}, title = {Performance Evaluation of On-Demand Multipath Distance Vector Routing Protocol under Different Traffic Models}, year = {2009}, month = oct, pages = {77-80}, doi = {10.1109/ARTCom.2009.31}, keywords = {ad-hoc networks, AOMDV, distance vector, multi-path, performance}, owner = {tom}, timestamp = {2017-10-10} }
[evans2009tor] A Practical Congestion Attack on Tor Using Long Paths

Evans, Nathan S, Dingledine, Roger, and Grothoff, Christian

2009

Website abstract Bib

In 2005, Murdoch and Danezis demonstrated the first practical congestion attack against a deployed anonymity network. They could identify which relays were on a target Tor user’s path by building paths one at a time through every Tor relay and introducing congestion. However, the original attack was performed on only 13 Tor relays on the nascent and lightly loaded Tor network. We show that the attack from their paper is no longer practical on today’s 1500-relay heavily loaded Tor network. The attack doesn’t scale because a) the attacker needs a tremendous amount of bandwidth to measure enough relays during the attack window, and b) there are too many false positives now that many other users are adding congestion at the same time as the attacks. We then strengthen the original congestion attack by combining it with a novel bandwidth amplification attack based on a flaw in the Tor design that lets us build long circuits that loop back on themselves. We show that this new combination attack is practical and effective by demonstrating a working attack on today’s deployed Tor network. By coming up with a model to better understand Tor’s routing behavior under congestion, we further provide a statistical analysis characterizing how effective our attack is in each case.
@conference{evans2009tor, author = {Evans, Nathan S and Dingledine, Roger and Grothoff, Christian}, booktitle = {18th USENIX Security Symposium}, title = {A Practical Congestion Attack on Tor Using Long Paths}, year = {2009}, organization = {USENIX}, pages = {33{\textendash}50}, publisher = {USENIX}, keywords = {anonymity, attack, denial-of-service, installation, Tor}, owner = {tom}, timestamp = {2021-01-27}, url = {http://grothoff.org/christian/tor.pdf} }
[Duminuco:2009:PSR:1584339.1584602] A Practical Study of Regenerating Codes for Peer-to-Peer Backup Systems

Duminuco, Alessandro, and Biersack, E W

06/2009 2009

DOI Website abstract Bib

In distributed storage systems, erasure codes represent an attractive solution to add redundancy to stored data while limiting the storage overhead. They are able to provide the same reliability as replication requiring much less storage space. Erasure coding breaks the data into pieces that are encoded and then stored on different nodes. However, when storage nodes permanently abandon the system, new redundant pieces must be created. For erasure codes, generating a new piece requires the transmission of k pieces over the network, resulting in a k times higher reconstruction traffic as compared to replication. Dimakis proposed a new class of codes, called Regenerating Codes, which are able to provide both the storage efficiency of erasure codes and the communication efficiency of replication. However, Dimakis gave only a theoretical description of the codes without discussing implementation issues or computational costs. We have done a real implementation of Random Linear Regenerating Codes that allows us to measure their computational cost, which can be significant if the parameters are not chosen properly. However, we also find that there exist parameter values that result in a significant reduction of the communication overhead at the expense of a small increase in storage cost and computation, which makes these codes very attractive for distributed storage systems.
@conference{Duminuco:2009:PSR:1584339.1584602, author = {Duminuco, Alessandro and Biersack, E W}, booktitle = {ICDCS{\textquoteright}09 - Proceedings of the 29th IEEE International Conference on Distributed Computing Systems}, title = {A Practical Study of Regenerating Codes for Peer-to-Peer Backup Systems}, year = {2009}, address = {Montreal, Qu{\'e}bec, Canada}, month = {06/2009}, organization = {IEEE Computer Society}, pages = {376{\textendash}384}, publisher = {IEEE Computer Society}, series = {ICDCS {\textquoteright}09}, doi = {http://dx.doi.org/10.1109/ICDCS.2009.14}, isbn = {978-0-7695-3659-0}, keywords = {Backup Systems, erasure codes, evaluation, peer-to-peer networking, Regenerating Codes, storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/ICDCS.2009.14} }
[McSherry2009a] Privacy Integrated Queries: An Extensible Platform for Privacy-preserving Data Analysis

McSherry, Frank D.

2009

DOI Website abstract Bib

We report on the design and implementation of the Privacy Integrated Queries (PINQ) platform for privacy-preserving data analysis. PINQ provides analysts with a programming interface to unscrubbed data through a SQL-like language. At the same time, the design of PINQ’s analysis language and its careful implementation provide formal guarantees of differential privacy for any and all uses of the platform. PINQ’s unconditional structural guarantees require no trust placed in the expertise or diligence of the analysts, substantially broadening the scope for design and deployment of privacy-preserving data analysis, especially by non-experts
@conference{McSherry2009a, author = {McSherry, Frank D.}, booktitle = {Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data}, title = {Privacy Integrated Queries: An Extensible Platform for Privacy-preserving Data Analysis}, year = {2009}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1559845.1559850}, isbn = {978-1-60558-551-2}, keywords = {anonymization, confidentiality, Differential Privacy, linq}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org.eaccess.ub.tum.de/10.1145/1559845.1559850} }
[Tariqetal:2009:ProbLatencyBounds] Providing Probabilistic Latency Bounds for Dynamic Publish/Subscribe Systems

Tariq, Muhammad Adnan, Koldehofe, Boris, Koch, Gerald G., and Rothermel, Kurt

2009

DOI Website abstract Bib

In the context of large decentralized many-to-many communication systems it is impractical to provide realistic and hard bounds for certain QoS metrics including latency bounds. Nevertheless, many applications can yield better performance if such bounds hold with a given probability. In this paper we show how probabilistic latency bounds can be applied in the context of publish/subscribe. We present an algorithm for maintaining individual probabilistic latency bounds in a highly dynamic environment for a large number of subscribers. The algorithm consists of an adaptive dissemination algorithm as well as a cluster partitioning scheme. Together they ensure i) adaptation to the individual latency requirements of subscribers under dynamically changing system properties, and ii) scalability by determining appropriate clusters according to available publishers in the system.
@conference{Tariqetal:2009:ProbLatencyBounds, author = {Tariq, Muhammad Adnan and Koldehofe, Boris and Koch, Gerald G. and Rothermel, Kurt}, booktitle = {Kommunikation in Verteilten Systemen (KiVS)}, title = {Providing Probabilistic Latency Bounds for Dynamic Publish/Subscribe Systems}, year = {2009}, organization = {Gesellschaft fuer Informatik(GI)}, pages = {155{\textendash}166}, publisher = {Gesellschaft fuer Informatik(GI)}, doi = {10.1007/978-3-540-92666-5}, isbn = {978-3-540-92666-5}, keywords = {publish/subscribe, QoS}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/x36578745jv7wr88/} }
[conf/infocom/WuLR09] Queuing Network Models for Multi-Channel P2P Live Streaming Systems

Wu, Di, Liu, Yong, and Ross, Keith W.

04/2009 2009

DOI abstract Bib

In recent years there have been several large-scale deployments of P2P live video systems. Existing and future P2P live video systems will offer a large number of channels, with users switching frequently among the channels. In this paper, we develop infinite-server queueing network models to analytically study the performance of multi-channel P2P streaming systems. Our models capture essential aspects of multi-channel video systems, including peer channel switching, peer churn, peer bandwidth heterogeneity, and Zipf-like channel popularity. We apply the queueing network models to two P2P streaming designs: the isolated channel design (ISO) and the View-Upload Decoupling (VUD) design. For both of these designs, we develop efficient algorithms to calculate critical performance measures, develop an asymptotic theory to provide closed-form results when the number of peers approaches infinity, and derive near- optimal provisioning rules for assigning peers to groups in VUD. We use the analytical results to compare VUD with ISO. We show that VUD design generally performs significantly better, particularly for systems with heterogeneous channel popularities and streaming rates.
@conference{conf/infocom/WuLR09, author = {Wu, Di and Liu, Yong and Ross, Keith W.}, booktitle = {INFOCOM{\textquoteright}09. Proceedings of the 28th IEEE International Conference on Computer Communications}, title = {Queuing Network Models for Multi-Channel P2P Live Streaming Systems}, year = {2009}, address = {Rio de Janeiro, Brazil}, month = {04/2009}, organization = {IEEE Computer Society}, pages = {73-81}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/INFCOM.2009.5061908}, isbn = {978-1-4244-3512-8}, keywords = {dblp, multi-channel, p2p streaming system}, owner = {tom}, timestamp = {2017-10-10} }
[wpes09-bridge-attack] On the risks of serving whenever you surf: Vulnerabilities in Tor’s blocking resistance design

McLachlan, Jon, and Hopper, Nicholas J.

Nov 2009

DOI Website abstract Bib

In Tor, a bridge is a client node that volunteers to help censored users access Tor by serving as an unlisted, first-hop relay. Since bridging is voluntary, the success of this circumvention mechanism depends critically on the willingness of clients to act as bridges. We identify three key architectural shortcomings of the bridge design: (1) bridges are easy to find; (2) a bridge always accepts connections when its operator is using Tor; and (3) traffic to and from clients connected to a bridge interferes with traffic to and from the bridge operator. These shortcomings lead to an attack that can expose the IP address of bridge operators visiting certain web sites over Tor. We also discuss mitigation mechanisms.
@conference{wpes09-bridge-attack, author = {McLachlan, Jon and Hopper, Nicholas J.}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2009)}, title = {On the risks of serving whenever you surf: Vulnerabilities in Tor{\textquoteright}s blocking resistance design}, year = {2009}, month = nov, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1655188.1655193}, isbn = {978-1-60558-783-7}, keywords = {blocking resistance}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1655193} }
[Awerbuch2009] Robust Random Number Generation for Peer-to-Peer Systems

Awerbuch, Baruch, and Scheideler, Christian

Theor. Comput. Sci. 2009

DOI Website abstract Bib

We consider the problem of designing an efficient and robust distributed random number generator for peer-to-peer systems that is easy to implement and works even if all communication channels are public. A robust random number generator is crucial for avoiding adversarial join-leave attacks on peer-to-peer overlay networks. We show that our new generator together with a light-weight rule recently proposed in [B. Awerbuch, C. Scheideler, Towards a scalable and robust DHT, in: Proc. of the 18th ACM Symp. on Parallel Algorithms and Architectures, SPAA, 2006. See also http://www14.in.tum.de/personen/scheideler] for keeping peers well distributed can keep various structured overlay networks in a robust state even under a constant fraction of adversarial peers.
@article{Awerbuch2009, author = {Awerbuch, Baruch and Scheideler, Christian}, journal = {Theor. Comput. Sci.}, title = {Robust Random Number Generation for Peer-to-Peer Systems}, year = {2009}, issn = {0304-3975}, pages = {453{\textendash}466}, volume = {410}, doi = {10.1016/j.tcs.2008.10.003}, keywords = {Join-leave attacks, Peer-to-peer systems, Random number generation}, owner = {tom}, timestamp = {2021-01-27}, url = {http://dx.doi.org/10.1016/j.tcs.2008.10.003} }
[1658999] Scalable landmark flooding: a scalable routing protocol for WSNs

Di, Pengfei, and Fuhrmann, Thomas

2009

DOI Website abstract Bib

Wireless sensor networks (WSNs) are about to become a popular and inexpensive tool for all kinds of applications. More advanced applications also need end-to-end routing, which goes beyond the simple data dissemination and collection mechanisms of early WSNs. The special properties of WSNs – scarce memory, CPU, and energy resources – make this a challenge. The Dynamic Address Routing protocol (DART) could be a good candidate for WSN routing, if it were not so prone to link outages. In this paper, we propose Scalable Landmark Flooding (SLF), a new routing protocol for large WSNs. It combines ideas from landmark routing, flooding, and dynamic address routing. SLF is robust against link and node outages, requires only little routing state, and generates low maintenance traffic overhead.
@conference{1658999, author = {Di, Pengfei and Fuhrmann, Thomas}, booktitle = {Co-Next Student Workshop {\textquoteright}09: Proceedings of the 5th international student workshop on Emerging networking experiments and technologies}, title = {Scalable landmark flooding: a scalable routing protocol for WSNs}, year = {2009}, address = {New York, NY, USA}, organization = {ACM}, pages = {1{\textendash}2}, publisher = {ACM}, doi = {10.1145/1658997.1658999}, isbn = {978-1-60558-751-6}, keywords = {wireless sensor network}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1658997.1658999$\#$} }
[ccs09-torsk] Scalable onion routing with Torsk

McLachlan, Jon, Tran, Andrew, Hopper, Nicholas J., and Kim, Yongdae

Nov 2009

DOI Website abstract Bib

We introduce Torsk, a structured peer-to-peer low-latency anonymity protocol. Torsk is designed as an interoperable replacement for the relay selection and directory service of the popular Tor anonymity network, that decreases the bandwidth cost of relay selection and maintenance from quadratic to quasilinear while introducing no new attacks on the anonymity provided by Tor, and no additional delay to connections made via Tor. The resulting bandwidth savings make a modest-sized Torsk network significantly cheaper to operate, and allows low-bandwidth clients to join the network. Unlike previous proposals for P2P anonymity schemes, Torsk does not require all users to relay traffic for others. Torsk utilizes a combination of two P2P lookup mechanisms with complementary strengths in order to avoid attacks on the confidentiality and integrity of lookups. We show by analysis that previously known attacks on P2P anonymity schemes do not apply to Torsk, and report on experiments conducted with a 336-node wide-area deployment of Torsk, demonstrating its efficiency and feasibility.
@conference{ccs09-torsk, author = {McLachlan, Jon and Tran, Andrew and Hopper, Nicholas J. and Kim, Yongdae}, booktitle = {Proceedings of CCS 2009}, title = {Scalable onion routing with Torsk}, year = {2009}, month = nov, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1653662.1653733}, isbn = {978-1-60558-894-0}, keywords = {P2P}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1653662.1653733} }
[Mayer2009] Security and Privacy Challenges in the Internet of Things

Mayer, Christoph P.

2009

Website abstract Bib

The future Internet of Things as an intelligent collaboration of miniaturized sensors poses new challenges to security and end-user privacy. The ITU has identified that the protection of data and privacy of users is one of the key challenges in the Internet of Things [Int05]: lack of confidence about privacy will result in decreased adoption among users and therefore is one of the driving factors in the success of the Internet of Things. This paper gives an overview, categorization, and analysis of security and privacy challenges in the Internet of Things.
@conference{Mayer2009, author = {Mayer, Christoph P.}, booktitle = {Proceedings of KiVS Workshop on Global Sensor Networks (GSN09)}, title = {Security and Privacy Challenges in the Internet of Things}, year = {2009}, note = {{http://eceasst.cs.tu-berlin.de/index.php/eceasst/article/download/208/205}}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doc.tm.uka.de/2009/security-gsn-camera-ready.pdf} }
[Houri2009] Self-organized Data Redundancy Management for Peer-to-Peer Storage Systems

Houri, Yaser, Jobmann, Manfred, and Fuhrmann, Thomas

2009

DOI Website abstract Bib

In peer-to-peer storage systems, peers can freely join and leave the system at any time. Ensuring high data availability in such an environment is a challenging task. In this paper we analyze the costs of achieving data availability in fully decentralized peer-to-peer systems. We mainly address the problem of churn and what effect maintaining availability has on network bandwidth. We discuss two different redundancy techniques – replication and erasure coding – and consider their monitoring and repairing costs analytically. We calculate the bandwidth costs using basic costs equations and two different Markov reward models. One for centralized monitoring system and the other for distributed monitoring. We show a comparison of the numerical results accordingly. Depending on these results, we determine the best redundancy and maintenance strategy that corresponds to peer’s failure probability.
@inbook{Houri2009, author = {Houri, Yaser and Jobmann, Manfred and Fuhrmann, Thomas}, pages = {65-76}, title = {Self-organized Data Redundancy Management for Peer-to-Peer Storage Systems}, year = {2009}, series = {Lecture Notes in Computer Science}, volume = {Volume 5918/2009}, booktitle = {Self-Organizing Systems}, doi = {10.1007/978-3-642-10865-5}, issn = {978-3-642-10864-8}, keywords = {distributed storage, Markov chain}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/28660w27373vh408/} }
[Mittal2009] ShadowWalker: Peer-to-peer Anonymous Communication Using Redundant Structured Topologies

Mittal, Prateek, and Borisov, Nikita

2009

DOI Website abstract Bib

Peer-to-peer approaches to anonymous communication pro- mise to eliminate the scalability concerns and central vulner- ability points of current networks such as Tor. However, the P2P setting introduces many new opportunities for attack, and previous designs do not provide an adequate level of anonymity. We propose ShadowWalker: a new low-latency P2P anonymous communication system, based on a random walk over a redundant structured topology. We base our de- sign on shadows that redundantly check and certify neigh- bor information; these certifications enable nodes to perform random walks over the structured topology while avoiding route capture and other attacks. We analytically calculate the anonymity provided by Sha- dowWalker and show that it performs well for moderate lev- els of attackers, and is much better than the state of the art. We also design an extension that improves forwarding per- formance at a slight anonymity cost, while at the same time protecting against selective DoS attacks. We show that our system has manageable overhead and can handle moderate churn, making it an attractive new design for P2P anony- mous communication.
@conference{Mittal2009, author = {Mittal, Prateek and Borisov, Nikita}, booktitle = {Proceedings of the 16th ACM Conference on Computer and Communications Security}, title = {ShadowWalker: Peer-to-peer Anonymous Communication Using Redundant Structured Topologies}, year = {2009}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1653662.1653683}, isbn = {978-1-60558-894-0}, keywords = {anonymity, peer-to-peer, random walks}, owner = {tom}, timestamp = {2021-01-27}, url = {http://doi.acm.org/10.1145/1653662.1653683} }
[Acher2009] A Software and Hardware IPTV Architecture for Scalable DVB Distribution

International Journal of Digital Multimedia Broadcasting 2009

DOI Website abstract Bib

Many standards and even more proprietary technologies deal with IP-based television (IPTV). But none of them can transparently map popular public broadcast services such as DVB or ATSC to IPTV with acceptable effort. In this paper we explain why we believe that such a mapping using a light weight framework is an important step towards all-IP multimedia. We then present the NetCeiver architecture: it is based on well-known standards such as IPv6, and it allows zero configuration. The use of multicast streaming makes NetCeiver highly scalable. We also describe a low cost FPGA implementation of the proposed NetCeiver architecture, which can concurrently stream services from up to six full transponders.
@article{Acher2009, journal = {International Journal of Digital Multimedia Broadcasting}, title = {A Software and Hardware IPTV Architecture for Scalable DVB Distribution}, year = {2009}, volume = {2009}, doi = {10.1155/2009/617203}, editor = {Acher, Georg and Fliegl, Detlef and Fuhrmann, Thomas}, keywords = {DVB, IPTV, multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.hindawi.com/journals/ijdmb/2009/617203.html} }
[Harvey2009] Solving very large distributed constraint satisfaction problems

Harvey, Peter

12/2009 2009

abstract Bib

This thesis investigates issues with existing approaches to distributed constraint satisfaction, and proposes a solution in the form of a new algorithm. These issues are most evident when solving large distributed constraint satisfaction problems, hence the title of the thesis. We will first survey existing algorithms for centralised constraint satisfaction, and describe how they have been modified to handle distributed constraint satisfaction. The method by which each algorithm achieves completeness will be investigated and analysed by application of a new theorem. We will then present a new algorithm, Support-Based Distributed Search, developed explicitly for distributed constraint satisfaction rather than being derived from centralised algorithms. This algorithm is inspired by the inherent structure of human arguments and similar mechanisms we observe in real-world negotiations. A number of modifications to this new algorithm are considered, and comparisons are made with existing algorithms, effectively demonstrating its place within the field. Empirical analysis is then conducted, and comparisons are made to state-of-the-art algorithms most able to handle large distributed constraint satisfaction problems. Finally, it is argued that any future development in distributed constraint satisfaction will necessitate changes in the algorithms used to solve small ‘embedded’ constraint satisfaction problems. The impact on embedded constraint satisfaction problems is considered, with a brief presentation of an improved algorithm for hypertree decomposition.
@mastersthesis{Harvey2009, author = {Harvey, Peter}, school = {University of Wollongog, New South Wales, Australia}, title = {Solving very large distributed constraint satisfaction problems}, year = {2009}, address = {Wollongog, New South Wales, Australia}, month = {12/2009}, type = {PhD}, keywords = {algorithms, distributed constraint satisfaction}, owner = {tom}, pages = {211}, timestamp = {2017-10-10}, volume = {Doctor of Philosophy} }

[DBLP:conf/sp/DanezisG09] Sphinx: A Compact and Provably Secure Mix Format

Danezis, George, and Goldberg, Ian

2009

Sphinx is a cryptographic message format used to relay anonymized messages within a mix network. It is more compact than any comparable scheme, and supports a full set of security features: indistinguishable replies, hiding the path length and relay position, as well as providing unlinkability for each leg of the message’s journey over the network. We prove the full cryptographic security of Sphinx in the random oracle model, and we describe how it can be used as an efficient drop-in replacement in deployed remailer systems.

@conference{DBLP:conf/sp/DanezisG09,
  author = {Danezis, George and Goldberg, Ian},
  booktitle = {Proceedings of the 30th IEEE Symposium on Security and Privacy (S\&P 2009), 17-20 May, Oakland, California, USA},
  title = {Sphinx: A Compact and Provably Secure Mix Format},
  year = {2009},
  organization = {IEEE Computer Society},
  pages = {269{\textendash}282},
  publisher = {IEEE Computer Society},
  doi = {10.1109/SP.2009.15},
  isbn = {978-0-7695-3633-0},
  keywords = {anonymity, cryptography},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1607723.1608138}
}

[Briones-Garcia2009] SPINE : Adaptive Publish/Subscribe for Wireless Mesh Networks

Briones-Garcıa, Jorge Alfonso, Koldehofe, Boris, and Rothermel, Kurt

2009

Website abstract Bib

Application deployment on Wireless Mesh Networks (WMNs) is a challenging issue. First it requires communication abstractions that allow for interoperation with Internet applications and second the offered solution should be sensitive to the available resources in the underlying network. Loosely coupled communication abstractions, like publish/subscribe, promote interoperability, but unfortunately are typically implemented at the application layer without considering the available resources at the underlay imposing a significant degradation of application performance in the setting of Wireless Mesh Networks. In this paper we present SPINE, a content-based publish/subscribe system, which considers the particular challenges of deploying application-level services in Wireless Mesh Networks. SPINE is designed to reduce the overhead which stems from both publications and reconfigurations, to cope with the inherent capacity limitations on communication links as well as with mobility of the wireless mesh-clients. We demonstrate the effectiveness of SPINE by comparison with traditional approaches in implementing content-based publish/subscribe.
@conference{Briones-Garcia2009, author = {Briones-Garc{\i}a, Jorge Alfonso and Koldehofe, Boris and Rothermel, Kurt}, booktitle = {Proc of the 8th IEEE International Conference on Innovative Internet Community Systems (I2CS 2008)}, title = {SPINE : Adaptive Publish/Subscribe for Wireless Mesh Networks}, year = {2009}, keywords = {mesh networks, publish/subscribe}, owner = {tom}, timestamp = {2017-10-10}, url = {http://studia.complexica.net/index.php?option=com_content\&view=article\&id=116\%3Aspine--adaptive-publishsubscribe-for-wireless-mesh-networks-pp-320-353\&catid=47\%3Anumber-3\&Itemid=89\&lang=fr} }

[Holz2009a] SpoVNet Security Task Force Report

Holz, Ralph, Mayer, Christoph P., Mies, Sebastian, Niedermayer, Heiko, and Tariq, Muhammad Adnan

2009

@booklet{Holz2009a,
  title = {SpoVNet Security Task Force Report},
  author = {Holz, Ralph and Mayer, Christoph P. and Mies, Sebastian and Niedermayer, Heiko and Tariq, Muhammad Adnan},
  year = {2009},
  number = {TM-2009-2},
  owner = {tom},
  publisher = {{Institute of Telematics, Universit{\"a}t Karlsruhe (TH)}},
  timestamp = {2017-10-10},
  type = {Telematics Technical Report},
  url = {http://doc.tm.uka.de/2009/TM-2009-3.pdf},
  volume = {ISSN 1613-849X}
}

[DBLP:conf/infocom/LandaGCMR09] A Sybilproof Indirect Reciprocity Mechanism for Peer-to-Peer Networks

Gamiochipi, Raul Leonardo Landa, Griffin, David, Clegg, Richard G., Mykoniati, Eleni, and Rio, Miguel

04/2009 2009

abstract Bib

Although direct reciprocity (Tit-for-Tat) contribution systems have been successful in reducing free-loading in peer-to-peer overlays, it has been shown that, unless the contribution network is dense, they tend to be slow (or may even fail) to converge [1]. On the other hand, current indirect reciprocity mechanisms based on reputation systems tend to be susceptible to sybil attacks, peer slander and whitewashing.In this paper we present PledgeRoute, an accounting mechanism for peer contributions that is based on social capital. This mechanism allows peers to contribute resources to one set of peers and use this contribution to obtain services from a different set of peers, at a different time. PledgeRoute is completely decentralised, can be implemented in both structured and unstructured peer-to-peer systems, and it is resistant to the three kinds of attacks mentioned above.To achieve this, we model contribution transitivity as a routing problem in the contribution network of the peer-to-peer overlay, and we present arguments for the routing behaviour and the sybilproofness of our contribution transfer procedures on this basis. Additionally, we present mechanisms for the seeding of the contribution network, and a combination of incentive mechanisms and reciprocation policies that motivate peers to adhere to the protocol and maximise their service contributions to the overlay.
@conference{DBLP:conf/infocom/LandaGCMR09, author = {Gamiochipi, Raul Leonardo Landa and Griffin, David and Clegg, Richard G. and Mykoniati, Eleni and Rio, Miguel}, booktitle = {INFOCOM 2009. The 28th IEEE International Conference on Computer Communications}, title = {A Sybilproof Indirect Reciprocity Mechanism for Peer-to-Peer Networks}, year = {2009}, address = {Rio de Janeiro, Brazil}, month = {04/2009}, organization = {IEEE Computer Society}, pages = {343-351}, publisher = {IEEE Computer Society}, isbn = {978-1-4244-3512-8}, keywords = {p2p network, reprocity mechanism, sybilproof}, owner = {tom}, timestamp = {2017-10-10} }
[Resnick:2009:STT:1566374.1566423] Sybilproof Transitive Trust Protocols

Resnick, Paul, and Sami, Rahul

07/2009 2009

DOI Website abstract Bib

We study protocols to enable one user (the principal) to make potentially profitable but risky interactions with another user (the agent), in the absence of direct trust between the two parties. In such situations, it is possible to enable the interaction indirectly through a chain of credit or "trust" links. We introduce a model that provides insight into many disparate applications, including open currency systems, network trust aggregation systems, and manipulation-resistant recommender systems. Each party maintains a trust account for each other party. When a principal’s trust balance for an agent is high enough to cover potential losses from a bad interaction, direct trust is sufficient to enable the interaction. Allowing indirect trust opens up more interaction opportunities, but also expands the strategy space of an attacker seeking to exploit the community for its own ends. We show that with indirect trust exchange protocols, some friction is unavoidable: any protocol that satisfies a natural strategic safety property that we call sum-sybilproofness can sometimes lead to a reduction in expected overall trust balances even on interactions that are profitable in expectation. Thus, for long-term growth of trust accounts, which are assets enabling risky but valuable interactions, it may be necessary to limit the use of indirect trust. We present the hedged-transitive protocol and show that it achieves the optimal rate of expected growth in trust accounts, among all protocols satisfying the sum-sybilproofness condition.
@conference{Resnick:2009:STT:1566374.1566423, author = {Resnick, Paul and Sami, Rahul}, booktitle = {EC{\textquoteright}09. Proceedings of the 10th ACM Conference on Electronic commerce}, title = {Sybilproof Transitive Trust Protocols}, year = {2009}, address = {Stanford, California, USA}, month = {07/2009}, organization = {ACM}, pages = {345{\textendash}354}, publisher = {ACM}, series = {EC {\textquoteright}09}, doi = {http://doi.acm.org/10.1145/1566374.1566423}, isbn = {978-1-60558-458-4}, keywords = {indirect reciprocity, open currency, recommender system, reputation system, sybilproof, transitive trust}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1566374.1566423} }
[Douglas-thesis] A taxonomy for and analysis of anonymous communications networks

Kelly, Douglas

Mar 2009

Website abstract Bib

Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect feels challenged by the increasing sophistication of cyber attacks. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserve privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enchance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing the wide variety of well-established and state-of-the-art anonymous networking protocols. These expand the classical definition of anonymity and are the first known to capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of-the-art anonymity metrics is provided. This significantly aids an entities ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based model is created to characterize how an adversary reasons with knowledge to degrade anonymity.
@mastersthesis{Douglas-thesis, author = {Kelly, Douglas}, school = {Air Force Institute of Technology}, title = {A taxonomy for and analysis of anonymous communications networks}, year = {2009}, month = mar, type = {phd}, owner = {tom}, timestamp = {2017-10-10}, url = {http://oai.dtic.mil/oai/oai?verb=getRecord\&metadataPrefix=html\&identifier=ADA495688} }
[Mies2009] Towards End-to-End Connectivity for Overlays across Heterogeneous Networks

Mies, Sebastian, Waldhorst, Oliver, and Wippel, Hans

2009

DOI Website abstract Bib

The incremental adoption of IPv6, middle boxes (e.g., NATs, Firewalls) as well as completely new network types and protocols paint a picture of a future Internet that consists of extremely heterogeneous edge networks (e.g. IPv4, IPv6, industrial Ethernet, sensor networks) that are not supposed or able to communicate directly. This increasing heterogeneity imposes severe challenges for overlay networks, which are considered as a potential migration strategy towards the future Internet since they can add new functionality and services in a distributed and self-organizing manner. Unfortunately, overlays are based on end-to-end connectivity and, thus, their deployment is hindered by network heterogeneity. In this paper, we take steps towards a solution to enable overlay connections in such heterogeneous networks, building upon a model of heterogeneous networks that comprises several connectivity domains with direct connectivity, interconnected by relays. As major contribution, we present a distributed protocol that detects the boundaries of connectivity domains as well as relays using a gossiping approach. Furthermore, the protocol manages unique identifiers of connectivity domains and efficiently handles domain splitting and merging due to underlay changes. Simulation studies indicate that the algorithm can handle splitting and merging of connectivity domains in reasonable time and is scalable with respect to control overhead.
@conference{Mies2009, author = {Mies, Sebastian and Waldhorst, Oliver and Wippel, Hans}, booktitle = {Proc. Int. Workshop on the Network of the Future (Future-Net 2009), co-located with IEEE Int. Conf. on Communications (ICC 2009)}, title = {Towards End-to-End Connectivity for Overlays across Heterogeneous Networks}, year = {2009}, address = {Dresden, Germany}, doi = {10.1109/ICCW.2009.5207975}, isbn = {978-1-4244-3437-4}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5207975} }
[DiPalantino2009] Traffic Engineering vs. Content Distribution: A Game Theoretic Perspective

DiPalantino, Dominic, and Johari, Ramesh

04/2009 2009

DOI abstract Bib

In this paper we explore the interaction between content distribution and traffic engineering. Because a traffic engineer may be unaware of the structure of content distribution systems or overlay networks, this management of the network does not fully anticipate how traffic might change as a result of his actions. Content distribution systems that assign servers at the application level can respond very rapidly to changes in the routing of the network. Consequently, the traffic engineer’s decisions may almost never be applied to the intended traffic. We use a game-theoretic framework in which infinitesimal users of a network select the source of content, and the traffic engineer decides how the traffic will route through the network. We formulate a game and prove the existence of equilibria. Additionally, we present a setting in which equilibria are socially optimal, essentially unique, and stable. Conditions under which efficiency loss may be bounded are presented, and the results are extended to the cases of general overlay networks and multiple autonomous systems.
@conference{DiPalantino2009, author = {DiPalantino, Dominic and Johari, Ramesh}, booktitle = {INFOCOM 2009. The 28th IEEE International Conference on Computer Communications}, title = {Traffic Engineering vs. Content Distribution: A Game Theoretic Perspective}, year = {2009}, address = {Rio de Janeiro}, month = {04/2009}, organization = {IEEE Computer Society}, pages = {540-548}, publisher = {IEEE Computer Society}, doi = {10.1109/INFCOM.2009.5061960}, isbn = {978-1-4244-3512-8}, keywords = {content distribution, traffic engineering}, owner = {tom}, timestamp = {2017-10-10} }
[morphing09] Traffic Morphing: An efficient defense against statistical traffic analysis

Wright, Charles, Coull, Scott, and Monrose, Fabian

Feb 2009

abstract Bib

Recent work has shown that properties of network traffic that remain observable after encryption, namely packet sizes and timing, can reveal surprising information about the traffic’s contents (e.g., the language of a VoIP call [29], passwords in secure shell logins [20], or even web browsing habits [21, 14]). While there are some legitimate uses for encrypted traffic analysis, these techniques also raise important questions about the privacy of encrypted communications. A common tactic for mitigating such threats is to pad packets to uniform sizes or to send packets at fixed timing intervals; however, this approach is often inefficient. In this paper, we propose a novel method for thwarting statistical traffic analysis algorithms by optimally morphing one class of traffic to look like another class. Through the use of convex optimization techniques, we show how to optimally modify packets in real-time to reduce the accuracy of a variety of traffic classifiers while incurring much less overhead than padding. Our evaluation of this technique against two published traffic classifiers for VoIP [29] and web traffic [14] shows that morphing works well on a wide range of network data—in some cases, simultaneously providing better privacy and lower overhead than na\textasciidieresisıve defenses.
@conference{morphing09, author = {Wright, Charles and Coull, Scott and Monrose, Fabian}, booktitle = {Proceedings of the Network and Distributed Security Symposium - {NDSS} {\textquoteright}09}, title = {Traffic Morphing: An efficient defense against statistical traffic analysis}, year = {2009}, month = feb, organization = {IEEE}, publisher = {IEEE}, keywords = {privacy, traffic analysis, VoIP}, owner = {tom}, timestamp = {2017-10-10} }
[Elser2009] Tuning Vivaldi: Achieving Increased Accuracy and Stability

Elser, Benedikt, Förschler, Andreas, and Fuhrmann, Thomas

2009

DOI Website abstract Bib

Network Coordinates are a basic building block for most peer-to-peer applications nowadays. They optimize the peer selection process by allowing the nodes to preferably attach to peers to whom they then experience a low round trip time. Albeit there has been substantial research effort in this topic over the last years, the optimization of the various network coordinate algorithms has not been pursued systematically yet. Analyzing the well-known Vivaldi algorithm and its proposed optimizations with several sets of extensive Internet traffic traces, we found that in face of current Internet data most of the parameters that have been recommended in the original papers are a magnitude too high. Based on this insight, we recommend modified parameters that improve the algorithms’ performance significantly.
@inbook{Elser2009, author = {Elser, Benedikt and F{\"o}rschler, Andreas and Fuhrmann, Thomas}, pages = {174-184}, title = {Tuning Vivaldi: Achieving Increased Accuracy and Stability}, year = {2009}, isbn = {978-3-642-10864-8}, series = {Lecture Notes in Computer Science}, volume = {Volume 5918/2009}, booktitle = {Self-Organizing Systems}, doi = {10.1007/978-3-642-10865-5}, issn = {0302-9743}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.springerlink.com/content/h7r3q58251x72155/} }
[1582481] Using link-layer broadcast to improve scalable source routing

Di, Pengfei, and Fuhrmann, Thomas

2009 2009

DOI Website abstract Bib

Scalable source routing (SSR) is a network layer routing protocol that provides services that are similar to those of structured peer-to-peer overlays. In this paper, we describe several improvements to the SSR protocol. They aim at providing nodes with more up-to-date routing information: 1. The use of link-layer broadcast enables all neighbors of a node to contribute to the forwarding process. 2. A light-weight and fast selection mechanism avoids packet duplication and optimizes the source route iteratively. 3. Nodes implicitly learn the network’s topology from overheard broadcast messages. We present simulation results which show the performance gain of the proposed improvements: 1. The delivery ratio in settings with high mobility increases. 2. The required per-node state can be reduced as compared with the original SSR protocol. 3. The route stretch decreases. — These improvements are achieved without increasing the routing overhead.
@conference{1582481, author = {Di, Pengfei and Fuhrmann, Thomas}, booktitle = {IWCMC {\textquoteright}09: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing}, title = {Using link-layer broadcast to improve scalable source routing}, year = {2009}, address = {New York, NY, USA}, month = {2009}, organization = {ACM}, pages = {466{\textendash}471}, publisher = {ACM}, doi = {10.1145/1582379.1582481}, isbn = {978-1-60558-569-7}, keywords = {mobile Ad-hoc networks, P2P, routing, scalable source routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1582481$\#$} }
[ccsw09-fingerprinting] Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naive-bayes classifier

Herrmann, Dominik, Wendolsky, Rolf, and Federrath, Hannes

2009

DOI Website abstract Bib

Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet. We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97% of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccard’s classifier and Naı̈ve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.
@conference{ccsw09-fingerprinting, author = {Herrmann, Dominik and Wendolsky, Rolf and Federrath, Hannes}, booktitle = {Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW {\textquoteright}09)}, title = {Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naive-bayes classifier}, year = {2009}, address = {New York, NY, USA}, organization = {ACM}, pages = {31{\textendash}42}, publisher = {ACM}, doi = {10.1145/1655008.1655013}, isbn = {978-1-60558-784-4}, keywords = {forensics, latency, text mining, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1655013\&dl=GUIDE\&coll=GUIDE\&CFID=83763210\&CFTOKEN=75697565} }
[1590633] Wireless Sensor Networks: A Survey

Potdar, Vidyasagar, Sharif, Atif, and Chang, Elizabeth

2009

DOI Website abstract Bib

Wireless Sensor Networks (WSN), an element of pervasive computing, are presently being used on a large scale to monitor real-time environmental status. However these sensors operate under extreme energy constraints and are designed by keeping an application in mind. Designing a new wireless sensor node is extremely challenging task and involves assessing a number of different parameters required by the target application, which includes range, antenna type, target technology, components, memory, storage, power, life time, security, computational capability, communication technology, power, size, programming interface and applications. This paper analyses commercially (and research prototypes) available wireless sensor nodes based on these parameters and outlines research directions in this area.
@conference{1590633, author = {Potdar, Vidyasagar and Sharif, Atif and Chang, Elizabeth}, booktitle = {WAINA {\textquoteright}09: Proceedings of the 2009 International Conference on Advanced Information Networking and Applications Workshops}, title = {Wireless Sensor Networks: A Survey}, year = {2009}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {636{\textendash}641}, publisher = {IEEE Computer Society}, doi = {10.1109/WAINA.2009.192}, isbn = {978-0-7695-3639-2}, keywords = {FPGA, wireless sensor network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1588304.1590633$\#$} }

[DBLP:conf/esorics/DanezisDKT09] The Wisdom of Crowds: Attacks and Optimal Constructions

Danezis, George, Diaz, Claudia, Käsper, Emilia, and Troncoso, Carmela

2009

We present a traffic analysis of the ADU anonymity scheme presented at ESORICS 2008, and the related RADU scheme. We show that optimal attacks are able to de-anonymize messages more effectively than believed before. Our analysis applies to single messages as well as long term observations using multiple messages. The search of a “better” scheme is bound to fail, since we prove that the original Crowds anonymity system provides the best security for any given mean messaging latency. Finally we present D-Crowds, a scheme that supports any path length distribution, while leaking the least possible information, and quantify the optimal attacks against it.

@conference{DBLP:conf/esorics/DanezisDKT09,
  author = {Danezis, George and Diaz, Claudia and K{\"a}sper, Emilia and Troncoso, Carmela},
  booktitle = {Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS 2009), Saint-Malo, France, September 21-23},
  title = {The Wisdom of Crowds: Attacks and Optimal Constructions},
  year = {2009},
  editor = {Backes, Michael and Ning, Peng},
  organization = {Springer},
  pages = {406{\textendash}423},
  publisher = {Springer},
  series = {Lecture Notes in Computer Science},
  volume = {5789},
  doi = {10.1007/978-3-642-04444-1},
  isbn = {978-3-642-04443-4},
  keywords = {anonymity, Crowds, traffic analysis},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/t6q86u137t4762k8/}
}

[wpes09-xpay] XPay: Practical anonymous payments for Tor routing and other networked services

Chen, Yao, Sion, Radu, and Carbunar, Bogdan

Nov 2009

DOI Website abstract Bib

We design and analyze the first practical anonymous payment mechanisms for network services. We start by reporting on our experience with the implementation of a routing micropayment solution for Tor. We then propose micropayment protocols of increasingly complex requirements for networked services, such as P2P or cloud-hosted services. The solutions are efficient, with bandwidth and latency overheads of under 4% and 0.9 ms respectively (in ORPay for Tor), provide full anonymity (both for payers and payees), and support thousands of transactions per second.
@conference{wpes09-xpay, author = {Chen, Yao and Sion, Radu and Carbunar, Bogdan}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2009)}, title = {XPay: Practical anonymous payments for Tor routing and other networked services}, year = {2009}, month = nov, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1655188.1655195}, isbn = {978-1-60558-783-7}, keywords = {anonymity, onion routing, payment, privacy}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1655188.1655195} }
[Eickhold2008] AmbiComp: A platform for distributed execution of Java programs on embedded systems by offering a single system image

Eickhold, Johannes, Fuhrmann, Thomas, Saballus, Bjoern, Schlender, Sven, and Suchy, Thomas

2008 2008

abstract Bib

Ambient Intelligence pursues the vision that small networked computers will jointly perform tasks that create the illusion of an intelligent environment. One of the most pressing challenges in this context is the question how one could easily develop software for such highly complex, but resource-scarce systems. In this paper we present a snapshot of our ongoing work towards facilitating oftware development for Am- bient Intelligence systems. In particular, we present the AmbiComp [1] platform. It consists of small, modular hardware, a exible rmware including a Java Virtual Machine, and an Eclipse-based integrated development environment.
@conference{Eickhold2008, author = {Eickhold, Johannes and Fuhrmann, Thomas and Saballus, Bjoern and Schlender, Sven and Suchy, Thomas}, booktitle = {AmI-Blocks{\textquoteright}08, European Conference on Ambient Intelligence 2008 manuscript No.}, title = {AmbiComp: A platform for distributed execution of Java programs on embedded systems by offering a single system image}, year = {2008}, month = {2008}, owner = {tom}, timestamp = {2017-10-10} }
[Huebsch2008] Analyzing Unreal Tournament 2004 Network Traffic Characteristics

Hübsch, Christian

2008

Website abstract Bib

With increasing availability of high-speed access links in the private sector, online real-time gaming has become a major and still growing segment in terms of market and network impact today. One of the most popular games is Unreal Tournament 2004, a fast-paced action game that still ranks within the top 10 of the most-played multiplayer Internet-games, according to GameSpy [1]. Besides high demands in terms of graphical computation, games like Unreal also impose hard requirements regarding network packet delay and jitter, for small deterioration in these conditions influences gameplay recognizably. To make matters worse, such games generate a very specific network traffic with strong requirements in terms of data delivery. In this paper, we analyze the network traffic characteristics of Unreal Tournament 2004. The experiments include different aspects like variation of map sizes, player count, player behavior as well as hardware and game-specific configuration. We show how different operating systems influence network behavior of the game. Our work gives a promising picture of how the specific real-time game behaves in terms of network impact and may be used as a basis e.g. for the development of specialized traffic generators.
@conference{Huebsch2008, author = {H{\"u}bsch, Christian}, booktitle = {CGAT{\textquoteright}08 Singapore, 28th-30th}, title = {Analyzing Unreal Tournament 2004 Network Traffic Characteristics}, year = {2008}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.tm.uka.de/itm/WebMan/view.php?view=publikationen_detail\&id=295} }
[Zivan:2008:ALS:1402821.1402895] Anytime local search for distributed constraint optimization

Zivan, Roie

05/2008 2008

Website abstract Bib

Most former studies of Distributed Constraint Optimization Problems (DisCOPs) search considered only complete search algorithms, which are practical only for relatively small problems. Distributed local search algorithms can be used for solving DisCOPs. However, because of the differences between the global evaluation of a system’s state and the private evaluation of states by agents, agents are unaware of the global best state which is explored by the algorithm. Previous attempts to use local search algorithms for solving DisCOPs reported the state held by the system at the termination of the algorithm, which was not necessarily the best state explored. A general framework for implementing distributed local search algorithms for DisCOPs is proposed. The proposed framework makes use of a BFS-tree in order to accumulate the costs of the system’s state in its different steps and to propagate the detection of a new best step when it is found. The resulting framework enhances local search algorithms for DisCOPs with the anytime property. The proposed framework does not require additional network load. Agents are required to hold a small (linear) additional space (beside the requirements of the algorithm in use). The proposed framework preserves privacy at a higher level than complete DisCOP algorithms which make use of a pseudo-tree (ADOPT, DPOP).
@conference{Zivan:2008:ALS:1402821.1402895, author = {Zivan, Roie}, booktitle = {AAMAS{\textquoteright}08 - Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems}, title = {Anytime local search for distributed constraint optimization}, year = {2008}, address = {Estoril, Portugal}, month = {05/2008}, organization = {International Foundation for Autonomous Agents and Multiagent Systems}, pages = {1449{\textendash}1452}, publisher = {International Foundation for Autonomous Agents and Multiagent Systems}, series = {AAMAS {\textquoteright}08}, isbn = {978-0-9817381-2-3}, keywords = {algorithms, BFS-Tree, DCOP, DisCOPs, framework}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1402821.1402895} }
[WongSirer2008ApproximateMatching] Approximate Matching for Peer-to-Peer Overlays with Cubit

Bernard Wong, Aleksandrs Slivkins, and Sirer, Emin Gün

2008

abstract Bib

Keyword search is a critical component in most content retrieval systems. Despite the emergence of completely decentralized and efficient peer-to-peer techniques for content distribution, there have not been similarly efficient, accurate, and decentralized mechanisms for contentdiscoverybasedonapproximatesearchkeys. Inthis paper, we present a scalable and efficient peer-to-peer system calledCubitwith anewsearchprimitivethat can efficientlyfindthe k dataitemswithkeysmostsimilarto a givensearchkey. Thesystem worksbycreatingakeyword metric space that encompasses both the nodes and theobjectsinthesystem,wherethedistancebetweentwo points is a measure of the similarity between the strings thatthepointsrepresent. It providesa loosely-structured overlaythat can efficientlynavigatethis space. We evaluate Cubit through both a real deployment as a search plugin for a popular BitTorrent client and a large-scale simulation and show that it provides an efficient, accurateandrobustmethodto handleimprecisestringsearch infilesharingapplications. 1
@booklet{WongSirer2008ApproximateMatching, title = {Approximate Matching for Peer-to-Peer Overlays with Cubit}, author = {Bernard Wong, Aleksandrs Slivkins and Sirer, Emin G{\"u}n}, year = {2008}, keywords = {distributed hash table, p2psockets}, owner = {tom}, publisher = {Cornell University, Computing and Information Science Technical Report}, timestamp = {2017-10-10} }
[Yang:2008:ABD:1403027.1403032] Auction, but don’t block

Yang, Xiaowei

08/2008 2008

DOI Website abstract Bib

This paper argues that ISP’s recent actions to block certain applications (e.g. BitTorrent) and attempts to differentiate traffic could be a signal of bandwidth scarcity. Bandwidth-intensive applications such as VoD could have driven the traffic demand to the capacity limit of their networks. This paper proposes to let ISPs auction their bandwidth, instead of blocking or degrading applications. A user places a bid in a packet header based on how much he values the communication. When congestion occurs, ISPs allocate bandwidth to those users that value their packets the most, and charge them the Vickrey auction price. We outline a design that addresses the technical challenges to support this auction and analyze its feasibility. Our analysis suggests that the design have reasonable overhead and could be feasible with modern hardware.
@conference{Yang:2008:ABD:1403027.1403032, author = {Yang, Xiaowei}, booktitle = {NetEcon{\textquoteright}08. Proceedings of the 3rd International Workshop on Economics of Networked Systems}, title = {Auction, but don{\textquoteright}t block}, year = {2008}, address = {Seattle, WA, USA}, month = {08/2008}, organization = {ACM}, pages = {19{\textendash}24}, publisher = {ACM}, series = {NetEcon {\textquoteright}08}, doi = {http://doi.acm.org/10.1145/1403027.1403032}, isbn = {978-1-60558-179-8}, keywords = {auction, Internet, net-neutrality}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1403027.1403032} }
[1387603] BFT protocols under fire

Singh, Atul, Das, Tathagata, Maniatis, Petros, Druschel, Peter, and Roscoe, Timothy

2008

Website abstract Bib

Much recent work on Byzantine state machine replication focuses on protocols with improved performance under benign conditions (LANs, homogeneous replicas, limited crash faults), with relatively little evaluation under typical, practical conditions (WAN delays, packet loss, transient disconnection, shared resources). This makes it difficult for system designers to choose the appropriate protocol for a real target deployment. Moreover, most protocol implementations differ in their choice of runtime environment, crypto library, and transport, hindering direct protocol comparisons even under similar conditions. We present a simulation environment for such protocols that combines a declarative networking system with a robust network simulator. Protocols can be rapidly implemented from pseudocode in the high-level declarative language of the former, while network conditions and (measured) costs of communication packages and crypto primitives can be plugged into the latter. We show that the resulting simulator faithfully predicts the performance of native protocol implementations, both as published and as measured in our local network. We use the simulator to compare representative protocols under identical conditions and rapidly explore the effects of changes in the costs of crypto operations, workloads, network conditions and faults. For example, we show that Zyzzyva outperforms protocols like PBFT and Q/U undermost but not all conditions, indicating that one-size-fits-all protocols may be hard if not impossible to design in practice.
@conference{1387603, author = {Singh, Atul and Das, Tathagata and Maniatis, Petros and Druschel, Peter and Roscoe, Timothy}, booktitle = {NSDI{\textquoteright}08: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation}, title = {BFT protocols under fire}, year = {2008}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {189{\textendash}204}, publisher = {USENIX Association}, isbn = {111-999-5555-22-1}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1387603$\#$} }
[bauer:alpaca2008] BitBlender: Light-Weight Anonymity for BitTorrent

Bauer, Kevin, McCoy, Damon, Grunwald, Dirk, and Sicker, Douglas

Sep 2008

DOI Website abstract Bib

We present BitBlender, an efficient protocol that provides an anonymity layer for BitTorrent traffic. BitBlender works by creating an ad-hoc multi-hop network consisting of special peers called "relay peers" that proxy requests and replies on behalf of other peers. To understand the effect of introducing relay peers into the BitTorrent system architecture, we provide an analysis of the expected path lengths as the ratio of relay peers to normal peers varies. A prototype is implemented and experiments are conducted on Planetlab to quantify the performance overhead associated with the protocol. We also propose protocol extensions to add confidentiality and access control mechanisms, countermeasures against traffic analysis attacks, and selective caching policies that simultaneously increase both anonymity and performance. We finally discuss the potential legal obstacles to deploying an anonymous file sharing protocol. This work is among the first to propose a privacy enhancing system that is designed specifically for a particular class of peer-to-peer traffic.
@conference{bauer:alpaca2008, author = {Bauer, Kevin and McCoy, Damon and Grunwald, Dirk and Sicker, Douglas}, booktitle = {Proceedings of the Workshop on Applications of Private and Anonymous Communications (AlPACa 2008)}, title = {BitBlender: Light-Weight Anonymity for BitTorrent}, year = {2008}, address = {Istanbul, Turkey}, month = sep, organization = {ACM}, publisher = {ACM}, doi = {10.1145/1461464.1461465}, keywords = {ad-hoc networks, anonymity, P2P, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1461465} }
[Levin:2008:BAA:1402946.1402987] BitTorrent is an Auction: Analyzing and Improving BitTorrent’s Incentives

Levin, Dave, LaCurts, Katrina, Spring, Neil, and Bhattacharjee, Bobby

SIGCOMM Computer Communication Review 08/2008 2008

DOI Website abstract Bib

Incentives play a crucial role in BitTorrent, motivating users to upload to others to achieve fast download times for all peers. Though long believed to be robust to strategic manipulation, recent work has empirically shown that BitTorrent does not provide its users incentive to follow the protocol. We propose an auction-based model to study and improve upon BitTorrent’s incentives. The insight behind our model is that BitTorrent uses, not tit-for-tat as widely believed, but an auction to decide which peers to serve. Our model not only captures known, performance-improving strategies, it shapes our thinking toward new, effective strategies. For example, our analysis demonstrates, counter-intuitively, that BitTorrent peers have incentive to intelligently under-report what pieces of the file they have to their neighbors. We implement and evaluate a modification to BitTorrent in which peers reward one another with proportional shares of bandwidth. Within our game-theoretic model, we prove that a proportional-share client is strategy-proof. With experiments on PlanetLab, a local cluster, and live downloads, we show that a proportional-share unchoker yields faster downloads against BitTorrent and BitTyrant clients, and that under-reporting pieces yields prolonged neighbor interest.
@article{Levin:2008:BAA:1402946.1402987, author = {Levin, Dave and LaCurts, Katrina and Spring, Neil and Bhattacharjee, Bobby}, journal = {SIGCOMM Computer Communication Review}, title = {BitTorrent is an Auction: Analyzing and Improving BitTorrent{\textquoteright}s Incentives}, year = {2008}, issn = {0146-4833}, month = {08/2008}, pages = {243{\textendash}254}, volume = {38}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1402946.1402987}, keywords = {auctions, BitTorrent, proportional share, tit-for-tat}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1402946.1402987} }
[bootstrap2008gauthierdickey] Bootstrapping of Peer-to-Peer Networks

GauthierDickey, Chis, and Grothoff, Christian

Aug 2008

Website abstract Bib

In this paper, we present the first heuristic for fully distributed bootstrapping of peer-to-peer networks. Our heuristic generates a stream of promising IP addresses to be probed as entry points. This stream is generated using statistical profiles using the IP ranges of start-of-authorities (SOAs) in the domain name system (DNS). We present experimental results demonstrating that with this approach it is efficient and practical to bootstrap Gnutella-sized peer-to-peer networks — without the need for centralized services or the public exposure of end-user’s private IP addresses.
@conference{bootstrap2008gauthierdickey, author = {GauthierDickey, Chis and Grothoff, Christian}, booktitle = {Proceedings of DAS-P2P}, title = {Bootstrapping of Peer-to-Peer Networks}, year = {2008}, address = {Turku, Finland}, month = aug, organization = {IEEE}, publisher = {IEEE}, keywords = {bootstrapping, DNS, installation, P2P}, owner = {tom}, timestamp = {2021-01-27}, url = {http://grothoff.org/christian/bootstrap.pdf} }

[shimshock-pet2008] Breaking and Provably Fixing Minx

Shimshock, Eric, Staats, Matt, and Hopper, Nicholas J.

Jul 2008

In 2004, Danezis and Laurie proposed Minx, an encryption protocol and packet format for relay-based anonymity schemes, such as mix networks and onion routing, with simplicity as a primary design goal. Danezis and Laurie argued informally about the security properties of Minx but left open the problem of proving its security. In this paper, we show that there cannot be such a proof by showing that an active global adversary can decrypt Minx messages in polynomial time. To mitigate this attack, we also prove secure a very simple modification of the Minx protocol.

@conference{shimshock-pet2008,
  author = {Shimshock, Eric and Staats, Matt and Hopper, Nicholas J.},
  booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)},
  title = {Breaking and Provably Fixing Minx},
  year = {2008},
  address = {Leuven, Belgium},
  month = jul,
  organization = {Springer},
  pages = {99{\textendash}114},
  publisher = {Springer},
  doi = {10.1007/978-3-540-70630-4_7},
  isbn = {978-3-540-70629-8},
  keywords = {attack, onion routing},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1428259.1428266}
}

[danezis-pet2008] Bridging and Fingerprinting: Epistemic Attacks on Route Selection

Danezis, George, and Syverson, Paul

Jul 2008

DOI Website abstract Bib

Users building routes through an anonymization network must discover the nodes comprising the network. Yet, it is potentially costly, or even infeasible, for everyone to know the entire network. We introduce a novel attack, the route bridging attack, which makes use of what route creators do not know of the network. We also present new discussion and results concerning route fingerprinting attacks, which make use of what route creators do know of the network. We prove analytic bounds for both route fingerprinting and route bridging and describe the impact of these attacks on published anonymity-network designs. We also discuss implications for network scaling and client-server vs. peer-to-peer systems.
@conference{danezis-pet2008, author = {Danezis, George and Syverson, Paul}, booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)}, title = {Bridging and Fingerprinting: Epistemic Attacks on Route Selection}, year = {2008}, address = {Leuven, Belgium}, editor = {Borisov, Nikita and Goldberg, Ian}, month = jul, organization = {Springer}, pages = {133{\textendash}150}, publisher = {Springer}, doi = {10.1007/978-3-540-70630-4}, isbn = {978-3-540-70629-8}, keywords = {anonymity, P2P, route bridging attack}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.springerlink.com/content/q2r7g81286026576/} }
[1373992] Characterizing unstructured overlay topologies in modern P2P file-sharing systems

Stutzbach, Daniel, Rejaie, Reza, and Sen, Subhabrata

IEEE/ACM Trans. Netw. 2008

DOI Website abstract Bib

In recent years, peer-to-peer (P2P) file-sharing systems have evolved to accommodate growing numbers of participating peers. In particular, new features have changed the properties of the unstructured overlay topologies formed by these peers. Little is known about the characteristics of these topologies and their dynamics in modern file-sharing applications, despite their importance. This paper presents a detailed characterization of P2P overlay topologies and their dynamics, focusing on the modern Gnutella network. We present Cruiser, a fast and accurate P2P crawler, which can capture a complete snapshot of the Gnutella network of more than one million peers in just a few minutes, and show how inaccuracy in snapshots can lead to erroneous conclusions–such as a power-law degree distribution. Leveraging recent overlay snapshots captured with Cruiser, we characterize the graph-related properties of individual overlay snapshots and overlay dynamics across slices of back-to-back snapshots. Our results reveal that while the Gnutella network has dramatically grown and changed in many ways, it still exhibits the clustering and short path lengths of a small world network. Furthermore, its overlay topology is highly resilient to random peer departure and even systematic attacks. More interestingly, overlay dynamics lead to an "onion-like" biased connectivity among peers where each peer is more likely connected to peers with higher uptime. Therefore, long-lived peers form a stable core that ensures reachability among peers despite overlay dynamics.
@article{1373992, author = {Stutzbach, Daniel and Rejaie, Reza and Sen, Subhabrata}, journal = {IEEE/ACM Trans. Netw.}, title = {Characterizing unstructured overlay topologies in modern P2P file-sharing systems}, year = {2008}, issn = {1063-6692}, number = {2}, pages = {267{\textendash}280}, volume = {16}, address = {Piscataway, NJ, USA}, doi = {10.1109/TNET.2007.900406}, keywords = {file-sharing, P2P}, owner = {tom}, publisher = {IEEE Press}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1373992$\#$} }
[torspinISC08] Compromising Anonymity Using Packet Spinning

Pappas, Vasilis, Athanasopoulos, Elias, Ioannidis, Sotiris, and Markatos, Evangelos P.

Sep 2008

DOI Website abstract Bib

We present a novel attack targeting anonymizing systems. The attack involves placing a malicious relay node inside an anonymizing system and keeping legitimate nodes "busy." We achieve this by creating circular circuits and injecting fraudulent packets, crafted in a way that will make them spin an arbitrary number of times inside our artificial loops. At the same time we inject a small number of malicious nodes that we control into the anonymizing system. By keeping a significant part of the anonymizing system busy spinning useless packets, we increase the probability of having our nodes selected in the creation of legitimate circuits, since we have more free capacity to route requests than the legitimate nodes. This technique may lead to the compromise of the anonymity of people using the system. To evaluate our novel attack, we used a real-world anonymizing system, TOR. We show that an anonymizing system that is composed of a series of relay nodes which perform cryptographic operations is vulnerable to our packet spinning attack. Our evaluation focuses on determining the cost we can introduce to the legitimate nodes by injecting the fraudulent packets, and the time required for a malicious client to create n-length TOR circuits. Furthermore we prove that routers that are involved in packet spinning do not have the capacity to process requests for the creation of new circuits and thus users are forced to select our malicious nodes for routing their data streams.
@conference{torspinISC08, author = {Pappas, Vasilis and Athanasopoulos, Elias and Ioannidis, Sotiris and Markatos, Evangelos P.}, booktitle = {Proceedings of the 11th Information Security Conference (ISC 2008)}, title = {Compromising Anonymity Using Packet Spinning}, year = {2008}, month = sep, organization = {Springer-Verlag Berlin, Heidelberg}, publisher = {Springer-Verlag Berlin, Heidelberg}, doi = {10.1007/978-3-540-85886-7_11}, isbn = {978-3-540-85884-3}, keywords = {anonymity, attack, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1432478.1432493} }
[MarPi08] A Concept of an Anonymous Direct P2P Distribution Overlay System

Margasinski, Igor, and Pioro, Michal

Mar 2008

DOI Website abstract Bib

The paper introduces a peer-to-peer system called P2PRIV (peer-to-peer direct and anonymous distribution overlay). Basic novel features of P2PRIV are: (i) a peer-to-peer parallel content exchange architecture, and (ii) separation of the anonymization process from the transport function. These features allow a considerable saving of service time while preserving high degree of anonymity. In the paper we evaluate anonymity measures of P2PRIV (using a normalized entropy measurement model) as well as its traffic measures (including service time and network dynamics), and compare anonymity and traffic performance of P2PRIV with a well known system called CROWDS.
@conference{MarPi08, author = {Margasinski, Igor and Pioro, Michal}, booktitle = {Proceedings of IEEE 22nd International Conference on Advanced Information Networking and Applications (AINA)}, title = {A Concept of an Anonymous Direct P2P Distribution Overlay System}, year = {2008}, address = {Gino-wan, Okinawa, Japan}, month = mar, organization = {IEEE Computer Society Press}, pages = {590{\textendash}597}, publisher = {IEEE Computer Society Press}, doi = {10.1109/AINA.2008.117}, isbn = {978-0-7695-3095-6}, keywords = {communication system security, privacy}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1395079.1395235} }

[Schiele2008] Consistency Management for Peer-to-Peer-based Massively Multiuser Virtual Environments

Schiele, Gregor, Süselbeck, Richard, Wacker, Arno, Triebel, Tonio, and Becker, Christian

2008

@conference{Schiele2008,
  author = {Schiele, Gregor and S{\"u}selbeck, Richard and Wacker, Arno and Triebel, Tonio and Becker, Christian},
  booktitle = {Proc. 1st Int.Workshop on Massively Multiuser Virtual Environments (MMVE{\textquoteright}08)},
  title = {Consistency Management for Peer-to-Peer-based Massively Multiuser Virtual Environments},
  year = {2008},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.spovnet.de/files/publications/MMVEConsistency.pdf/view}
}

[2008a] The Decentralized File System Igor-FS as an Application for Overlay-Networks

02/2008 2008

Website abstract Bib

Working in distributed systems is part of the information society. More and more people and organizations work with growing data volumes. Often, part of the problem is to access large files in a share way. Until now, there are two often used approaches to allow this kind off access. Either the files are tranfered via FTP, e-mail or similar medium before the access happens, or a centralized server provides file services. The first alternative has the disadvantage that the entire file has to be transfered before the first access can be successful. If only small parts in the file have been changed compared to a previous version, the entire file has to be transfered anyway. The centralized approach has disadvantages regarding scalability and reliability. In both approaches authorization and authentication can be difficult in case users are seperated by untrusted network segements.
@mastersthesis{2008a, school = {Universit{\"a}t Fridericiana (TH)}, title = {The Decentralized File System Igor-FS as an Application for Overlay-Networks}, year = {2008}, address = {Karlsruhe, Germany}, month = {02/2008}, type = {Doctoral}, owner = {tom}, pages = {193}, timestamp = {2017-10-10}, url = {http://digbib.ubka.uni-karlsruhe.de/volltexte/1000009668}, volume = {Engineering} }
[vrancx:decentralized] Decentralized Learning in Markov Games

Vrancx, Peter, Verbeeck, Katja, and Nowé, Ann

IEEE Transactions on Systems, Man, and Cybernetics, Part B 08/2008 2008

abstract Bib

Learning automata (LA) were recently shown to be valuable tools for designing multiagent reinforcement learning algorithms. One of the principal contributions of the LA theory is that a set of decentralized independent LA is able to control a finite Markov chain with unknown transition probabilities and rewards. In this paper, we propose to extend this algorithm to Markov games-a straightforward extension of single-agent Markov decision problems to distributed multiagent decision problems. We show that under the same ergodic assumptions of the original theorem, the extended algorithm will converge to a pure equilibrium point between agent policies.
@article{vrancx:decentralized, author = {Vrancx, Peter and Verbeeck, Katja and Now{\'e}, Ann}, journal = {IEEE Transactions on Systems, Man, and Cybernetics, Part B}, title = {Decentralized Learning in Markov Games}, year = {2008}, month = {08/2008}, pages = {976-981}, volume = {38}, keywords = {algorithms, descentralized learning, LA, learning automata}, owner = {tom}, timestamp = {2017-10-10} }
[ccs2008:wang] Dependent Link Padding Algorithms for Low Latency Anonymity Systems

Wang, Wei, Motani, Mehul, and Srinivasan, Vikram

Oct 2008

DOI Website abstract Bib

Low latency anonymity systems are susceptive to traffic analysis attacks. In this paper, we propose a dependent link padding scheme to protect anonymity systems from traffic analysis attacks while providing a strict delay bound. The covering traffic generated by our scheme uses the minimum sending rate to provide full anonymity for a given set of flows. The relationship between user anonymity and the minimum covering traffic rate is then studied via analysis and simulation. When user flows are Poisson processes with the same sending rate, the minimum covering traffic rate to provide full anonymity to m users is O(log m). For Pareto traffic, we show that the rate of the covering traffic converges to a constant when the number of flows goes to infinity. Finally, we use real Internet trace files to study the behavior of our algorithm when user flows have different rates.
@conference{ccs2008:wang, author = {Wang, Wei and Motani, Mehul and Srinivasan, Vikram}, booktitle = {{Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008)}}, title = {Dependent Link Padding Algorithms for Low Latency Anonymity Systems}, year = {2008}, address = {Alexandria, Virginia, USA}, editor = {Syverson, Paul and Jha, Somesh and Zhang, Xiaolan}, month = oct, organization = {ACM Press}, pages = {323{\textendash}332}, publisher = {ACM Press}, doi = {10.1145/1455770.1455812}, isbn = {978-1-59593-810-7}, keywords = {anonymity service, link padding, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1455812} }
[Dischinger:2008:DBB:1452520.1452523] Detecting BitTorrent Blocking

Dischinger, Marcel, Mislove, Alan, Haeberlen, Andreas, and Gummadi, P. Krishna

10/2008 2008

DOI Website abstract Bib

Recently, it has been reported that certain access ISPs are surreptitiously blocking their customers from uploading data using the popular BitTorrent file-sharing protocol. The reports have sparked an intense and wide-ranging policy debate on network neutrality and ISP traffic management practices. However, to date, end users lack access to measurement tools that can detect whether their access ISPs are blocking their BitTorrent traffic. And since ISPs do not voluntarily disclose their traffic management policies, no one knows how widely BitTorrent traffic blocking is deployed in the current Internet. In this paper, we address this problem by designing an easy-to-use tool to detect BitTorrent blocking and by presenting results from a widely used public deployment of the tool.
@conference{Dischinger:2008:DBB:1452520.1452523, author = {Dischinger, Marcel and Mislove, Alan and Haeberlen, Andreas and Gummadi, P. Krishna}, booktitle = {IMC{\textquoteright}08. Proceedings of the 8th ACM SIGCOMM conference on Internet measurement}, title = {Detecting BitTorrent Blocking}, year = {2008}, address = {Vouliagmeni, Greece}, month = {10/2008}, organization = {ACM}, pages = {3{\textendash}8}, publisher = {ACM}, series = {IMC {\textquoteright}08}, doi = {http://doi.acm.org/10.1145/1452520.1452523}, isbn = {978-1-60558-334-1}, keywords = {BitTorrent, blocking, network measurement}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1452520.1452523} }
[clog-the-queue] Don’t Clog the Queue: Circuit Clogging and Mitigation in P2P anonymity schemes

McLachlan, Jon, and Hopper, Nicholas J.

Jan 2008

DOI Website abstract Bib

At Oakland 2005, Murdoch and Danezis described an attack on the Tor anonymity service that recovers the nodes in a Tor circuit, but not the client. We observe that in a peer-to-peer anonymity scheme, the client is part of the circuit and thus the technique can be of greater significance in this setting. We experimentally validate this conclusion by showing that "circuit clogging" can identify client nodes using the MorphMix peer-to-peer anonymity protocol. We also propose and empirically validate the use of the Stochastic Fair Queueing discipline on outgoing connections as an efficient and low-cost mitigation technique.
@conference{clog-the-queue, author = {McLachlan, Jon and Hopper, Nicholas J.}, booktitle = {Proceedings of Financial Cryptography (FC {\textquoteright}08)}, title = {Don{\textquoteright}t Clog the Queue: Circuit Clogging and Mitigation in P2P anonymity schemes}, year = {2008}, month = jan, organization = {Springer-Verlag Berlin, Heidelberg}, publisher = {Springer-Verlag Berlin, Heidelberg}, doi = {10.1007/978-3-540-85230-8_3}, keywords = {anonymity, P2P, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1428551} }

[DBLP:journals/pvldb/Amer-YahiaBLS08] Efficient network aware search in collaborative tagging sites

Amer-Yahia, Sihem, Benedikt, Michael, Lakshmanan, Laks V. S., and Stoyanovich, Julia

PVLDB’08 Aug 2008

Bib

@article{DBLP:journals/pvldb/Amer-YahiaBLS08,
  author = {Amer-Yahia, Sihem and Benedikt, Michael and Lakshmanan, Laks V. S. and Stoyanovich, Julia},
  journal = {PVLDB{\textquoteright}08},
  title = {Efficient network aware search in collaborative tagging sites},
  year = {2008},
  month = aug,
  number = {1},
  volume = {1},
  address = {{Auckland, New Zealand}},
  owner = {tom},
  timestamp = {2017-10-10}
}

[BecchiCrowley2008EfficientRegexEval] Efficient regular expression evaluation: theory to practice

Becchi, Michela, and Crowley, Patrick

2008

@conference{BecchiCrowley2008EfficientRegexEval,
  author = {Becchi, Michela and Crowley, Patrick},
  booktitle = {Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems},
  title = {Efficient regular expression evaluation: theory to practice},
  year = {2008},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {50{\textendash}59},
  publisher = {ACM},
  series = {ANCS {\textquoteright}08},
  doi = {10.1145/1477942.1477950},
  isbn = {978-1-60558-346-4},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1477942.1477950}
}

[1373458] Efficient routing in intermittently connected mobile networks: the single-copy case

Spyropoulos, Thrasyvoulos, Psounis, Konstantinos, and Raghavendra, Cauligi S.

IEEE/ACM Trans. Netw. 2008

DOI Website abstract Bib

Intermittently connected mobile networks are wireless networks where most of the time there does not exist a complete path from the source to the destination. There are many real networks that follow this model, for example, wildlife tracking sensor networks, military networks, vehicular ad hoc networks (VANETs), etc. In this context, conventional routing schemes would fail, because they try to establish complete end-to-end paths, before any data is sent. To deal with such networks researchers have suggested to use flooding-based routing schemes. While flooding-based schemes have a high probability of delivery, they waste a lot of energy and suffer from severe contention which can significantly degrade their performance. With this in mind, we look into a number of "single-copy" routing schemes that use only one copy per message, and hence significantly reduce the resource requirements of flooding-based algorithms. We perform a detailed exploration of the single-copy routing space in order to identify efficient single-copy solutions that (i) can be employed when low resource usage is critical, and (ii) can help improve the design of general routing schemes that use multiple copies. We also propose a theoretical framework that we use to analyze the performance of all single-copy schemes presented, and to derive upper and lower bounds on the delay of any scheme.
@article{1373458, author = {Spyropoulos, Thrasyvoulos and Psounis, Konstantinos and Raghavendra, Cauligi S.}, journal = {IEEE/ACM Trans. Netw.}, title = {Efficient routing in intermittently connected mobile networks: the single-copy case}, year = {2008}, issn = {1063-6692}, number = {1}, pages = {63{\textendash}76}, volume = {16}, address = {Piscataway, NJ, USA}, doi = {10.1109/TNET.2007.897962}, keywords = {mobile Ad-hoc networks, routing}, owner = {tom}, publisher = {IEEE Press}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1373458$\#$} }
[CoNext2008] EGOIST: Overlay Routing using Selfish Neighbor Selection

Smaragdakis, Georgios, Lekakis, Vassilis, Laoutaris, Nikolaos, Bestavros, Azer, Byers, John W., and Roussopoulos, Mema

Dec 2008

abstract Bib

A foundational issue underlying many overlay network applications ranging from routing to peer-to-peer file sharing is that of connectivity management, i.e., folding new arrivals into an existing overlay, and re-wiring to cope with changing network conditions. Previous work has considered the problem from two perspectives: devising practical heuristics for specific applications designed to work well in real deployments, and providing abstractions for the underlying problem that are analytically tractable, especially via game-theoretic analysis. In this paper, we unify these two thrusts by using insights gleaned from novel, realistic theoretic models in the design of Egoist – a distributed overlay routing system that we implemented, deployed, and evaluated on PlanetLab. Using extensive measurements of paths between nodes, we demonstrate that Egoist’s neighbor selection primitives significantly outperform existing heuristics on a variety of performance metrics, including delay, available bandwidth, and node utilization. Moreover, we demonstrate that Egoist is competitive with an optimal, but unscalable full-mesh approach, remains highly effective under significant churn, is robust to cheating, and incurs minimal overhead. Finally, we use a multiplayer peer-to-peer game to demonstrate the value of Egoist to end-user applications.
@conference{CoNext2008, author = {Smaragdakis, Georgios and Lekakis, Vassilis and Laoutaris, Nikolaos and Bestavros, Azer and Byers, John W. and Roussopoulos, Mema}, booktitle = {Proceedings of ACM CoNEXT 2008}, title = {EGOIST: Overlay Routing using Selfish Neighbor Selection}, year = {2008}, address = {Madrid, Spain}, month = dec, keywords = {EGOIST, game theory, overlay networks, routing, selfish neighbor selection}, owner = {tom}, timestamp = {2017-10-10} }

[LOCEntropy2008] Entropy Bounds for Traffic Confirmation

O’Connor, Luke

Oct 2008

Bib

@booklet{LOCEntropy2008,
  title = {Entropy Bounds for Traffic Confirmation},
  author = {O{\textquoteright}Connor, Luke},
  month = oct,
  year = {2008},
  number = {2008/365},
  owner = {tom},
  publisher = {IACR},
  timestamp = {2017-10-10}
}

[Bustos-Jimenez2008] Estimating The Size Of Peer-To-Peer Networks Using Lambert’s W Function

Bustos-Jiménez, Javier, Bersano, Nicolás, Schaeffer, Satu Elisa, Piquer, José Miguel, Iosup, Alexandru, and Ciuffoletti, Augusto

2008

Website abstract Bib

In this work, we address the problem of locally estimating the size of a Peer-to-Peer (P2P) network using local information. We present a novel approach for estimating the size of a peer-to-peer (P2P) network, fitting the sum of new neighbors discovered at each iteration of a breadth-first search (BFS) with a logarithmic function, and then using Lambert’s W function to solve a root of a ln(n) + b - n = 0, where n is the network size. With rather little computation, we reach an estimation error of at most 10 percent, only allowing the BFS to iterate to the third level.
@inbook{Bustos-Jimenez2008, author = {Bustos-Jim{\'e}nez, Javier and Bersano, Nicol{\'a}s and Schaeffer, Satu Elisa and Piquer, Jos{\'e} Miguel and Iosup, Alexandru and Ciuffoletti, Augusto}, pages = {61-72}, publisher = {Springer-Verlag}, title = {Estimating The Size Of Peer-To-Peer Networks Using Lambert{\textquoteright}s W Function}, year = {2008}, address = {New York, NY, USA}, isbn = {978-0-387-09456-4}, booktitle = {Grid Computing - Achievements and Prospects}, issn = {978-0-387-09456-4}, keywords = {distributed computing, lambert w function, network size estimation, peer-to-peer networking}, organization = {Springer-Verlag}, owner = {tom}, timestamp = {2021-01-27}, url = {http://eprints.adm.unipi.it/649/} }
[Junges:2008:EPD:1402298.1402308] Evaluating the performance of DCOP algorithms in a real world, dynamic problem

Junges, Robert, and Bazzan, Ana L. C.

05/2008 2008

Website abstract Bib

Complete algorithms have been proposed to solve problems modelled as distributed constraint optimization (DCOP). However, there are only few attempts to address real world scenarios using this formalism, mainly because of the complexity associated with those algorithms. In the present work we compare three complete algorithms for DCOP, aiming at studying how they perform in complex and dynamic scenarios of increasing sizes. In order to assess their performance we measure not only standard quantities such as number of cycles to arrive to a solution, size and quantity of exchanged messages, but also computing time and quality of the solution which is related to the particular domain we use. This study can shed light in the issues of how the algorithms perform when applied to problems other than those reported in the literature (graph coloring, meeting scheduling, and distributed sensor network).
@conference{Junges:2008:EPD:1402298.1402308, author = {Junges, Robert and Bazzan, Ana L. C.}, booktitle = {AAMAS8 - Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems}, title = {Evaluating the performance of DCOP algorithms in a real world, dynamic problem}, year = {2008}, address = {Estoril, Portugal}, month = {05/2008}, organization = {International Foundation for Autonomous Agents and Multiagent Systems}, pages = {599{\textendash}606}, publisher = {International Foundation for Autonomous Agents and Multiagent Systems}, series = {AAMAS {\textquoteright}08}, isbn = {978-0-9817381-1-6}, keywords = {coordination, DCOP, distributed constraint optimization, traffic control}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1402298.1402308} }
[DBLP:conf/icc/ChenCLNC08] Experimental Analysis of Super-Seeding in BitTorrent

Chen, Zhijia, Chen, Yang, Lin, Chuang, Nivargi, Vaibhav, and Cao, Pei

05/2008 2008

DOI abstract Bib

With the popularity of BitTorrent, improving its performance has been an active research area. Super-seeding, a special upload policy for initial seeds, improves the efficiency in producing multiple seeds and reduces the uploading cost of the initial seeders. However, the overall benefit of super seeding remains a question. In this paper, we conduct an experimental study over the performance of super-seeding scheme of BitTornado. We attempt to answer the following questions: whether and how much super-seeding saves uploading cost, whether the download time of all peers is decreased by super-seeding, and in which scenario super-seeding performs worse. With varying seed bandwidth and peer behavior, we analyze the overall download time and upload cost of super seeding scheme during random period tests over 250 widely distributed PlanetLab nodes. The results show that benefits of super-seeding depend highly on the upload bandwidth of the initial seeds and the behavior of individual peers. Our work not only provides reference for the potential adoption of super-seeding in BitTorrent, but also much insights for the balance of enhancing Quality of Experience (QoE) and saving cost for a large-scale BitTorrent-like P2P commercial application.
@conference{DBLP:conf/icc/ChenCLNC08, author = {Chen, Zhijia and Chen, Yang and Lin, Chuang and Nivargi, Vaibhav and Cao, Pei}, booktitle = {ICC{\textquoteright}08 - Proceedings of the 2008 IEEE International Conference on Communications}, title = {Experimental Analysis of Super-Seeding in BitTorrent}, year = {2008}, address = {Beijing, China}, month = {05/2008}, organization = {IEEE Computer Society}, pages = {65-69}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/ICC.2008.20}, isbn = {978-1-4244-2075-9}, keywords = {BitTorrent, super-seeding}, owner = {tom}, timestamp = {2017-10-10} }
[Ben-David:2008:FSS:1455770.1455804] FairplayMP: a system for secure multi-party computation

Ben-David, Assaf, Nisan, Noam, and Pinkas, Benny

10/2008 2008

DOI Website abstract Bib

We present FairplayMP (for "Fairplay Multi-Party"), a system for secure multi-party computation. Secure computation is one of the great achievements of modern cryptography, enabling a set of untrusting parties to compute any function of their private inputs while revealing nothing but the result of the function. In a sense, FairplayMP lets the parties run a joint computation that emulates a trusted party which receives the inputs from the parties, computes the function, and privately informs the parties of their outputs. FairplayMP operates by receiving a high-level language description of a function and a configuration file describing the participating parties. The system compiles the function into a description as a Boolean circuit, and perform a distributed evaluation of the circuit while revealing nothing else. FairplayMP supplements the Fairplay system [16], which supported secure computation between two parties. The underlying protocol of FairplayMP is the Beaver-Micali-Rogaway (BMR) protocol which runs in a constant number of communication rounds (eight rounds in our implementation). We modified the BMR protocol in a novel way and considerably improved its performance by using the Ben-Or-Goldwasser-Wigderson (BGW) protocol for the purpose of constructing gate tables. We chose to use this protocol since we believe that the number of communication rounds is a major factor on the overall performance of the protocol. We conducted different experiments which measure the effect of different parameters on the performance of the system and demonstrate its scalability. (We can now tell, for example, that running a second-price auction between four bidders, using five computation players, takes about 8 seconds.)
@conference{Ben-David:2008:FSS:1455770.1455804, author = {Ben-David, Assaf and Nisan, Noam and Pinkas, Benny}, booktitle = {CCS{\textquoteright}08 - Proceedings of the 15th ACM conference on Computer and communications security}, title = {FairplayMP: a system for secure multi-party computation}, year = {2008}, address = {Alexandria, VA, USA}, month = {10/2008}, organization = {ACM}, pages = {257{\textendash}266}, publisher = {ACM}, series = {CCS {\textquoteright}08}, doi = {10.1145/1455770.1455804}, isbn = {978-1-59593-810-7}, keywords = {cryptography, secure multi-party computation, SMC}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1455770.1455804} }
[Bose2008] On the False-positive Rate of Bloom Filters

Bose, Prosenjit, Guo, Hua, Kranakis, Evangelos, Maheshwari, Anil, Morin, Pat, Morrison, Jason, Smid, Michiel, and Tang, Yihui

Inf. Process. Lett. 2008

DOI Website abstract Bib

Bloom filters are a randomized data structure for membership queries dating back to 1970. Bloom filters sometimes give erroneous answers to queries, called false positives. Bloom analyzed the probability of such erroneous answers, called the false-positive rate, and Bloom’s analysis has appeared in many publications throughout the years. We show that Bloom’s analysis is incorrect and give a correct analysis.
@article{Bose2008, author = {Bose, Prosenjit and Guo, Hua and Kranakis, Evangelos and Maheshwari, Anil and Morin, Pat and Morrison, Jason and Smid, Michiel and Tang, Yihui}, journal = {Inf. Process. Lett.}, title = {On the False-positive Rate of Bloom Filters}, year = {2008}, issn = {0020-0190}, pages = {210{\textendash}213}, volume = {108}, doi = {10.1016/j.ipl.2008.05.018}, keywords = {Analysis of algorithms, data structures}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1016/j.ipl.2008.05.018} }
[Wang:2008:GAI:1412757.1412971] A game-theoretic analysis of the implications of overlay network traffic on ISP peering

Wang, Jessie Hui, Chiu, Dah Ming, and Lui, John C. S.

Computer Networks 10/2008 2008

DOI Website abstract Bib

Inter-ISP traffic flow determines the settlement between ISPs and affects the perceived performance of ISP services. In today’s Internet, the inter-ISP traffic flow patterns are controlled not only by ISPs’ policy-based routing configuration and traffic engineering, but also by application layer routing. The goal of this paper is to study the economic implications of this shift in Internet traffic control assuming rational ISPs and subscribers. For this purpose, we build a general traffic model that predicts traffic patterns based on subscriber distribution and abstract traffic controls such as caching functions and performance sensitivity functions. We also build a game-theoretic model of subscribers picking ISPs, and ISPs making provisioning and peering decisions. In particular, we apply this to a local market where two ISPs compete for market share of subscribers under two traffic patterns: ’’Web’’ and ’’P2P overlay’’, that typifies the transition the current Internet is going through. Our methodology can be used to quantitatively demonstrate that (1) while economy of scale is the predominant property of the competitive ISP market, P2P traffic may introduce unfair distribution of peering benefit (i.e. free-riding); (2) the large ISP can restore more fairness by reducing its private capacity (bandwidth throttling), which has the drawback of hurting business growth; and (3) ISPs can reduce the level of peering (e.g. by reducing peering bandwidth) to restore more fairness, but this has the side-effect of also reducing the ISPs’ collective bargaining power towards subscribers.
@article{Wang:2008:GAI:1412757.1412971, author = {Wang, Jessie Hui and Chiu, Dah Ming and Lui, John C. S.}, journal = {Computer Networks}, title = {A game-theoretic analysis of the implications of overlay network traffic on ISP peering}, year = {2008}, issn = {1389-1286}, month = {10/2008}, pages = {2961{\textendash}2974}, volume = {52}, address = {New York, NY, USA}, doi = {10.1016/j.comnet.2008.06.014}, keywords = {game theory, isp, Network management, Peering, Traffic model}, owner = {tom}, publisher = {Elsevier North-Holland, Inc.}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1412757.1412971} }
[saballus08gaos] Global Accessible Objects (GAOs) in the Ambicomp Distributed Java Virtual Machine

Saballus, Bjoern, Eickhold, Johannes, and Fuhrmann, Thomas

2008

Website abstract Bib

As networked embedded sensors and actuators become more and more widespread, software developers encounter the difficulty to create applications that run distributed on these nodes: Typically, these nodes are heterogeneous, resource-limited, and there is no centralized control. The Ambicomp project tackles this problem. Its goal is to provide a distributed Java Virtual Machine (VM) that runs on the bare sensor node hardware. This VM creates a single system illusion across several nodes. Objects and threads can migrate freely between these nodes. In this paper, we address the problem of globally accessible objects. We describe how scalable source routing, a DHT-inspired routing protocol, can be used to allow access to objects regardless of their respective physical location and without any centralized component.
@conference{saballus08gaos, author = {Saballus, Bjoern and Eickhold, Johannes and Fuhrmann, Thomas}, booktitle = {Proceedings of the Second International Conference on Sensor Technologies and Applications (SENSORCOMM 2008)}, title = {Global Accessible Objects (GAOs) in the Ambicomp Distributed Java Virtual Machine}, year = {2008}, address = {Cap Esterel, France}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, keywords = {distributed hash table}, owner = {tom}, timestamp = {2017-10-10}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[back-hash] Hash cash - a denial of service counter-measure

Back, Adam

2008

Website abstract Bib

Hashcash was originally proposed as a mechanism to throttle systematic abuse of un-metered internet resources such as email, and anonymous remailers in May 1997. Five years on, this paper captures in one place the various applications, improvements suggested and related subsequent publications, and describes initial experience from experiments using hashcash. The hashcash CPU cost-function computes a token which can be used as a proof-of-work. Interactive and non-interactive variants of cost-functions can be constructed which can be used in situations where the server can issue a challenge (connection oriented interactive protocol), and where it can not (where the communication is store - and - forward, or packet oriented) respectively.
@booklet{back-hash, title = {Hash cash - a denial of service counter-measure}, author = {Back, Adam}, year = {2008}, owner = {tom}, timestamp = {2017-10-10}, url = {citeseer.ist.psu.edu/back02hashcash.html} }
[Koch2008] Higher Confidence in Event Correlation Using Uncertainty Restrictions

Koch, Gerald G., Koldehofe, Boris, and Rothermel, Kurt

2008

Website abstract Bib

Distributed cooperative systems that use event notification for communication can benefit from event correlation within the notification network. In the presence of uncertain data, however, correlation results easily become unreliable. The handling of uncertainty is therefore an important challenge for event correlation in distributed event notification systems. In this paper, we present a generic correlation model that is aware of uncertainty. We propose uncertainty constraints that event correlation can take into account and show how they can lead to higher confidence in the correlation result. We demonstrate that the application of this model allows to obtain a qualitative description of event correlation.
@conference{Koch2008, author = {Koch, Gerald G. and Koldehofe, Boris and Rothermel, Kurt}, booktitle = {28th International Conference on In Distributed Computing Systems Workshops}, title = {Higher Confidence in Event Correlation Using Uncertainty Restrictions}, year = {2008}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.citeulike.org/user/nmsx/article/4505416} }
[sassaman-pet2008] How to Bypass Two Anonymity Revocation Systems

Danezis, George, and Sassaman, Len

Jul 2008

DOI Website abstract Bib

In recent years, there have been several proposals for anonymous communication systems that provide intentional weaknesses to allow anonymity to be circumvented in special cases. These anonymity revocation schemes attempt to retain the properties of strong anonymity systems while granting a special class of people the ability to selectively break through their protections. We evaluate the two dominant classes of anonymity revocation systems, and identify fundamental flaws in their architecture, leading to a failure to ensure proper anonymity revocation, as well as introducing additional weaknesses for users not targeted for anonymity revocation.
@conference{sassaman-pet2008, author = {Danezis, George and Sassaman, Len}, booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)}, title = {How to Bypass Two Anonymity Revocation Systems}, year = {2008}, address = {Leuven, Belgium}, editor = {Borisov, Nikita and Goldberg, Ian}, month = jul, organization = {Springer}, pages = {187{\textendash}201}, publisher = {Springer}, doi = {10.1007/978-3-540-70630-4}, isbn = {978-3-540-70629-8}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/179453h161722821/} }
[Boldyreva:2008:IEE:1455770.1455823] Identity-based encryption with efficient revocation

Boldyreva, Alexandra, Goyal, Vipul, and Kumar, Virendra

10/2008 2008

DOI Website abstract Bib

Identity-based encryption (IBE) is an exciting alternative to public-key encryption, as IBE eliminates the need for a Public Key Infrastructure (PKI). The senders using an IBE do not need to look up the public keys and the corresponding certificates of the receivers, the identities (e.g. emails or IP addresses) of the latter are sufficient to encrypt. Any setting, PKI- or identity-based, must provide a means to revoke users from the system. Efficient revocation is a well-studied problem in the traditional PKI setting. However in the setting of IBE, there has been little work on studying the revocation mechanisms. The most practical solution requires the senders to also use time periods when encrypting, and all the receivers (regardless of whether their keys have been compromised or not) to update their private keys regularly by contacting the trusted authority. We note that this solution does not scale well – as the number of users increases, the work on key updates becomes a bottleneck. We propose an IBE scheme that significantly improves key-update efficiency on the side of the trusted party (from linear to logarithmic in the number of users), while staying efficient for the users. Our scheme builds on the ideas of the Fuzzy IBE primitive and binary tree data structure, and is provably secure.
@conference{Boldyreva:2008:IEE:1455770.1455823, author = {Boldyreva, Alexandra and Goyal, Vipul and Kumar, Virendra}, booktitle = {CCS{\textquoteright}08 - Proceedings of the 15th ACM Conference on Computer and Communications Security}, title = {Identity-based encryption with efficient revocation}, year = {2008}, address = {Alexandria, VA, USA}, month = {10/2008}, organization = {ACM}, pages = {417{\textendash}426}, publisher = {ACM}, series = {CCS {\textquoteright}08}, doi = {http://doi.acm.org/10.1145/1455770.1455823}, isbn = {978-1-59593-810-7}, keywords = {IBE, identity-based encryption, provable security, revocation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1455770.1455823} }
[DBLP:conf/p2p/AmannEHF08] IgorFs: A Distributed P2P File System

Amann, Bernhard, Elser, Benedikt, Houri, Yaser, and Fuhrmann, Thomas

2008

DOI Website abstract Bib

IgorFs is a distributed, decentralized peer-to-peer (P2P) file system that is completely transparent to the user. It is built on top of the Igor peer-to-peer overlay network, which is similar to Chord, but provides additional features like service orientation or proximity neighbor and route selection. IgorFs offers an efficient means to publish data files that are subject to frequent but minor modifications. In our demonstration we show two use cases for IgorFs: the first example is (static) software-distribution and the second example is (dynamic) file distribution.
@conference{DBLP:conf/p2p/AmannEHF08, author = {Amann, Bernhard and Elser, Benedikt and Houri, Yaser and Fuhrmann, Thomas}, booktitle = {Peer-to-Peer Computing}, title = {IgorFs: A Distributed P2P File System}, year = {2008}, pages = {77-78}, doi = {10.1109/P2P.2008.19}, keywords = {distributed storage, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.pubzone.org/dblp/conf/p2p/AmannEHF08} }
[diaz-pet2008] On the Impact of Social Network Profiling on Anonymity

Diaz, Claudia, Troncoso, Carmela, and Serjantov, Andrei

Jul 2008

DOI Website abstract Bib

This paper studies anonymity in a setting where individuals who communicate with each other over an anonymous channel are also members of a social network. In this setting the social network graph is known to the attacker. We propose a Bayesian method to combine multiple available sources of information and obtain an overall measure of anonymity. We study the effects of network size and find that in this case anonymity degrades when the network grows. We also consider adversaries with incomplete or erroneous information; characterize their knowledge of the social network by its quantity, quality and depth; and discuss the implications of these properties for anonymity.
@conference{diaz-pet2008, author = {Diaz, Claudia and Troncoso, Carmela and Serjantov, Andrei}, booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)}, title = {On the Impact of Social Network Profiling on Anonymity}, year = {2008}, address = {Leuven, Belgium}, editor = {Borisov, Nikita and Goldberg, Ian}, month = jul, organization = {Springer}, pages = {44{\textendash}62}, publisher = {Springer}, doi = {10.1007/978-3-540-70630-4_4}, isbn = {978-3-540-70629-8}, keywords = {anonymity, attack}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1428263} }
[improved-clockskew] An Improved Clock-skew Measurement Technique for Revealing Hidden Services

Zander, Sebastian, and Murdoch, Steven J.

Jul 2008

Website abstract Bib

The Tor anonymisation network allows services, such as web servers, to be operated under a pseudonym. In previous work Murdoch described a novel attack to reveal such hidden services by correlating clock skew changes with times of increased load, and hence temperature. Clock skew measurement suffers from two main sources of noise: network jitter and timestamp quantisation error. Depending on the target’s clock frequency the quantisation noise can be orders of magnitude larger than the noise caused by typical network jitter. Quantisation noise limits the previous attacks to situations where a high frequency clock is available. It has been hypothesised that by synchronising measurements to the clock ticks, quantisation noise can be reduced. We show how such synchronisation can be achieved and maintained, despite network jitter. Our experiments show that synchronised sampling significantly reduces the quantisation error and the remaining noise only depends on the network jitter (but not clock frequency). Our improved skew estimates are up to two magnitudes more accurate for low-resolution timestamps and up to one magnitude more accurate for high-resolution timestamps, when compared to previous random sampling techniques. The improved accuracy not only allows previous attacks to be executed faster and with less network traffic but also opens the door to previously infeasible attacks on low-resolution clocks, including measuring skew of a HTTP server over the anonymous channel.
@conference{improved-clockskew, author = {Zander, Sebastian and Murdoch, Steven J.}, booktitle = {Proceedings of the 17th USENIX Security Symposium}, title = {An Improved Clock-skew Measurement Technique for Revealing Hidden Services}, year = {2008}, address = {San Jose, CA, US}, month = jul, organization = {USENIX Association Berkeley, CA, USA}, publisher = {USENIX Association Berkeley, CA, USA}, keywords = {anonymity, pseudonym, Tor}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1496726} }
[reardon-thesis] Improving Tor using a TCP-over-DTLS Tunnel

Reardon, Joel

Sep 2008

abstract Bib

The Tor network gives anonymity to Internet users by relaying their traffic through the world over a variety of routers. This incurs latency, and this thesis first explores where this latency occurs. Experiments discount the latency induced by routing traffic and computational latency to determine there is a substantial component that is caused by delay in the communication path. We determine that congestion control is causing the delay. Tor multiplexes multiple streams of data over a single TCP connection. This is not a wise use of TCP, and as such results in the unfair application of congestion control. We illustrate an example of this occurrence on a Tor node on the live network and also illustrate how packet dropping and reordering cause interference between the multiplexed streams. Our solution is to use a TCP-over-DTLS (Datagram Transport Layer Security) transport between routers, and give each stream of data its own TCP connection. We give our design for our proposal, and details about its implementation. Finally, we perform experiments on our implemented version to illustrate that our proposal has in fact resolved the multiplexing issues discovered in our system performance analysis. The future work gives a number of steps towards optimizing and improving our work, along with some tangential ideas that were discovered during research. Additionally, the open-source software projects latency proxy and libspe, which were designed for our purposes but programmed for universal applicability, are discussed.
@mastersthesis{reardon-thesis, author = {Reardon, Joel}, school = {University of Waterloo}, title = {Improving Tor using a TCP-over-DTLS Tunnel}, year = {2008}, month = sep, type = {masters}, owner = {tom}, timestamp = {2017-10-10} }
[Aggarwal2008] Improving User and ISP Experience through ISP-aided P2P Locality

Aggarwal, Vinay, Akonjang, Obi, and Feldmann, Anja

04/2008 2008

abstract Bib

Despite recent improvements, P2P systems are still plagued by fundamental issues such as overlay/underlay topological and routing mismatch, which affects their performance and causes traffic strains on the ISPs. In this work, we aim to improve overall system performance for ISPs as well as P2P systems by means of traffic localization through improved collaboration between ISPs and P2P systems. More specifically, we study the effects of different ISP/P2P topologies as well as a broad range of influential user behavior characteristics, namely content availability, churn, and query patterns, on end-user and ISP experience. We show that ISP-aided P2P locality benefits both P2P users and ISPs, measured in terms of improved content download times, increased network locality of query responses and desired content, and overall reduction in P2P traffic.
@conference{Aggarwal2008, author = {Aggarwal, Vinay and Akonjang, Obi and Feldmann, Anja}, booktitle = {GI{\textquoteright}08. Proceedings of 11th IEEE Global Internet Symposium 2008}, title = {Improving User and ISP Experience through ISP-aided P2P Locality}, year = {2008}, address = {Phoenix, AZ}, month = {04/2008}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, isbn = {978-1-4244-2219-7}, keywords = {isp, P2P}, owner = {tom}, timestamp = {2017-10-10} }
[ccs2008:mittal] Information Leaks in Structured Peer-to-peer Anonymous Communication Systems

Mittal, Prateek, and Borisov, Nikita

Oct 2008

DOI Website abstract Bib

We analyze information leaks in the lookup mechanisms of structured peer-to-peer anonymous communication systems and how these leaks can be used to compromise anonymity. We show that the techniques that are used to combat active attacks on the lookup mechanism dramatically increase information leaks and increase the efficacy of passive attacks. Thus there is a trade-off between robustness to active and passive attacks. We study this trade-off in two P2P anonymous systems, Salsa and AP3. In both cases, we find that, by combining both passive and active attacks, anonymity can be compromised much more effectively than previously thought, rendering these systems insecure for most proposed uses. Our results hold even if security parameters are changed or other improvements to the systems are considered. Our study therefore motivates the search for new approaches to P2P anonymous communication.
@conference{ccs2008:mittal, author = {Mittal, Prateek and Borisov, Nikita}, booktitle = {Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008)}, title = {Information Leaks in Structured Peer-to-peer Anonymous Communication Systems}, year = {2008}, address = {Alexandria, Virginia, USA}, editor = {Syverson, Paul and Jha, Somesh and Zhang, Xiaolan}, month = oct, organization = {ACM Press}, pages = {267{\textendash}278}, publisher = {ACM Press}, doi = {10.1145/1455770.1455805}, isbn = {978-1-59593-810-7}, keywords = {anonymity, attack, information leaks, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1455805} }
[Chen:2008:IRS:1331483.1331515] Insight into redundancy schemes in DHTs

Chen, Guihai, Qiu, Tongqing, and Wu, Fan

Journal of Supercomputing 02/2008 2008

DOI Website abstract Bib

In order to provide high data availability in peer-to-peer (P2P) DHTs, proper data redundancy schemes are required. This paper compares two popular schemes: replication and erasure coding. Unlike previous comparison, we take user download behavior into account. Furthermore, we propose a hybrid redundancy scheme, which shares user downloaded files for subsequent accesses and utilizes erasure coding to adjust file availability. Comparison experiments of three schemes show that replication saves more bandwidth than erasure coding, although it requires more storage space, when average node availability is higher than 47%; moreover, our hybrid scheme saves more maintenance bandwidth with acceptable redundancy factor.
@article{Chen:2008:IRS:1331483.1331515, author = {Chen, Guihai and Qiu, Tongqing and Wu, Fan}, journal = {Journal of Supercomputing}, title = {Insight into redundancy schemes in DHTs}, year = {2008}, issn = {0920-8542}, month = {02/2008}, pages = {183{\textendash}198}, volume = {43}, address = {Hingham, MA, USA}, doi = {10.1007/s11227-007-0126-4}, keywords = {distributed hash table, erasure coding, peer-to-peer networking, redundancy, Replication}, owner = {tom}, publisher = {Kluwer Academic Publishers}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1331483.1331515} }

[DBLP:conf/usenix/HiblerRSDGSWL08] Large-scale Virtualization in the Emulab Network Testbed

Hibler, Mike, Ricci, Robert, Stoller, Leigh, Duerig, Jonathon, Guruprasad, Shashi, Stack, Tim, Webb, Kirk, and Lepreau, Jay

2008

Bib

@conference{DBLP:conf/usenix/HiblerRSDGSWL08,
  author = {Hibler, Mike and Ricci, Robert and Stoller, Leigh and Duerig, Jonathon and Guruprasad, Shashi and Stack, Tim and Webb, Kirk and Lepreau, Jay},
  booktitle = {USENIX Annual Technical Conference},
  title = {Large-scale Virtualization in the Emulab Network Testbed},
  year = {2008},
  pages = {113-128},
  keywords = {emulab, emulation, testbed, virtualization},
  owner = {tom},
  timestamp = {2017-10-10}
}

[nussbaum2008p2plab] Lightweight emulation to study peer-to-peer systems

Nussbaum, Lucas, and Richard, Olivier

Concurrency and Computation: Practice and Experience 2008

@article{nussbaum2008p2plab,
  author = {Nussbaum, Lucas and Richard, Olivier},
  journal = {Concurrency and Computation: Practice and Experience},
  title = {Lightweight emulation to study peer-to-peer systems},
  year = {2008},
  issn = {1532-0634},
  number = {6},
  pages = {735{\textendash}749},
  volume = {20},
  doi = {10.1002/cpe.1242},
  keywords = {BitTorrent, emulation, evaluation, network, peer-to-peer, virtualization},
  owner = {tom},
  publisher = {John Wiley \& Sons, Ltd.},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1002/cpe.1242}
}

[1390683] Linear-Time Computation of Similarity Measures for Sequential Data

Rieck, Konrad, and Laskov, Pavel

J. Mach. Learn. Res. 2008

Website abstract Bib

Efficient and expressive comparison of sequences is an essential procedure for learning with sequential data. In this article we propose a generic framework for computation of similarity measures for sequences, covering various kernel, distance and non-metric similarity functions. The basis for comparison is embedding of sequences using a formal language, such as a set of natural words, k-grams or all contiguous subsequences. As realizations of the framework we provide linear-time algorithms of different complexity and capabilities using sorted arrays, tries and suffix trees as underlying data structures. Experiments on data sets from bioinformatics, text processing and computer security illustrate the efficiency of the proposed algorithms—enabling peak performances of up to 106 pairwise comparisons per second. The utility of distances and non-metric similarity measures for sequences as alternatives to string kernels is demonstrated in applications of text categorization, network intrusion detection and transcription site recognition in DNA.
@article{1390683, author = {Rieck, Konrad and Laskov, Pavel}, journal = {J. Mach. Learn. Res.}, title = {Linear-Time Computation of Similarity Measures for Sequential Data}, year = {2008}, issn = {1532-4435}, pages = {23{\textendash}48}, volume = {9}, owner = {tom}, publisher = {JMLR.org}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1390683$\#$} }
[1358311] Linyphi: creating IPv6 mesh networks with SSR

Di, Pengfei, Eickhold, Johannes, and Fuhrmann, Thomas

Concurr. Comput. : Pract. Exper. 2008

DOI Website abstract Bib

Scalable source routing (SSR) is a self-organizing routing protocol which is especially suited for networks that do not have a well-crafted structure, e.g. ad hoc and mesh networks. SSR works on a flat identifier space. As a consequence, it can easily support host mobility without requiring any location directory or other centralized service. SSR is based on a virtual ring structure, which is used in a chord-like manner to obtain source routes to previously unknown destinations. It has been shown that SSR requires very little per node state and produces very little control messages. In particular, SSR has been found to outperform other ad hoc routing protocols such as ad hoc on-demand distance vector routing, optimized link-state routing, or beacon vector routing. In this paper we present Linyphi, an implementation of SSR for wireless access routers. Linyphi combines IPv6 and SSR so that unmodified IPv6 hosts have transparent connectivity to both the Linyphi mesh network and the IPv4-v6 Internet. We give a basic outline of the implementation and demonstrate its suitability in real-world mesh network scenarios. Furthermore, we illustrate the use of Linyphi for distributed applications such as the Linyphone peer-to-peer VoIP application. Copyright \textcopyright 2008 John Wiley & Sons, Ltd.
@article{1358311, author = {Di, Pengfei and Eickhold, Johannes and Fuhrmann, Thomas}, journal = {Concurr. Comput. : Pract. Exper.}, title = {Linyphi: creating IPv6 mesh networks with SSR}, year = {2008}, issn = {1532-0626}, number = {6}, pages = {675{\textendash}691}, volume = {20}, address = {Chichester, UK}, doi = {10.1002/cpe.v20:6}, keywords = {scalable source routing}, owner = {tom}, publisher = {John Wiley and Sons Ltd.}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1358302.1358311$\#$} }

[murdoch-pet2008] Metrics for Security and Performance in Low-Latency Anonymity Networks

Murdoch, Steven J., and Watson, Robert N. M.

Jul 2008

@conference{murdoch-pet2008,
  author = {Murdoch, Steven J. and Watson, Robert N. M.},
  booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)},
  title = {Metrics for Security and Performance in Low-Latency Anonymity Networks},
  year = {2008},
  address = {Leuven, Belgium},
  editor = {Borisov, Nikita and Goldberg, Ian},
  month = jul,
  organization = {Springer},
  pages = {115{\textendash}132},
  publisher = {Springer},
  doi = {10.1007/978-3-540-70630-4_8},
  isbn = {978-3-540-70629-8},
  keywords = {anonymity, Tor},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1428259.1428267}
}

[pizzonia2008netkit] Netkit: easy emulation of complex networks on inexpensive hardware

Pizzonia, Maurizio, and Rimondini, Massimo

2008

@conference{pizzonia2008netkit,
  author = {Pizzonia, Maurizio and Rimondini, Massimo},
  booktitle = {Proceedings of the 4th International Conference on Testbeds and research infrastructures for the development of networks \& communities},
  title = {Netkit: easy emulation of complex networks on inexpensive hardware},
  year = {2008},
  address = {ICST, Brussels, Belgium, Belgium},
  organization = {ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering)},
  pages = {7:1{\textendash}7:10},
  publisher = {ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering)},
  series = {TridentCom {\textquoteright}08},
  isbn = {978-963-9799-24-0},
  keywords = {network emulation, routing, user-mode Linux, virtual laboratories},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=1390576.1390585}
}

[1341892] ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks

Awerbuch, Baruch, Curtmola, Reza, Holmer, David, Nita-Rotaru, Cristina, and Rubens, Herbert

ACM Trans. Inf. Syst. Secur. 2008

DOI Website abstract Bib

Ah hoc networks offer increased coverage by using multihop communication. This architecture makes services more vulnerable to internal attacks coming from compromised nodes that behave arbitrarily to disrupt the network, also referred to as Byzantine attacks. In this work, we examine the impact of several Byzantine attacks performed by individual or colluding attackers. We propose ODSBR, the first on-demand routing protocol for ad hoc wireless networks that provides resilience to Byzantine attacks caused by individual or colluding nodes. The protocol uses an adaptive probing technique that detects a malicious link after log n faults have occurred, where n is the length of the path. Problematic links are avoided by using a route discovery mechanism that relies on a new metric that captures adversarial behavior. Our protocol never partitions the network and bounds the amount of damage caused by attackers. We demonstrate through simulations ODSBR’s effectiveness in mitigating Byzantine attacks. Our analysis of the impact of these attacks versus the adversary’s effort gives insights into their relative strengths, their interaction, and their importance when designing multihop wireless routing protocols.
@article{1341892, author = {Awerbuch, Baruch and Curtmola, Reza and Holmer, David and Nita-Rotaru, Cristina and Rubens, Herbert}, journal = {ACM Trans. Inf. Syst. Secur.}, title = {ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks}, year = {2008}, issn = {1094-9224}, number = {4}, pages = {1{\textendash}35}, volume = {10}, address = {New York, NY, USA}, doi = {10.1145/1284680.1341892}, keywords = {ad-hoc networks, byzantine fault tolerance, on-demand routing, security model}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1284680.1341892$\#$} }
[Hartline:2008:OMD:1374376.1374390] Optimal mechanism design and money burning

Hartline, Jason D., and Roughgarden, Tim

05/2008 2008

DOI Website abstract Bib

Mechanism design is now a standard tool in computer science for aligning the incentives of self-interested agents with the objectives of a system designer. There is, however, a fundamental disconnect between the traditional application domains of mechanism design (such as auctions) and those arising in computer science (such as networks): while monetary "transfers" (i.e., payments) are essential for most of the known positive results in mechanism design, they are undesirable or even technologically infeasible in many computer systems. Classical impossibility results imply that the reach of mechanisms without transfers is severely limited. Computer systems typically do have the ability to reduce service quality–routing systems can drop or delay traffic, scheduling protocols can delay the release of jobs, and computational payment schemes can require computational payments from users (e.g., in spam-fighting systems). Service degradation is tantamount to requiring that users "burn money", and such "payments" can be used to influence the preferences of the agents at a cost of degrading the social surplus. We develop a framework for the design and analysis of "money-burning mechanisms" to maximize the residual surplus-the total value of the chosen outcome minus the payments required. Our primary contributions are the following. * We define a general template for prior-free optimal mechanism design that explicitly connects Bayesian optimal mechanism design, the dominant paradigm in economics, with worst-case analysis. In particular, we establish a general and principled way to identify appropriate performance benchmarks in prior-free mechanism design. * For general single-parameter agent settings, we characterize the Bayesian optimal money-burning mechanism. * For multi-unit auctions, we design a near-optimal prior-free money-burning mechanism: for every valuation profile, its expected residual surplus is within a constant factor of our benchmark, the residual surplus of the best Bayesian optimal mechanism for this profile. * For multi-unit auctions, we quantify the benefit of general transfers over money-burning: optimal money-burning mechanisms always obtain a logarithmic fraction of the full social surplus, and this bound is tight.
@conference{Hartline:2008:OMD:1374376.1374390, author = {Hartline, Jason D. and Roughgarden, Tim}, booktitle = {STOC{\textquoteright}08. Proceedings of the 40th annual ACM Symposium on Theory of Computing}, title = {Optimal mechanism design and money burning}, year = {2008}, address = {Victoria, British Columbia, Canada}, month = {05/2008}, organization = {ACM}, pages = {75{\textendash}84}, publisher = {ACM}, series = {STOC {\textquoteright}08}, doi = {http://doi.acm.org/10.1145/1374376.1374390}, isbn = {978-1-60558-047-0}, keywords = {mechanism design, money burning, optimal mechanism design}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1374376.1374390} }
[Xie:2008:PPP:1402946.1402999] P4P: Provider Portal for Applications

Xie, Haiyong, Yang, Y. Richard, Krishnamurthy, Arvind, Liu, Yanbin Grace, and Silberschatz, Abraham

SIGCOMM Computer Communication Review 08/2008 2008

DOI Website abstract Bib

As peer-to-peer (P2P) emerges as a major paradigm for scalable network application design, it also exposes significant new challenges in achieving efficient and fair utilization of Internet network resources. Being largely network-oblivious, many P2P applications may lead to inefficient network resource usage and/or low application performance. In this paper, we propose a simple architecture called P4P to allow for more effective cooperative traffic control between applications and network providers. We conducted extensive simulations and real-life experiments on the Internet to demonstrate the feasibility and effectiveness of P4P. Our experiments demonstrated that P4P either improves or maintains the same level of application performance of native P2P applications, while, at the same time, it substantially reduces network provider cost compared with either native or latency-based localized P2P applications.
@article{Xie:2008:PPP:1402946.1402999, author = {Xie, Haiyong and Yang, Y. Richard and Krishnamurthy, Arvind and Liu, Yanbin Grace and Silberschatz, Abraham}, journal = {SIGCOMM Computer Communication Review}, title = {P4P: Provider Portal for Applications}, year = {2008}, issn = {0146-4833}, month = {08/2008}, pages = {351{\textendash}362}, volume = {38}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1402946.1402999}, keywords = {network application, network architecture, P2P}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1402946.1402999} }
[raykova-pet2008] PAR: Payment for Anonymous Routing

Androulaki, Elli, Raykova, Mariana, Srivatsan, Shreyas, Stavrou, Angelos, and Bellovin, Steven M.

Jul 2008

DOI Website abstract Bib

Despite the growth of the Internet and the increasing concern for privacy of online communications, current deployments of anonymization networks depend on a very small set of nodes that volunteer their bandwidth. We believe that the main reason is not disbelief in their ability to protect anonymity, but rather the practical limitations in bandwidth and latency that stem from limited participation. This limited participation, in turn, is due to a lack of incentives to participate. We propose providing economic incentives, which historically have worked very well. In this paper, we demonstrate a payment scheme that can be used to compensate nodes which provide anonymity in Tor, an existing onion routing, anonymizing network. We show that current anonymous payment schemes are not suitable and introduce a hybrid payment system based on a combination of the Peppercoin Micropayment system and a new type of “one use” electronic cash. Our system claims to maintain users’ anonymity, although payment techniques mentioned previously – when adopted individually – provably fail.
@conference{raykova-pet2008, author = {Androulaki, Elli and Raykova, Mariana and Srivatsan, Shreyas and Stavrou, Angelos and Bellovin, Steven M.}, booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)}, title = {PAR: Payment for Anonymous Routing}, year = {2008}, address = {Leuven, Belgium}, editor = {Borisov, Nikita and Goldberg, Ian}, month = jul, organization = {Springer}, pages = {219{\textendash}236}, publisher = {Springer}, doi = {10.1007/978-3-540-70630-4}, keywords = {anonymity, onion routing, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/r1h1046823587382/} }

[ccs2008:tsang] PEREA: Towards Practical TTP-Free Revocation in Anonymous Authentication

Tsang, Patrick P., Au, Man Ho, Kapadia, Apu, and Smith, Sean

Oct 2008

@conference{ccs2008:tsang,
  author = {Tsang, Patrick P. and Au, Man Ho and Kapadia, Apu and Smith, Sean},
  booktitle = {{Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008)}},
  title = {PEREA: Towards Practical TTP-Free Revocation in Anonymous Authentication},
  year = {2008},
  address = {Alexandria, Virginia, USA},
  editor = {Syverson, Paul and Jha, Somesh and Zhang, Xiaolan},
  month = oct,
  organization = {ACM Press},
  pages = {333{\textendash}345},
  publisher = {ACM Press},
  doi = {10.1145/1455770.1455813},
  isbn = {978-1-59593-810-7},
  keywords = {non-membership proofs, subjective blacklisting},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1455813}
}

[troncoso-pet2008] Perfect Matching Statistical Disclosure Attacks

Troncoso, Carmela, Gierlichs, Benedikt, Preneel, Bart, and Verbauwhede, Ingrid

Jul 2008

Website abstract Bib

Traffic analysis is the best known approach to uncover relationships amongst users of anonymous communication systems, such as mix networks. Surprisingly, all previously published techniques require very specific user behavior to break the anonymity provided by mixes. At the same time, it is also well known that none of the considered user models reflects realistic behavior which casts some doubt on previous work with respect to real-life scenarios. We first present a user behavior model that, to the best of our knowledge, is the least restrictive scheme considered so far. Second, we develop the Perfect Matching Disclosure Attack, an efficient attack based on graph theory that operates without any assumption on user behavior. The attack is highly effective when de-anonymizing mixing rounds because it considers all users in a round at once, rather than single users iteratively. Furthermore, the extracted sender-receiver relationships can be used to enhance user profile estimations. We extensively study the effectiveness and efficiency of our attack and previous work when de-anonymizing users communicating through a threshold mix. Empirical results show the advantage of our proposal. We also show how the attack can be refined and adapted to different scenarios including pool mixes, and how precision can be traded in for speed, which might be desirable in certain cases.
@conference{troncoso-pet2008, author = {Troncoso, Carmela and Gierlichs, Benedikt and Preneel, Bart and Verbauwhede, Ingrid}, booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)}, title = {Perfect Matching Statistical Disclosure Attacks}, year = {2008}, address = {Leuven, Belgium}, editor = {Borisov, Nikita and Goldberg, Ian}, month = jul, organization = {Springer}, pages = {2{\textendash}23}, publisher = {Springer}, keywords = {mix, traffic analysis}, owner = {tom}, timestamp = {2021-01-27}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.147.4953} }
[loesing2008performance] Performance Measurements and Statistics of Tor Hidden Services

Loesing, Karsten, Sandmann, Werner, Wilms, Christian, and Wirtz, Guido

Jul 2008

DOI Website abstract Bib

Tor (The Onion Routing) provides a secure mechanism for offering TCP-based services while concealing the hidden server’s IP address. In general the acceptance of services strongly relies on its QoS properties. For potential Tor users, provided the anonymity is secured, probably the most important QoS parameter is the time until they finally get response by such a hidden service. Internally, overall response times are constituted by several steps invisible for the user. We provide comprehensive measurements of all relevant latencies and a detailed statistical analysis with special focus on the overall response times. Thereby, we gain valuable insights that enable us to give certain statistical assertions and to suggest improvements in the hidden service protocol and its implementation.
@conference{loesing2008performance, author = {Loesing, Karsten and Sandmann, Werner and Wilms, Christian and Wirtz, Guido}, booktitle = {Proceedings of the 2008 International Symposium on Applications and the Internet (SAINT)}, title = {Performance Measurements and Statistics of Tor Hidden Services}, year = {2008}, address = {Turku, Finland}, month = jul, organization = {IEEE CS Press}, publisher = {IEEE CS Press}, doi = {10.1109/SAINT.2008.69}, isbn = {978-0-7695-3297-4}, keywords = {anonymity, performance, privacy, statistical analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1441426.1441996} }
[Shafaat:2008:PAN:1485753.1485763] A Practical Approach to Network Size Estimation for Structured Overlays

Shafaat, Tallat M., Ghodsi, Ali, and Haridi, Seif

12/2008 2008

DOI Website abstract Bib

Structured overlay networks have recently received much attention due to their self-* properties under dynamic and decentralized settings. The number of nodes in an overlay fluctuates all the time due to churn. Since knowledge of the size of the overlay is a core requirement for many systems, estimating the size in a decentralized manner is a challenge taken up by recent research activities. Gossip-based Aggregation has been shown to give accurate estimates for the network size, but previous work done is highly sensitive to node failures. In this paper, we present a gossip-based aggregation-style network size estimation algorithm. We discuss shortcomings of existing aggregation-based size estimation algorithms, and give a solution that is highly robust to node failures and is adaptive to network delays. We examine our solution in various scenarios to demonstrate its effectiveness.
@conference{Shafaat:2008:PAN:1485753.1485763, author = {Shafaat, Tallat M. and Ghodsi, Ali and Haridi, Seif}, booktitle = {IWSOS{\textquoteright}08 - Proceedings of the 3rd International Workshop on Self-Organizing Systems}, title = {A Practical Approach to Network Size Estimation for Structured Overlays}, year = {2008}, address = {Vienna, Austria}, month = {12/2008}, organization = {Springer-Verlag}, pages = {71{\textendash}83}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, volume = {5343}, doi = {http://dx.doi.org/10.1007/978-3-540-92157-8_7}, isbn = {978-3-540-92156-1}, keywords = {network size estimation, structured overlays}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-540-92157-8_7} }
[Faltings2008] Privacy guarantees through distributed constraint satisfaction

Faltings, Boi, Leaute, Thomas, and Petcu, Adrian

04/2008 2008

abstract Bib

Abstract. In Distributed Constraint Satisfaction Problems, agents often desire to find a solution while revealing as little as possible about their variables and constraints. So far, most algorithms for DisCSP do not guarantee privacy of this information. This paper describes some simple obfuscation techniques that can be used with DisCSP algorithms such as DPOP, and provide sensible privacy guarantees based on the distributed solving process without sacrificing its efficiency.
@article{Faltings2008, author = {Faltings, Boi and Leaute, Thomas and Petcu, Adrian}, title = {Privacy guarantees through distributed constraint satisfaction}, year = {2008}, month = {04/2008}, number = {12}, address = {Lausanne, Switzerland}, institution = {Swiss Federal Institute of Technology (EPFL)}, keywords = {algorithms, DisCSP algorithm, distributed constraint satisfaction, optimization, privacy, SMC}, owner = {tom}, timestamp = {2021-01-27}, type = {Tech report} }

[springerlink:10.1007/978-0-387-70992-5] Privacy-Preserving Data Mining: Models and Algorithms

2008

Bib

@book{springerlink:10.1007/978-0-387-70992-5,
  editor = {Aggarwal, Charu C. and Yu, Philip S.},
  publisher = {Springer US},
  title = {Privacy-Preserving Data Mining: Models and Algorithms},
  year = {2008},
  isbn = {978-0-387-70992-5},
  series = {Advances in Database Systems},
  volume = {34},
  organization = {Springer US},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Chaslot2008] Progressive Strategies for Monte-Carlo Tree Search

Chaslot, Guillaume M. J-B., Winands, Mark H. M., Herik, H. Jaap, Uiterwijk, Jos W. H. M., and Bouzy, Bruno

New Mathematics and Natural Computation 2008

DOI abstract Bib

Monte-Carlo Tree Search (MCTS) is a new best-first search guided by the results of Monte-Carlo simulations. In this article, we introduce two progressive strategies for MCTS, called progressive bias and progressive unpruning. They enable the use of relatively time-expensive heuristic knowledge without speed reduction. Progressive bias directs the search according to heuristic knowledge. Progressive unpruning first reduces the branching factor, and then increases it gradually again. Experiments assess that the two progressive strategies significantly improve the level of our Go program Mango. Moreover, we see that the combination of both strategies performs even better on larger board sizes.
@article{Chaslot2008, author = {Chaslot, Guillaume M. J-B. and Winands, Mark H. M. and van den Herik, H. Jaap and Uiterwijk, Jos W. H. M. and Bouzy, Bruno}, journal = {New Mathematics and Natural Computation}, title = {Progressive Strategies for Monte-Carlo Tree Search}, year = {2008}, pages = {343-357}, volume = {4}, doi = {10.1142/S1793005708001094}, keywords = {computer go, MCTS heuristic search, Monte-Carlo Tree Search}, owner = {tom}, timestamp = {2017-10-10} }
[di08iptps] Providing KBR Service for Multiple Applications

Di, Pengfei, Kutzner, Kendy, and Fuhrmann, Thomas

2008

Website abstract Bib

Key based routing (KBR) enables peer-to-peer applications to create and use distributed services. KBR is more flexible than distributed hash tables (DHT). However, the broader the application area, the more important become performance issues for a KBR service. In this paper, we present a novel approach to provide a generic KBR service. Its key idea is to use a predictable address assignment scheme. This scheme allows peers to calculate the overlay address of the node that is responsible for a given key and application ID. A public DHT service such as OpenDHT can then resolve this overlay address to the transport address of the respective peer. We compare our solution to alternative proposals such as ReDiR and Diminished Chord. We conclude that our solution has a better worst case complexity for some important KBR operations and the required state. In particular, unlike ReDiR, our solution can guarantee a low latency for KBR route operations.
@conference{di08iptps, author = {Di, Pengfei and Kutzner, Kendy and Fuhrmann, Thomas}, booktitle = {The 7th International Workshop on Peer-to-Peer Systems (IPTPS {\textquoteright}08)}, title = {Providing KBR Service for Multiple Applications}, year = {2008}, address = {St. Petersburg, U.S.}, keywords = {distributed hash table, P2P}, owner = {tom}, timestamp = {2021-01-27}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }

[quant-adhoc] Quantification of Anonymity for Mobile Ad Hoc Networks

Moe, Marie Elisabeth Gaup

Jun 2008

We propose a probabilistic system model for anonymous ad hoc routing protocols that takes into account the a priori knowledge of the adversary, and illustrate how the information theoretical entropy can be used for quantification of the anonymity offered by a routing protocol as the adversary captures an increasing number of nodes in the network. The proposed measurement schema is applied to ANODR and ARM routing protocols.

@conference{quant-adhoc,
  author = {Moe, Marie Elisabeth Gaup},
  booktitle = {Proceedings of the 4th International Workshop on Security and Trust Management (STM 08)},
  title = {Quantification of Anonymity for Mobile Ad Hoc Networks},
  year = {2008},
  address = {Trondheim, Norway},
  month = jun,
  organization = {Elsevier Science Publishers B. V. Amsterdam, The Netherlands, The Netherlands},
  pages = {25{\textendash}36},
  publisher = {Elsevier Science Publishers B. V. Amsterdam, The Netherlands, The Netherlands},
  doi = {10.1016/j.entcs.2009.07.041},
  keywords = {ad-hoc networks, anonymity, routing, security model},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1619033}
}

[Goldberg:2008:RTA:1402958.1402989] Rationality and Traffic Attraction: Incentives for Honest Path Announcements in BGP

Goldberg, Sharon, Halevi, Shai, Jaggard, Aaron D., Ramachandran, Vijay, and Wright, Rebecca N.

10/2008 2008

DOI Website abstract Bib

We study situations in which autonomous systems (ASes) may have incentives to send BGP announcements differing from the AS-level paths that packets traverse in the data plane. Prior work on this issue assumed that ASes seek only to obtain the best possible outgoing path for their traffic. In reality, other factors can influence a rational AS’s behavior. Here we consider a more natural model, in which an AS is also interested in attracting incoming traffic (e.g., because other ASes pay it to carry their traffic). We ask what combinations of BGP enhancements and restrictions on routing policies can ensure that ASes have no incentive to lie about their data-plane paths. We find that protocols like S-BGP alone are insufficient, but that S-BGP does suffice if coupled with additional (quite unrealistic) restrictions on routing policies. Our game-theoretic analysis illustrates the high cost of ensuring that the ASes honestly announce data-plane paths in their BGP path announcements.
@conference{Goldberg:2008:RTA:1402958.1402989, author = {Goldberg, Sharon and Halevi, Shai and Jaggard, Aaron D. and Ramachandran, Vijay and Wright, Rebecca N.}, booktitle = {SIGCOMM{\textquoteright}08. Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication}, title = {Rationality and Traffic Attraction: Incentives for Honest Path Announcements in BGP}, year = {2008}, address = {Seattle, WA}, month = {10/2008}, organization = {ACM}, pages = {267{\textendash}278}, publisher = {ACM}, series = {SIGCOMM Computer Communication Review}, doi = {http://doi.acm.org/10.1145/1402958.1402989}, isbn = {978-1-60558-175-0}, keywords = {as, autonomus system, bgp, incentives}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1402958.1402989} }

[androulaki-pet2008] Reputation Systems for Anonymous Networks

Androulaki, Elli, Choi, Seung Geol, Bellovin, Steven M., and Malkin, Tal

Jul 2008

We present a reputation scheme for a pseudonymous peer-to-peer (P2P) system in an anonymous network. Misbehavior is one of the biggest problems in pseudonymous P2P systems, where there is little incentive for proper behavior. In our scheme, using ecash for reputation points, the reputation of each user is closely related to his real identity rather than to his current pseudonym. Thus, our scheme allows an honest user to switch to a new pseudonym keeping his good reputation, while hindering a malicious user from erasing his trail of evil deeds with a new pseudonym.

@conference{androulaki-pet2008,
  author = {Androulaki, Elli and Choi, Seung Geol and Bellovin, Steven M. and Malkin, Tal},
  booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)},
  title = {Reputation Systems for Anonymous Networks},
  year = {2008},
  address = {Leuven, Belgium},
  editor = {Borisov, Nikita and Goldberg, Ian},
  month = jul,
  organization = {Springer},
  pages = {202{\textendash}218},
  publisher = {Springer},
  doi = {10.1007/978-3-540-70630-4_13},
  isbn = {978-3-540-70629-8},
  keywords = {anonymity, P2P, pseudonym},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://portal.acm.org/citation.cfm?id=1428259.1428272}
}

[Narayanan2008] Robust De-anonymization of Large Sparse Datasets

Narayanan, Arvind, and Shmatikov, Vitaly

2008

DOI Website abstract Bib

We present a new class of statistical deanonymization attacks against high-dimensional micro-data, such as individual preferences, recommendations, transaction records and so on. Our techniques are robust to perturbation in the data and tolerate some mistakes in the adversary’s background knowledge. We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world’s largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber’s record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.
@conference{Narayanan2008, author = {Narayanan, Arvind and Shmatikov, Vitaly}, booktitle = {Proceedings of the 2008 IEEE Symposium on Security and Privacy}, title = {Robust De-anonymization of Large Sparse Datasets}, year = {2008}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, doi = {10.1109/SP.2008.33}, isbn = {978-0-7695-3168-7}, keywords = {anonymity, attack, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/SP.2008.33} }
[mccoy-pet2008] Shining Light in Dark Places: Understanding the Tor Network

McCoy, Damon, Bauer, Kevin, Grunwald, Dirk, Kohno, Tadayoshi, and Sicker, Douglas

Jul 2008

DOI Website abstract Bib

To date, there has yet to be a study that characterizes the usage of a real deployed anonymity service. We present observations and analysis obtained by participating in the Tor network. Our primary goals are to better understand Tor as it is deployed and through this understanding, propose improvements. In particular, we are interested in answering the following questions: (1) How is Tor being used? (2) How is Tor being mis-used? (3) Who is using Tor? To sample the results, we show that web traffic makes up the majority of the connections and bandwidth, but non-interactive protocols consume a disproportionately large amount of bandwidth when compared to interactive protocols. We provide a survey of how Tor is being misused, both by clients and by Tor router operators. In particular, we develop a method for detecting exit router logging (in certain cases). Finally, we present evidence that Tor is used throughout the world, but router participation is limited to only a few countries.
@conference{mccoy-pet2008, author = {McCoy, Damon and Bauer, Kevin and Grunwald, Dirk and Kohno, Tadayoshi and Sicker, Douglas}, booktitle = {Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008)}, title = {Shining Light in Dark Places: Understanding the Tor Network}, year = {2008}, address = {Leuven, Belgium}, editor = {Borisov, Nikita and Goldberg, Ian}, month = jul, organization = {Springer}, pages = {63{\textendash}76}, publisher = {Springer}, doi = {10.1007/978-3-540-70630-4_5}, isbn = {978-3-540-70629-8}, keywords = {anonymity, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1428264} }
[1461118] Shortest-path routing in randomized DHT-based Peer-to-Peer systems

Wang, Chih-Chiang, and Harfoush, Khaled

Comput. Netw. 2008

DOI Website abstract Bib

Randomized DHT-based Peer-to-Peer (P2P) systems grant nodes certain flexibility in selecting their overlay neighbors, leading to irregular overlay structures but to better overall performance in terms of path latency, static resilience and local convergence. However, routing in the presence of overlay irregularity is challenging. In this paper, we propose a novel routing protocol, RASTER, that approximates shortest overlay routes between nodes in randomized DHTs. Unlike previously proposed routing protocols, RASTER encodes and aggregates routing information. Its simple bitmap-encoding scheme together with the proposed RASTER routing algorithm enable a performance edge over current overlay routing protocols. RASTER provides a forwarding overhead of merely a small constant number of bitwise operations, a routing performance close to optimal, and a better resilience to churn. RASTER also provides nodes with the flexibility to adjust the size of the maintained routing information based on their storage/processing capabilities. The cost of storing and exchanging encoded routing information is manageable and grows logarithmically with the number of nodes in the system.
@article{1461118, author = {Wang, Chih-Chiang and Harfoush, Khaled}, journal = {Comput. Netw.}, title = {Shortest-path routing in randomized DHT-based Peer-to-Peer systems}, year = {2008}, issn = {1389-1286}, number = {18}, pages = {3307{\textendash}3317}, volume = {52}, address = {New York, NY, USA}, doi = {10.1016/j.comnet.2008.07.014}, keywords = {distributed hash table, P2P, routing}, owner = {tom}, publisher = {Elsevier North-Holland, Inc.}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1461118$\#$} }

[Bless2008] The Spontaneous Virtual Networks Architecture for Supporting Future Internet Services and Applications

Bless, Roland, Waldhorst, Oliver, and Mayer, Christoph P.

2008

Bib

@booklet{Bless2008,
  title = {The Spontaneous Virtual Networks Architecture for Supporting Future Internet Services and Applications},
  author = {Bless, Roland and Waldhorst, Oliver and Mayer, Christoph P.},
  note = {{Vortrag auf dem Fachgespr{\"a}ch der GI/ITG-Fachgruppe {\textquoteleft}{\textquoteleft}Kommunikation und Verteilte Systeme{\textquoteright}{\textquoteright} Future Internet}},
  year = {2008},
  owner = {tom},
  publisher = {{NEC, Heidelberg}},
  timestamp = {2017-10-10}
}

[conf/infocom/WangLX08] Stable Peers: Existence, Importance, and Application in Peer-to-Peer Live Video Streaming

Wang, Feng, Liu, Jiangchuan, and Xiong, Yongqiang

04/2008 2008

DOI abstract Bib

This paper presents a systematic in-depth study on the existence, importance, and application of stable nodes in peer- to-peer live video streaming. Using traces from a real large-scale system as well as analytical models, we show that, while the number of stable nodes is small throughout a whole session, their longer lifespans make them constitute a significant portion in a per-snapshot view of a peer-to-peer overlay. As a result, they have substantially affected the performance of the overall system. Inspired by this, we propose a tiered overlay design, with stable nodes being organized into a tier-1 backbone for serving tier-2 nodes. It offers a highly cost-effective and deployable alternative to proxy-assisted designs. We develop a comprehensive set of algorithms for stable node identification and organization. Specifically, we present a novel structure, Labeled Tree, for the tier-1 overlay, which, leveraging stable peers, simultaneously achieves low overhead and high transmission reliability. Our tiered framework flexibly accommodates diverse existing overlay structures in the second tier. Our extensive simulation results demonstrated that the customized optimization using selected stable nodes boosts the streaming quality and also effectively reduces the control overhead. This is further validated through prototype experiments over the PlanetLab network.
@conference{conf/infocom/WangLX08, author = {Wang, Feng and Liu, Jiangchuan and Xiong, Yongqiang}, booktitle = {INFOCOM{\textquoteright}08. Proceedings of the 27th IEEE International Conference on Computer Communications}, title = {Stable Peers: Existence, Importance, and Application in Peer-to-Peer Live Video Streaming}, year = {2008}, address = {Phoenix, AZ, USA}, month = {04/2008}, organization = {IEEE Computer Society}, pages = {1364{\textendash}1372}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/INFOCOM.2008.194}, isbn = {978-1-4244-2025-4}, keywords = {peer-to-peer live video streaming, stable peer}, owner = {tom}, timestamp = {2017-10-10} }
[DD08Survey] A Survey of Anonymous Communication Channels

Danezis, George, and Diaz, Claudia

Jan 2008

Website abstract Bib

We present an overview of the field of anonymous communications, from its establishment in 1981 from David Chaum to today. Key systems are presented categorized according to their underlying principles: semi-trusted relays, mix systems, remailers, onion routing, and systems to provide robust mixing. We include extended discussions of the threat models and usage models that different schemes provide, and the trade-offs between the security properties offered and the communication characteristics different systems support.
@booklet{DD08Survey, title = {A Survey of Anonymous Communication Channels}, author = {Danezis, George and Diaz, Claudia}, month = jan, year = {2008}, keywords = {onion routing, robustness}, number = {MSR-TR-2008-35}, owner = {tom}, publisher = {Microsoft Research}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.138.7951} }
[Infocom2008] Swarming on Optimized Graphs for n-way Broadcast

Smaragdakis, Georgios, Laoutaris, Nikolaos, Michiardi, Pietro, Bestavros, Azer, Byers, John W., and Roussopoulos, Mema

Apr 2008

abstract Bib

In an n-way broadcast application each one of n overlay nodes wants to push its own distinct large data file to all other n-1 destinations as well as download their respective data files. BitTorrent-like swarming protocols are ideal choices for handling such massive data volume transfers. The original BitTorrent targets one-to-many broadcasts of a single file to a very large number of receivers and thus, by necessity, employs an almost random overlay topology. n-way broadcast applications on the other hand, owing to their inherent n-squared nature, are realizable only in small to medium scale networks. In this paper, we show that we can leverage this scale constraint to construct optimized overlay topologies that take into consideration the end-to-end characteristics of the network and as a consequence deliver far superior performance compared to random and myopic (local) approaches. We present the Max-Min and Max- Sum peer-selection policies used by individual nodes to select their neighbors. The first one strives to maximize the available bandwidth to the slowest destination, while the second maximizes the aggregate output rate. We design a swarming protocol suitable for n-way broadcast and operate it on top of overlay graphs formed by nodes that employ Max-Min or Max-Sum policies. Using trace-driven simulation and measurements from a PlanetLab prototype implementation, we demonstrate that the performance of swarming on top of our constructed topologies is far superior to the performance of random and myopic overlays. Moreover, we show how to modify our swarming protocol to allow it to accommodate selfish nodes.
@conference{Infocom2008, author = {Smaragdakis, Georgios and Laoutaris, Nikolaos and Michiardi, Pietro and Bestavros, Azer and Byers, John W. and Roussopoulos, Mema}, booktitle = {Proceedings of IEEE INFOCOM 2008}, title = {Swarming on Optimized Graphs for n-way Broadcast}, year = {2008}, address = {Phoenix, AZ}, month = apr, keywords = {EGOIST, game theory, routing}, owner = {tom}, timestamp = {2017-10-10} }

[1456474] Tahoe: the least-authority filesystem

Wilcox-O’Hearn, Zooko, and Warner, Brian

2008

@conference{1456474,
  author = {Wilcox-O{\textquoteright}Hearn, Zooko and Warner, Brian},
  booktitle = {StorageSS {\textquoteright}08: Proceedings of the 4th ACM international workshop on Storage security and survivability},
  title = {Tahoe: the least-authority filesystem},
  year = {2008},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {21{\textendash}26},
  publisher = {ACM},
  doi = {10.1145/1456469.1456474},
  isbn = {978-1-60558-299-3},
  keywords = {capabilities, fault-tolerance, P2P},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1456474$\#$}
}

[fuhrmann08comparable] Towards Comparable Network Simulations

Di, Pengfei, Houri, Yaser, Kutzner, Kendy, and Fuhrmann, Thomas

Aug 2008

Website abstract Bib

Simulations have been a valuable and much used tool in networking research for decades. New protocols are evaluated by simulations. Often, competing designs are judged by their respective performance in simulations. Despite this great importance the state-of-the-art in network simulations is nevertheless still low. A recent survey showed that most publications in a top conference did not even give enough details to repeat the simulations. In this paper we go beyond repeatability and ask: Are different simulations comparable? We study various implementations of the IEEE 802.11 media access layer in ns-2 and OMNeT++ and report some dramatic differences. These findings indicate that two protocols cannot be compared meaningfully unless they are compared in the very same simulation environment. We claim that this problem limits the value of the respective publications because readers are forced to re-implement the work that is described in the paper rather than building on its results. Facing the additional problem that not all authors will agree on one simulator, we address ways of making different simulators comparable.
@booklet{fuhrmann08comparable, title = {Towards Comparable Network Simulations}, author = {Di, Pengfei and Houri, Yaser and Kutzner, Kendy and Fuhrmann, Thomas}, month = aug, year = {2008}, number = {2008-9}, owner = {tom}, publisher = {Dept. of Computer Science, Universit{\"a}t Karlsruhe (TH)}, timestamp = {2017-10-10}, type = {Interner Bericht}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[Wang2008a] Towards Empirical Aspects of Secure Scalar Product

Wang, I-Cheng, Shen, Chih-Hao, Hsu, Tsan-sheng, Liao, Churn-Chung, Wang, Da-Wei, and Zhan, J.

Apr 2008

DOI abstract Bib

Privacy is ultimately important, and there is a fair amount of research about it. However, few empirical studies about the cost of privacy are conducted. In the area of secure multiparty computation, the scalar product has long been reckoned as one of the most promising building blocks in place of the classic logic gates. The reason is not only the scalar product complete, which is as good as logic gates, but also the scalar product is much more efficient than logic gates. As a result, we set to study the computation and communication resources needed for some of the most well-known and frequently referred secure scalar-product protocols, including the composite-residuosity, the invertible-matrix, the polynomial-sharing, and the commodity-based approaches. Besides the implementation remarks of these approaches, we analyze and compare their execution time, computation time, and random number consumption, which are the most concerned resources when talking about secure protocols. Moreover, Fairplay the benchmark approach implementing Yao’s famous circuit evaluation protocol, is included in our experiments in order to demonstrate the potential for the scalar product to replace logic gates.
@conference{Wang2008a, author = {Wang, I-Cheng and Shen, Chih-Hao and Hsu, Tsan-sheng and Liao, Churn-Chung and Wang, Da-Wei and Zhan, J.}, booktitle = {Information Security and Assurance, 2008. ISA 2008. International Conference on}, title = {Towards Empirical Aspects of Secure Scalar Product}, year = {2008}, month = apr, doi = {10.1109/ISA.2008.78}, keywords = {circuit evaluation protocol, Circuits, commodity-based, composite residuosity, composite-residuosity, Computational efficiency, Costs, data privacy, empirical survey, Information science, information security, invertible-matrix, logic gates, polynomial-sharing, Polynomials, privacy, Proposals, protocols, scalar-product, secure multiparty computation, secure protocols, Secure scalar product, secure scalar-product protocols}, owner = {tom}, timestamp = {2017-10-10} }
[Pouwelse:2008:TSP:1331115.1331119] TRIBLER: a Social-based Peer-to-Peer System

Pouwelse, Johan, Garbacki, Pawel, Wang, Jun, Bakker, Arno, Yang, Jie, Iosup, Alexandru, Epema, Dick H. J., Reinders, Marcel J. T., Steen, Maarten, and Sips, Henk J.

Concurrency and Computation: Practice & Experience 02/2008 2008

DOI Website abstract Bib

Most current peer-to-peer (P2P) file-sharing systems treat their users as anonymous, unrelated entities, and completely disregard any social relationships between them. However, social phenomena such as friendship and the existence of communities of users with similar tastes or interests may well be exploited in such systems in order to increase their usability and performance. In this paper we present a novel social-based P2P file-sharing paradigm that exploits social phenomena by maintaining social networks and using these in content discovery, content recommendation, and downloading. Based on this paradigm’s main concepts such as taste buddies and friends, we have designed and implemented the TRIBLER P2P file-sharing system as a set of extensions to BitTorrent. We present and discuss the design of TRIBLER, and we show evidence that TRIBLER enables fast content discovery and recommendation at a low additional overhead, and a significant improvement in download performance. Copyright \textcopyright 2007 John Wiley & Sons, Ltd.
@article{Pouwelse:2008:TSP:1331115.1331119, author = {Pouwelse, Johan and Garbacki, Pawel and Wang, Jun and Bakker, Arno and Yang, Jie and Iosup, Alexandru and Epema, Dick H. J. and Reinders, Marcel J. T. and van Steen, Maarten and Sips, Henk J.}, journal = {Concurrency and Computation: Practice \& Experience}, title = {TRIBLER: a Social-based Peer-to-Peer System}, year = {2008}, issn = {1532-0626}, month = {02/2008}, pages = {127{\textendash}138}, volume = {20}, address = {Chichester, UK}, doi = {http://dx.doi.org/10.1002/cpe.v20:2}, keywords = {peer-to-peer networking, social-based, taste buddies}, owner = {tom}, publisher = {John Wiley and Sons Ltd.}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1331115.1331119} }
[1424615] Trust-Rated Authentication for Domain-Structured Distributed Systems

Holz, Ralph, Niedermayer, Heiko, Hauck, Peter, and Carle, Georg

2008

DOI Website abstract Bib

We present an authentication scheme and new protocol for domain-based scenarios with inter-domain authentication. Our protocol is primarily intended for domain-structured Peer-to-Peer systems but is applicable for any domain scenario where clients from different domains wish to authenticate to each other. To this end, we make use of Trusted Third Parties in the form of Domain Authentication Servers in each domain. These act on behalf of their clients, resulting in a four-party protocol. If there is a secure channel between the Domain Authentication Servers, our protocol can provide secure authentication. To address the case where domains do not have a secure channel between them, we extend our scheme with the concept of trust-rating. Domain Authentication Servers signal security-relevant information to their clients (pre-existing secure channel or not, trust, ...). The clients evaluate this information to decide if it fits the security requirements of their application.
@conference{1424615, author = {Holz, Ralph and Niedermayer, Heiko and Hauck, Peter and Carle, Georg}, booktitle = {EuroPKI {\textquoteright}08: Proceedings of the 5th European PKI workshop on Public Key Infrastructure}, title = {Trust-Rated Authentication for Domain-Structured Distributed Systems}, year = {2008}, address = {Berlin, Heidelberg}, organization = {Springer-Verlag}, pages = {74{\textendash}88}, publisher = {Springer-Verlag}, doi = {10.1007/978-3-540-69485-4}, isbn = {978-3-540-69484-7}, keywords = {authentication, distributed systems, P2P, PKI, trust}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/k6786282r5378k42/} }
[snader08] A Tune-up for Tor: Improving Security and Performance in the Tor Network

Snader, Robin, and Borisov, Nikita

Feb 2008

DOI Website abstract Bib

The Tor anonymous communication network uses selfreported bandwidth values to select routers for building tunnels. Since tunnels are allocated in proportion to this bandwidth, this allows a malicious router operator to attract tunnels for compromise. Since the metric used is insensitive to relative load, it does not adequately respond to changing conditions and hence produces unreliable performance, driving many users away. We propose an opportunistic bandwidth measurement algorithm to replace selfreported values and address both of these problems. We also propose a mechanisms to let users tune Tor performance to achieve higher performance or higher anonymity. Our mechanism effectively blends the traffic from users of different preferences, making partitioning attacks difficult. We implemented the opportunistic measurement and tunable performance extensions and examined their performance both analytically and in the real Tor network. Our results show that users can get dramatic increases in either performance or anonymity with little to no sacrifice in the other metric, or a more modest improvement in both. Our mechanisms are also invulnerable to the previously published low-resource attacks on Tor.
@conference{snader08, author = {Snader, Robin and Borisov, Nikita}, booktitle = {Proceedings of the Network and Distributed Security Symposium - NDSS {\textquoteright}08}, title = {A Tune-up for Tor: Improving Security and Performance in the Tor Network}, year = {2008}, month = feb, organization = {Internet Society}, publisher = {Internet Society}, doi = {10.1109/NCM.2009.205}, keywords = {anonymity, Tor}, owner = {tom}, timestamp = {2021-01-27}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.140.7368} }
[Bless2008a] The Underlay Abstraction in the Spontaneous Virtual Networks (SpoVNet) Architecture

Bless, Roland, Hübsch, Christian, Mies, Sebastian, and Waldhorst, Oliver

2008

Website abstract Bib

Next generation networks will combine many heterogeneous access technologies to provide services to a large number of highly mobile users while meeting their demands for quality of service, robustness, and security. Obviously, this is not a trivial task and many protocols fulfilling some combination of these requirements have been proposed. However, non of the current proposals meets all requirements, and the deployment of new applications and services is hindered by a patchwork of protocols. This paper presents Spontaneous Virtual Networks (SpoVNet), an architecture that fosters the creation of new applications and services for next generation networks by providing an underlay abstraction layer. This layer applies an overlay-based approach to cope with mobility, multi-homing, and heterogeneity. For coping with network mobility, it uses a SpoVNet-specific addressing scheme, splitting node identifiers from network locators and providing persistent connections by transparently switching locators. To deal with multihoming it transparently chooses the most appropriate pair of network locators for each connection. To cope with network and protocol heterogeneity, it uses dedicated overlay nodes, e.g., for relaying between IPv4 and IPv6 hosts
@conference{Bless2008a, author = {Bless, Roland and H{\"u}bsch, Christian and Mies, Sebastian and Waldhorst, Oliver}, booktitle = {Proc. 4th EuroNGI Conf. on Next Generation Internet Networks (NGI 2008)}, title = {The Underlay Abstraction in the Spontaneous Virtual Networks (SpoVNet) Architecture}, year = {2008}, address = {Krakow, Poland}, pages = {115-122}, keywords = {heterogeneity, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.tm.uka.de/itm/WebMan/view.php?view=publikationen_detail\&id=283} }

[Durner2008] Unerkannt. Anonymisierende Peer-to-Peer-Netze im Überblick

Durner, Nils, Evans, Nathan S, and Grothoff, Christian

2008

@article{Durner2008,
  author = {Durner, Nils and Evans, Nathan S and Grothoff, Christian},
  journal = {iX magazin f{\"u}r professionelle informationstechnik},
  title = {Unerkannt. Anonymisierende Peer-to-Peer-Netze im {\"U}berblick},
  year = {2008},
  owner = {tom},
  timestamp = {2017-10-10},
  type = {Survey},
  url = {http://www.heise.de/kiosk/archiv/ix/2008/9/88_Anonyme-Peer-to-Peer-Netze-im-Ueberblick}
}

[Kasiviswanathan2008] What Can We Learn Privately?

Kasiviswanathan, Shiva Prasad, Lee, Homin K., Nissim, Kobbi, Raskhodnikova, Sofya, and Smith, Adam

CoRR 2008

abstract Bib

Learning problems form an important category of computational tasks that generalizes many of the computations researchers apply to large real-life data sets. We ask: what concept classes can be learned privately, namely, by an algorithm whose output does not depend too heavily on any one input or specific training example? More precisely, we investigate learning algorithms that satisfy differential privacy, a notion that provides strong confidentiality guarantees in contexts where aggregate information is released about a database containing sensitive information about individuals. We demonstrate that, ignoring computational constraints, it is possible to privately agnostically learn any concept class using a sample size approximately logarithmic in the cardinality of the concept class. Therefore, almost anything learnable is learnable privately: specifically, if a concept class is learnable by a (non-private) algorithm with polynomial sample complexity and output size, then it can be learned privately using a polynomial number of samples. We also present a computationally efficient private PAC learner for the class of parity functions. Local (or randomized response) algorithms are a practical class of private algorithms that have received extensive investigation. We provide a precise characterization of local private learning algorithms. We show that a concept class is learnable by a local algorithm if and only if it is learnable in the statistical query (SQ) model. Finally, we present a separation between the power of interactive and noninteractive local learning algorithms.
@article{Kasiviswanathan2008, author = {Kasiviswanathan, Shiva Prasad and Lee, Homin K. and Nissim, Kobbi and Raskhodnikova, Sofya and Smith, Adam}, journal = {CoRR}, title = {What Can We Learn Privately?}, year = {2008}, volume = {abs/0803.0924}, owner = {tom}, timestamp = {2017-10-10} }
[Jian:2008:WSP:1409540.1409546] Why Share in Peer-to-Peer Networks?

Jian, Lian, and MacKie-Mason, Jeffrey K.

08/2008 2008

DOI Website abstract Bib

Prior theory and empirical work emphasize the enormous free-riding problem facing peer-to-peer (P2P) sharing networks. Nonetheless, many P2P networks thrive. We explore two possible explanations that do not rely on altruism or explicit mechanisms imposed on the network: direct and indirect private incentives for the provision of public goods. The direct incentive is a traffic redistribution effect that advantages the sharing peer. We find this incentive is likely insufficient to motivate equilibrium content sharing in large networks. We then approach P2P networks as a graph-theoretic problem and present sufficient conditions for sharing and free-riding to co-exist due to indirect incentives we call generalized reciprocity.
@conference{Jian:2008:WSP:1409540.1409546, author = {Jian, Lian and MacKie-Mason, Jeffrey K.}, booktitle = {EC{\textquoteright}08. Proceedings of the 10th International Conference on Electronic Commerce}, title = {Why Share in Peer-to-Peer Networks?}, year = {2008}, address = {Innsbruck, Austria}, month = {08/2008}, organization = {ACM}, pages = {4:1{\textendash}4:8}, publisher = {ACM}, series = {ICEC {\textquoteright}08}, doi = {http://doi.acm.org/10.1145/1409540.1409546}, isbn = {978-1-60558-075-3}, keywords = {file-sharing, networks, P2P, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1409540.1409546} }
[Garbacki2007] An Amortized Tit-For-Tat Protocol for Exchanging Bandwidth instead of Content in P2P Networks

Garbacki, Pawel, Epema, Dick H. J., and Steen, Maarten

07/2007 2007

DOI Website abstract Bib

Incentives for resource sharing are crucial for the proper operation of P2P networks. The principle of the incentive mechanisms in current content sharing P2P networks such as BitTorrent is to have peers exchange content of mutual interest. As a consequence, a peer can actively participate in the system only if it shares content that is of immediate interest to other peers. In this paper we propose to lift this restriction by using bandwidth rather than content as the resource upon which incentives are based. Bandwidth, in contrast to content, is independent of peer interests and so can be exchanged between any two peers. We present the design of a protocol called amortized tit-for-tat (ATFT) based on the bandwidth-exchange concept. This protocol defines mechanisms for bandwidth exchange corresponding to those in BitTorrent for content exchange, in particular for finding bandwidth borrowers that amortize the bandwidth borrowed in the past with their currently idle bandwidth. In addition to the formally proven incentives for bandwidth contributions, ATFT provides natural solutions to the problems of peer bootstrapping, seeding incentive, peer link asymmetry, and anonymity, which have previously been addressed with much more complex designs. Experiments with a realworld dataset confirm that ATFT is efficient in enforcing bandwidth contributions and results in download performance better than provided by incentive mechanisms based on content exchange.
@conference{Garbacki2007, author = {Garbacki, Pawel and Epema, Dick H. J. and van Steen, Maarten}, booktitle = {SASO 2007. Proceedings of the First International Conference on Self-Adaptive and Self-Organizing Systems}, title = {An Amortized Tit-For-Tat Protocol for Exchanging Bandwidth instead of Content in P2P Networks}, year = {2007}, address = {Boston, Massachusetts}, month = {07/2007}, organization = {IEEE Computer Society}, pages = {119{\textendash}128}, publisher = {IEEE Computer Society}, series = {SASO {\textquoteright}07}, doi = {http://dx.doi.org/10.1109/SASO.2007.9}, isbn = {0-7695-2906-2}, keywords = {bandwidth exchange, p2p network, resource sharing, tit-for-tat}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/SASO.2007.9} }
[Steiner2007] Analyzing Peer Behavior in KAD

Steiner, Moritz, En-Najjary, Taoufik, and Biersack, E W

10/2007 2007

Website abstract Bib

Distributed hash tables (DHTs) have been actively studied in literature and many different proposals have been made on how to organize peers in a DHT. However, very few DHTs have been implemented in real systems and deployed on a large scale. One exception is KAD, a DHT based on Kademlia, which is part of eDonkey2000, a peer-to-peer file sharing system with several million simultaneous users. We have been crawling KAD continuously for about six months and obtained information about geographical distribution of peers, session times, peer availability, and peer lifetime. We also evaluated to what extent information about past peer uptime can be used to predict the remaining uptime of the peer. Peers are identified by the so called KAD ID, which was up to now as- sumed to remain the same across sessions. However, we observed that this is not the case: There is a large number of peers, in particular in China, that change their KAD ID, sometimes as frequently as after each session. This change of KAD IDs makes it difficult to characterize end-user availability or membership turnover. By tracking end-users with static IP addresses, we could measure the rate of change of KAD ID per end-user.
@article{Steiner2007, author = {Steiner, Moritz and En-Najjary, Taoufik and Biersack, E W}, title = {Analyzing Peer Behavior in KAD}, year = {2007}, issn = {RR-07-205}, month = {10/2007}, number = {RR-07-205}, address = {Sophia Antipolis}, institution = {Institut Eurecom}, keywords = {distributed hash table, KAD, peer behavior}, owner = {tom}, timestamp = {2021-01-27}, type = {Tech report}, url = {http://www.eurecom.fr/~btroup/kadtraces/} }
[VenHeTon07] Anonymous Networking amidst Eavesdroppers

Venkitasubramaniam, Parvathinathan, He, Ting, and Tong, Lang

Oct 2007

Website abstract Bib

The problem of security against packet timing based traffic analysis in wireless networks is considered in this work. An analytical measure of "anonymity" of routes in eavesdropped networks is proposed using the information-theoretic equivocation. For a physical layer with orthogonal transmitter directed signaling, scheduling and relaying techniques are designed to maximize achievable network performance for any desired level of anonymity. The network performance is measured by the total rate of packets delivered from the sources to destinations under strict latency and medium access constraints. In particular, analytical results are presented for two scenarios: For a single relay that forwards packets from m users, relaying strategies are provided that minimize the packet drops when the source nodes and the relay generate independent transmission schedules. A relay using such an independent scheduling strategy is undetectable by an eavesdropper and is referred to as a covert relay. Achievable rate regions are characterized under strict and average delay constraints on the traffic, when schedules are independent Poisson processes. For a multihop network with an arbitrary anonymity requirement, the problem of maximizing the sum-rate of flows (network throughput) is considered. A randomized selection strategy to choose covert relays as a function of the routes is designed for this purpose. Using the analytical results for a single covert relay, the strategy is optimized to obtain the maximum achievable throughput as a function of the desired level of anonymity. In particular, the throughput-anonymity relation for the proposed strategy is shown to be equivalent to an information-theoretic rate-distortion function.
@booklet{VenHeTon07, title = {Anonymous Networking amidst Eavesdroppers}, author = {Venkitasubramaniam, Parvathinathan and He, Ting and Tong, Lang}, month = oct, year = {2007}, keywords = {Rate-Distortion, secrecy, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://cat.inist.fr/?aModele=afficheN\&cpsidt=20411836} }
[di07mass] Application of DHT-Inspired Routing for Object Tracking

Di, Pengfei, Houri, Yaser, Wei, Qing, Widmer, Jörg, and Fuhrmann, Thomas

2007

Website abstract Bib

A major problem in tracking objects in sensor networks is trading off update traffic and timeliness of the data that is available to a monitoring site. Typically, either all objects regularly update some central registry with their location information, or the monitoring instance floods the network with a request when it needs information for a particular object. More sophisticated approaches use a P2P-like distributed storage structure on top of geographic routing. The applicability of the latter is limited to certain topologies, and having separate storage and routing algorithms reduces efficiency. In this paper, we present a different solution which is based on the scalable source routing (SSR) protocol. SSR is a network layer routing protocol that has been inspired by distributed hash tables (DHT). It provides key-based routing in large networks of resource-limited devices such as sensor networks. We argue that this approach is more suitable for object tracking in sensor networks because it evenly spreads the updates over the whole network without being limited to a particular network topology. We support our argument with extensive simulations.
@conference{di07mass, author = {Di, Pengfei and Houri, Yaser and Wei, Qing and Widmer, J{\"o}rg and Fuhrmann, Thomas}, booktitle = {Proceedings of 4th IEEE International Conference on Mobile Ad-hoc and Sensor Systems}, title = {Application of DHT-Inspired Routing for Object Tracking}, year = {2007}, address = {Pisa, Italy}, isbn = {978-1-4244-1454-3}, keywords = {distributed hash table, scalable source routing}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }

[Ostrovsky:2007:AEN:1315245.1315270] Attribute-based encryption with non-monotonic access structures

Ostrovsky, Rafail, Sahai, Amit, and Waters, Brent

10/2007 2007

We construct an Attribute-Based Encryption (ABE) scheme that allows a user’s private key to be expressed in terms of any access formula over attributes. Previous ABE schemes were limited to expressing only monotonic access structures. We provide a proof of security for our scheme based on the Decisional Bilinear Diffie-Hellman (BDH) assumption. Furthermore, the performance of our new scheme compares favorably with existing, less-expressive schemes.

@conference{Ostrovsky:2007:AEN:1315245.1315270,
  author = {Ostrovsky, Rafail and Sahai, Amit and Waters, Brent},
  booktitle = {CCS{\textquoteright}07 - Proceedings of the 14th ACM Conference on Computer and Communications Security},
  title = {Attribute-based encryption with non-monotonic access structures},
  year = {2007},
  address = {Alexandria, VA, USA},
  month = {10/2007},
  organization = {ACM},
  pages = {195{\textendash}203},
  publisher = {ACM},
  series = {CCS {\textquoteright}07},
  doi = {http://doi.acm.org/10.1145/1315245.1315270},
  isbn = {978-1-59593-703-2},
  keywords = {ABE, BDH, Decisional bilinear diffie-hellman, encryption, non-monotonic access},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1315245.1315270}
}

[Neumann2007] B.A.T.M.A.N Status Report

Neumann, Axel, Aichele, Corinna Elektra, and Lindner, Marek

2007

abstract Bib

This report documents the current status of the development and implementation of the B.A.T.M.A.N (better approach to mobile ad-hoc networking) routing protocol. B.A.T.M.A.N uses a simple and robust algorithm for establishing multi-hop routes in mobile ad-hoc networks.It ensures highly adaptive and loop-free routing while causing only low processing and traffic cost.
@book{Neumann2007, author = {Neumann, Axel and Aichele, Corinna Elektra and Lindner, Marek}, title = {B.A.T.M.A.N Status Report}, year = {2007}, owner = {tom}, timestamp = {2017-10-10} }
[ccs07-blac] Blacklistable Anonymous Credentials: Blocking Misbehaving Users without TTPs

Tsang, Patrick P., Au, Man Ho, Kapadia, Apu, and Smith, Sean

Oct 2007

DOI Website abstract Bib

Several credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability of the TTP to revoke a user’s privacy at any time, however, is too strong a punishment for misbehavior. To limit the scope of deanonymization, systems such as "e-cash" have been proposed in which users are deanonymized under only certain types of well-defined misbehavior such as "double spending." While useful in some applications, it is not possible to generalize such techniques to more subjective definitions of misbehavior. We present the first anonymous credential system in which services can "blacklist" misbehaving users without contacting a TTP. Since blacklisted users remain anonymous, misbehaviors can be judged subjectively without users fearing arbitrary deanonymization by a TTP.
@conference{ccs07-blac, author = {Tsang, Patrick P. and Au, Man Ho and Kapadia, Apu and Smith, Sean}, booktitle = {Proceedings of CCS 2007}, title = {Blacklistable Anonymous Credentials: Blocking Misbehaving Users without TTPs}, year = {2007}, month = oct, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1315245.1315256}, isbn = {978-1-59593-703-2}, keywords = {privacy, revocation, user misbehavior}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1315245.1315256} }
[Terpstra:2007:BRP:1282427.1282387] Bubblestorm: resilient, probabilistic, and exhaustive peer-to-peer search

Terpstra, Wesley W., Kangasharju, Jussi, Leng, Christof, and Buchmann, Alejandro P.

SIGCOMM Computer Communication Review 08/2007 2007

DOI Website abstract Bib

Peer-to-peer systems promise inexpensive scalability, adaptability, and robustness. Thus, they are an attractive platform for file sharing, distributed wikis, and search engines. These applications often store weakly structured data, requiring sophisticated search algorithms. To simplify the search problem, most scalable algorithms introduce structure to the network. However, churn or violent disruption may break this structure, compromising search guarantees. This paper proposes a simple probabilistic search system, BubbleStorm, built on random multigraphs. Our primary contribution is a flexible and reliable strategy for performing exhaustive search. BubbleStorm also exploits the heterogeneous bandwidth of peers. However, we sacrifice some of this bandwidth for high parallelism and low latency. The provided search guarantees are tunable, with success probability adjustable well into the realm of reliable systems. For validation, we simulate a network with one million low-end peers and show BubbleStorm handles up to 90% simultaneous peer departure and 50% simultaneous crash.
@article{Terpstra:2007:BRP:1282427.1282387, author = {Terpstra, Wesley W. and Kangasharju, Jussi and Leng, Christof and Buchmann, Alejandro P.}, journal = {SIGCOMM Computer Communication Review}, title = {Bubblestorm: resilient, probabilistic, and exhaustive peer-to-peer search}, year = {2007}, issn = {0146-4833}, month = {08/2007}, pages = {49{\textendash}60}, volume = {37}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1282427.1282387}, keywords = {exhaustive search, peer-to-peer networking, resilience, simulation}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1282427.1282387} }
[cosic-2007-001] The Byzantine Postman Problem: A Trivial Attack Against PIR-based Nym Servers

Sassaman, Len, and Preneel, Bart

Feb 2007

Website abstract Bib

Over the last several decades, there have been numerous proposals for systems which can preserve the anonymity of the recipient of some data. Some have involved trusted third-parties or trusted hardware; others have been constructed on top of link-layer anonymity systems or mix-nets. In this paper, we evaluate a pseudonymous message system which takes the different approach of using Private Information Retrieval (PIR) as its basis. We expose a flaw in the system as presented: it fails to identify Byzantine servers. We provide suggestions on correcting the flaw, while observing the security and performance trade-offs our suggestions require.
@booklet{cosic-2007-001, title = {The Byzantine Postman Problem: A Trivial Attack Against PIR-based Nym Servers}, author = {Sassaman, Len and Preneel, Bart}, month = feb, year = {2007}, keywords = {anonymity, private information retrieval, pseudonym}, number = {ESAT-COSIC 2007-001}, owner = {tom}, publisher = {Katholieke Universiteit Leuven}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.70.1013} }
[1759877] CFR: a peer-to-peer collaborative file repository system

Lin, Meng-Ru, Lu, Ssu-Hsuan, Ho, Tsung-Hsuan, Lin, Peter, and Chung, Yeh-Ching

2007

Website abstract Bib

Due to the high availability of the Internet, many large cross-organization collaboration projects, such as SourceForge, grid systems etc., have emerged. One of the fundamental requirements of these collaboration efforts is a storage system to store and exchange data. This storage system must be highly scalable and can efficiently aggregate the storage resources contributed by the participating organizations to deliver good performance for users. In this paper, we propose a storage system, Collaborative File Repository (CFR), for large scale collaboration projects. CFR uses peer-to-peer techniques to achieve scalability, efficiency, and ease of management. In CFR, storage nodes contributed by the participating organizations are partitioned according to geographical regions. Files stored in CFR are automatically replicated to all regions. Furthermore, popular files are duplicated to other storage nodes of the same region. By doing so, data transfers between users and storage nodes are confined within their regions and transfer efficiency is enhanced. Experiments show that our replication can achieve high efficiency with a small number of duplicates.
@conference{1759877, author = {Lin, Meng-Ru and Lu, Ssu-Hsuan and Ho, Tsung-Hsuan and Lin, Peter and Chung, Yeh-Ching}, booktitle = {GPC{\textquoteright}07: Proceedings of the 2nd international conference on Advances in grid and pervasive computing}, title = {CFR: a peer-to-peer collaborative file repository system}, year = {2007}, address = {Berlin, Heidelberg}, organization = {Springer-Verlag}, pages = {100{\textendash}111}, publisher = {Springer-Verlag}, isbn = {978-3-540-72359-2}, keywords = {P2P, storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1759877\&dl=GUIDE\&coll=GUIDE$\#$} }
[1329865] Cheat-proof event ordering for large-scale distributed multiplayer games

GauthierDickey, Chis

2007

Website abstract Bib

Real-time, interactive, multi-user (RIM) applications are networked applications that allow users to collaborate and interact with each other over the Internet for work, education and training, or entertainment purposes. Multiplayer games, distance learning applications, collaborative whiteboards, immersive educational and training simulations, and distributed interactive simulations are examples of these applications. Of these RIM applications, multiplayer games are an important class for research due to their widespread deployment and popularity on the Internet. Research with multiplayer games will have a direct impact on all RIM applications. While large-scale multiplayer games have typically used a client/server architecture for network communication, we propose using a peer-to-peer architecture to solve the scalability problems inherent in centralized systems. Past research and actual deployments of peer-to-peer networks show that they can scale to millions of users. However, these prior peer-to-peer networks do not meet the low latency and interactive requirements that multi-player games need. Indeed, the fundamental problem of maintaining consistency between all nodes in the face of failures, delays, and malicious attacks has to be solved to make a peer-to-peer networks a viable solution. We propose solving the consistency problem through secure and scalable event ordering. While traditional event ordering requires all-to-all message passing and at least two rounds of communication, we argue that multiplayer games lend themselves naturally to a hierarchical decomposition of their state space so that we can reduce the communication cost of event ordering. We also argue that by using cryptography, a discrete view of time, and majority voting, we can totally order events in a real-time setting. By applying these two concepts, we can scale multiplayer games to millions of players. We develop our solution in two parts: a cheat-proof and real-time event ordering protocol and a scalable, hierarchical structure that organizes peers in a tree according to their scope of interest in the game. Our work represents the first, complete solution to this problem and we show through both proofs and simulations that our protocols allow the creation of large-scale, peer-to-peer games that are resistant to cheating while maintaining real-time responsiveness in the system.
@mastersthesis{1329865, author = {GauthierDickey, Chis}, school = {University of Oregon}, title = {Cheat-proof event ordering for large-scale distributed multiplayer games}, year = {2007}, address = {Eugene, OR, USA}, note = {Adviser-Lo, Virginia}, type = {phd}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1329865$\#$} }

[Lee2007CISS] CISS: An efficient object clustering framework for DHT-based peer-to-peer applications

Lee, Jinwon, Lee, Hyonik, Kang, Seungwoo, Kim, Su Myeon, and Song, Junehwa

Comput. Netw. 2007

@article{Lee2007CISS,
  author = {Lee, Jinwon and Lee, Hyonik and Kang, Seungwoo and Kim, Su Myeon and Song, Junehwa},
  journal = {Comput. Netw.},
  title = {CISS: An efficient object clustering framework for DHT-based peer-to-peer applications},
  year = {2007},
  issn = {1389-1286},
  number = {4},
  pages = {1072{\textendash}1094},
  volume = {51},
  address = {New York, NY, USA},
  doi = {10.1016/j.comnet.2006.07.005},
  keywords = {distributed hash table, load balancing, Multi-dimensional range query, Object clustering, Peer-to-peer application},
  owner = {tom},
  publisher = {Elsevier North-Holland, Inc.},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1016/j.comnet.2006.07.005}
}

[conf/acsac/ADC07] Closed-Circuit Unobservable Voice Over IP

Melchor, Carlos Aguilar, Deswarte, Yves, and Iguchi-Cartigny, Julien

2007

DOI Website abstract Bib

Among all the security issues in Voice over IP (VoIP) communications, one of the most difficult to achieve is traf- fic analysis resistance. Indeed, classical approaches pro- vide a reasonable degree of security but induce large round- trip times that are incompatible with VoIP. In this paper, we describe some of the privacy and secu- rity issues derived from traffic analysis in VoIP. We also give an overview of how to provide low-latency VoIP communi- cation with strong resistance to traffic analysis. Finally, we present a server which can provide such resistance to hun- dreds of users even if the server is compromised.
@conference{conf/acsac/ADC07, author = {Melchor, Carlos Aguilar and Deswarte, Yves and Iguchi-Cartigny, Julien}, booktitle = {Proceedings of 23rd Annual Computer Security Applications Conference (ACSAC{\textquoteright}07), Miami, FL, USA}, title = {Closed-Circuit Unobservable Voice Over IP}, year = {2007}, organization = {IEEE Computer Society Press}, publisher = {IEEE Computer Society Press}, doi = {10.1109/ACSAC.2007.34}, isbn = {0-7695-3060-5}, keywords = {latency, unobservability, VoIP}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.computer.org/portal/web/csdl/doi/10.1109/ACSAC.2007.34} }
[EdmanSY07] A Combinatorial Approach to Measuring Anonymity

Edman, Matthew, Sivrikaya, Fikret, and Yener, Bülent

Intelligence and Security Informatics, 2007 IEEE May 2007

DOI Website abstract Bib

In this paper we define a new metric for quantifying the degree of anonymity collectively afforded to users of an anonymous communication system. We show how our metric, based on the permanent of a matrix, can be useful in evaluating the amount of information needed by an observer to reveal the communication pattern as a whole. We also show how our model can be extended to include probabilistic information learned by an attacker about possible sender-recipient relationships. Our work is intended to serve as a complementary tool to existing information-theoretic metrics, which typically consider the anonymity of the system from the perspective of a single user or message.
@article{EdmanSY07, author = {Edman, Matthew and Sivrikaya, Fikret and Yener, B{\"u}lent}, journal = {Intelligence and Security Informatics, 2007 IEEE}, title = {A Combinatorial Approach to Measuring Anonymity}, year = {2007}, month = may, pages = {356{\textendash}363}, doi = {10.1109/ISI.2007.379497}, isbn = {142441329X}, keywords = {anonymity}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.mendeley.com/research/a-combinatorial-approach-to-measuring-anonymity/} }
[1273450] On compact routing for the internet

Krioukov, Dmitri, Fall, Kevin, and Brady, Arthur

SIGCOMM Comput. Commun. Rev. 2007

DOI Website abstract Bib

The Internet’s routing system is facing stresses due to its poor fundamental scaling properties. Compact routing is a research field that studies fundamental limits of routing scalability and designs algorithms that try to meet these limits. In particular, compact routing research shows that shortest-path routing, forming a core of traditional routing algorithms, cannot guarantee routing table (RT) sizes that on all network topologies grow slower than linearly as functions of the network size. However, there are plenty of compact routing schemes that relax the shortest-path requirement and allow for improved, sublinear RT size scaling that is mathematically provable for all static network topologies. In particular, there exist compact routing schemes designed for grids, trees, and Internet-like topologies that offer RT sizes that scale logarithmically with the network size. In this paper, we demonstrate that in view of recent results in compact routing research, such logarithmic scaling on Internet-like topologies is fundamentally impossible in the presence of topology dynamics or topology-independent (flat) addressing. We use analytic arguments to show that the number of routing control messages per topology change cannot scale better than linearly on Internet-like topologies. We also employ simulations to confirm that logarithmic RT size scaling gets broken by topology-independent addressing, a cornerstone of popular locator-identifier split proposals aiming at improving routing scaling in the presence of network topology dynamics or host mobility. These pessimistic findings lead us to the conclusion that a fundamental re-examination of assumptions behind routing models and abstractions is needed in order to find a routing architecture that would be able to scale "indefinitely.
@article{1273450, author = {Krioukov, Dmitri and Fall, Kevin and Brady, Arthur}, journal = {SIGCOMM Comput. Commun. Rev.}, title = {On compact routing for the internet}, year = {2007}, issn = {0146-4833}, number = {3}, pages = {41{\textendash}52}, volume = {37}, address = {New York, NY, USA}, doi = {10.1145/1273445.1273450}, keywords = {compact routing, internet routing, routing scalability}, owner = {tom}, publisher = {ACM}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1273450$\#$} }
[Courtes2007] Cooperative Data Backup for Mobile Devices

Courtes, Ludovic

03/2008 2007

Website abstract Bib

Mobile devices such as laptops, PDAs and cell phones are increasingly relied on but are used in contexts that put them at risk of physical damage, loss or theft. However, few mechanisms are available to reduce the risk of losing the data stored on these devices. In this dissertation, we try to address this concern by designing a cooperative backup service for mobile devices. The service leverages encounters and spontaneous interactions among participating devices, such that each device stores data on behalf of other devices. We first provide an analytical evaluation of the dependability gains of the proposed service. Distributed storage mechanisms are explored and evaluated. Security concerns arising from thecooperation among mutually suspicious principals are identified, and core mechanisms are proposed to allow them to be addressed. Finally, we present our prototype implementation of the cooperative backup service.
@mastersthesis{Courtes2007, author = {Courtes, Ludovic}, title = {Cooperative Data Backup for Mobile Devices}, year = {2007}, month = {03/2008}, keywords = {backup, dependability, P2P, ubiquitous computing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ethesis.inp-toulouse.fr/archive/00000544/}, volume = {Ph.D} }

[fessi-iptcomm2007] A cooperative SIP infrastructure for highly reliable telecommunication services

Fessi, Ali, Niedermayer, Heiko, Kinkelin, Holger, and Carle, Georg

2007

@conference{fessi-iptcomm2007,
  author = {Fessi, Ali and Niedermayer, Heiko and Kinkelin, Holger and Carle, Georg},
  booktitle = {IPTComm {\textquoteright}07: Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications},
  title = {{A cooperative SIP infrastructure for highly reliable telecommunication services}},
  year = {2007},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {29{\textendash}38},
  publisher = {ACM},
  doi = {http://doi.acm.org/10.1145/1326304.1326310},
  isbn = {978-1-60558-006-7},
  owner = {tom},
  timestamp = {2017-10-10}
}

[DBLP:conf/esorics/MalleshW07] Countering Statistical Disclosure with Receiver-Bound Cover Traffic

Mallesh, Nayantara, and Wright, Matthew

2007

DOI Website abstract Bib

Anonymous communications provides an important privacy service by keeping passive eavesdroppers from linking communicating parties. However, using long-term statistical analysis of traffic sent to and from such a system, it is possible to link senders with their receivers. Cover traffic is an effective, but somewhat limited, counter strategy against this attack. Earlier work in this area proposes that privacy-sensitive users generate and send cover traffic to the system. However, users are not online all the time and cannot be expected to send consistent levels of cover traffic, drastically reducing the impact of cover traffic. We propose that the mix generate cover traffic that mimics the sending patterns of users in the system. This receiver-bound cover helps to make up for users that aren’t there, confusing the attacker. We show through simulation how this makes it difficult for an attacker to discern cover from real traffic and perform attacks based on statistical analysis. Our results show that receiver-bound cover substantially increases the time required for these attacks to succeed. When our approach is used in combination with user-generated cover traffic, the attack takes a very long time to succeed.
@conference{DBLP:conf/esorics/MalleshW07, author = {Mallesh, Nayantara and Wright, Matthew}, booktitle = {Proceedings of ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings}, title = {Countering Statistical Disclosure with Receiver-Bound Cover Traffic}, year = {2007}, editor = {Biskup, Joachim and Lopez, Javier}, organization = {Springer}, pages = {547{\textendash}562}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {4734}, doi = {10.1007/978-3-540-74835-9}, isbn = {978-3-540-74834-2}, keywords = {anonymity, cover traffic, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/k2146538700m71v7/} }
[steven-thesis] Covert channel vulnerabilities in anonymity systems

Murdoch, Steven J.

Dec 2007

Website abstract Bib

The spread of wide-scale Internet surveillance has spurred interest in anonymity systems that protect users’ privacy by restricting unauthorised access to their identity. This requirement can be considered as a flow control policy in the well established field of multilevel secure systems. I apply previous research on covert channels (unintended means to communicate in violation of a security policy) to analyse several anonymity systems in an innovative way. One application for anonymity systems is to prevent collusion in competitions. I show how covert channels may be exploited to violate these protections and construct defences against such attacks, drawing from previous covert channel research and collusion-resistant voting systems. In the military context, for which multilevel secure systems were designed, covert channels are increasingly eliminated by physical separation of interconnected single-role computers. Prior work on the remaining network covert channels has been solely based on protocol specifications. I examine some protocol implementations and show how the use of several covert channels can be detected and how channels can be modified to resist detection. I show how side channels (unintended information leakage) in anonymity networks may reveal the behaviour of users. While drawing on previous research on traffic analysis and covert channels, I avoid the traditional assumption of an omnipotent adversary. Rather, these attacks are feasible for an attacker with limited access to the network. The effectiveness of these techniques is demonstrated by experiments on a deployed anonymity network, Tor. Finally, I introduce novel covert and side channels which exploit thermal effects. Changes in temperature can be remotely induced through CPU load and measured by their effects on crystal clock skew. Experiments show this to be an effective attack against Tor. This side channel may also be usable for geolocation and, as a covert channel, can cross supposedly infallible air-gap security boundaries. This thesis demonstrates how theoretical models and generic methodologies relating to covert channels may be applied to find practical solutions to problems in real-world anonymity systems. These findings confirm the existing hypothesis that covert channel analysis, vulnerabilities and defences developed for multilevel secure systems apply equally well to anonymity systems.
@mastersthesis{steven-thesis, author = {Murdoch, Steven J.}, school = {University of Cambridge}, title = {Covert channel vulnerabilities in anonymity systems}, year = {2007}, month = dec, type = {phd}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.62.5142} }
[ccs07-doa] Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity

Borisov, Nikita, Danezis, George, Mittal, Prateek, and Tabriz, Parisa

Oct 2007

DOI Website abstract Bib

We consider the effect attackers who disrupt anonymous communications have on the security of traditional high- and low-latency anonymous communication systems, as well as on the Hydra-Onion and Cashmere systems that aim to offer reliable mixing, and Salsa, a peer-to-peer anonymous communication network. We show that denial of service (DoS) lowers anonymity as messages need to get retransmitted to be delivered, presenting more opportunities for attack. We uncover a fundamental limit on the security of mix networks, showing that they cannot tolerate a majority of nodes being malicious. Cashmere, Hydra-Onion, and Salsa security is also badly affected by DoS attackers. Our results are backed by probabilistic modeling and extensive simulations and are of direct applicability to deployed anonymity systems.
@conference{ccs07-doa, author = {Borisov, Nikita and Danezis, George and Mittal, Prateek and Tabriz, Parisa}, booktitle = {Proceedings of CCS 2007}, title = {Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity}, year = {2007}, month = oct, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1315245.1315258}, isbn = {978-1-59593-703-2}, keywords = {anonymity, attack, denial-of-service, reliability}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1315258} }
[1345798] Dependability Evaluation of Cooperative Backup Strategies for Mobile Devices

Courtes, Ludovic, Hamouda, Ossama, Kaaniche, Mohamed, Killijian, Marc-Olivier, and Powell, David

2007

DOI Website abstract Bib

Mobile devices (e.g., laptops, PDAs, cell phones) are increasingly relied on but are used in contexts that put them at risk of physical damage, loss or theft. This paper discusses the dependability evaluation of a cooperative backup service for mobile devices. Participating devices leverage encounters with other devices to temporarily replicate critical data. Permanent backups are created when the participating devices are able to access the fixed infrastructure. Several data replication and scattering strategies are presented,including the use of erasure codes. A methodology to model and evaluate them using Petri nets and Markov chains is described. We demonstrate that our cooperative backup service decreases the probability of data loss by a factor up to the ad hoc to Internet connectivity ratio.
@conference{1345798, author = {Courtes, Ludovic and Hamouda, Ossama and Kaaniche, Mohamed and Killijian, Marc-Olivier and Powell, David}, booktitle = {PRDC {\textquoteright}07: Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing}, title = {Dependability Evaluation of Cooperative Backup Strategies for Mobile Devices}, year = {2007}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {139{\textendash}146}, publisher = {IEEE Computer Society}, doi = {10.1109/PRDC.2007.29}, isbn = {0-7695-3054-0}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1345534.1345798$\#$} }
[wiangsripanawan-acsw07] Design principles for low latency anonymous network systems secure against timing attacks

Wiangsripanawan, Rungrat, Susilo, Willy, and Safavi-Naini, Rei

2007

Website abstract Bib

Low latency anonymous network systems, such as Tor, were considered secure against timing attacks when the threat model does not include a global adversary. In this threat model the adversary can only see part of the links in the system. In a recent paper entitled Low-cost traffic analysis of Tor, it was shown that a variant of timing attack that does not require a global adversary can be applied to Tor. More importantly, authors claimed that their attack would work on any low latency anonymous network systems. The implication of the attack is that all low latency anonymous networks will be vulnerable to this attack even if there is no global adversary. In this paper, we investigate this claim against other low latency anonymous networks, including Tarzan and Morphmix. Our results show that in contrast to the claim of the aforementioned paper, the attack may not be applicable in all cases. Based on our analysis, we draw design principles for secure low latency anonymous network system (also secure against the above attack).
@conference{wiangsripanawan-acsw07, author = {Wiangsripanawan, Rungrat and Susilo, Willy and Safavi-Naini, Rei}, booktitle = {Proceedings of the fifth Australasian symposium on ACSW frontiers (ACSW {\textquoteright}07)}, title = {Design principles for low latency anonymous network systems secure against timing attacks}, year = {2007}, address = {Darlinghurst, Australia, Australia}, organization = {Australian Computer Society, Inc}, pages = {183{\textendash}191}, publisher = {Australian Computer Society, Inc}, isbn = {1-920-68285-X}, keywords = {anonymity, latency, Morphmix, Tarzan, timing attack, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1274553} }
[Piatek2007] Do incentives build robustness in BitTorrent?

Piatek, Michael, Isdal, Tomas, Anderson, Thomas, Krishnamurthy, Arvind, and Venkataramani, Arun

04/2007 2007

Website abstract Bib

A fundamental problem with many peer-to-peer systems is the tendency for users to "free ride"–to consume resources without contributing to the system. The popular file distribution tool BitTorrent was explicitly designed to address this problem, using a tit-for-tat reciprocity strategy to provide positive incentives for nodes to contribute resources to the swarm. While BitTorrent has been extremely successful, we show that its incentive mechanism is not robust to strategic clients. Through performance modeling parameterized by real world traces, we demonstrate that all peers contribute resources that do not directly improve their performance. We use these results to drive the design and implementation of BitTyrant, a strategic BitTorrent client that provides a median 70% performance gain for a 1 Mbit client on live Internet swarms. We further show that when applied universally, strategic clients can hurt average per-swarm performance compared to today’s BitTorrent client implementations.
@conference{Piatek2007, author = {Piatek, Michael and Isdal, Tomas and Anderson, Thomas and Krishnamurthy, Arvind and Venkataramani, Arun}, booktitle = {NSDI{\textquoteright}07. Proceedings of the 4th USENIX Conference on Networked Systems Design Implementation}, title = {Do incentives build robustness in BitTorrent?}, year = {2007}, address = {Cambridge, MA, USA}, month = {04/2007}, organization = {USENIX Association}, pages = {1{\textendash}1}, publisher = {USENIX Association}, series = {NSDI{\textquoteright}07}, keywords = {BitTorrent, free riding, incentives, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1973430.1973431} }

[diaz-wpes2007] Does additional information always reduce anonymity?

Diaz, Claudia, Troncoso, Carmela, and Danezis, George

Oct 2007

We discuss information-theoretic anonymity metrics, that use entropy over the distribution of all possible recipients to quantify anonymity. We identify a common misconception: the entropy of the distribution describing the potentialreceivers does not always decrease given more information.We show the relation of these a-posteriori distributions with the Shannon conditional entropy, which is an average overall possible observations.

@conference{diaz-wpes2007,
  author = {Diaz, Claudia and Troncoso, Carmela and Danezis, George},
  booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society 2007},
  title = {Does additional information always reduce anonymity?},
  year = {2007},
  address = {Alexandria,VA,USA},
  editor = {Yu, Ting},
  month = oct,
  organization = {ACM New York, NY, USA},
  pages = {72{\textendash}75},
  publisher = {ACM New York, NY, USA},
  doi = {10.1145/1314333.1314347},
  isbn = {978-1-59593-883-1},
  keywords = {anonymity measurement, entropy, mix, user profiles},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1314333.1314347}
}

[Landsiedel_dynamicmultipath] Dynamic Multipath Onion Routing in Anonymous Peer-To-Peer Overlay Networks

Landsiedel, Olaf, Pimenidis, Alexis, and Wehrle, Klaus

2007

Website abstract Bib

Although recent years provided many protocols for anonymous routing in overlay networks, they commonly rely on the same communication paradigm: Onion Routing. In Onion Routing a static tunnel through an overlay network is build via layered encryption. All traffic exchanged by its end points is relayed through this tunnel. In contrast, this paper introduces dynamic multipath Onion Routing to extend the static Onion Routing paradigm. This approach allows each packet exchanged between two end points to travel along a different path. To provide anonymity the first half of this path is selected by the sender and the second half by the receiver of the packet. The results are manifold: First, dynamic multipath Onion Routing increases the resilience against threats, especially pattern and timing based analysis attacks. Second, the dynamic paths reduce the impact of misbehaving and overloaded relays. Finally, inspired by Internet routing, the forwarding nodes do not need to maintain any state about ongoing flows and so reduce the complexity of the router. In this paper, we describe the design of our dynamic Multipath Onion RoutEr (MORE) for peer-to-peer overlay networks, and evaluate its performance. Furthermore, we integrate address virtualization to abstract from Internet addresses and provide transparent support for IP applications. Thus, no application-level gateways, proxies or modifications of applications are required to sanitize protocols from network level information. Acting as an IP-datagram service, our scheme provides a substrate for anonymous communication to a wide range of applications using TCP and UDP.
@booklet{Landsiedel_dynamicmultipath, title = {Dynamic Multipath Onion Routing in Anonymous Peer-To-Peer Overlay Networks}, author = {Landsiedel, Olaf and Pimenidis, Alexis and Wehrle, Klaus}, year = {2007}, isbn = {978-1-4244-1043-9}, keywords = {onion routing, overlay networks, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/Xplore/login.jsp?url=http\%3A\%2F\%2Fieeexplore.ieee.org\%2Fiel5\%2F4410909\%2F4410910\%2F04410930.pdf\%3Farnumber\%3D4410930\&authDecision=-203} }
[Coulom:2006:ESB:1777826.1777833] Efficient selectivity and backup operators in Monte-Carlo tree search

Coulom, Rémi

2007

Website abstract Bib

A Monte-Carlo evaluation consists in estimating a position by averaging the outcome of several random continuations. The method can serve as an evaluation function at the leaves of a min-max tree. This paper presents a new framework to combine tree search with Monte-Carlo evaluation, that does not separate between a min-max phase and a Monte-Carlo phase. Instead of backing-up the min-max value close to the root, and the average value at some depth, a more general backup operator is defined that progressively changes from averaging to minmax as the number of simulations grows. This approach provides a finegrained control of the tree growth, at the level of individual simulations, and allows efficient selectivity. The resulting algorithm was implemented in a 9 \texttimes 9 Go-playing program, Crazy Stone, that won the 10th KGS computer-Go tournament.
@conference{Coulom:2006:ESB:1777826.1777833, author = {Coulom, R{\'e}mi}, booktitle = {CG{\textquoteright}06 - Proceedings of the 5th international conference on Computers and games}, title = {Efficient selectivity and backup operators in Monte-Carlo tree search}, year = {2007}, address = {Turin, Italy}, organization = {Springer-Verlag}, pages = {72{\textendash}83}, publisher = {Springer-Verlag}, series = {CG{\textquoteright}06}, isbn = {3-540-75537-3, 978-3-540-75537-1}, keywords = {framework, MCTS, Monte-Carlo Tree Search}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1777826.1777833} }

[Machanavajjhala2007] \ell-diversity: Privacy beyond k-anonymity

Machanavajjhala, Ashwin, Kifer, Daniel, Gehrke, Johannes, and Venkitasubramaniam, Muthuramakrishnan

ACM Transactions on Knowledge Discovery from Data (TKDD) 2007

Bib

@article{Machanavajjhala2007,
  author = {Machanavajjhala, Ashwin and Kifer, Daniel and Gehrke, Johannes and Venkitasubramaniam, Muthuramakrishnan},
  journal = {ACM Transactions on Knowledge Discovery from Data (TKDD)},
  title = {$\ell$-diversity: Privacy beyond k-anonymity},
  year = {2007},
  number = {1},
  volume = {1},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Tang:2007:ESE:1260204.1260647] Empirical Study on the Evolution of PlanetLab

Tang, Li, Chen, Yin, Li, Fei, Zhang, Hui, and Li, Jun

04/2007 2007

DOI Website abstract Bib

PlanetLab is a globally distributed overlay platform that has been increasingly used by researchers to deploy and assess planetary-scale network services. This paper analyzes some particular advantages of PlanetLab, and then investigates its evolution process, geographical node-distribution, and network topological features. The revealed results are helpful for researchers to 1) understand the history of PlanetLab and some of its important properties quantitatively; 2) realize the dynamic of PlanetLab environment and design professional experiments; 3) select stable nodes that possess a high probability to run continuously for a long time; and 4) objectively and in depth evaluate the experimental results.
@conference{Tang:2007:ESE:1260204.1260647, author = {Tang, Li and Chen, Yin and Li, Fei and Zhang, Hui and Li, Jun}, booktitle = {ICN{\textquoteright}07 - Proceedings of the 6th International Conference on Networking}, title = {Empirical Study on the Evolution of PlanetLab}, year = {2007}, address = {Sainte-Luce, Martinique, France}, month = {04/2007}, organization = {IEEE Computer Society}, pages = {64{\textendash}}, publisher = {IEEE Computer Society}, doi = {10.1109/ICN.2007.40}, isbn = {0-7695-2805-8}, keywords = {overlay, PlanetLab, topology}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1260204.1260647} }
[Member_enablingadaptive] Enabling Adaptive Video Streaming in P2P Systems

Jurca, Dan, Chakareski, Jacob, Wagner, Jean-Paul, and Frossard, Pascal

IEEE Communications Magazine 2007

DOI abstract Bib

Peer-to-peer (P2P) systems are becoming increasingly popular due to their ability to deliver large amounts of data at a reduced deployment cost. In addition to fostering the development of novel media applications, P2P systems also represent an interesting alternative paradigm for media streaming applications that can benefit from the inherent self organization and resource scalability available in such environments. This article presents an overview of application and network layer mechanisms that enable successful streaming frameworks in peer-to-peer systems. We describe media delivery architectures that can be deployed over P2P networks to address the specific requirements of streaming applications. In particular, we show how video-streaming applications can benefit from the diversity offered by P2P systems and implement distributed-streaming and scheduling solutions with multi-path packet transmission.
@article{Member_enablingadaptive, author = {Jurca, Dan and Chakareski, Jacob and Wagner, Jean-Paul and Frossard, Pascal}, journal = {IEEE Communications Magazine}, title = {Enabling Adaptive Video Streaming in P2P Systems}, year = {2007}, issn = {0163-6804}, pages = {108 - 114}, volume = {45}, doi = {10.1109/MCOM.2007.374427}, keywords = {distributed packet scheduling, flexible media encoding, path diversity, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10} }
[Stathopoulos07end-to-endrouting] End-to-end routing for dualradio sensor networks

Stathopoulos, Thanos, Heidemann, John, Lukac, Martin, Estrin, Deborah, and Kaiser, William J.

2007

Website abstract Bib

Dual-radio, dual-processor nodes are an emerging class of Wireless Sensor Network devices that provide both lowenergy operation as well as substantially increased computational performance and communication bandwidth for applications. In such systems, the secondary radio and processor operates with sufficiently low power that it may remain always vigilant, while the the main processor and primary, high-bandwidth radio remain off until triggered by the application. By exploiting the high energy efficiency of the main processor and primary radio along with proper usage, net operating energy benefits are enabled for applications. The secondary radio provides a constantly available multi-hop network, while paths in the primary network exist only when required. This paper describes a topology control mechanism for establishing an end-to-end path in a network of dual-radio nodes using the secondary radios as a control channel to selectively wake up nodes along the required end-to-end path. Using numerical models as well as testbed experimentation, we show that our proposed mechanism provides significant energy savings of more than 60 % compared to alternative approaches, and that it incurs only moderately greater application latency.
@conference{Stathopoulos07end-to-endrouting, author = {Stathopoulos, Thanos and Heidemann, John and Lukac, Martin and Estrin, Deborah and Kaiser, William J.}, booktitle = {In INFOCOM}, title = {End-to-end routing for dualradio sensor networks}, year = {2007}, pages = {2252{\textendash}2260}, keywords = {routing, wireless sensor network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.87.8984} }

[Binzenhofer:2007:ECS:1769187.1769257] Estimating churn in structured P2P networks

Binzenhöfer, Andreas, and Leibnitz, Kenji

06/2007 2007

In structured peer-to-peer (P2P) networks participating peers can join or leave the system at arbitrary times, a process which is known as churn. Many recent studies revealed that churn is one of the main problems faced by any Distributed Hash Table (DHT). In this paper we discuss different possibilities of how to estimate the current churn rate in the system. In particular, we show how to obtain a robust estimate which is independent of the implementation details of the DHT. We also investigate the trade-offs between accuracy, overhead, and responsiveness to changes.

@conference{Binzenhofer:2007:ECS:1769187.1769257,
  author = {Binzenh{\"o}fer, Andreas and Leibnitz, Kenji},
  booktitle = {ITC-20{\textquoteright}07 - Proceedings of the 20th International Teletraffic Conference on Managing Traffic Performance in Converged Networks},
  title = {Estimating churn in structured P2P networks},
  year = {2007},
  address = {Ottawa, Canada},
  month = {06/2007},
  organization = {Springer-Verlag},
  pages = {630{\textendash}641},
  publisher = {Springer-Verlag},
  series = {ITC20{\textquoteright}07},
  isbn = {978-3-540-72989-1},
  keywords = {churn, distributed hash table, P2P, peer-to-peer networking},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=1769187.1769257}
}

[10.1109/WOWMOM.2007.4351805] A Game Theoretic Model of a Protocol for Data Possession Verification

Oualha, Nouha, Michiardi, Pietro, and Roudier, Yves

A World of Wireless, Mobile and Multimedia Networks, International Symposium on 2007

DOI Website abstract Bib

This paper discusses how to model a protocol for the verification of data possession intended to secure a peer-to-peer storage application. The verification protocol is a primitive for storage assessment, and indirectly motivates nodes to behave cooperatively within the application. The capability of the protocol to enforce cooperation between a data holder and a data owner is proved theoretically by modeling the verification protocol as a Bayesian game, and demonstrating that the solution of the game is an equilibrium where both parties are cooperative.
@article{10.1109/WOWMOM.2007.4351805, author = {Oualha, Nouha and Michiardi, Pietro and Roudier, Yves}, journal = {A World of Wireless, Mobile and Multimedia Networks, International Symposium on}, title = {A Game Theoretic Model of a Protocol for Data Possession Verification}, year = {2007}, pages = {1-6}, address = {Los Alamitos, CA, USA}, doi = {10.1109/WOWMOM.2007.4351805}, isbn = {978-1-4244-0992-1}, keywords = {P2P}, owner = {tom}, publisher = {IEEE Computer Society}, timestamp = {2017-10-10}, url = {http://www.computer.org/portal/web/csdl/doi/10.1109/WOWMOM.2007.4351805} }
[AthanRAM07] GAS: Overloading a File Sharing Network as an Anonymizing System

Athanasopoulos, Elias, Roussopoulos, Mema, Anagnostakis, Kostas G., and Markatos, Evangelos P.

2007

DOI Website abstract Bib

Anonymity is considered as a valuable property as far as everyday transactions in the Internet are concerned. Users care about their privacy and they seek for new ways to keep secret as much as of their personal information from third parties. Anonymizing systems exist nowadays that provide users with the technology, which is able to hide their origin when they use applications such as the World Wide Web or Instant Messaging. However, all these systems are vulnerable to a number of attacks and some of them may collapse under a low strength adversary. In this paper we explore anonymity from a different perspective. Instead of building a new anonymizing system, we try to overload an existing file sharing system, Gnutella, and use it for a different purpose. We develop a technique that transforms Gnutella as an Anonymizing System (GAS) for a single download from the World Wide Web.
@conference{AthanRAM07, author = {Athanasopoulos, Elias and Roussopoulos, Mema and Anagnostakis, Kostas G. and Markatos, Evangelos P.}, booktitle = {Proceedings of Second International Workshop on Security, (IWSEC 2007)}, title = {GAS: Overloading a File Sharing Network as an Anonymizing System}, year = {2007}, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/978-3-540-75651-4}, isbn = {978-3-540-75650-7}, keywords = {anonymity, Gnutella}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/8120788t0l354vj6/} }
[Steiner:2007:GVK:1298306.1298323] A global view of KAD

Steiner, Moritz, En-Najjary, Taoufik, and Biersack, E W

10/2007 2007

DOI Website abstract Bib

Distributed hash tables (DHTs) have been actively studied in literature and many different proposals have been made on how to organize peers in a DHT. However, very few DHT shave been implemented in real systems and deployed on alarge scale. One exception is KAD, a DHT based on Kademlia, which is part of eDonkey2000, a peer-to-peer file sharing system with several million simultaneous users. We have been crawling KAD continuously for about six months and obtained information about the total number of peers online and their geographical distribution. Peers are identified by the so called KAD ID, which was up to now assumed to remain the same across sessions. However, we observed that this is not the case: There is a large number of peers, in particular in China, that change their KAD ID, sometimes as frequently as after each session. This change of KAD IDs makes it difficult to characterize end-user availability or membership turnover.
@conference{Steiner:2007:GVK:1298306.1298323, author = {Steiner, Moritz and En-Najjary, Taoufik and Biersack, E W}, booktitle = {IMC{\textquoteright}07 - Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement}, title = {A global view of KAD}, year = {2007}, address = {San Diego, CA, USA}, month = {10/2007}, organization = {ACM}, pages = {117{\textendash}122}, publisher = {ACM}, series = {IMC {\textquoteright}07}, doi = {http://doi.acm.org/10.1145/1298306.1298323}, isbn = {978-1-59593-908-1}, keywords = {distributed hash table, lookup, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1298306.1298323} }
[Jelasity2007] Gossip-based Peer Sampling

Jelasity, Márk, Voulgaris, Spyros, Guerraoui, Rachid, Kermarrec, Anne-Marie, and Steen, Maarten

ACM Trans. Comput. Syst. 2007

DOI Website abstract Bib

Gossip-based communication protocols are appealing in large-scale distributed applications such as information dissemination, aggregation, and overlay topology management. This paper factors out a fundamental mechanism at the heart of all these protocols: the peer-sampling service. In short, this service provides every node with peers to gossip with. We promote this service to the level of a first-class abstraction of a large-scale distributed system, similar to a name service being a first-class abstraction of a local-area system. We present a generic framework to implement a peer-sampling service in a decentralized manner by constructing and maintaining dynamic unstructured overlays through gossiping membership information itself. Our framework generalizes existing approaches and makes it easy to discover new ones. We use this framework to empirically explore and compare several implementations of the peer sampling service. Through extensive simulation experiments we show that—although all protocols provide a good quality uniform random stream of peers to each node locally—traditional theoretical assumptions about the randomness of the unstructured overlays as a whole do not hold in any of the instances. We also show that different design decisions result in severe differences from the point of view of two crucial aspects: load balancing and fault tolerance. Our simulations are validated by means of a wide-area implementation.
@article{Jelasity2007, author = {Jelasity, M{\'a}rk and Voulgaris, Spyros and Guerraoui, Rachid and Kermarrec, Anne-Marie and van Steen, Maarten}, journal = {ACM Trans. Comput. Syst.}, title = {Gossip-based Peer Sampling}, year = {2007}, issn = {0734-2071}, volume = {25}, doi = {10.1145/1275517.1275520}, keywords = {epidemic protocols, Gossip-based protocols, peer sampling service}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1275517.1275520} }
[Kermarrec2007] Gossiping in Distributed Systems

Kermarrec, Anne-Marie, and Steen, Maarten

SIGOPS Oper. Syst. Rev. 2007

DOI Website abstract Bib

Gossip-based algorithms were first introduced for reliably disseminating data in large-scale distributed systems. However, their simplicity, robustness, and flexibility make them attractive for more than just pure data dissemination alone. In particular, gossiping has been applied to data aggregation, overlay maintenance, and resource allocation. Gossiping applications more or less fit the same framework, with often subtle differences in algorithmic details determining divergent emergent behavior. This divergence is often difficult to understand, as formal models have yet to be developed that can capture the full design space of gossiping solutions. In this paper, we present a brief introduction to the field of gossiping in distributed systems, by providing a simple framework and using that framework to describe solutions for various application domains.
@article{Kermarrec2007, author = {Kermarrec, Anne-Marie and van Steen, Maarten}, journal = {SIGOPS Oper. Syst. Rev.}, title = {Gossiping in Distributed Systems}, year = {2007}, issn = {0163-5980}, pages = {2{\textendash}7}, volume = {41}, doi = {10.1145/1317379.1317381}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1317379.1317381} }
[feldman:hidden-action] Hidden-Action in Network Routing

Feldman, Michal, Chuang, John, Stoica, Ion, and Shenker, S

IEEE Journal on Selected Areas in Communications 08/2007 2007

DOI abstract Bib

In communication networks, such as the Internet or mobile ad-hoc networks, the actions taken by intermediate nodes or links are typically hidden from the communicating endpoints; all the endpoints can observe is whether or not the end-to-end transmission was successful. Therefore, in the absence of incentives to the contrary, rational (i.e., selfish) intermediaries may choose to forward messages at a low priority or simply not forward messages at all. Using a principal-agent model, we show how the hidden-action problem can be overcome through appropriate design of contracts in both the direct (the endpoints contract with each individual router directly) and the recursive (each router contracts with the next downstream router) cases. We further show that, depending on the network topology, per-hop or per-path monitoring may not necessarily improve the utility of the principal or the social welfare of the system.
@article{feldman:hidden-action, author = {Feldman, Michal and Chuang, John and Stoica, Ion and Shenker, S}, journal = {IEEE Journal on Selected Areas in Communications}, title = {Hidden-Action in Network Routing}, year = {2007}, issn = {0733-8716}, month = {08/2007}, pages = {1161-1172}, volume = {25}, doi = {10.1109/JSAC.2007.070810}, keywords = {action, communication network, hidden action, network routing}, owner = {tom}, timestamp = {2017-10-10} }

[so64132] How robust are gossip-based communication protocols?

Alvisi, Lorenzo, Doumen, Jeroen, Guerraoui, Rachid, Koldehofe, Boris, Li, Harry, Renesse, Robbert Van, and Tredan, Gilles

Operating Systems Review Oct 2007

Gossip-based communication protocols are often touted as being robust. Not surprisingly, such a claim relies on assumptions under which gossip protocols are supposed to operate. In this paper, we discuss and in some cases expose some of these assumptions and discuss how sensitive the robustness of gossip is to these assumptions. This analysis gives rise to a collection of new research challenges.

@article{so64132,
  author = {Alvisi, Lorenzo and Doumen, Jeroen and Guerraoui, Rachid and Koldehofe, Boris and Li, Harry and Renesse, Robbert Van and Tredan, Gilles},
  journal = {Operating Systems Review},
  title = {How robust are gossip-based communication protocols?},
  year = {2007},
  issn = {0163-5980},
  month = oct,
  number = {5},
  pages = {14{\textendash}18},
  volume = {41},
  doi = {10.1145/1317379.1317383},
  keywords = {robustness},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://doc.utwente.nl/64132/}
}

[adida07] How to Shuffle in Public

Adida, Ben, and Wikström, Douglas

Feb 2007

DOI Website abstract Bib

We show how to obfuscate a secret shuffle of ciphertexts: shuffling becomes a public operation. Given a trusted party that samples and obfuscates a shuffle before any ciphertexts are received, this reduces the problem of constructing a mix-net to verifiable joint decryption. We construct public-key obfuscations of a decryption shuffle based on the Boneh-Goh-Nissim (BGN) cryptosystem and a re-encryption shuffle based on the Paillier cryptosystem. Both allow efficient distributed verifiable decryption. Finally, we give a distributed protocol for sampling and obfuscating each of the above shuffles and show how it can be used in a trivial way to construct a universally composable mix-net. Our constructions are practical when the number of senders N is small, yet large enough to handle a number of practical cases, e.g. N = 350 in the BGN case and N = 2000 in the Paillier case.
@conference{adida07, author = {Adida, Ben and Wikstr{\"o}m, Douglas}, booktitle = {Proceedings of the Theory of Cryptography 2007}, title = {How to Shuffle in Public}, year = {2007}, month = feb, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/978-3-540-70936-7}, isbn = {978-3-540-70935-0}, keywords = {public key cryptography, re-encryption}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/j6p730488x602r28/} }

[Delerablee:2007:IBE:1781454.1781471] Identity-based broadcast encryption with constant size ciphertexts and private keys

Delerablée, Cécile

12/2007 2007

This paper describes the first identity-based broadcast encryption scheme (IBBE) with constant size ciphertexts and private keys. In our scheme, the public key is of size linear in the maximal size m of the set of receivers, which is smaller than the number of possible users (identities) in the system. Compared with a recent broadcast encryption system introduced by Boneh, Gentry and Waters (BGW), our system has comparable properties, but with a better efficiency: the public key is shorter than in BGW. Moreover, the total number of possible users in the system does not have to be fixed in the setup.

@conference{Delerablee:2007:IBE:1781454.1781471,
  author = {Delerabl{\'e}e, C{\'e}cile},
  booktitle = {ASIACRYPT 2007 - Proceedings of the Advances in Cryptology 13th International Conference on Theory and Application of Cryptology and Information Security},
  title = {Identity-based broadcast encryption with constant size ciphertexts and private keys},
  year = {2007},
  address = {Kuching, Malaysia},
  month = {12/2007},
  organization = {Springer-Verlag},
  pages = {200{\textendash}215},
  publisher = {Springer-Verlag},
  series = {ASIACRYPT{\textquoteright}07},
  isbn = {3-540-76899-8, 978-3-540-76899-9},
  keywords = {ciphertext, encryption, IBBE, private key},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=1781454.1781471}
}

[KongHG07] An Identity-Free and On-Demand Routing Scheme against Anonymity Threats in Mobile Ad Hoc Networks

Kong, Jiejun, Hong, Xiaoyan, and Gerla, Mario

IEEE Transactions on Mobile Computing 2007

DOI Website abstract Bib

Introducing node mobility into the network also introduces new anonymity threats. This important change of the concept of anonymity has recently attracted attentions in mobile wireless security research. This paper presents identity-free routing and on-demand routing as two design principles of anonymous routing in mobile ad hoc networks. We devise ANODR (ANonymous On-Demand Routing) as the needed anonymous routing scheme that is compliant with the design principles. Our security analysis and simulation study verify the effectiveness and efficiency of ANODR.
@article{KongHG07, author = {Kong, Jiejun and Hong, Xiaoyan and Gerla, Mario}, journal = {IEEE Transactions on Mobile Computing}, title = {An Identity-Free and On-Demand Routing Scheme against Anonymity Threats in Mobile Ad Hoc Networks}, year = {2007}, issn = {1536-1233}, number = {8}, pages = {888{\textendash}902}, volume = {6}, address = {Los Alamitos, CA, USA}, doi = {10.1109/TMC.2007.1021}, keywords = {ad-hoc networks, anonymity, identity-free routing, neighborhood management, network complexity theory.}, owner = {tom}, publisher = {IEEE Computer Society}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1272127} }

[Infocom2007-SNS] Implications of Selfish Neighbor Selection in Overlay Networks

Laoutaris, Nikolaos, Smaragdakis, Georgios, Bestavros, Azer, and Byers, John W.

May 2007

@conference{Infocom2007-SNS,
  author = {Laoutaris, Nikolaos and Smaragdakis, Georgios and Bestavros, Azer and Byers, John W.},
  booktitle = {Proceedings of IEEE INFOCOM 2007},
  title = {Implications of Selfish Neighbor Selection in Overlay Networks},
  year = {2007},
  address = {Anchorage, AK},
  month = may,
  keywords = {EGOIST, game theory, routing},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {www.cs.bu.edu/techreports/pdf/2006-019-selfish-neighbor-selection.pdf}
}

[overlier-pet2007] Improving Efficiency and Simplicity of Tor circuit establishment and hidden services

Øverlier, Lasse, and Syverson, Paul

Jun 2007

DOI Website abstract Bib

In this paper we demonstrate how to reduce the overhead and delay of circuit establishment in the Tor anonymizing network by using predistributed Diffie-Hellman values. We eliminate the use of RSA encryption and decryption from circuit setup, and we reduce the number of DH exponentiations vs. the current Tor circuit setup protocol while maintaining immediate forward secrecy. We also describe savings that can be obtained by precomputing during idle cycles values that can be determined before the protocol starts. We introduce the distinction of eventual vs. immediate forward secrecy and present protocols that illustrate the distinction. These protocols are even more efficient in communication and computation than the one we primarily propose, but they provide only eventual forward secrecy. We describe how to reduce the overhead and the complexity of hidden server connections by using our DH-values to implement valet nodes and eliminate the need for rendezvous points as they exist today. We also discuss the security of the new elements and an analysis of efficiency improvements.
@conference{overlier-pet2007, author = {{\O}verlier, Lasse and Syverson, Paul}, booktitle = {Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007)}, title = {Improving Efficiency and Simplicity of Tor circuit establishment and hidden services}, year = {2007}, address = {Ottawa, Canada}, editor = {Borisov, Nikita and Golle, Philippe}, month = jun, organization = {Springer}, publisher = {Springer}, doi = {10.1007/978-3-540-75551-7}, keywords = {public key cryptography}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/j68v312681l8v874/} }
[1290327] On improving the efficiency of truthful routing in MANETs with selfish nodes

Wang, Yongwei, and Singhal, Mukesh

Pervasive Mob. Comput. 2007

DOI Website abstract Bib

In Mobile Ad Hoc Networks (MANETs), nodes depend upon each other for routing and forwarding packets. However, nodes belonging to independent authorities in MANETs may behave selfishly and may not forward packets to save battery and other resources. To stimulate cooperation, nodes are rewarded for their forwarding service. Since nodes spend different cost to forward packets, it is desirable to reimburse nodes according to their cost so that nodes get incentive while the least total payment is charged to the sender. However, to maximize their utility, nodes may tell lie about their cost. This poses the requirement of truthful protocols, which maximizes the utility of nodes only when they declare their true cost. Anderegg and Eidenbenz recently proposed a truthful routing protocol, named ad hoc-VCG. This protocol incurs the route discovery overhead of O(n3), where n is the number of nodes in the network. This routing overhead is likely to become prohibitively large as the network size grows. Moreover, it leads to low network performance due to congestion and interference. We present a low-overhead truthful routing protocol for route discovery in MANETs with selfish nodes by applying mechanism design. The protocol, named LOTTO (Low Overhead Truthful rouTing prOtocol), finds a least cost path for data forwarding with a lower routing overhead of O(n2). We conduct an extensive simulation study to evaluate the performance of our protocol and compare it with ad hoc-VCG. Simulation results show that our protocol provides a much higher packet delivery ratio, generates much lower overhead and has much lower end-to-end delay.
@article{1290327, author = {Wang, Yongwei and Singhal, Mukesh}, journal = {Pervasive Mob. Comput.}, title = {On improving the efficiency of truthful routing in MANETs with selfish nodes}, year = {2007}, issn = {1574-1192}, number = {5}, pages = {537{\textendash}559}, volume = {3}, address = {Amsterdam, The Netherlands, The Netherlands}, doi = {10.1016/j.pmcj.2007.02.001}, keywords = {mobile Ad-hoc networks, routing, VCG mechanism}, owner = {tom}, publisher = {Elsevier Science Publishers B. V.}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1290327$\#$} }
[goldberg-2007] Improving the Robustness of Private Information Retrieval

Goldberg, Ian

May 2007

DOI Website abstract Bib

Since 1995, much work has been done creating protocols for private information retrieval (PIR). Many variants of the basic PIR model have been proposed, including such modifications as computational vs. information-theoretic privacy protection, correctness in the face of servers that fail to respond or that respond incorrectly, and protection of sensitive data against the database servers themselves. In this paper, we improve on the robustness of PIR in a number of ways. First, we present a Byzantine-robust PIR protocol which provides information-theoretic privacy protection against coalitions of up to all but one of the responding servers, improving the previous result by a factor of 3. In addition, our protocol allows for more of the responding servers to return incorrect information while still enabling the user to compute the correct result. We then extend our protocol so that queries have information-theoretic protection if a limited number of servers collude, as before, but still retain computational protection if they all collude. We also extend the protocol to provide information-theoretic protection to the contents of the database against collusions of limited numbers of the database servers, at no additional communication cost or increase in the number of servers. All of our protocols retrieve a block of data with communication cost only O(.) times the size of the block, where . is the number of servers.
@conference{goldberg-2007, author = {Goldberg, Ian}, booktitle = {Proceedings of the 2007 IEEE Symposium on Security and Privacy}, title = {Improving the Robustness of Private Information Retrieval}, year = {2007}, month = may, organization = {IEEE Computer Society Washington, DC, USA}, publisher = {IEEE Computer Society Washington, DC, USA}, doi = {10.1109/SP.2007.23}, isbn = {0-7695-2848-1}, keywords = {private information retrieval, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1264203} }
[slicing07] Information Slicing: Anonymity Using Unreliable Overlays

Katti, Sachin, Cohen, Jeffery, and Katabi, Dina

Apr 2007

Website abstract Bib

This paper proposes a new approach to anonymous communication called information slicing. Typically, anonymizers use onion routing, where a message is encrypted in layers with the public keys of the nodes along the path. Instead, our approach scrambles the message, divides it into pieces, and sends the pieces along disjoint paths. We show that information slicing addresses message confidentiality as well as source and destination anonymity. Surprisingly, it does not need any public key cryptography. Further, our approach naturally addresses the problem of node failures. These characteristics make it a good fit for use over dynamic peer-to-peer overlays. We evaluate the anonymity ofinformation slicing via analysis and simulations. Our prototype implementation on PlanetLab shows that it achieves higher throughput than onion routing and effectively copes with node churn.
@conference{slicing07, author = {Katti, Sachin and Cohen, Jeffery and Katabi, Dina}, booktitle = {Proceedings of the 4th USENIX Symposium on Network Systems Design and Implementation (NSDI)}, title = {Information Slicing: Anonymity Using Unreliable Overlays}, year = {2007}, month = apr, keywords = {anonymity, onion routing, P2P, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dspace.mit.edu/handle/1721.1/36344a} }
[Kendall2007] The Iterated Prisoner’s Dilemma: 20 Years On

Kendall, Graham, Yao, Xin, and Ching, Siang Yew

2007

abstract Bib

In 1984, Robert Axelrod published a book, relating the story of two competitions which he ran, where invited academics entered strategies for "The Iterated Prisoners’ Dilemma". The book, almost 20 years on, is still widely read and cited by academics and the general public. As a celebration of that landmark work, we have recreated those competitions to celebrate its 20th anniversary, by again inviting academics to submit prisoners’ dilemma strategies. The first of these new competitions was run in July 2004, and the second in April 2005. "Iterated Prisoners’ Dilemma: 20 Years On essentially" provides an update of the Axelrod’s book. Specifically, it presents the prisoners’ dilemma, its history and variants; highlights original Axelrod’s work and its impact; discusses results of new competitions; and, showcases selected papers that reflect the latest researches in the area.
@book{Kendall2007, author = {Kendall, Graham and Yao, Xin and Ching, Siang Yew}, publisher = {World Scientific Publishing Co. Pte. Ltd.}, title = {The Iterated Prisoner{\textquoteright}s Dilemma: 20 Years On}, year = {2007}, address = {Singapore}, isbn = {978-981-270-697-3}, series = {Advances in Natural Computation}, volume = {4}, issn = {981-270-697-6}, keywords = {dilemma, iterated prisoners, landmark work}, organization = {World Scientific Publishing Co. Pte. Ltd.}, owner = {tom}, pages = {262}, timestamp = {2017-10-10} }
[Iii_keylessjam] Keyless Jam Resistance

Baird, Leemon C., Bahn, William L., Collins, Michael D., Carlisle, Martin C., and Butler, Sean C.

2007

Website abstract Bib

has been made resistant to jamming by the use of a secret key that is shared by the sender and receiver. There are no known methods for achieving jam resistance without that shared key. Unfortunately, wireless communication is now reaching a scale and a level of importance where such secret-key systems are becoming impractical. For example, the civilian side of the Global Positioning System (GPS) cannot use a shared secret, since that secret would have to be given to all 6.5 billion potential users, and so would no longer be secret. So civilian GPS cannot currently be protected from jamming. But the FAA has stated that the civilian airline industry will transition to using GPS for all navigational aids, even during landings. A terrorist with a simple jamming system could wreak havoc at a major airport. No existing system can solve this problem, and the problem itself has not even been widely discussed. The problem of keyless jam resistance is important. There is a great need for a system that can broadcast messages without any prior secret shared between the sender and receiver. We propose the first system for keyless jam resistance: the BBC algorithm. We describe the encoding, decoding, and broadcast algorithms. We then analyze it for expected resistance to jamming and error rates. We show that BBC can achieve the same level of jam resistance as traditional spread spectrum systems, at just under half the bit rate, and with no shared secret. Furthermore, a hybrid system can achieve the same average bit rate as traditional systems.
@booklet{Iii_keylessjam, title = {Keyless Jam Resistance}, author = {Baird, Leemon C. and Bahn, William L. and Collins, Michael D. and Carlisle, Martin C. and Butler, Sean C.}, year = {2007}, keywords = {GPS}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.91.8217} }
[DBLP:conf/saint/SaitoMSSM07] Local Production, Local Consumption: Peer-to-Peer Architecture for a Dependable and Sustainable Social Infrastructure

Saito, Kenji, Morino, Eiichi, Suko, Yoshihiko, Suzuki, Takaaki, and Murai, Jun

01/2007 2007

DOI abstract Bib

Peer-to-peer (P2P) is a system of overlay networks such that participants can potentially take symmetrical roles. This translates itself into a design based on the philosophy of Local Production, Local Consumption (LPLC), originally an agricultural concept to promote sustainable local economy. This philosophy helps enhancing survivability of a society by providing a dependable economic infrastructure and promoting the power of individuals. This paper attempts to put existing works of P2P designs into the perspective of the five-layer architecture model to realize LPLC, and proposes future research directions toward integration of P2P studies for actualization of a dependable and sustainable social infrastructure.
@conference{DBLP:conf/saint/SaitoMSSM07, author = {Saito, Kenji and Morino, Eiichi and Suko, Yoshihiko and Suzuki, Takaaki and Murai, Jun}, booktitle = {SAINT{\textquoteright}07. Proceedings of the 2007 Symposium on Applications and the Internet}, title = {Local Production, Local Consumption: Peer-to-Peer Architecture for a Dependable and Sustainable Social Infrastructure}, year = {2007}, address = {Hiroshima, Japan}, month = {01/2007}, organization = {IEEE Computer Society}, pages = {58}, publisher = {IEEE Computer Society}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINT-W.2007.59}, keywords = {LPLC, P2P, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10} }
[bauer:wpes2007] Low-Resource Routing Attacks Against Tor

Bauer, Kevin, McCoy, Damon, Grunwald, Dirk, Kohno, Tadayoshi, and Sicker, Douglas

Oct 2007

DOI Website abstract Bib

Tor has become one of the most popular overlay networks for anonymizing TCP traffic. Its popularity is due in part to its perceived strong anonymity properties and its relatively low latency service. Low latency is achieved through Torâs ability to balance the traffic load by optimizing Tor router selection to probabilistically favor routers with highbandwidth capabilities. We investigate how Torâs routing optimizations impact its ability to provide strong anonymity. Through experiments conducted on PlanetLab, we show the extent to which routing performance optimizations have left the system vulnerable to end-to-end traffic analysis attacks from non-global adversaries with minimal resources. Further, we demonstrate that entry guards, added to mitigate path disruption attacks, are themselves vulnerable to attack. Finally, we explore solutions to improve Torâs current routing algorithms and propose alternative routing strategies that prevent some of the routing attacks used in our experiments.
@conference{bauer:wpes2007, author = {Bauer, Kevin and McCoy, Damon and Grunwald, Dirk and Kohno, Tadayoshi and Sicker, Douglas}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2007)}, title = {Low-Resource Routing Attacks Against Tor}, year = {2007}, address = {Washington, DC, USA}, month = oct, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1314333.1314336}, isbn = {978-1-59593-883-1}, keywords = {anonymity, load balancing, Tor, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1314336} }
[King2007] Mapping an Arbitrary Message to an Elliptic Curve when Defined over GF (2n)

King, Brian

International Journal of Network Security 03/2009 2007

abstract Bib

The use of elliptic curve cryptography (ECC) when used as a public-key cryptosystem for encryption is such that if one has a message to encrypt, then they attempt to map it to some point in the prime subgroup of the elliptic curve by systematically modifying the message in a determinis- tic manner. The applications typically used for ECC are the key-exchange, digital signature or a hybrid encryption systems (ECIES) all of which avoid this problem. In this paper we provide a deterministic method that guarantees that the map of a message to an elliptic curve point can be made without any modification. This paper provides a solution to the open problem posed in [7] concerning the creation of a deterministic method to map arbitrary message to an elliptic curve.
@article{King2007, author = {King, Brian}, journal = {International Journal of Network Security}, title = {Mapping an Arbitrary Message to an Elliptic Curve when Defined over GF (2n)}, year = {2007}, month = {03/2009}, pages = {169--176}, volume = {8}, chapter = {169}, owner = {tom}, timestamp = {2021-01-27} }
[DBLP:conf/infocom/ZhangCY07] MARCH: A Distributed Incentive Scheme for Peer-to-Peer Networks

Zhang, Zhan, Chen, Shigang, and Yoon, MyungKeun

05/2007 2007

DOI abstract Bib

As peer-to-peer networks grow larger and include more diverse users, the lack of incentive to encourage cooperative behavior becomes one of the key problems. This challenge cannot be fully met by traditional incentive schemes, which suffer from various attacks based on false reports. Especially, due to the lack of central authorities in typical P2P systems, it is difficult to detect colluding groups. Members in the same colluding group can cooperate to manipulate their history information, and the damaging power increases dramatically with the group size. In this paper, we propose a new distributed incentive scheme, in which the benefit that a node can obtain from the system is proportional to its contribution to the system, and a colluding group cannot gain advantage by cooperation regardless of its size. Consequently, the damaging power of colluding groups is strictly limited. The proposed scheme includes three major components: a distributed authority infrastructure, a key sharing protocol, and a contract verification protocol.
@conference{DBLP:conf/infocom/ZhangCY07, author = {Zhang, Zhan and Chen, Shigang and Yoon, MyungKeun}, booktitle = {INFOCOM 2007. 26th IEEE International Conference on Computer Communications}, title = {MARCH: A Distributed Incentive Scheme for Peer-to-Peer Networks}, year = {2007}, address = {Anchorage, Alaska, USA}, month = {05/2007}, organization = {IEEE Computer Society}, pages = {1091-1099}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/INFCOM.2007.131}, isbn = {1-4244-1047-9}, keywords = {march}, owner = {tom}, timestamp = {2017-10-10} }
[Magharei07meshor] Mesh or Multiple-Tree: A Comparative Study of Live P2P Streaming Approaches

Magharei, Nazanin, and Rejaie, Reza

05/2007 2007

DOI abstract Bib

Existing approaches to P2P streaming can be divided into two general classes: (i) tree-based approaches use push-based content delivery over multiple tree-shaped overlays, and (ii) mesh-based approaches use swarming content delivery over a randomly connected mesh. Previous studies have often focused on a particular P2P streaming mechanism and no comparison between these two classes has been conducted. In this paper, we compare and contrast the performance of representative protocols from each class using simulations. We identify the similarities and differences between these two approaches. Furthermore, we separately examine the behavior of content delivery and overlay construction mechanisms for both approaches in static and dynamic scenarios. Our results indicate that the mesh-based approach consistently exhibits a superior performance over the tree-based approach. We also show that the main factors attributing in the inferior performance of the tree-based approach are (i) the static mapping of content to a particular tree, and (ii) the placement of each peer as an internal node in one tree and as a leaf in all other trees.
@conference{Magharei07meshor, author = {Magharei, Nazanin and Rejaie, Reza}, booktitle = {INFOCOM 2007. 26th IEEE International Conference on Computer Communications}, title = {Mesh or Multiple-Tree: A Comparative Study of Live P2P Streaming Approaches}, year = {2007}, address = {Anchorage, Alaska, USA}, month = {05/2007}, organization = {IEEE Computer Society}, pages = {1424{\textendash}1432}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/INFCOM.2007.168}, isbn = {1-4244-1047-9}, keywords = {mesh, multple tree, overlay, P2P, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10} }
[Nishide2007] Multiparty Computation for Interval, Equality, and Comparison Without Bit-Decomposition Protocol

Nishide, Takashi, and Ohta, Kazuo

2007

DOI Website abstract Bib

Damgård et al. [11] showed a novel technique to convert a polynomial sharing of secret a into the sharings of the bits of a in constant rounds, which is called the bit-decomposition protocol. The bit-decomposition protocol is a very powerful tool because it enables bit-oriented operations even if shared secrets are given as elements in the field. However, the bit-decomposition protocol is relatively expensive. In this paper, we present a simplified bit-decomposition protocol by analyzing the original protocol. Moreover, we construct more efficient protocols for a comparison, interval test and equality test of shared secrets without relying on the bit-decomposition protocol though it seems essential to such bit-oriented operations. The key idea is that we do computation on secret a with c and r where c = a + r, c is a revealed value, and r is a random bitwise-shared secret. The outputs of these protocols are also shared without being revealed. The realized protocols as well as the original protocol are constant-round and run with less communication rounds and less data communication than those of [11]. For example, the round complexities are reduced by a factor of approximately 3 to 10.
@inbook{Nishide2007, author = {Nishide, Takashi and Ohta, Kazuo}, editor = {Okamoto, Tatsuaki and Wang, Xiaoyun}, pages = {343-360}, publisher = {Springer Berlin Heidelberg}, title = {Multiparty Computation for Interval, Equality, and Comparison Without Bit-Decomposition Protocol}, year = {2007}, isbn = {978-3-540-71676-1}, series = {Lecture Notes in Computer Science}, volume = {4450}, booktitle = {Public Key Cryptography {\textendash} PKC 2007}, doi = {10.1007/978-3-540-71677-8_23}, keywords = {Bitwise Sharing, Multiparty Computation, secret sharing}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-540-71677-8_23} }
[Banner:2007:MRA:1279660.1279673] Multipath routing algorithms for congestion minimization

Banner, Ron, and Orda, Ariel

IEEE/ACM Trans. Netw. 04/2007 2007

DOI Website abstract Bib

Unlike traditional routing schemes that route all traffic along a single path, multipath routing strategies split the traffic among several paths in order to ease congestion. It has been widely recognized that multipath routing can be fundamentally more efficient than the traditional approach of routing along single paths. Yet, in contrast to the single-path routing approach, most studies in the context of multipath routing focused on heuristic methods. We demonstrate the significant advantage of optimal (or near optimal) solutions. Hence, we investigate multipath routing adopting a rigorous (theoretical) approach. We formalize problems that incorporate two major requirements of multipath routing. Then, we establish the intractability of these problems in terms of computational complexity. Finally, we establish efficient solutions with proven performance guarantees.
@article{Banner:2007:MRA:1279660.1279673, author = {Banner, Ron and Orda, Ariel}, journal = {IEEE/ACM Trans. Netw.}, title = {Multipath routing algorithms for congestion minimization}, year = {2007}, issn = {1063-6692}, month = {04/2007}, pages = {413{\textendash}424}, volume = {15}, address = {Piscataway, NJ, USA}, doi = {http://dx.doi.org/10.1109/TNET.2007.892850}, keywords = {computer networks, congestion avoidance, routing protocols}, owner = {tom}, publisher = {IEEE Press}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/TNET.2007.892850} }
[Dimakis:2010:NCD:1861840.1861868] Network coding for distributed storage systems

Dimakis, Alexandros G., Godfrey, Brighten, Wu, Yunnan, Wainwright, Martin J., and Ramchandran, Kannan

05/2007 2007

DOI Website abstract Bib

Distributed storage systems provide reliable access to data through redundancy spread over individually unreliable nodes. Application scenarios include data centers, peer-to-peer storage systems, and storage in wireless networks. Storing data using an erasure code, in fragments spread across nodes, requires less redundancy than simple replication for the same level of reliability. However, since fragments must be periodically replaced as nodes fail, a key question is how to generate encoded fragments in a distributed way while transferring as little data as possible across the network. For an erasure coded system, a common practice to repair from a single node failure is for a new node to reconstruct the whole encoded data object to generate just one encoded block. We show that this procedure is sub-optimal. We introduce the notion of regenerating codes, which allow a new node to communicate functions of the stored data from the surviving nodes. We show that regenerating codes can significantly reduce the repair bandwidth. Further, we show that there is a fundamental tradeoff between storage and repair bandwidth which we theoretically characterize using flow arguments on an appropriately constructed graph. By invoking constructive results in network coding, we introduce regenerating codes that can achieve any point in this optimal tradeoff.
@conference{Dimakis:2010:NCD:1861840.1861868, author = {Dimakis, Alexandros G. and Godfrey, Brighten and Wu, Yunnan and Wainwright, Martin J. and Ramchandran, Kannan}, booktitle = {INFOCOM 2007. 26th IEEE International Conference on Computer Communications}, title = {Network coding for distributed storage systems}, year = {2007}, address = {Anchorage, Alaska, USA}, month = {05/2007}, organization = {IEEE Press}, pages = {4539{\textendash}4551}, publisher = {IEEE Press}, volume = {56}, doi = {http://dx.doi.org/10.1109/TIT.2010.2054295}, issn = {0018-9448}, keywords = {distributed storage, network coding, peer-to-peer storage, Regenerating Codes}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/TIT.2010.2054295} }
[Amirbekyan2007] A New Efficient Privacy-preserving Scalar Product Protocol

Amirbekyan, Artak, and Estivill-Castro, Vladimir

2007

Website abstract Bib

Recently, privacy issues have become important in data analysis, especially when data is horizontally partitioned over several parties. In data mining, the data is typically represented as attribute-vectors and, for many applications, the scalar (dot) product is one of the fundamental operations that is repeatedly used. In privacy-preserving data mining, data is distributed across several parties. The efficiency of secure scalar products is important, not only because they can cause overhead in communication cost, but dot product operations also serve as one of the basic building blocks for many other secure protocols. Although several solutions exist in the relevant literature for this problem, the need for more efficient and more practical solutions still remains. In this paper, we present a very efficient and very practical secure scalar product protocol. We compare it to the most common scalar product protocols. We not only show that our protocol is much more efficient than the existing ones, we also provide experimental results by using a real life dataset.
@conference{Amirbekyan2007, author = {Amirbekyan, Artak and Estivill-Castro, Vladimir}, booktitle = {Proceedings of the Sixth Australasian Conference on Data Mining and Analytics - Volume 70}, title = {A New Efficient Privacy-preserving Scalar Product Protocol}, year = {2007}, address = {Darlinghurst, Australia, Australia}, organization = {Australian Computer Society, Inc.}, publisher = {Australian Computer Society, Inc.}, isbn = {978-1-920682-51-4}, keywords = {privacy preserving data mining}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1378245.1378274} }
[Harras2007] ParaNets: A Parallel Network Architecture for Challenged Networks

Harras, Khaled A., Wittie, Mike P., Almeroth, Kevin C., and Belding, Elizabeth M.

Mar 2007

Website abstract Bib

Networks characterized by challenges, such as intermittent connectivity, network heterogeneity, and large delays, are called "challenged networks". We propose a novel network architecture for challenged networks dubbed Parallel Networks, or, ParaNets. The vision behind ParaNets is to have challenged network protocols operate over multiple heterogenous networks, simultaneously available, through one or more devices. We present the ParaNets architecture and discuss its short-term challenges and longterm implications. We also argue, based on current research trends and the ParaNets architecture, for the evolution of the conventional protocol stack to a more flexible cross-layered protocol tree. To demonstrate the potential impact of ParaNets, we use Delay Tolerant Mobile Networks (DTMNs) as a representative challenged network over which we evaluate ParaNets. Our ultimate goal in this paper is to open the way for further work in challenged networks using ParaNets as the underlying architecture.
@conference{Harras2007, author = {Harras, Khaled A. and Wittie, Mike P. and Almeroth, Kevin C. and Belding, Elizabeth M.}, title = {ParaNets: A Parallel Network Architecture for Challenged Networks}, year = {2007}, month = mar, isbn = {978-0-7695-3001-7}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/Xplore/login.jsp?reload=true\&url=http\%3A\%2F\%2Fieeexplore.ieee.org\%2Fiel5\%2F4389542\%2F4389543\%2F04389561.pdf\%3Farnumber\%3D4389561\&authDecision=-203} }
[Petcu:2007:PNP:1625275.1625301] PC-DPOP: a new partial centralization algorithm for distributed optimization

Petcu, Adrian, Faltings, Boi, and Mailler, Roger

01/2007 2007

Website abstract Bib

Fully decentralized algorithms for distributed constraint optimization often require excessive amounts of communication when applied to complex problems. The OptAPO algorithm of [Mailler and Lesser, 2004] uses a strategy of partial centralization to mitigate this problem. We introduce PC-DPOP, a new partial centralization technique, based on the DPOP algorithm of [Petcu and Faltings, 2005]. PC-DPOP provides better control over what parts of the problem are centralized and allows this centralization to be optimal with respect to the chosen communication structure. Unlike OptAPO, PC-DPOP allows for a priory, exact predictions about privacy loss, communication, memory and computational requirements on all nodes and links in the network. Upper bounds on communication and memory requirements can be specified. We also report strong efficiency gains over OptAPO in experiments on three problem domains.
@conference{Petcu:2007:PNP:1625275.1625301, author = {Petcu, Adrian and Faltings, Boi and Mailler, Roger}, booktitle = {IJCAI{\textquoteright}07 - Proceedings of the 20th international joint conference on Artifical intelligence}, title = {PC-DPOP: a new partial centralization algorithm for distributed optimization}, year = {2007}, address = {Hyderabad, India}, month = {01/2007}, organization = {Morgan Kaufmann Publishers Inc.}, pages = {167{\textendash}172}, publisher = {Morgan Kaufmann Publishers Inc.}, series = {IJCAI{\textquoteright}07}, keywords = {algorithms, distributed constraint optimization, DPOP, OptAPO, partial centralization technique}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1625275.1625301} }
[fuhrmann07wons] Performance of Scalable Source Routing in Hybrid MANETs

Fuhrmann, Thomas

2007

Website abstract Bib

Scalable source routing (SSR) is a novel routing approach for large unstructured networks such as mobile ad hoc networks, mesh networks, or sensor-actuator networks. It is especially suited for organically growing networks of many resource-limited mobile devices supported by a few fixed-wired nodes. SSR is a full-fledged network layer routing protocol that directly provides the semantics of a structured peer-to-peer network. Hence, it can serve as an efficient basis for fully decentralized applications on mobile devices. SSR combines source routing in the physical network with Chord-like routing in the virtual ring formed by the address space. Message forwarding greedily decreases the distance in the virtual ring while preferring physically short paths. Thereby, scalability is achieved without imposing artificial hierarchies or assigning location-dependent addresses
@conference{fuhrmann07wons, author = {Fuhrmann, Thomas}, booktitle = {Proceedings of the Fourth Annual Conference on Wireless On demand Network Systems and Services}, title = {Performance of Scalable Source Routing in Hybrid MANETs}, year = {2007}, address = {Obergurgl, Austria}, pages = {122{\textendash}129}, keywords = {mobile Ad-hoc networks, P2P, scalable source routing}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[Garay2007] Practical and Secure Solutions for Integer Comparison

Garay, Juan, Schoenmakers, Berry, and Villegas, José

2007

DOI Website abstract Bib

Yao’s classical millionaires’ problem is about securely determining whether x > y, given two input values x,y, which are held as private inputs by two parties, respectively. The output x > y becomes known to both parties. In this paper, we consider a variant of Yao’s problem in which the inputs x,y as well as the output bit x > y are encrypted. Referring to the framework of secure n-party computation based on threshold homomorphic cryptosystems as put forth by Cramer, Damgård, and Nielsen at Eurocrypt 2001, we develop solutions for integer comparison, which take as input two lists of encrypted bits representing x and y, respectively, and produce an encrypted bit indicating whether x > y as output. Secure integer comparison is an important building block for applications such as secure auctions. In this paper, our focus is on the two-party case, although most of our results extend to the multi-party case. We propose new logarithmic-round and constant-round protocols for this setting, which achieve simultaneously very low communication and computational complexities. We analyze the protocols in detail and show that our solutions compare favorably to other known solutions.
@inbook{Garay2007, author = {Garay, Juan and Schoenmakers, Berry and Villegas, Jos{\'e}}, editor = {Okamoto, Tatsuaki and Wang, Xiaoyun}, pages = {330-342}, publisher = {Springer Berlin Heidelberg}, title = {Practical and Secure Solutions for Integer Comparison}, year = {2007}, isbn = {978-3-540-71676-1}, series = {Lecture Notes in Computer Science}, volume = {4450}, booktitle = {Public Key Cryptography {\textendash} PKC 2007}, doi = {10.1007/978-3-540-71677-8_22}, keywords = {homomorphic encryption, Millionaires{\textquoteright} problem, secure multi-party computation}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-540-71677-8_22} }

[Dwork2007] The Price of Privacy and the Limits of LP Decoding

Dwork, Cynthia, McSherry, Frank D., and Talwar, Kunal

2007

Bib

@conference{Dwork2007,
  author = {Dwork, Cynthia and McSherry, Frank D. and Talwar, Kunal},
  title = {The Price of Privacy and the Limits of LP Decoding},
  year = {2007},
  pages = {85{\textendash}94},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Magharei:2009:PPR:1618562.1618566] PRIME: Peer-to-Peer Receiver-drIven MEsh-based Streaming

Magharei, Nazanin, and Rejaie, Reza

05/2007 2007

DOI Website abstract Bib

The success of file swarming mechanisms such as BitTorrent has motivated a new approach for scalable streaming of live content that we call mesh-based Peer-to-Peer (P2P) streaming. In this approach, participating end-systems (or peers) form a randomly connected mesh and incorporate swarming content delivery to stream live content. Despite the growing popularity of this approach, neither the fundamental design tradeoffs nor the basic performance bottlenecks in mesh-based P2P streaming are well understood. In this paper, we follow a performance-driven approach to design PRIME, a scalable mesh-based P2P streaming mechanism for live content. The main design goal of PRIME is to minimize two performance bottlenecks, namely bandwidth bottleneck and content bottleneck. We show that the global pattern of delivery for each segment of live content should consist of a diffusion phase which is followed by a swarming phase. This leads to effective utilization of available resources to accommodate scalability and also minimizes content bottleneck. Using packet level simulations, we carefully examine the impact of overlay connectivity, packet scheduling scheme at individual peers and source behavior on the overall performance of the system. Our results reveal fundamental design tradeoffs of mesh-based P2P streaming for live content.
@conference{Magharei:2009:PPR:1618562.1618566, author = {Magharei, Nazanin and Rejaie, Reza}, booktitle = {INFOCOM 2007. 26th IEEE International Conference on Computer Communications}, title = {PRIME: Peer-to-Peer Receiver-drIven MEsh-based Streaming}, year = {2007}, address = {Anchorage, Alaska, USA}, month = {05/2007}, organization = {IEEE Press}, pages = {1052{\textendash}1065}, publisher = {IEEE Press}, volume = {17}, doi = {http://dx.doi.org/10.1109/TNET.2008.2007434}, issn = {1063-6692}, keywords = {communication network, computer networks, Internet, multimedia communication, multimedia systems}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/TNET.2008.2007434} }
[1273222] Privacy protection in personalized search

Shen, Xuehua, Tan, Bin, and Zhai, ChengXiang

SIGIR Forum 2007

DOI abstract Bib

Personalized search is a promising way to improve the accuracy of web search, and has been attracting much attention recently. However, effective personalized search requires collecting and aggregating user information, which often raise serious concerns of privacy infringement for many users. Indeed, these concerns have become one of the main barriers for deploying personalized search applications, and how to do privacy-preserving personalization is a great challenge. In this paper, we systematically examine the issue of privacy preservation in personalized search. We distinguish and define four levels of privacy protection, and analyze various software architectures for personalized search. We show that client-side personalization has advantages over the existing server-side personalized search services in preserving privacy, and envision possible future strategies to fully protect user privacy.
@article{1273222, author = {Shen, Xuehua and Tan, Bin and Zhai, ChengXiang}, journal = {SIGIR Forum}, title = {Privacy protection in personalized search}, year = {2007}, issn = {0163-5840}, number = {1}, pages = {4{\textendash}17}, volume = {41}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1273221.1273222}, keywords = {privacy, search}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10} }

[Bellovin2007] Privacy-enhanced searches using encrypted Bloom filters

Bellovin, Steven M., and Cheswick, William R.

2007

Bib

@booklet{Bellovin2007,
  title = {Privacy-enhanced searches using encrypted Bloom filters},
  author = {Bellovin, Steven M. and Cheswick, William R.},
  year = {2007},
  owner = {tom},
  pages = {1{\textendash}16},
  publisher = {{Columbia University CUCS-034-07}},
  timestamp = {2017-10-10}
}

[1327188] Private Searching on Streaming Data

Ostrovsky, Rafail, and Skeith, William E.

J. Cryptol. 2007

DOI abstract Bib

In this paper we consider the problem of private searching on streaming data, where we can efficiently implement searching for documents that satisfy a secret criteria (such as the presence or absence of a hidden combination of hidden keywords) under various cryptographic assumptions. Our results can be viewed in a variety of ways: as a generalization of the notion of private information retrieval (to more general queries and to a streaming environment); as positive results on privacy-preserving datamining; and as a delegation of hidden program computation to other machines.
@article{1327188, author = {Ostrovsky, Rafail and Skeith, William E.}, journal = {J. Cryptol.}, title = {Private Searching on Streaming Data}, year = {2007}, issn = {0933-2790}, number = {4}, pages = {397{\textendash}430}, volume = {20}, address = {Secaucus, NJ, USA}, doi = {http://dx.doi.org/10.1007/s00145-007-0565-3}, keywords = {keywords, privacy, private information retrieval, search, streaming}, owner = {tom}, publisher = {Springer-Verlag New York, Inc.}, timestamp = {2017-10-10} }
[kostas-thesis] Probabilistic and Information-Theoretic Approaches to Anonymity

Chatzikokolakis, Konstantinos

Oct 2007

Website abstract Bib

As the number of Internet activities increases, there is a growing amount of personal information about the users that is transferred using public electronic means, making it feasible to collect a huge amount of information about a person. As a consequence, the need for mechanisms to protect such information is compelling. In this thesis, we study security protocols with an emphasis on the property of anonymity and we propose methods to express and verify this property. Anonymity protocols often use randomization to introduce noise, thus limiting the inference power of a malicious observer. We consider a probabilistic framework in which a protocol is described by its set of anonymous information, observable information and the conditional probability of observing the latter given the former. In this framework we express two anonymity properties, namely strong anonymity and probable innocence. Then we aim at quantitative definitions of anonymity. We view protocols as noisy channels in the information-theoretic sense and we express their degree of anonymity as the converse of channel capacity. We apply this definition to two known anonymity protocols. We develop a monotonicity principle for the capacity, and use it to show a number of results for binary channels in the context of algebraic information theory. We then study the probability of error for the attacker in the context of Bayesian inference, showing that it is a piecewise linear function and using this fact to improve known bounds from the literature. Finally we study a problem that arises when we combine probabilities with nondeterminism, where the scheduler is too powerful even for trivially secure protocols. We propose a process calculus which allows to express restrictions to the scheduler, and we use it in the analysis of an anonymity and a contract-signing protocol.
@mastersthesis{kostas-thesis, author = {Chatzikokolakis, Konstantinos}, school = {Laboratoire d{\textquoteright}Informatique (LIX), {\'E}cole Polytechnique, Paris}, title = {Probabilistic and Information-Theoretic Approaches to Anonymity}, year = {2007}, month = oct, type = {phd}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.win.tue.nl/~kostas/these/} }
[ChatziPP07] Probability of Error in Information-Hiding Protocols

Chatzikokolakis, Konstantinos, Palamidessi, Catuscia, and Panangaden, Prakash

2007

DOI Website abstract Bib

Randomized protocols for hiding private information can fruitfully be regarded as noisy channels in the information-theoretic sense, and the inference of the concealed information can be regarded as a hypothesis-testing problem. We consider the Bayesian approach to the problem, and investigate the probability of error associated to the inference when the MAP (Maximum Aposteriori Probability) decision rule is adopted. Our main result is a constructive characterization of a convex base of the probability of error, which allows us to compute its maximum value (over all possible input distributions), and to identify upper bounds for it in terms of simple functions. As a side result, we are able to improve substantially the Hellman-Raviv and the Santhi-Vardy bounds expressed in terms of conditional entropy. We then discuss an application of our methodology to the Crowds protocol, and in particular we show how to compute the bounds on the probability that an adversary breaks anonymity.
@conference{ChatziPP07, author = {Chatzikokolakis, Konstantinos and Palamidessi, Catuscia and Panangaden, Prakash}, booktitle = {Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF20)}, title = {Probability of Error in Information-Hiding Protocols}, year = {2007}, doi = {10.1109/CSF.2007.27}, isbn = {0-7695-2819-8}, keywords = {anonymity, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.79.2620} }

[DBLP:conf/stoc/2007] Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC’07)

Jun 2007

Bib

@proceedings{DBLP:conf/stoc/2007,
  title = {Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC{\textquoteright}07)},
  year = {2007},
  address = {San Diego, California, USA},
  editor = {Johnson, David S. and Feige, Uriel},
  isbn = {978-1-59593-631-8},
  month = jun,
  publisher = {ACM},
  journal = {Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC{\textquoteright}07)},
  owner = {tom},
  timestamp = {2017-10-10}
}

[kising07proxselectigor] Proximity Neighbor Selection and Proximity Route Selection for the Overlay-Network IGOR

Kising, Yves Philippe

06/2007 2007

Website abstract Bib

Unfortunately, from all known "Distributed Hash Table"-based overlay networks only a few of them relate to proximity in terms of latency. So a query routing can come with high latency when very distant hops are used. One can imagine hops are from one continent to the other in terms of here and back. Thereby it is possible that the target node is located close to the requesting node. Such cases increase query latency to a great extent and are responsible for performance bottlenecks of a query routing. There exist two main strategies to reduce latency in the query routing process: Proximity Neighbor Selection and Proximity Route Selection. As a new proposal of PNS for the IGOR overlay network, Merivaldi is developed. Merivaldi represents a combination of two basic ideas: The first idea is the Meridian framework and its Closest-Node- Discovery without synthetic coordinates. The second idea is Vivaldi, a distributed algorithm for predicting Internet latency between arbitrary Internet hosts. Merivaldi is quite similar to Meridian. It differs in using no direct Round Trip Time measurements like Meridian does to obtain latency characteristics between hosts. Merivaldi obtains latency characteristics of nodes using the latency prediction derived from the Vivaldi-coordinates. A Merivaldi-node forms exponentially growing latency-rings, i.e., the rings correspond to latency distances to the Merivaldi-node itself. In these rings node-references are inserted with regard to their latency characteristics. These node-references are obtained through a special protocol. A Merivaldi-node finds latency-closest nodes through periodic querying its ring-members for closer nodes. If a closer node is found by a ring-member the query is forwarded to this one until no closer one can be found. The closest on this way reports itself to the Merivaldi-node. Exemplary analysis show that Merivaldi means only a modest burden for the network. Merivaldi uses O(log N) CND-hops at maximum to recognize a closest node, where N is the number of nodes. Empirical tests demonstrate this analysis. Analysis shows, the overhead for a Merivaldi-node is modest. It is shown that Merivaldi’s Vivaldi works with high quality with the used PING-message type.
@mastersthesis{kising07proxselectigor, author = {Kising, Yves Philippe}, school = {Technische Universit{\"a}t M{\"u}nchen}, title = {Proximity Neighbor Selection and Proximity Route Selection for the Overlay-Network IGOR}, year = {2007}, address = {Munich, Germany}, month = {06/2007}, type = {Diplomarbeit}, keywords = {IGOR, neighbor selection, overlay-network, proximity route selection}, owner = {tom}, pages = {79}, timestamp = {2017-10-10}, url = {http://i30www.ira.uka.de/teaching/theses/pasttheses/}, volume = {Computer Science} }
[1361410] Purely functional system configuration management

Dolstra, Eelco, and Hemel, Armijn

2007

Website abstract Bib

System configuration management is difficult because systems evolve in an undisciplined way: packages are upgraded, configuration files are edited, and so on. The management of existing operating systems is strongly imperative in nature, since software packages and configuration data (e.g., /bin and /etc in Unix) can be seen as imperative data structures: they are updated in-place by system administration actions. In this paper we present an alternative approach to system configuration management: a purely functional method, analogous to languages like Haskell. In this approach, the static parts of a configuration – software packages, configuration files, control scripts – are built from pure functions, i.e., the results depend solely on the specified inputs of the function and are immutable. As a result, realising a system configuration becomes deterministic and reproducible. Upgrading to a new configuration is mostly atomic and doesn’t overwrite anything of the old configuration, thus enabling rollbacks. We have implemented the purely functional model in a small but realistic Linux-based operating system distribution called NixOS.
@conference{1361410, author = {Dolstra, Eelco and Hemel, Armijn}, booktitle = {HOTOS{\textquoteright}07: Proceedings of the 11th USENIX workshop on Hot topics in operating systems}, title = {Purely functional system configuration management}, year = {2007}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {1{\textendash}6}, publisher = {USENIX Association}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1361410$\#$} }
[pitchblack] Routing in the Dark: Pitch Black

Evans, Nathan S, GauthierDickey, Chis, and Grothoff, Christian

2007

Website abstract Bib

In many networks, such as mobile ad-hoc networks and friend-to-friend overlay networks, direct communication between nodes is limited to specific neighbors. Often these networks have a small-world topology; while short paths exist between any pair of nodes in small-world networks, it is non-trivial to determine such paths with a distributed algorithm. Recently, Clarke and Sandberg proposed the first decentralized routing algorithm that achieves efficient routing in such small-world networks. This paper is the first independent security analysis of Clarke and Sandberg’s routing algorithm. We show that a relatively weak participating adversary can render the overlay ineffective without being detected, resulting in significant data loss due to the resulting load imbalance. We have measured the impact of the attack in a testbed of 800 nodes using minor modifications to Clarke and Sandberg’s implementation of their routing algorithm in Freenet. Our experiments show that the attack is highly effective, allowing a small number of malicious nodes to cause rapid loss of data on the entire network. We also discuss various proposed countermeasures designed to detect, thwart or limit the attack. While we were unable to find effective countermeasures, we hope that the presented analysis will be a first step towards the design of secure distributed routing algorithms for restricted-route topologies.
@conference{pitchblack, author = {Evans, Nathan S and GauthierDickey, Chis and Grothoff, Christian}, booktitle = {23rd Annual Computer Security Applications Conference (ACSAC 2007)}, title = {Routing in the Dark: Pitch Black}, year = {2007}, organization = {IEEE Computer Society}, pages = {305{\textendash}314}, publisher = {IEEE Computer Society}, keywords = {denial-of-service, Freenet, installation, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://grothoff.org/christian/pitchblack.pdf} }
[murdoch-pet2007] Sampled Traffic Analysis by Internet-Exchange-Level Adversaries

Murdoch, Steven J., and Zieliński, Piotr

Jun 2007

abstract Bib

Existing low-latency anonymity networks are vulnerable to traffic analysis, so location diversity of nodes is essential to defend against attacks. Previous work has shown that simply ensuring geographical diversity of nodes does not resist, and in some cases exacerbates, the risk of traffic analysis by ISPs. Ensuring high autonomous-system (AS) diversity can resist this weakness. However, ISPs commonly connect to many other ISPs in a single location, known as an Internet eXchange (IX). This paper shows that IXes are a single point where traffic analysis can be performed. We examine to what extent this is true, through a case study of Tor nodes in the UK. Also, some IXes sample packets flowing through them for performance analysis reasons, and this data could be exploited to de-anonymize traffic. We then develop and evaluate Bayesian traffic analysis techniques capable of processing this sampled data.
@conference{murdoch-pet2007, author = {Murdoch, Steven J. and Zieli{\'n}ski, Piotr}, booktitle = {Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007)}, title = {Sampled Traffic Analysis by Internet-Exchange-Level Adversaries}, year = {2007}, address = {Ottawa, Canada}, editor = {Borisov, Nikita and Golle, Philippe}, month = jun, organization = {Springer}, publisher = {Springer}, keywords = {anonymity, Internet exchange, traffic analysis}, owner = {tom}, timestamp = {2017-10-10} }
[Amann2007] Secure asynchronous change notifications for a distributed file system

Amann, Bernhard

11/2007 2007

abstract Bib

Distributed file systems have been a topic of interest for a long time and there are many file systems that are distributed in one way or another. However most distributed file systems are only reasonably usable within a local network of computers and some main tasks are still delegated to a very small number of servers. Today with the advent of Peer-to-Peer technology, distributed file systems that work on top of Peer-to-Peer systems can be built. These systems can be built with no or much less centralised components and are usable on a global scale. The System Architecture Group at the University of Karlsruhe in Germany has developedsuch a file system, which is built on top of a structured overlay network and uses Distributed Hash Tables to store and access the information. One problem with this approach is, that each file system can only be accessed with the help of an identifier, which changes whenever a file system is modified. All clients have to be notified of the new identifier in a secure, fast and reliable way. Usually the strategy to solve this type of problem is an encrypted multicast. This thesis presents and analyses several strategies of using multicast distributions to solve this problem and then unveils our final solution based on the Subset Difference method proposed by Naor et al.
@mastersthesis{Amann2007, author = {Amann, Bernhard}, school = {Technische Universit{\"a}t M{\"u}nchen}, title = {Secure asynchronous change notifications for a distributed file system}, year = {2007}, address = {Munich, Germany}, month = {11/2007}, keywords = {distributed file system, distributed hash table, peer-to-peer networking, store information}, owner = {tom}, pages = {74}, timestamp = {2021-01-27}, volume = {Computer Science} }
[saballus07secure] Secure Group Communication in Ad-Hoc Networks using Tree Parity Machines

Saballus, Bjoern, Wallner, Sebastian, and Volkmer, Markus

Feb 2007

Website abstract Bib

A fundamental building block of secure group communication is the establishment of a common group key. This can be divided into key agreement and key distribution. Common group key agreement protocols are based on the Diffie-Hellman (DH) key exchange and extend it to groups. Group key distribution protocols are centralized approaches which make use of one or more special key servers. In contrast to these approaches, we present a protocol which makes use of the Tree Parity Machine key exchange between multiple parties. It does not need a centralized server and therefore is especially suitable for ad-hoc networks of any kind.
@conference{saballus07secure, author = {Saballus, Bjoern and Wallner, Sebastian and Volkmer, Markus}, booktitle = {KiVS 2007}, title = {Secure Group Communication in Ad-Hoc Networks using Tree Parity Machines}, year = {2007}, address = {Bern, Switzerland}, month = feb, organization = {VDE Verlag}, pages = {457-468}, publisher = {VDE Verlag}, isbn = {978-3-8007-2980-7}, keywords = {ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.70.9413} }
[Kaafar:2007:SIC:1282427.1282388] Securing Internet Coordinate Embedding Systems

Kaafar, Mohamed Ali, Mathy, Laurent, Barakat, Chadi, Salamatian, Kave, Turletti, Thierry, and Dabbous, Walid

SIGCOMM Computer Communication Review 08/2007 2007

DOI Website abstract Bib

This paper addresses the issue of the security of Internet Coordinate Systems,by proposing a general method for malicious behavior detection during coordinate computations. We first show that the dynamics of a node, in a coordinate system without abnormal or malicious behavior, can be modeled by a Linear State Space model and tracked by a Kalman filter. Then we show, that the obtained model can be generalized in the sense that the parameters of a filtercalibrated at a node can be used effectively to model and predict the dynamic behavior at another node, as long as the two nodes are not too far apart in the network. This leads to the proposal of a Surveyor infrastructure: Surveyor nodes are trusted, honest nodes that use each other exclusively to position themselves in the coordinate space, and are therefore immune to malicious behavior in the system.During their own coordinate embedding, other nodes can thenuse the filter parameters of a nearby Surveyor as a representation of normal, clean system behavior to detect and filter out abnormal or malicious activity. A combination of simulations and PlanetLab experiments are used to demonstrate the validity, generality, and effectiveness of the proposed approach for two representative coordinate embedding systems, namely Vivaldi and NPS.
@article{Kaafar:2007:SIC:1282427.1282388, author = {Kaafar, Mohamed Ali and Mathy, Laurent and Barakat, Chadi and Salamatian, Kave and Turletti, Thierry and Dabbous, Walid}, journal = {SIGCOMM Computer Communication Review}, title = {Securing Internet Coordinate Embedding Systems}, year = {2007}, issn = {0146-4833}, month = {08/2007}, pages = {61{\textendash}72}, volume = {37}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1282427.1282388}, keywords = {internet coordinates-embedding systems, kalman filter, malicious behavior detection, network positioning systems, security}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1282427.1282388} }
[Conner:2007:SPM:1377934.1377937] Securing peer-to-peer media streaming systems from selfish and malicious behavior

Conner, William, and Nahrstedt, Klara

11/2007 2007

DOI Website abstract Bib

We present a flexible framework for throttling attackers in peer-to-peer media streaming systems. In such systems, selfish nodes (e.g., free riders) and malicious nodes (e.g., DoS attackers) can overwhelm the system by issuing too many requests in a short interval of time. Since peer-to-peer systems are decentralized, it is difficult for individual peers to limit the aggregate download bandwidth consumed by other remote peers. This could potentially allow selfish and malicious peers to exhaust the system’s available upload bandwidth. In this paper, we propose a framework to provide a solution to this problem by utilizing a subset of trusted peers (called kantoku nodes) that collectively monitor the bandwidth usage of untrusted peers in the system and throttle attackers. This framework has been evaluated through simulation thus far. Experiments with a full implementation on a network testbed are part of our future work.
@conference{Conner:2007:SPM:1377934.1377937, author = {Conner, William and Nahrstedt, Klara}, booktitle = {MDS{\textquoteright}07. Proceedings of the 4th on Middleware Doctoral Symposium}, title = {Securing peer-to-peer media streaming systems from selfish and malicious behavior}, year = {2007}, address = {Newport Beach, CA, USA}, month = {11/2007}, organization = {ACM}, pages = {1{\textendash}6}, publisher = {ACM}, series = {MDS {\textquoteright}07}, volume = {13}, doi = {http://doi.acm.org/10.1145/1377934.1377937}, isbn = {978-1-59593-933-3}, keywords = {accounting, multimedia, peer-to-peer networking, security}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1377934.1377937} }
[DBLP:conf/ladc/CourtesKP07] Security Rationale for a Cooperative Backup Service for Mobile Devices

Courtes, Ludovic, Killijian, Marc-Olivier, and Powell, David

2007

DOI Website abstract Bib

Mobile devices (e.g., laptops, PDAs, cell phones) are increasingly relied on but are used in contexts that put them at risk of physical damage, loss or theft. This paper discusses security considerations that arise in the design of a cooperative backup service for mobile devices. Participating devices leverage encounters with other devices to temporarily replicate critical data. Anyone is free to participate in the cooperative service, without requiring any prior trust relationship with other participants. In this paper, we identify security threats relevant in this context as well as possible solutions and discuss how they map to low-level security requirements related to identity and trust establishment. We propose self-organized, policy-neutral mechanisms that allow the secure designation and identification of participating devices. We show that they can serve as a building block for a wide range of cooperation policies that address most of the security threats we are concerned with. We conclude on future directions.
@conference{DBLP:conf/ladc/CourtesKP07, author = {Courtes, Ludovic and Killijian, Marc-Olivier and Powell, David}, booktitle = {LADC}, title = {Security Rationale for a Cooperative Backup Service for Mobile Devices}, year = {2007}, pages = {212-230}, doi = {10.1007/978-3-540-75294-3}, keywords = {backup, reputation, self-organization}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/p210q274g22j8g77/} }
[1396915] S/Kademlia: A practicable approach towards secure key-based routing

Baumgart, Ingmar, and Mies, Sebastian

2007

DOI Website abstract Bib

Security is a common problem in completely decentralized peer-to-peer systems. Although several suggestions exist on how to create a secure key-based routing protocol, a practicable approach is still unattended. In this paper we introduce a secure key-based routing protocol based on Kademlia that has a high resilience against common attacks by using parallel lookups over multiple disjoint paths, limiting free nodeId generation with crypto puzzles and introducing a reliable sibling broadcast. The latter is needed to store data in a safe replicated way. We evaluate the security of our proposed extensions to the Kademlia protocol analytically and simulate the effects of multiple disjoint paths on lookup success under the influence of adversarial nodes.
@conference{1396915, author = {Baumgart, Ingmar and Mies, Sebastian}, booktitle = {ICPADS {\textquoteright}07: Proceedings of the 13th International Conference on Parallel and Distributed Systems}, title = {S/Kademlia: A practicable approach towards secure key-based routing}, year = {2007}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {1{\textendash}8}, publisher = {IEEE Computer Society}, doi = {10.1109/ICPADS.2007.4447808}, isbn = {978-1-4244-1889-3}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1396915$\#$} }
[1326260] Skype4Games

Triebel, Tonio, Guthier, Benjamin, and Effelsberg, Wolfgang

2007

DOI Website abstract Bib

We propose to take advantage of the distributed multi-user Skype system for the implementation of an interactive online game. Skype combines efficient multi-peer support with the ability to get around firewalls and network address translation; in addition, speech is available to all game participants for free. We discuss the network requirements of interactive multi-player games, in particular concerning end-to-end delay and distributed state maintenance. We then introduce the multi-user support available in Skype and conclude that it should suffice for a game implementation. We explain how our multi-player game based on the Irrlicht graphics engine was implemented over Skype, and we present very promising results of an early performance evaluation.
@conference{1326260, author = {Triebel, Tonio and Guthier, Benjamin and Effelsberg, Wolfgang}, booktitle = {NetGames {\textquoteright}07: Proceedings of the 6th ACM SIGCOMM workshop on Network and system support for games}, title = {Skype4Games}, year = {2007}, address = {New York, NY, USA}, organization = {ACM}, pages = {13{\textendash}18}, publisher = {ACM}, doi = {10.1145/1326257.1326260}, isbn = {978-0-9804460-0-5}, keywords = {distributed interactive applications, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1326260$\#$} }
[space-efficient] Space-Efficient Private Search

Danezis, George, and Diaz, Claudia

2007

Website abstract Bib

Private keyword search is a technique that allows for searching and retrieving documents matching certain keywords without revealing the search criteria. We improve the space efficiency of the Ostrovsky et al. Private Search [9] scheme, by describing methods that require considerably shorter buffers for returning the results of the search. Our basic decoding scheme recursive extraction, requires buffers of length less than twice the number of returned results and is still simple and highly efficient. Our extended decoding schemes rely on solving systems of simultaneous equations, and in special cases can uncover documents in buffers that are close to 95 % full. Finally we note the similarity between our decoding techniques and the ones used to decode rateless codes, and show how such codes can be extracted from encrypted documents.
@conference{space-efficient, author = {Danezis, George and Diaz, Claudia}, booktitle = {Proceedings of Financial Cryptography (FC2007)}, title = {Space-Efficient Private Search}, year = {2007}, address = {Tobago}, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, keywords = {keywords, privacy}, owner = {tom}, timestamp = {2021-01-27}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.130.7014} }
[Mies2007] SpoVNet: An Architecture for Supporting Future Internet Applications

Mies, Sebastian

2007

Website abstract Bib

This talk presents an approach for providing Spontaneous Virtual Networks (SpoVNets) that enable flexible, adaptive, and spontaneous provisioning of application-oriented and network-oriented services on top of heterogeneous networks. SpoVNets supply new and uniform communication abstrac-tions for future Internet applications so applications can make use of advanced services not supported by today’s Internet. We expect that many functions, which are currently provided by SpoVNet on the application layer will become an integral part of future networks. Thus, SpoVNet will transparently use advanced services from the underlying network infrastructure as they become available (e.g., QoS-support in access networks or multicast in certain ISPs), enabling a seamless transition from current to future genera-tion networks without modifying the applications.
@conference{Mies2007, author = {Mies, Sebastian}, booktitle = {Proc. 7th W{\"u}rzburg Workshop on IP: Joint EuroFGI and ITG Workshop on Visions of Future Generation Networks{\textquoteright}}, title = {SpoVNet: An Architecture for Supporting Future Internet Applications}, year = {2007}, address = {W{\"u}rzburg, Germany}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.tm.uka.de/itm/publications.php?bib=257} }
[ringstwice07] Subliminal Channels in the Private Information Retrieval Protocols

Patterson, Meredith L., and Sassaman, Len

2007

Website abstract Bib

Information-theoretic private information retrieval (PIR) protocols, such as those described by Chor et al. [5], provide a mechanism by which users can retrieve information from a database distributed across multiple servers in such a way that neither the servers nor an outside observer can determine the contents of the data being retrieved. More recent PIR protocols also provide protection against Byzantine servers, such that a user can detect when one or more servers have attempted to tamper with the data he has requested. In some cases (as in the protocols presented by Beimel and Stahl [1]), the user can still recover his data and protect the contents of his query if the number of Byzantine servers is below a certain threshold; this property is referred to as Byzantine-recovery. However, tampering with a user’s data is not the only goal a Byzantine server might have. We present a scenario in which an arbitrarily sized coalition of Byzantine servers transforms the userbase of a PIR network into a signaling framework with varying levels of detectability by means of a subliminal channel [11]. We describe several such subliminal channel techniques, illustrate several use-cases for this subliminal channel, and demonstrate its applicability to a wide variety of PIR protocols.
@conference{ringstwice07, author = {Patterson, Meredith L. and Sassaman, Len}, booktitle = {Proceedings of the 28th Symposium on Information Theory in the Benelux}, title = {Subliminal Channels in the Private Information Retrieval Protocols}, year = {2007}, address = {Enschede,NL}, organization = {Werkgemeenschap voor Informatie- en Communicatietheorie}, publisher = {Werkgemeenschap voor Informatie- en Communicatietheorie}, keywords = {private information retrieval}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.80.9190} }

[Li2007-tcloseness] t-Closeness: Privacy Beyond k-Anonymity and \ell-Diversity

Li, Ninghui, Li, Tiancheng, and Venkatasubramanian, Suresh

2007

Bib

@conference{Li2007-tcloseness,
  author = {Li, Ninghui and Li, Tiancheng and Venkatasubramanian, Suresh},
  title = {t-Closeness: Privacy Beyond k-Anonymity and $\ell$-Diversity},
  year = {2007},
  pages = {106{\textendash}115},
  owner = {tom},
  timestamp = {2017-10-10}
}

[saballus07distributed] Towards a Distributed Java VM in Sensor Networks using Scalable Source Routing

Saballus, Bjoern, Eickhold, Johannes, and Fuhrmann, Thomas

2007

Website abstract Bib

One of the major drawbacks of small embedded systems such as sensor nodes is the need to program in a low level programming language like C or assembler. The resulting code is often unportable, system specific and demands deep knowledge of the hardware details. This paper motivates the use of Java as an alternative programming language. We focus on the tiny AmbiComp Virtual Machine (ACVM) which we currently develop as the main part of a more general Java based development platform for interconnected sensor nodes. This VM is designed to run on different small embedded devices in a distributed network. It uses the novel scalable source routing (SSR) algorithm to distribute and share data and workload. SSR provides key based routing which enables distributed hash table (DHT) structures as a substrate for the VM to disseminate and access remote code and objects. This approach allows all VMs in the network to collaborate. The result looks like one large, distributed VM which supports a subset of the Java language. The ACVM substitutes functionality of an operating system which is missing on the target platform. As this development is work in progress, we outline the ideas behind this approach to provide first insights into the upcoming problems.
@conference{saballus07distributed, author = {Saballus, Bjoern and Eickhold, Johannes and Fuhrmann, Thomas}, booktitle = {6. Fachgespraech Sensornetzwerke der GI/ITG Fachgruppe {\textquoteright}{\textquoteright}Kommunikation und Verteilte Systeme{\textquoteright}{\textquoteright}}, title = {Towards a Distributed Java VM in Sensor Networks using Scalable Source Routing}, year = {2007}, address = {Aachen, Germany}, pages = {47{\textendash}50}, keywords = {distributed hash table, scalable source routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.70.7724} }
[Sherr07towardsapplication-aware] Towards application-aware anonymous routing

Sherr, Micah, Thau, Boon, and Blaze, Matt

2007

Website abstract Bib

This paper investigates the problem of designing anonymity networks that meet application-specific performance and security constraints. We argue that existing anonymity networks take a narrow view of performance by considering only the strength of the offered anonymity. However, real-world applications impose a myriad of communication requirements, including end-to-end bandwidth and latency, trustworthiness of intermediary routers, and network jitter. We pose a grand challenge for anonymity: the development of a network architecture that enables applications to customize routes that tradeoff between anonymity and performance. Towards this challenge, we present the Application-Aware Anonymity (A3) routing service. We envision that A3 will serve as a powerful and flexible anonymous communications layer that will spur the future development of anonymity services.
@conference{Sherr07towardsapplication-aware, author = {Sherr, Micah and Thau, Boon and Blaze, Matt}, booktitle = {In Second USENIX Workshop on Hot Topics in Security (HotSec}, title = {Towards application-aware anonymous routing}, year = {2007}, organization = {USENIX Association Berkeley, CA, USA}, publisher = {USENIX Association Berkeley, CA, USA}, keywords = {anonymity, routing}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1361423} }
[1270971] Towards Fair Event Dissemination

Baehni, Sebastien, Guerraoui, Rachid, Koldehofe, Boris, and Monod, Maxime

2007

DOI Website abstract Bib

Event dissemination in large scale dynamic systems is typically claimed to be best achieved using decentralized peer-to-peer architectures. The rationale is to have every participant in the system act both as a client (information consumer) and as a server (information dissemination enabler), thus, precluding specific brokers which would prevent scalability and fault-tolerance. We argue that, for such decentralized architectures to be really meaningful, participants should serve the system as much as they benefit from it. That is, the system should be fair in the sense that the extend to which a participant acts as a server should depend on the extend to which it has the opportunity to act as a client. This is particularly crucial in selective information dissemination schemes where clients are not all interested in the same information. In this position paper, we discuss what a notion of fairness could look like, explain why current architectures are not fair, and raise several challenges towards achieving fairness.
@conference{1270971, author = {Baehni, Sebastien and Guerraoui, Rachid and Koldehofe, Boris and Monod, Maxime}, booktitle = {ICDCSW {\textquoteright}07: Proceedings of the 27th International Conference on Distributed Computing Systems Workshops}, title = {Towards Fair Event Dissemination}, year = {2007}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {63}, publisher = {IEEE Computer Society}, doi = {10.1109/ICDCSW.2007.83}, isbn = {0-7695-2838-4}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1270388.1270971$\#$} }
[troncoso-ih2007] Traffic Analysis Attacks on a Continuously-Observable Steganographic File System

Troncoso, Carmela, Diaz, Claudia, Dunkelman, Orr, and Preneel, Bart

Jun 2007

DOI Website abstract Bib

A continuously-observable steganographic file system allows to remotely store user files on a raw storage device; the security goal is to offer plausible deniability even when the raw storage device is continuously monitored by an attacker. Zhou, Pang and Tan have proposed such a system in [7] with a claim of provable security against traffic analysis. In this paper, we disprove their claims by presenting traffic analysis attacks on the file update algorithm of Zhou et al. Our attacks are highly effective in detecting file updates and revealing the existence and location of files. For multi-block files, we show that two updates are sufficient to discover the file. One-block files accessed a sufficient number of times can also be revealed. Our results suggest that simple randomization techniques are not sufficient to protect steganographic file systems from traffic analysis attacks.
@conference{troncoso-ih2007, author = {Troncoso, Carmela and Diaz, Claudia and Dunkelman, Orr and Preneel, Bart}, booktitle = {Proceedings of Information Hiding Workshop (IH 2007)}, title = {Traffic Analysis Attacks on a Continuously-Observable Steganographic File System}, year = {2007}, address = {Saint-Malo,FR}, month = jun, organization = {Springer-Verlag}, pages = {220{\textendash}236}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, volume = {4567}, doi = {10.1007/978-3-540-77370-2}, isbn = {978-3-540-77369-6}, keywords = {traffic analysis}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.springerlink.com/content/h5r4j539833k1k78/} }
[danezis-pet2007] Two-Sided Statistical Disclosure Attack

Danezis, George, Diaz, Claudia, and Troncoso, Carmela

Jun 2007

Website abstract Bib

We introduce a new traffic analysis attack: the Two-sided Statistical Disclosure Attack, that tries to uncover the receivers of messages sent through an anonymizing network supporting anonymous replies. We provide an abstract model of an anonymity system with users that reply to messages. Based on this model, we propose a linear approximation describing the likely receivers of sent messages. Using simulations, we evaluate the new attack given different traffic characteristics and we show that it is superior to previous attacks when replies are routed in the system.
@conference{danezis-pet2007, author = {Danezis, George and Diaz, Claudia and Troncoso, Carmela}, booktitle = {Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007)}, title = {Two-Sided Statistical Disclosure Attack}, year = {2007}, address = {Ottawa, Canada}, editor = {Borisov, Nikita and Golle, Philippe}, month = jun, organization = {Springer}, publisher = {Springer}, keywords = {anonymity, traffic analysis}, owner = {tom}, timestamp = {2021-01-27}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.78.7347} }
[Li2007] An Unconditionally Secure Protocol for Multi-Party Set Intersection

Li, Ronghua, and Wu, Chuankun

2007

DOI Website abstract Bib

Existing protocols for private set intersection are based on homomorphic public-key encryption and the technique of representing sets as polynomials in the cryptographic model. Based on the ideas of these protocols and the two-dimensional verifiable secret sharing scheme, we propose a protocol for private set intersection in the information-theoretic model. By representing the sets as polynomials, the set intersection problem is converted into the task of computing the common roots of the polynomials. By sharing the coefficients of the polynomials among parties, the common roots can be computed out using the shares. As long as more than 2n/3 parties are semi-honest, our protocol correctly computes the intersection of nsets, and reveals no other information than what is implied by the intersection and the secrets sets controlled by the active adversary. This is the first specific protocol for private set intersection in the information-theoretic model as far as we know.
@conference{Li2007, author = {Li, Ronghua and Wu, Chuankun}, booktitle = {Proceedings of the 5th International Conference on Applied Cryptography and Network Security}, title = {An Unconditionally Secure Protocol for Multi-Party Set Intersection}, year = {2007}, address = {Berlin, Heidelberg}, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, doi = {10.1007/978-3-540-72738-5_15}, isbn = {978-3-540-72737-8}, keywords = {privacy-preserving set ntersection, secure multi-party computation, unconditional security}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-540-72738-5_15} }
[tor-soups07] Usability of anonymous web browsing: an examination of Tor interfaces and deployability

Clark, Jeremy, Oorschot, Paul C., and Adams, Carlisle

Jul 2007

DOI Website abstract Bib

Tor is a popular privacy tool designed to help achieve online anonymity by anonymising web traffic. Employing cognitive walkthrough as the primary method, this paper evaluates four competing methods of deploying Tor clients, and a number of software tools designed to be used in conjunction with Tor: Vidalia, Privoxy, Torbutton, and FoxyProxy. It also considers the standalone anonymous browser TorPark. Our results show that none of the deployment options are fully satisfactory from a usability perspective, but we offer suggestions on how to incorporate the best aspects of each tool. As a framework for our usability evaluation, we also provide a set of guidelines for Tor usability compiled and adapted from existing work on usable security and human-computer interaction.
@conference{tor-soups07, author = {Clark, Jeremy and van Oorschot, Paul C. and Adams, Carlisle}, booktitle = {Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS {\textquoteright}07)}, title = {Usability of anonymous web browsing: an examination of Tor interfaces and deployability}, year = {2007}, address = {New York, NY, USA}, month = jul, organization = {ACM}, pages = {41{\textendash}51}, publisher = {ACM}, doi = {10.1145/1280680.1280687}, isbn = {978-1-59593-801-5}, keywords = {anonymity, onion routing, privacy, Tor, usable security}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1280680.1280687} }
[kutzner07linearization] Using Linearization for Global Consistency in SSR

Kutzner, Kendy, and Fuhrmann, Thomas

2007

Website abstract Bib

Novel routing algorithms such as scalable source routing (SSR) and virtual ring routing (VRR) need to set up and maintain a virtual ring structure among all the nodes in the network. The iterative successor pointer rewiring protocol (ISPRP) is one way to bootstrap such a network. Like its VRR-analogon, ISPRP requires one of the nodes to flood the network to guarantee consistency. Recent results on self-stabilizing algorithms now suggest a new approach to bootstrap the virtual rings of SSR and VRR. This so-called linearization method does not require any flooding at all. Moreover, it has been shown that linearization with shortcut neighbors has on average polylogarithmic convergence time, only.
@conference{kutzner07linearization, author = {Kutzner, Kendy and Fuhrmann, Thomas}, booktitle = {Proceedings of the 4th Int. IEEE Workshop on Hot Topics in P2P Systems}, title = {Using Linearization for Global Consistency in SSR}, year = {2007}, address = {Long Beach, CA}, keywords = {scalable source routing}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[1250746] Valgrind: a framework for heavyweight dynamic binary instrumentation

Nethercote, Nicholas, and Seward, Julian

SIGPLAN Not. 2007

DOI Website abstract Bib

Dynamic binary instrumentation (DBI) frameworks make it easy to build dynamic binary analysis (DBA) tools such as checkers and profilers. Much of the focus on DBI frameworks has been on performance; little attention has been paid to their capabilities. As a result, we believe the potential of DBI has not been fully exploited. In this paper we describe Valgrind, a DBI framework designed for building heavyweight DBA tools. We focus on its unique support for shadow values-a powerful but previously little-studied and difficult-to-implement DBA technique, which requires a tool to shadow every register and memory value with another value that describes it. This support accounts for several crucial design features that distinguish Valgrind from other DBI frameworks. Because of these features, lightweight tools built with Valgrind run comparatively slowly, but Valgrind can be used to build more interesting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.
@article{1250746, author = {Nethercote, Nicholas and Seward, Julian}, journal = {SIGPLAN Not.}, title = {Valgrind: a framework for heavyweight dynamic binary instrumentation}, year = {2007}, issn = {0362-1340}, number = {6}, pages = {89{\textendash}100}, volume = {42}, address = {New York, NY, USA}, doi = {10.1145/1273442.1250746}, keywords = {dynamic binary instrumentation}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1250746} }

[Durner2007] Vielleicht anonym? Die Enttarnung von StealthNet-Nutzern

Durner, Nils, Evans, Nathan S, and Grothoff, Christian

2007

@article{Durner2007,
  author = {Durner, Nils and Evans, Nathan S and Grothoff, Christian},
  journal = {c{\textquoteright}t magazin f{\"u}r computer technik},
  title = {Vielleicht anonym? Die Enttarnung von StealthNet-Nutzern},
  year = {2007},
  keywords = {anonymity, file-sharing, Rshare, Stealthnet},
  owner = {tom},
  timestamp = {2017-10-10},
  type = {Report},
  url = {http://www.heise.de/kiosk/archiv/ct/2007/21/218_Die-Enttarnung-von-StealthNet-Nutzern}
}

[garbacki062fast] 2Fast: Collaborative Downloads in P2P Networks

Garbacki, Pawel, Iosup, Alexandru, Epema, Dick H. J., and Steen, Maarten

09/2006 2006

DOI Website abstract Bib

P2P systems that rely on the voluntary contribution of bandwidth by the individual peers may suffer from free riding. To address this problem, mechanisms enforcing fairness in bandwidth sharing have been designed, usually by limiting the download bandwidth to the available upload bandwidth. As in real environments the latter is much smaller than the former, these mechanisms severely affect the download performance of most peers. In this paper we propose a system called 2Fast, which solves this problem while preserving the fairness of bandwidth sharing. In 2Fast, we form groups of peers that collaborate in downloading a file on behalf of a single group member, which can thus use its full download bandwidth. A peer in our system can use its currently idle bandwidth to help other peers in their ongoing downloads, and get in return help during its own downloads. We assess the performance of 2Fast analytically and experimentally, the latter in both real and simulated environments. We find that in realistic bandwidth limit settings, 2Fast improves the download speed by up to a factor of 3.5 in comparison to state-of-the-art P2P download protocols.
@conference{garbacki062fast, author = {Garbacki, Pawel and Iosup, Alexandru and Epema, Dick H. J. and van Steen, Maarten}, booktitle = {P2P 2006. 6th IEEE International Conference on Peer-to-Peer Computing}, title = {2Fast: Collaborative Downloads in P2P Networks}, year = {2006}, address = {Cambridge, UK}, month = {09/2006}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, doi = {10.1109/P2P.2006.1}, isbn = {0-7695-2679-9}, keywords = {2fast, bandwidth sharing, collaborative download, free-riding, P2P, p2p network, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.arnetminer.org/viewpub.do?pid=525534} }

[Kocc2006] Access Control in Peer-to-Peer Storage Systems

Koç, Erol

10/2006 2006

@mastersthesis{Kocc2006,
  author = {Ko{\c c}, Erol},
  school = {Eidgen{\"o}ssische Technische Hochschule Z{\"u}rich (ETH)},
  title = {Access Control in Peer-to-Peer Storage Systems},
  year = {2006},
  address = {Zurich, Switzerland},
  month = {10/2006},
  type = {Master{\textquoteright}s Thesis},
  keywords = {access control, peer-to-peer storage system},
  owner = {tom},
  pages = {159},
  timestamp = {2017-10-10},
  url = {http://webcache.googleusercontent.com/u/ethweb?oe=utf8\&GO.x=0\&GO.y=0\&hl=es\&q=cache:7sJLnyzj1TcJ:http://www.zisc.ethz.ch/events/ISC20067Slides/MA_Report_Erol_Koc.pdf+Erol+Ko\%C3\%A7\&ct=clnk},
  volume = {Communication Systems}
}

[Kumar2006] Algorithms to accelerate multiple regular expressions matching for deep packet inspection

Kumar, Sailesh, Dharmapurikar, Sarang, Yu, Fang, Crowley, Patrick, and Turner, Jonathan

SIGCOMM Comput. Commun. Rev. 2006

@article{Kumar2006,
  author = {Kumar, Sailesh and Dharmapurikar, Sarang and Yu, Fang and Crowley, Patrick and Turner, Jonathan},
  journal = {SIGCOMM Comput. Commun. Rev.},
  title = {Algorithms to accelerate multiple regular expressions matching for deep packet inspection},
  year = {2006},
  issn = {0146-4833},
  number = {4},
  pages = {339{\textendash}350},
  volume = {36},
  address = {New York, NY, USA},
  doi = {10.1145/1151659.1159952},
  keywords = {deep packet inspection, DFA, regular expressions},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1151659.1159952}
}

[usability:weis2006] Anonymity Loves Company: Usability and the Network Effect

Dingledine, Roger, and Mathewson, Nick

Jun 2006

Website abstract Bib

A growing field of literature is studying how usability impacts security [4]. One class of security software is anonymizing networks— overlay networks on the Internet that provide privacy by letting users transact (for example, fetch a web page or send an email) without revealing their communication partners. In this position paper we focus on the network effects of usability on privacy and security: usability is a factor as before, but the size of the user base also becomes a factor. We show that in anonymizing networks, even if you were smart enough and had enough time to use every system perfectly, you would nevertheless be right to choose your system based in part on its usability for other users.
@conference{usability:weis2006, author = {Dingledine, Roger and Mathewson, Nick}, booktitle = {Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS 2006)}, title = {Anonymity Loves Company: Usability and the Network Effect}, year = {2006}, address = {Cambridge, UK}, editor = {Anderson, Ross}, month = jun, keywords = {anonymity, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.510} }
[chatzikokolakis2006apn] Anonymity Protocols as Noisy Channels?

Chatzikokolakis, Konstantinos, Palamidessi, Catuscia, and Panangaden, Prakash

Proc. 2nd Symposium on Trustworthy Global Computing, LNCS. Springer 2006

DOI Website abstract Bib

We propose a framework in which anonymity protocols are interpreted as particular kinds of channels, and the degree of anonymity provided by the protocol as the converse of the channel’s capacity. We also investigate how the adversary can test the system to try to infer the user’s identity, and we study how his probability of success depends on the characteristics of the channel. We then illustrate how various notions of anonymity can be expressed in this framework, and show the relation with some definitions of probabilistic anonymity in literature. This work has been partially supported by the INRIA DREI Équipe Associée PRINTEMPS. The work of Konstantinos Chatzikokolakis and Catuscia Palamidessi has been also supported by the INRIA ARC project ProNoBiS.
@article{chatzikokolakis2006apn, author = {Chatzikokolakis, Konstantinos and Palamidessi, Catuscia and Panangaden, Prakash}, journal = {Proc. 2nd Symposium on Trustworthy Global Computing, LNCS. Springer}, title = {Anonymity Protocols as Noisy Channels?}, year = {2006}, issn = {0302-9743}, pages = {281-300}, volume = {4661/2007}, doi = {10.1007/978-3-540-75336-0}, isbn = {978-3-540-75333-9}, keywords = {anonymity}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/04247873k1719274/} }
[Goyal:2006:AEF:1180405.1180418] Attribute-based encryption for fine-grained access control of encrypted data

Goyal, Vipul, Pandey, Omkant, Sahai, Amit, and Waters, Brent

10/2006 2006

DOI Website abstract Bib

As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).
@conference{Goyal:2006:AEF:1180405.1180418, author = {Goyal, Vipul and Pandey, Omkant and Sahai, Amit and Waters, Brent}, booktitle = {CCS{\textquoteright}06 - Proceedings of the 13th ACM Conference on Computer and Communications Security}, title = {Attribute-based encryption for fine-grained access control of encrypted data}, year = {2006}, address = {Alexandria, VA, USA}, month = {10/2006}, organization = {ACM}, pages = {89{\textendash}98}, publisher = {ACM}, series = {CCS {\textquoteright}06}, doi = {http://doi.acm.org/10.1145/1180405.1180418}, isbn = {1-59593-518-5}, keywords = {access control, attribute-based encryption, audit logs, broadcast encryption, delegation, hierarchical identity-based encryption}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1180405.1180418} }
[alpha-mixing:pet2006] Blending Different Latency Traffic with Alpha-Mixing

Dingledine, Roger, Serjantov, Andrei, and Syverson, Paul

Jun 2006

DOI Website abstract Bib

Currently fielded anonymous communication systems either introduce too much delay and thus have few users and little security, or have many users but too little delay to provide protection against large attackers. By combining the user bases into the same network, and ensuring that all traffic is mixed together, we hope to lower delay and improve anonymity for both sets of users. Alpha-mixing is an approach that can be added to traditional batching strategies to let senders specify for each message whether they prefer security or speed. Here we describe how to add alpha-mixing to various mix designs, and show that mix networks with this feature can provide increased anonymity for all senders in the network. Along the way we encounter subtle issues to do with the attacker’s knowledge of the security parameters of the users.
@conference{alpha-mixing:pet2006, author = {Dingledine, Roger and Serjantov, Andrei and Syverson, Paul}, booktitle = {Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)}, title = {Blending Different Latency Traffic with Alpha-Mixing}, year = {2006}, address = {Cambridge, UK}, editor = {Danezis, George and Golle, Philippe}, month = jun, organization = {Springer}, pages = {245{\textendash}257}, publisher = {Springer}, doi = {10.1007/11957454}, isbn = {978-3-540-68790-0}, keywords = {anonymity}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/m23510526727k317/} }
[cramer06bootstrapping] Bootstrapping Chord in Ad hoc Networks: Not Going Anywhere for a While

Cramer, Curt, and Fuhrmann, Thomas

2006

DOI Website abstract Bib

With the growing prevalence of wireless devices, infrastructure-less ad hoc networking is coming closer to reality. Research in this field has mainly been concerned with routing. However, to justify the relevance of ad hoc networks, there have to be applications. Distributed applications require basic services such as naming. In an ad hoc network, these services have to be provided in a decentralized way. We believe that structured peer-to-peer overlays are a good basis for their design. Prior work has been focused on the long-run performance of virtual peer-to-peer overlays over ad hoc networks. In this paper, we consider a vital functionality of any peer-to-peer network: bootstrapping. We formally show that the self-configuration process of a spontaneously deployed Chord network has a time complexity linear in the network size. In addition to that, its centralized bootstrapping procedure causes an unfavorable traffic load imbalance.
@conference{cramer06bootstrapping, author = {Cramer, Curt and Fuhrmann, Thomas}, booktitle = {Proceedings of the 3rd IEEE International Workshop on Mobile Peer-to-Peer Computing}, title = {Bootstrapping Chord in Ad hoc Networks: Not Going Anywhere for a While}, year = {2006}, address = {Pisa, Italy}, doi = {10.1109/PERCOMW.2006.28}, keywords = {ad-hoc networks, overlay networks, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[UREbreak06] Breaking Four Mix-related Schemes Based on Universal Re-encryption

Danezis, George

Sep 2006

DOI Website abstract Bib

Universal Re-encryption allows El-Gamal ciphertexts to be re-encrypted without knowledge of their corresponding public keys. This has made it an enticing building block for anonymous communications protocols. In this work we analyze four schemes related to mix networks that make use of Universal Re-encryption and find serious weaknesses in all of them. Universal Re-encryption of signatures is open to existential forgery; two-mix schemes can be fully compromised by a passive adversary observing a single message close to the sender; the fourth scheme, the rWonGoo anonymous channel, turns out to be less secure than the original Crowds scheme, on which it is based. Our attacks make extensive use of unintended “services” provided by the network nodes acting as decryption and re-routing oracles. Finally, our attacks against rWonGoo demonstrate that anonymous channels are not automatically composable: using two of them in a careless manner makes the system more vulnerable to attack.
@conference{UREbreak06, author = {Danezis, George}, booktitle = {Proceedings of Information Security Conference 2006}, title = {Breaking Four Mix-related Schemes Based on Universal Re-encryption}, year = {2006}, month = sep, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, doi = {10.1007/s10207-007-0033-y}, keywords = {traffic analysis, universal re-encryption}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/x038u85171776236/} }
[morphmix:pet2006] Breaking the Collusion Detection Mechanism of MorphMix

Tabriz, Parisa, and Borisov, Nikita

Jun 2006

DOI Website abstract Bib

MorphMix is a peer-to-peer circuit-based mix network designed to provide low-latency anonymous communication. MorphMix nodes incrementally construct anonymous communication tunnels based on recommendations from other nodes in the system; this P2P approach allows it to scale to millions of users. However, by allowing unknown peers to aid in tunnel construction, MorphMix is vulnerable to colluding attackers that only offer other attacking nodes in their recommendations. To avoid building corrupt tunnels, MorphMix employs a collusion detection mechanism to identify this type of misbehavior. In this paper, we challenge the assumptions of the collusion detection mechanism and demonstrate that colluding adversaries can compromise a significant fraction of all anonymous tunnels, and in some cases, a majority of all tunnels built. Our results suggest that mechanisms based solely on a node’s local knowledge of the network are not sufficient to solve the difficult problem of detecting colluding adversarial behavior in a P2P system and that more sophisticated schemes may be needed.
@conference{morphmix:pet2006, author = {Tabriz, Parisa and Borisov, Nikita}, booktitle = {Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)}, title = {Breaking the Collusion Detection Mechanism of MorphMix}, year = {2006}, address = {Cambridge, UK}, editor = {Danezis, George and Golle, Philippe}, month = jun, organization = {Springer}, pages = {368{\textendash}384}, publisher = {Springer}, doi = {10.1007/11957454}, isbn = {978-3-540-68790-0}, keywords = {collusion detection, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/p2612108665331n7/} }
[1159937] Building an AS-topology model that captures route diversity

Mühlbauer, Wolfgang, Feldmann, Anja, Maennel, Olaf, Roughan, Matthew, and Uhlig, Steve

SIGCOMM Comput. Commun. Rev. 2006

DOI Website abstract Bib

An understanding of the topological structure of the Internet is needed for quite a number of networking tasks, e. g., making decisions about peering relationships, choice of upstream providers, inter-domain traffic engineering. One essential component of these tasks is the ability to predict routes in the Internet. However, the Internet is composed of a large number of independent autonomous systems (ASes) resulting in complex interactions, and until now no model of the Internet has succeeded in producing predictions of acceptable accuracy.We demonstrate that there are two limitations of prior models: (i) they have all assumed that an Autonomous System (AS) is an atomic structure - it is not, and (ii) models have tended to oversimplify the relationships between ASes. Our approach uses multiple quasi-routers to capture route diversity within the ASes, and is deliberately agnostic regarding the types of relationships between ASes. The resulting model ensures that its routing is consistent with the observed routes. Exploiting a large number of observation points, we show that our model provides accurate predictions for unobserved routes, a first step towards developing structural mod-els of the Internet that enable real applications.
@article{1159937, author = {M{\"u}hlbauer, Wolfgang and Feldmann, Anja and Maennel, Olaf and Roughan, Matthew and Uhlig, Steve}, journal = {SIGCOMM Comput. Commun. Rev.}, title = {Building an AS-topology model that captures route diversity}, year = {2006}, issn = {0146-4833}, number = {4}, pages = {195{\textendash}206}, volume = {36}, address = {New York, NY, USA}, doi = {10.1145/1151659.1159937}, keywords = {border gateway protocol, inter-domain routing, route diversity, routing}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1159937$\#$} }
[thiele06debruijn] Churn Resistant de Bruijn Networks for Wireless on Demand Systems

Thiele, Manuel, Kutzner, Kendy, and Fuhrmann, Thomas

2006

Website abstract Bib

Wireless on demand systems typically need authentication, authorization and accounting (AAA) services. In a peer-to-peer (P2P) environment these AAA-services need to be provided in a fully decentralized manner. This excludes many cryptographic approaches since they need and rely on a central trusted instance. One way to accomplish AAA in a P2P manner are de Bruijn-networks, since there data can be routed over multiple non-overlapping paths, thereby hampering malicious nodes from manipulation that data. Originally, de Bruijn-networks required a rather fixed network structure which made them unsuitable for wireless networks. In this paper we generalize de Bruijn-networks to an arbitrary number of nodes while keeping all their desired properties. This is achieved by decoupling link degree and character set of the native de Bruijn graph. Furthermore we describe how this makes the resulting network resistant against node churn.
@conference{thiele06debruijn, author = {Thiele, Manuel and Kutzner, Kendy and Fuhrmann, Thomas}, booktitle = {Proceedings of the Third Annual Conference on Wireless On demand Network Systems and Services}, title = {Churn Resistant de Bruijn Networks for Wireless on Demand Systems}, year = {2006}, address = {Les M{\'e}nuires, France}, keywords = {authentication, P2P}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[adams06] A Classification for Privacy Techniques

Adams, Carlisle

University of Ottawa Law & Technology Journal 2006

Website abstract Bib

This paper proposes a classification for techniques that encourage, preserve, or enhance privacy in online environments. This classification encompasses both automated mechanisms (those that exclusively or primarily use computers and software to implement privacy techniques) and nonautomated mechanisms (those that exclusively or primarily use human means to implement privacy techniques). We give examples of various techniques and show where they fit within this classification. The importance of such a classification is discussed along with its use as a tool for the comparison and evaluation of privacy techniques.
@article{adams06, author = {Adams, Carlisle}, journal = {University of Ottawa Law \& Technology Journal}, title = {A Classification for Privacy Techniques}, year = {2006}, pages = {35{\textendash}52}, volume = {3}, keywords = {privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=999672} }
[Zhao2006] Combating Hidden Action in Unstructured Peer-to-Peer Systems

Zhao, Qi, Zhang, Jianzhong, and Xu, Jingdong

10/2006 2006

DOI abstract Bib

In unstructured peer-to-peer systems, cooperation by the intermediate peers are essential for the success of queries. However, intermediate peers may choose to forward packets at a low priority or not forward the packets at all, which is referred as peers’ hidden action. Hidden action may lead to significant decrement of search efficiency. In contrast to building a global system with reputations or economics, we proposed MSSF, an improved search method, to help queries route around the peers with hidden action. MSSF does not need to check other peers’ behavior. It automatically adapts to change query routes according to the previous query results. Simulation results show that MSSF is more robust than Gnutella flooding when peers with hidden action increase.
@conference{Zhao2006, author = {Zhao, Qi and Zhang, Jianzhong and Xu, Jingdong}, booktitle = {ChinaCom {\textquoteright}06. First International Conference on Communications and Networking in China}, title = {Combating Hidden Action in Unstructured Peer-to-Peer Systems}, year = {2006}, address = {Beijing, China}, month = {10/2006}, organization = {IEEE Computer Society}, pages = {1-5}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/CHINACOM.2006.344762}, isbn = {1-4244-0463-0}, keywords = {cooperation, hidden action, unstructured peer-to-peer system}, owner = {tom}, timestamp = {2017-10-10} }
[Cramton2006] Combinatorial Auctions

Cramton, Peter, Shoham, Yoav, and Steinberg, Richard

2006

Website abstract Bib

The study of combinatorial auctions – auctions in which bidders can bid on combinations of items or "packages" – draws on the disciplines of economics, operations research, and computer science. This landmark collection integrates these three perspectives, offering a state-of-the art survey of developments in combinatorial auction theory and practice by leaders in the field.Combinatorial auctions (CAs), by allowing bidders to express their preferences more fully, can lead to improved economic efficiency and greater auction revenues. However, challenges arise in both design and implementation. Combinatorial Auctions addresses each of these challenges. After describing and analyzing various CA mechanisms, the book addresses bidding languages and questions of efficiency. Possible strategies for solving the computationally intractable problem of how to compute the objective-maximizing allocation (known as the winner determination problem) are considered, as are questions of how to test alternative algorithms. The book discusses five important applications of CAs: spectrum auctions, airport takeoff and landing slots, procurement of freight transportation services, the London bus routes market, and industrial procurement. This unique collection makes recent work in CAs available to a broad audience of researchers and practitioners. The integration of work from the three disciplines underlying CAs, using a common language throughout, serves to advance the field in theory and practice.
@book{Cramton2006, author = {Cramton, Peter and Shoham, Yoav and Steinberg, Richard}, publisher = {MIT Press}, title = {Combinatorial Auctions}, year = {2006}, address = {Cambridge, MA}, isbn = {0262033429}, issn = {978-0262033428}, keywords = {combinatorial auctions, winner determination problem}, organization = {MIT Press}, owner = {tom}, pages = {649}, timestamp = {2017-10-10}, url = {http://works.bepress.com/cramton/35} }
[Fuhrmann2006] Combining Virtual and Physical Structures for Self-organized Routing

Fuhrmann, Thomas

2006

DOI Website abstract Bib

Our recently proposed scalable source routing (SSR) protocol combines source routing in the physical network with Chord-like routing in the virtual ring that is formed by the address space. Thereby, SSR provides self-organized routing in large unstructured networks of resource-limited devices. Its ability to quickly adapt to changes in the network topology makes it suitable not only for sensor-actuator networks but also for mobile ad-hoc networks. Moreover, SSR directly provides the key-based routing semantics, thereby making it an efficient basis for the scalable implementation of self-organizing, fully decentralized applications. In this paper we review SSR’s self-organizing features and demonstrate how the combination of virtual and physical structures leads to emergence of stability and efficiency. In particular, we focus on SSR’s resistance against node churn. Following the principle of combining virtual and physical structures, we propose an extension that stabilizes SSR in face of heavy node churn. Simulations demonstrate the effectiveness of this extension.
@inbook{Fuhrmann2006, author = {Fuhrmann, Thomas}, title = {Combining Virtual and Physical Structures for Self-organized Routing}, year = {2006}, series = {Lecture Notes in Computer Science}, volume = {Volume 4124/2006}, booktitle = {Self-Organizing Systems}, doi = {10.1007/11822035}, issn = {978-3-540-37658-3}, keywords = {Chord, scalable source routing, self-organization}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/4540535t4v2g2548/} }
[Curt2006] Communication Networks On the fundamental communication abstraction supplied by P2P overlay networks

Curt, Cramer, and Fuhrmann, Thomas

2006

Website abstract Bib

The disruptive advent of peer-to-peer (P2P) file sharing in 2000 attracted significant interest. P2P networks have matured from their initial form, unstructured overlays, to structured overlays like distributed hash tables (DHTs), which are considered state-of-the-art. There are huge efforts to improve their performance. Various P2P applications like distributed storage and application-layer multicast were proposed. However, little effort was spent to understand the communication abstraction P2P overlays supply. Only when it is understood, the reach of P2P ideas will significantly broaden. Furthermore, this clarification reveals novel approaches and highlights future directions. In this paper, we reconsider well-known P2P overlays, linking them to insights from distributed systems research. We conclude that the main communication abstraction is that of a virtual address space or application-specific naming. On this basis, P2P systems build a functional layer implementing, for example lookup, indirection and distributed processing. Our insights led us to identify interesting and unexplored points in the design space.
@article{Curt2006, author = {Curt, Cramer and Fuhrmann, Thomas}, title = {Communication Networks On the fundamental communication abstraction supplied by P2P overlay networks}, year = {2006}, keywords = {distributed hash table, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www3.interscience.wiley.com/journal/109858517/abstract} }
[1267366] Compare-by-hash: a reasoned analysis

Black, John

2006

Website abstract Bib

Compare-by-hash is the now-common practice used by systems designers who assume that when the digest of a cryptographic hash function is equal on two distinct files, then those files are identical. This approach has been used in both real projects and in research efforts (for example rysnc [16] and LBFS [12]). A recent paper by Henson criticized this practice [8]. The present paper revisits the topic from an advocate’s standpoint: we claim that compare-by-hash is completely reasonable, and we offer various arguments in support of this viewpoint in addition to addressing concerns raised by Henson.
@conference{1267366, author = {Black, John}, booktitle = {ATEC {\textquoteright}06: Proceedings of the annual conference on USENIX {\textquoteright}06 Annual Technical Conference}, title = {Compare-by-hash: a reasoned analysis}, year = {2006}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {7{\textendash}7}, publisher = {USENIX Association}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1267366$\#$} }
[Ardron2006] Complementary currency innovations: Self-guarantee in peer-to-peer currencies

Ardron, Mitra, and Lietaer, Bernard

International Journal of Community Currency Research 2006 2006

abstract Bib

The WAT system, as used in Japan, allows for businesses to issue their own tickets (IOU’s) which can circulate as a complementary currency within a community. This paper proposes a variation on that model, where the issuer of a ticket can offer a guarantee, in the form of some goods or services. The difference in value, along with a reasonable acceptance that the issuer is capable of delivering the service or goods, allows for a higher degree of confidence in the ticket, and therefore a greater liquidity.
@article{Ardron2006, author = {Ardron, Mitra and Lietaer, Bernard}, journal = {International Journal of Community Currency Research}, title = {Complementary currency innovations: Self-guarantee in peer-to-peer currencies}, year = {2006}, issn = {1325-9547}, month = {2006}, pages = {1-7}, volume = {10}, keywords = {guarantee, peer-to-peer currencies}, owner = {tom}, timestamp = {2017-10-10} }
[ishai2006ca] Cryptography from Anonymity

Ishai, Yuval, Kushilevitz, Eyal, Ostrovsky, Rafail, and Sahai, Amit

Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS’06)-Volume 00 2006

DOI Website abstract Bib

There is a vast body of work on implementing anonymous communication. In this paper, we study the possibility of using anonymous communication as a building block, and show that one can leverage on anonymity in a variety of cryptographic contexts. Our results go in two directions.–Feasibility. We show that anonymous communication over insecure channels can be used to implement unconditionally secure point-to-point channels, broadcast, and generalmulti-party protocols that remain unconditionally secure as long as less than half of the players are maliciously corrupted.–Efficiency. We show that anonymous channels can yield substantial efficiency improvements for several natural secure computation tasks. In particular, we present the first solution to the problem of private information retrieval (PIR) which can handle multiple users while being close to optimal with respect to both communication and computation.A key observation that underlies these results is that local randomization of inputs, via secret-sharing, when combined with the global mixing of the shares, provided by anonymity, allows to carry out useful computations on the inputs while keeping the inputs private.
@article{ishai2006ca, author = {Ishai, Yuval and Kushilevitz, Eyal and Ostrovsky, Rafail and Sahai, Amit}, journal = {Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS{\textquoteright}06)-Volume 00}, title = {Cryptography from Anonymity}, year = {2006}, issn = {0272-5428}, pages = {239{\textendash}248}, doi = {10.1109/FOCS.2006.25}, isbn = {0-7695-2720-5}, keywords = {anonymity, private information retrieval}, owner = {tom}, publisher = {IEEE Computer Society Washington, DC, USA}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1170505} }
[Grolimund:2006:CFT:1173705.1174355] Cryptree: A Folder Tree Structure for Cryptographic File Systems

Grolimund, Dominik, Meisser, Luzius, Schmid, Stefan, and Wattenhofer, Roger

10/2006 2006

DOI Website abstract Bib

We present Cryptree, a cryptographic tree structure which facilitates access control in file systems operating on untrusted storage. Cryptree leverages the file system’s folder hierarchy to achieve efficient and intuitive, yet simple, access control. The highlights are its ability to recursively grant access to a folder and all its subfolders in constant time, the dynamic inheritance of access rights which inherently prevents scattering of access rights, and the possibility to grant someone access to a file or folder without revealing the identities of other accessors. To reason about and to visualize Cryptree, we introduce the notion of cryptographic links. We describe the Cryptrees we have used to enforce read and write access in our own file system. Finally, we measure the performance of the Cryptree and compare it to other approaches.
@conference{Grolimund:2006:CFT:1173705.1174355, author = {Grolimund, Dominik and Meisser, Luzius and Schmid, Stefan and Wattenhofer, Roger}, booktitle = {SRDS{\textquoteright}06 - Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems}, title = {Cryptree: A Folder Tree Structure for Cryptographic File Systems}, year = {2006}, address = {Leeds, UK}, month = {10/2006}, organization = {IEEE Computer Society}, pages = {189{\textendash}198}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/SRDS.2006.15}, isbn = {0-7695-2677-2}, keywords = {cryptographic tree structure, cryptree, hierarchy, untrusted storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1173705.1174355} }
[200] Defending the Sybil Attack in P2P Networks: Taxonomy, Challenges, and a Proposal for Self-Registration

Dinger, Jochen, and Hartenstein, Hannes

Apr 2006

Website abstract Bib

The robustness of Peer-to-Peer (P2P) networks, in particular of DHT-based overlay networks, suffers significantly when a Sybil attack is performed. We tackle the issue of Sybil attacks from two sides. First, we clarify, analyze, and classify the P2P identifier assignment process. By clearly separating network participants from network nodes, two challenges of P2P networks under a Sybil attack become obvious: i) stability over time, and ii) identity differentiation. Second, as a starting point for a quantitative analysis of time-stability of P2P networks under Sybil attacks and under some assumptions with respect to identity differentiation, we propose an identity registration procedure called self-registration that makes use of the inherent distribution mechanisms of a P2P network.
@booklet{200, title = {Defending the Sybil Attack in P2P Networks: Taxonomy, Challenges, and a Proposal for Self-Registration}, author = {Dinger, Jochen and Hartenstein, Hannes}, month = apr, year = {2006}, journal = {DAS-P2P 2006}, keywords = {attack, P2P, robustness}, owner = {tom}, publisher = {Institut fur Telematik, Universitat Karsruhe (TH), Germany}, timestamp = {2017-10-10}, url = {http://dsn.tm.uni-karlsruhe.de/medien/publication-confs/dinger_dasp2p06_sybil.pdf} }
[Hurwicz2006] Designing Economics Mechanisms

Hurwicz, Leonid, and Reiter, Stanley

2006

DOI abstract Bib

A mechanism is a mathematical structure that models institutions through which economic activity is guided and coordinated. There are many such institutions; markets are the most familiar ones. Lawmakers, administrators and officers of private companies create institutions in order to achieve desired goals. They seek to do so in ways that economize on the resources needed to operate the institutions, and that provide incentives that induce the required behaviors. This book presents systematic procedures for designing mechanisms that achieve specified performance, and economize on the resources required to operate the mechanism. The systematic design procedures are algorithms for designing informationally efficient mechanisms. Most of the book deals with these procedures of design. When there are finitely many environments to be dealt with, and there is a Nash-implementing mechanism, our algorithms can be used to make that mechanism into an informationally efficient one. Informationally efficient dominant strategy implementation is also studied. Leonid Hurwicz is the Nobel Prize Winner 2007 for The Sveriges Riksbank Prize in Economic Sciences in Memory of Alfred Nobel, along with colleagues Eric Maskin and Roger Myerson, for his work on the effectiveness of markets.
@book{Hurwicz2006, author = {Hurwicz, Leonid and Reiter, Stanley}, publisher = {Cambridge University Press}, title = {Designing Economics Mechanisms}, year = {2006}, address = {Cambridge, U.K.}, isbn = {9780521836418}, doi = {http://dx.doi.org/10.1017/CBO9780511754258}, keywords = {algorithms, Complexity, Computational Geometry, Computer Algebra, Economics: general interest}, organization = {Cambridge University Press}, owner = {tom}, timestamp = {2017-10-10} }
[Golle:sp2006] Deterring Voluntary Trace Disclosure in Re-encryption Mix Networks

Golle, Philippe, Wang, XiaoFeng, Jakobsson, Markus, and Tsow, Alex

May 2006

DOI Website abstract Bib

Mix-networks, a family of anonymous messaging protocols, have been engineered to withstand a wide range of theoretical internal and external adversaries. An undetectable insider threat—voluntary partial trace disclosures by server administrators—remains a troubling source of vulnerability. An administrator’s cooperation could be the resulting coercion, bribery, or a simple change of interests. While eliminating this insider threat is impossible, it is feasible to deter such unauthorized disclosures by bundling them with additional penalties. We abstract these costs with collateral keys, which grant access to customizable resources. This article introduces the notion of trace-deterring mix-networks, which encode collateral keys for every server-node into every end-to-end message trace. The network reveals no keying material when the input-to-output transitions of individual servers remain secret. Two permutation strategies for encoding key information into traces, mix-and-flip and all-or-nothing, are presented. We analyze their trade-offs with respect to computational efficiency, anonymity sets, and colluding message senders. Our techniques have sufficiently low overhead for deployment in large-scale elections, thereby providing a sort of publicly verifiable privacy guarantee.
@conference{Golle:sp2006, author = {Golle, Philippe and Wang, XiaoFeng and Jakobsson, Markus and Tsow, Alex}, booktitle = {Proceedings of the 2006 IEEE Symposium on Security and Privacy}, title = {Deterring Voluntary Trace Disclosure in Re-encryption Mix Networks}, year = {2006}, address = {Oakland, CA}, month = may, organization = {IEEE CS}, pages = {121{\textendash}131}, publisher = {IEEE CS}, doi = {10.1145/1698750.1698758}, keywords = {anonymity measurement, privacy, re-encryption}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1698750.1698758} }
[Dwork2006] Differential Privacy

Dwork, Cynthia

2006

DOI Website abstract Bib

In 1977 Dalenius articulated a desideratum for statistical databases: nothing about an individual should be learnable from the database that cannot be learned without access to the database. We give a general impossibility result showing that a formalization of Dalenius’ goal along the lines of semantic security cannot be achieved. Contrary to intuition, a variant of the result threatens the privacy even of someone not in the database. This state of affairs suggests a new measure, differential privacy, which, intuitively, captures the increased risk to one’s privacy incurred by participating in a database.The techniques developed in a sequence of papers [8, 13, 3], culminating in those described in [12], can achieve any desired level of privacy under this measure. In many cases, extremely accurate information about the database can be provided while simultaneously ensuring very high levels of privacy.
@inbook{Dwork2006, author = {Dwork, Cynthia}, editor = {Bugliesi, Michele and Preneel, Bart and Sassone, Vladimiro and Wegener, Ingo}, pages = {1-12}, publisher = {Springer Berlin Heidelberg}, title = {Differential Privacy}, year = {2006}, isbn = {978-3-540-35907-4}, series = {Lecture Notes in Computer Science}, volume = {4052}, booktitle = {Automata, Languages and Programming}, doi = {10.1007/11787006_1}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/11787006_1} }
[1143821] A distributed data caching framework for mobile ad hoc networks

Wang, Ying-Hong, Chao, Chih-Feng, Lin, Shih-Wei, and Chen, Wei-Ting

2006

DOI Website abstract Bib

Mobile ad hoc networks (MANETs), enabling multi-hop communication between mobile nodes, are characterized by variable network topology and the demand for efficient dynamic routing protocols. MANETs need no stationary infrastructure or preconstructed base station to coordinate packet transmissions or to advertise information of network topology for mobile nodes. The objective of this paper is to provide MANETs with a distributed data caching framework, which could cache the repetition of data and data path, shorten routes and time span to access data, and enhance data reusable rate to further reduce the use of bandwidth and the consumption of power.
@conference{1143821, author = {Wang, Ying-Hong and Chao, Chih-Feng and Lin, Shih-Wei and Chen, Wei-Ting}, booktitle = {IWCMC {\textquoteright}06: Proceedings of the 2006 international conference on Wireless communications and mobile computing}, title = {A distributed data caching framework for mobile ad hoc networks}, year = {2006}, address = {New York, NY, USA}, organization = {ACM}, pages = {1357{\textendash}1362}, publisher = {ACM}, doi = {10.1145/1143549.1143821}, isbn = {1-59593-306-9}, keywords = {mobile Ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1143821$\#$} }
[Ghodsi2006] Distributed k-ary System: Algorithms for Distributed Hash Tables

Ghodsi, Ali

12/2006 2006

Website abstract Bib

This dissertation presents algorithms for data structures called distributed hash tables (DHT) or structured overlay networks, which are used to build scalable self-managing distributed systems. The provided algorithms guarantee lookup consistency in the presence of dynamism: they guarantee consistent lookup results in the presence of nodes joining and leaving. Similarly, the algorithms guarantee that routing never fails while nodes join and leave. Previous algorithms for lookup consistency either suffer from starvation, do not work in the presence of failures, or lack proof of correctness. Several group communication algorithms for structured overlay networks are presented. We provide an overlay broadcast algorithm, which unlike previous algorithms avoids redundant messages, reaching all nodes in O(log n) time, while using O(n) messages, where n is the number of nodes in the system. The broadcast algorithm is used to build overlay multicast. We introduce bulk operation, which enables a node to efficiently make multiple lookups or send a message to all nodes in a specified set of identifiers. The algorithm ensures that all specified nodes are reached in O(log n) time, sending maximum O(log n) messages per node, regardless of the input size of the bulk operation. Moreover, the algorithm avoids sending redundant messages. Previous approaches required multiple lookups, which consume more messages and can render the initiator a bottleneck. Our algorithms are used in DHT-based storage systems, where nodes can do thousands of lookups to fetch large files. We use the bulk operation algorithm to construct a pseudo-reliable broadcast algorithm. Bulk operations can also be used to implement efficient range queries. Finally, we describe a novel way to place replicas in a DHT, called symmetric replication, that enables parallel recursive lookups. Parallel lookups are known to reduce latencies. However, costly iterative lookups have previously been used to do parallel lookups. Moreover, joins or leaves only require exchanging O(1) messages, while other schemes require at least log(f) messages for a replication degree of f. The algorithms have been implemented in a middleware called the Distributed k-ary System (DKS), which is briefly described.
@mastersthesis{Ghodsi2006, author = {Ghodsi, Ali}, school = {KTH/Royal Institute of Technology}, title = {Distributed k-ary System: Algorithms for Distributed Hash Tables}, year = {2006}, address = {Stockholm}, month = {12/2006}, type = {Doctoral}, keywords = {distributed hash table, distributed k-ary system, DKS}, owner = {tom}, pages = {209}, timestamp = {2017-10-10}, url = {http://eprints.sics.se/516/} }
[AhmedBoutaba2006DistributedPatternMatching] Distributed Pattern Matching: A Key to Flexible and Efficient P2P Search

Ahmed, R., and Boutaba, R.

2006

DOI Website abstract Bib

Flexibility and efficiency are the prime requirements for any P2P search mechanism. Existing P2P systems do not seem to provide satisfactory solution for achieving these two conflicting goals. Unstructured search protocols (as adopted in Gnutella and FastTrack), provide search flexibility but exhibit poor performance characteristics. Structured search techniques (mostly distributed hash table (DHT)-based), on the other hand, can efficiently route queries to target peers but support exact-match queries only. In this paper we present a novel P2P system, called distributed pattern matching system (DPMS), for enabling flexible and efficient search. Distributed pattern matching can be used to solve problems like wildcard searching (for file-sharing P2P systems), partial service description matching (for service discovery systems) etc. DPMS uses a hierarchy of indexing peers for disseminating advertised patterns. Patterns are aggregated and replicated at each level along the hierarchy. Replication improves availability and resilience to peer failure, and aggregation reduces storage overhead. An advertised pattern can be discovered using any subset of its 1-bits; this allows inexact matching and queries in conjunctive normal form. Search complexity (i.e., the number of peers to be probed) in DPMS is O (log N + zetalog N/log N), where N is the total number of peers and zeta is proportional to the number of matches, required in a search result. The impact of churn problem is less severe in DPMS than DHT-based systems. Moreover, DPMS provides guarantee on search completeness for moderately stable networks. We demonstrate the effectiveness of DPMS using mathematical analysis and simulation results
@conference{AhmedBoutaba2006DistributedPatternMatching, author = {Ahmed, R. and Boutaba, R.}, booktitle = {2006 IEEE/IFIP Network Operations and Management Symposium NOMS 2006}, title = {Distributed Pattern Matching: A Key to Flexible and Efficient P2P Search}, year = {2006}, organization = {IEEE}, pages = {198{\textendash}208}, publisher = {IEEE}, doi = {10.1109/NOMS.2006.1687551}, isbn = {1-4244-0142-9}, keywords = {matching, P2P, search}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/NOMS.2006.1687551} }

[sandberg06distrouting] Distributed Routing in Small-World Networks

Sandberg, Oskar

2006

@conference{sandberg06distrouting,
  author = {Sandberg, Oskar},
  booktitle = {Algorithm Engineering and Experiments},
  title = {Distributed Routing in Small-World Networks},
  year = {2006},
  organization = {SIAM},
  publisher = {SIAM},
  keywords = {small-world},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://www.math.chalmers.se/~ossa/wrt.html}
}

[Campo2006] DNS-Based Service Discovery in Ad Hoc Networks: Evaluation and Improvements

Campo, Celeste, and Garcı́a-Rubio, Carlos

2006

DOI Website abstract Bib

In wireless networks, devices must be able to dynamically discover and share services in the environment. The problem of service discovery has attracted great research interest in the last years, particularly for ad hoc networks. Recently, the IETF has proposed the use of the DNS protocol for service discovery. For ad hoc networks, the IETF works in two proposals of distributed DNS, Multicast DNS and LLMNR, that can both be used for service discovery. In this paper we describe and compare through simulation the performance of service discovery based in these two proposals of distributed DNS. We also propose four simple improvements that reduce the traffic generated, and so the power consumption, especially of the most limited, battery powered, devices. We present simulation results that show the impact of our improvements in a typical scenario.
@book{Campo2006, author = {Campo, Celeste and Garc{\'\i}a-Rubio, Carlos}, publisher = {Springer Berlin / Heidelberg}, title = {DNS-Based Service Discovery in Ad Hoc Networks: Evaluation and Improvements}, year = {2006}, volume = {Volume 4217/2006}, doi = {10.1007/11872153}, issn = {978-3-540-45174-7}, keywords = {ad-hoc networks, DNS}, organization = {Springer Berlin / Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/m8322m1006416270/} }
[Md06e.:anonymous] E.: Anonymous Secure Communication in Wireless Mobile Ad-hoc Networks

Rahman, Sk. Md. Mizanur, Inomata, Atsuo, Okamoto, Takeshi, and Mambo, Masahiro

2006

DOI Website abstract Bib

The main characteristic of a mobile ad-hoc network is its infrastructure-less, highly dynamic topology, which is subject to malicious traffic analysis. Malicious intermediate nodes in wireless mobile ad-hoc networks are a threat concerning security as well as anonymity of exchanged information. To protect anonymity and achieve security of nodes in mobile ad-hoc networks, an anonymous on-demand routing protocol, termed RIOMO, is proposed. For this purpose, pseudo IDs of the nodes are generated considering Pairing-based Cryptography. Nodes can generate their own pseudo IDs independently. As a result RIOMO reduces pseudo IDs maintenance costs. Only trust-worthy nodes are allowed to take part in routing to discover a route. To ensure trustiness each node has to make authentication to its neighbors through an anonymous authentication process. Thus RIOMO safely communicates between nodes without disclosing node identities; it also provides different desirable anonymous properties such as identity privacy, location privacy, route anonymity, and robustness against several attacks.
@conference{Md06e.:anonymous, author = {Rahman, Sk. Md. Mizanur and Inomata, Atsuo and Okamoto, Takeshi and Mambo, Masahiro}, booktitle = {In: Proceedings of the First International Conference on Ubiquitous Convergence Technology}, title = {E.: Anonymous Secure Communication in Wireless Mobile Ad-hoc Networks}, year = {2006}, organization = {Springer}, pages = {131{\textendash}140}, publisher = {Springer}, doi = {10.1007/978-3-540-71789-8}, keywords = {ad-hoc networks, anonymity, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/g6334148068w1254/} }
[danezis:weis2006] The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications

Danezis, George, and Wittneben, Bettina

Jun 2006

Website abstract Bib

We present a model of surveillance based on social network theory, where observing one participant also leaks some information about third parties. We examine how many nodes an adversary has to observe in order to extract information about the network, but also how the method for choosing these nodes (target selection) greatly influences the resulting intelligence. Our results provide important insights into the actual security of anonymous communication, and their ability to minimise surveillance and disruption in a social network. They also allow us to draw interesting policy conclusions from published interception figures, and get a better estimate of the amount of privacy invasion and the actual volume of surveillance taking place.
@conference{danezis:weis2006, author = {Danezis, George and Wittneben, Bettina}, booktitle = {Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS 2006)}, title = {The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications}, year = {2006}, address = {Cambridge, UK}, editor = {Anderson, Ross}, month = jun, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.60.9384} }
[1151692] Energy-aware lossless data compression

Barr, Kenneth, and Asanović, Krste

ACM Trans. Comput. Syst. 2006 2006

DOI Website abstract Bib

Wireless transmission of a single bit can require over 1000 times more energy than a single computation. It can therefore be beneficial to perform additional computation to reduce the number of bits transmitted. If the energy required to compress data is less than the energy required to send it, there is a net energy savings and an increase in battery life for portable computers. This article presents a study of the energy savings possible by losslessly compressing data prior to transmission. A variety of algorithms were measured on a StrongARM SA-110 processor. This work demonstrates that, with several typical compression algorithms, there is a actually a net energy increase when compression is applied before transmission. Reasons for this increase are explained and suggestions are made to avoid it. One such energy-aware suggestion is asymmetric compression, the use of one compression algorithm on the transmit side and a different algorithm for the receive path. By choosing the lowest-energy compressor and decompressor on the test platform, overall energy to send and receive data can be reduced by 11% compared with a well-chosen symmetric pair, or up to 57% over the default symmetric zlib scheme.
@article{1151692, author = {Barr, Kenneth and Asanovi{\'c}, Krste}, journal = {ACM Trans. Comput. Syst.}, title = {Energy-aware lossless data compression}, year = {2006}, issn = {0734-2071}, month = {2006}, number = {3}, pages = {250{\textendash}291}, volume = {24}, address = {New York, NY, USA}, doi = {10.1145/1151690.1151692}, keywords = {compression, energy-aware, lossless}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1151692$\#$} }
[1143660] Estimation based erasure-coding routing in delay tolerant networks

Liao, Yong, Tan, Kun, Zhang, Zhensheng, and Gao, Lixin

2006

DOI Website abstract Bib

Wireless Delay Tolerant Networks (DTNs) are intermittently connected mobile wireless networks. Some well-known assumptions of traditional networks are no longer true in DTNs, which makes routing in DTNs a challenging problem. We observe that mobile nodes in realistic wireless DTNs may always have some mobility pattern information which can be used to estimate one node’s ability to deliver a specific message. This estimation can greatly enhance the routing performance in DTNs. Furthermore, we adopt an alternative way to generate redundancy using erasure coding. With a fixed overhead, the erasure coding can generate a large number of message-blocks instead of a few replications, and therefore it allows the transmission of only a portion of message to a relay. This can greatly increase the routing diversity when combined with estimation-based approaches. We have conducted extensive simulations to evaluate the performance of our scheme. The results demonstrate that our scheme outperforms previously proposed schemes.
@conference{1143660, author = {Liao, Yong and Tan, Kun and Zhang, Zhensheng and Gao, Lixin}, booktitle = {IWCMC {\textquoteright}06: Proceedings of the 2006 international conference on Wireless communications and mobile computing}, title = {Estimation based erasure-coding routing in delay tolerant networks}, year = {2006}, address = {New York, NY, USA}, organization = {ACM}, pages = {557{\textendash}562}, publisher = {ACM}, doi = {10.1145/1143549.1143660}, isbn = {1-59593-306-9}, keywords = {delay tolerant network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1143549.1143660$\#$} }
[Mislove2006] Experiences in building and operating ePOST, a reliable peer-to-peer application

Mislove, Alan, Post, Ansley, Haeberlen, Andreas, and Druschel, Peter

SIGOPS Oper. Syst. Rev. 2006

DOI Website abstract Bib PDF

Peer-to-peer (p2p) technology can potentially be used to build highly reliable applications without a single point of failure. However, most of the existing applications, such as file sharing or web caching, have only moderate reliability demands. Without a challenging proving ground, it remains unclear whether the full potential of p2p systems can be realized.To provide such a proving ground, we have designed, deployed and operated a p2p-based email system. We chose email because users depend on it for their daily work and therefore place high demands on the availability and reliability of the service, as well as the durability, integrity, authenticity and privacy of their email. Our system, ePOST, has been actively used by a small group of participants for over two years.In this paper, we report the problems and pitfalls we encountered in this process. We were able to address some of them by applying known principles of system design, while others turned out to be novel and fundamental, requiring us to devise new solutions. Our findings can be used to guide the design of future reliable p2p systems and provide interesting new directions for future research.
@article{Mislove2006, author = {Mislove, Alan and Post, Ansley and Haeberlen, Andreas and Druschel, Peter}, journal = {SIGOPS Oper. Syst. Rev.}, title = {Experiences in building and operating ePOST, a reliable peer-to-peer application}, year = {2006}, issn = {0163-5980}, number = {4}, pages = {147{\textendash}159}, volume = {40}, address = {New York, NY, USA}, doi = {10.1145/1218063.1217950}, keywords = {P2P,apps}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1218063.1217950$\#$} }
[guha6ess] An Experimental Study of the Skype Peer-to-Peer VoIP System

Guha, Saikat, Daswani, Neil, and Jain, Ravi

02/2006 2006

Website abstract Bib

Despite its popularity, relatively little is known about the traf- fic characteristics of the Skype VoIP system and how they differ from other P2P systems. We describe an experimental study of Skype VoIP traffic conducted over a one month period, where over 30 million datapoints were collected regarding the population of online clients, the number of supernodes, and their traffic characteristics. The results indicate that although the structure of the Skype system appears to be similar to other P2P systems, particularly KaZaA, there are several significant differences in traffic. The number of active clients shows diurnal and work-week behavior, correlating with normal working hours regardless of geography. The population of supernodes in the system tends to be relatively stable; thus node churn, a significant concern in other systems, seems less problematic in Skype. The typical bandwidth load on a supernode is relatively low, even if the supernode is relaying VoIP traffic. The paper aims to aid further understanding of a signifi- cant, successful P2P VoIP system, as well as provide experimental data that may be useful for design and modeling of such systems. These results also imply that the nature of a VoIP P2P system like Skype differs fundamentally from earlier P2P systems that are oriented toward file-sharing, and music and video download applications, and deserves more attention from the research community.
@conference{guha6ess, author = {Guha, Saikat and Daswani, Neil and Jain, Ravi}, booktitle = {IPTPS{\textquoteright}06 - Proceedings of The 5th International Workshop on Peer-to-Peer Systems}, title = {An Experimental Study of the Skype Peer-to-Peer VoIP System}, year = {2006}, address = {Santa Barbara, CA, USA}, month = {02/2006}, pages = {1{\textendash}6}, keywords = {decentralized, indexing, overlay, P2P, skype, unstructured}, owner = {tom}, timestamp = {2017-10-10}, url = {http://saikat.guha.cc/pub/iptps06-skype/} }
[Saito2006] Fair Trading of Information: A Proposal for the Economics of Peer-to-Peer Systems

Saito, Kenji, Morino, Eiichi, and Murai, Jun

04/2006 2006

DOI Website abstract Bib

A P2P currency can be a powerful tool for promoting exchanges in a trusted way that make use of under-utilized resources both in computer networks and in real life. There are three classes of resource that can be exchanged in a P2P system: atoms (ex. physical goods by way of auctions), bits (ex. data files) and presences (ex. time slots for computing resources such as CPU, storage or bandwidth). If these are equally treated as commodities, however, the economy of the system is likely to collapse, because data files can be reproduced at a negligibly small cost whereas time slots for computing resources cannot even be stockpiled for future use. This paper clarifies this point by simulating a small world of traders, and proposes a novel way for applying the "reduction over time" feature[14] of i-WAT[11], a P2P currency. In the proposed new economic order (NEO), bits are freely shared among participants, whereas their producers are supported by peers, being given freedom to issue exchange tickets whose values are reduced over time.
@conference{Saito2006, author = {Saito, Kenji and Morino, Eiichi and Murai, Jun}, booktitle = {ARES{\textquoteright}06. Proceedings of the First International Conference on Availability, Reliability and Security}, title = {Fair Trading of Information: A Proposal for the Economics of Peer-to-Peer Systems}, year = {2006}, address = {Vienna, Austria}, month = {04/2006}, organization = {IEEE Computer Society}, pages = {764{\textendash}771}, publisher = {IEEE Computer Society}, doi = {10.1109/ARES.2006.62}, isbn = {0-7695-2567-9}, keywords = {economics, information trading}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1130897.1131000} }
[1217937] Fireflies: scalable support for intrusion-tolerant network overlays

Johansen, Håvard, Allavena, André, and Renesse, Robbert Van

SIGOPS Oper. Syst. Rev. 2006

DOI Website abstract Bib

This paper describes and evaluates Fireflies, a scalable protocol for supporting intrusion-tolerant network overlays. While such a protocol cannot distinguish Byzantine nodes from correct nodes in general, Fireflies provides correct nodes with a reasonably current view of which nodes are live, as well as a pseudo-random mesh for communication. The amount of data sent by correct nodes grows linearly with the aggregate rate of failures and recoveries, even if provoked by Byzantine nodes. The set of correct nodes form a connected submesh; correct nodes cannot be eclipsed by Byzantine nodes. Fireflies is deployed and evaluated on PlanetLab.
@article{1217937, author = {Johansen, H{\r a}vard and Allavena, Andr{\'e} and Renesse, Robbert Van}, journal = {SIGOPS Oper. Syst. Rev.}, title = {Fireflies: scalable support for intrusion-tolerant network overlays}, year = {2006}, issn = {0163-5980}, number = {4}, pages = {3{\textendash}13}, volume = {40}, address = {New York, NY, USA}, doi = {10.1145/1218063.1217937}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1218063.1217937$\#$} }
[Locher06freeriding] Free Riding in BitTorrent is Cheap

Locher, Thomas, Moor, Patrick, Schmid, Stefan, and Wattenhofer, Roger

2006

Website abstract Bib

While it is well-known that BitTorrent is vulnerable to selfish behavior, this paper demonstrates that even entire files can be downloaded without reciprocating at all in BitTorrent. To this end, we present BitThief, a free riding client that never contributes any real data. First, we show that simple tricks suffice in order to achieve high download rates, even in the absence of seeders. We also illustrate how peers in a swarm react to various sophisticated attacks. Moreover, our analysis reveals that sharing communities—communities originally intended to offer downloads of good quality and to promote cooperation among peers—provide many incentives to cheat.
@conference{Locher06freeriding, author = {Locher, Thomas and Moor, Patrick and Schmid, Stefan and Wattenhofer, Roger}, booktitle = {In HotNets}, title = {Free Riding in BitTorrent is Cheap}, year = {2006}, keywords = {BitTorrent}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.67.9307} }
[Grolimund06havelaar:a] Havelaar: A Robust and Efficient Reputation System for Active Peer-to-Peer Systems

Grolimund, Dominik, Meisser, Luzius, Schmid, Stefan, and Wattenhofer, Roger

06/2006 2006

abstract Bib

Peer-to-peer (p2p) systems have the potential to harness huge amounts of resources. Unfortunately, however, it has been shown that most of today’s p2p networks suffer from a large fraction of free-riders, which mostly consume resources without contributing much to the system themselves. This results in an overall performance degradation. One particularly interesting resource is bandwidth. Thereby, a service differentiation approach seems appropriate, where peers contributing higher upload bandwidth are rewarded with higher download bandwidth in return. Keeping track of the contribution of each peer in an open, decentralized environment, however, is not trivial; many systems which have been proposed are susceptible to false reports. Besides being prone to attacks, some solutions have a large communication and computation overhead, which can even be linear in the number of transactions—an unacceptable burden in practical and active systems. In this paper, we propose a reputation system which overcomes this scaling problem. Our analytical and simulation results are promising, indicating that the mechanism is accurate and efficient, especially when applied to systems where there are lots of transactions (e.g., due to erasure coding).
@conference{Grolimund06havelaar:a, author = {Grolimund, Dominik and Meisser, Luzius and Schmid, Stefan and Wattenhofer, Roger}, booktitle = {NetEcon{\textquoteright}06. 1st Workshop on the Economics of Networked Systems Ann Arbor}, title = {Havelaar: A Robust and Efficient Reputation System for Active Peer-to-Peer Systems}, year = {2006}, address = {Ann Arbor, Michigan}, month = {06/2006}, keywords = {free-riding, harvelaar, P2P, peer-to-peer networking, performance degradation, reputation system}, owner = {tom}, timestamp = {2017-10-10} }
[HotOrNot] Hot or Not: Revealing Hidden Services by their Clock Skew

Murdoch, Steven J.

Oct 2006

DOI Website abstract Bib

Location-hidden services, as offered by anonymity systems such as Tor, allow servers to be operated under a pseudonym. As Tor is an overlay network, servers hosting hidden services are accessible both directly and over the anonymous channel. Traffic patterns through one channel have observable effects on the other, thus allowing a service’s pseudonymous identity and IP address to be linked. One proposed solution to this vulnerability is for Tor nodes to provide fixed quality of service to each connection, regardless of other traffic, thus reducing capacity but resisting such interference attacks. However, even if each connection does not influence the others, total throughput would still affect the load on the CPU, and thus its heat output. Unfortunately for anonymity, the result of temperature on clock skew can be remotely detected through observing timestamps. This attack works because existing abstract models of anonymity-network nodes do not take into account the inevitable imperfections of the hardware they run on. Furthermore, we suggest the same technique could be exploited as a classical covert channel and can even provide geolocation.
@conference{HotOrNot, author = {Murdoch, Steven J.}, booktitle = {Proceedings of CCS 2006}, title = {Hot or Not: Revealing Hidden Services by their Clock Skew}, year = {2006}, month = oct, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1180405.1180410}, isbn = {1-59593-518-5}, keywords = {anonymity, clock skew, covert channels, fingerprinting, Tor}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1180410} }
[clonewars] How to win the clonewars: efficient periodic n-times anonymous authentication

Camenisch, Jan, Hohenberger, Susan, Kohlweiss, Markulf, Lysyanskaya, Anna, and Meyerovich, Mira

2006

DOI Website abstract Bib

We create a credential system that lets a user anonymously authenticate at most n times in a single time period. A user withdraws a dispenser of n e-tokens. She shows an e-token to a verifier to authenticate herself; each e-token can be used only once, however, the dispenser automatically refreshes every time period. The only prior solution to this problem, due to Damgård et al. [29], uses protocols that are a factor of k slower for the user and verifier, where k is the security parameter. Damgård et al. also only support one authentication per time period, while we support n. Because our construction is based on e-cash, we can use existing techniques to identify a cheating user, trace all of her e-tokens, and revoke her dispensers. We also offer a new anonymity service: glitch protection for basically honest users who (occasionally) reuse e-tokens. The verifier can always recognize a reused e-token; however, we preserve the anonymity of users who do not reuse e-tokens too often.
@conference{clonewars, author = {Camenisch, Jan and Hohenberger, Susan and Kohlweiss, Markulf and Lysyanskaya, Anna and Meyerovich, Mira}, booktitle = {Proceedings of the 13th ACM conference on Computer and communications security (CCS 2006)}, title = {How to win the clonewars: efficient periodic n-times anonymous authentication}, year = {2006}, address = {New York, NY, USA}, organization = {ACM Press}, pages = {201{\textendash}210}, publisher = {ACM Press}, doi = {10.1145/1180405.1180431}, isbn = {1-59593-518-5}, keywords = {clone detection, credentials, n-anonymous authentication}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1180431} }
[1157518] iDIBS: An Improved Distributed Backup System

Morcos, Faruck, Chantem, Thidapat, Little, Philip, Gasiba, Tiago, and Thain, Douglas

2006

DOI Website abstract Bib

iDIBS is a peer-to-peer backup system which optimizes the Distributed Internet Backup System (DIBS). iDIBS offers increased reliability by enhancing the robustness of existing packet transmission mechanism. Reed-Solomon erasure codes are replaced with Luby Transform codes to improve computation speed and scalability of large files. Lists of peers are automatically stored onto nodes to reduce recovery time. To realize these optimizations, an acceptable amount of data overhead and an increase in network utilization are imposed on the iDIBS system. Through a variety of experiments, we demonstrate that iDIBS significantly outperforms DIBS in the areas of data computational complexity, backup reliability, and overall performance.
@conference{1157518, author = {Morcos, Faruck and Chantem, Thidapat and Little, Philip and Gasiba, Tiago and Thain, Douglas}, booktitle = {ICPADS {\textquoteright}06: Proceedings of the 12th International Conference on Parallel and Distributed Systems}, title = {iDIBS: An Improved Distributed Backup System}, year = {2006}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {58{\textendash}67}, publisher = {IEEE Computer Society}, doi = {10.1109/ICPADS.2006.52}, isbn = {0-7695-2612-8}, keywords = {backup, P2P, reliability}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1156431.1157518$\#$} }
[clayton:pet2006] Ignoring the Great Firewall of China

Clayton, Richard, Murdoch, Steven J., and Watson, Robert N. M.

Jun 2006

DOI Website abstract Bib

The so-called “Great Firewall of China” operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST flag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the firewall unscathed, if the endpoints completely ignore the firewall’s resets, then the connection will proceed unhindered. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines.
@conference{clayton:pet2006, author = {Clayton, Richard and Murdoch, Steven J. and Watson, Robert N. M.}, booktitle = {Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)}, title = {Ignoring the Great Firewall of China}, year = {2006}, address = {Cambridge, UK}, editor = {Danezis, George and Golle, Philippe}, month = jun, organization = {Springer}, pages = {20{\textendash}35}, publisher = {Springer}, doi = {10.1007/11957454}, isbn = {978-3-540-68790-0}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.springerlink.com/content/7224582654260k03/} }
[conf/infocom/StutzbachR06] Improving Lookup Performance Over a Widely-Deployed DHT

Stutzbach, Daniel, and Rejaie, Reza

2006

Website abstract Bib

During recent years, Distributed Hash Tables (DHTs) have been extensively studied through simulation and analysis. However, due to their limited deployment, it has not been possible to observe the behavior of a widely-deployed DHT in practice. Recently, the popular eMule file-sharing software incorporated a Kademlia-based DHT, called Kad, which currently has around one million simultaneous users. In this paper, we empirically study the performance of the key DHT operation, lookup, over Kad. First, we analytically derive the benefits of different ways to increase the richness of routing tables in Kademlia-based DHTs. Second, we empirically characterize two aspects of the accuracy of routing tables in Kad, namely completeness and freshness, and characterize their impact on Kad’s lookup performance. Finally, we investigate how the efficiency and consistency of lookup in Kad can be improved by performing parallel lookup and maintaining multiple replicas, respectively. Our results pinpoint the best operating point for the degree of lookup parallelism and the degree of replication for Kad.
@conference{conf/infocom/StutzbachR06, author = {Stutzbach, Daniel and Rejaie, Reza}, booktitle = {INFOCOM}, title = {Improving Lookup Performance Over a Widely-Deployed DHT}, year = {2006}, organization = {IEEE}, publisher = {IEEE}, keywords = {distributed hash table, redundancy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dblp.uni-trier.de/db/conf/infocom/infocom2006.html$\#$StutzbachR06} }
[Pai06improvingrobustness] Improving Robustness of Peer-to-Peer Streaming with Incentives

Pai, Vinay, and Mohr, Alexander E.

06/2006 2006

abstract Bib

In this paper we argue that a robust incentive mechanism is important in a real-world peer-to-peer streaming system to ensure that nodes contribute as much upload bandwidth as they can. We show that simple tit-for-tat mechanisms which work well in file-sharing systems like BitTorrent do not perform well given the additional delay and bandwidth constraints imposed by live streaming. We present preliminary experimental results for an incentive mechanism based on the Iterated Prisoner’s Dilemma problem that allows all nodes to download with low packet loss when there is sufficient capacity in the system, but when the system is resource-starved, nodes that contribute upload bandwidth receive better service than those that do not. Moreover, our algorithm does not require nodes to rely on any information other than direct observations of its neighbors ’ behavior towards it.
@conference{Pai06improvingrobustness, author = {Pai, Vinay and Mohr, Alexander E.}, booktitle = {NetEcon{\textquoteright}06. 1st Workshop on the Economics of Networked Systems}, title = {Improving Robustness of Peer-to-Peer Streaming with Incentives}, year = {2006}, address = {Ann Arbor, Michigan, USA}, month = {06/2006}, organization = {ACM}, publisher = {ACM}, keywords = {peer-to-peer streaming, tit-for-tat}, owner = {tom}, timestamp = {2021-01-27} }
[ciaccio:pet2006] Improving Sender Anonymity in a Structured Overlay with Imprecise Routing

Ciaccio, Giuseppe

Jun 2006

DOI Website abstract Bib

In the framework of peer to peer distributed systems, the problem of anonymity in structured overlay networks remains a quite elusive one. It is especially unclear how to evaluate and improve sender anonymity, that is, untraceability of the peers who issue messages to other participants in the overlay. In a structured overlay organized as a chordal ring, we have found that a technique originally developed for recipient anonymity also improves sender anonymity. The technique is based on the use of imprecise entries in the routing tables of each participating peer. Simulations show that the sender anonymity, as measured in terms of average size of anonymity set, decreases slightly if the peers use imprecise routing; yet, the anonymity takes a better distribution, with good anonymity levels becoming more likely at the expenses of very high and very low levels. A better quality of anonymity service is thus provided to participants.
@conference{ciaccio:pet2006, author = {Ciaccio, Giuseppe}, booktitle = {Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)}, title = {Improving Sender Anonymity in a Structured Overlay with Imprecise Routing}, year = {2006}, address = {Cambridge, UK}, editor = {Danezis, George and Golle, Philippe}, month = jun, organization = {Springer}, pages = {190{\textendash}207}, publisher = {Springer}, doi = {10.1007/11957454}, isbn = {978-3-540-68790-0}, keywords = {anonymity, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/v473127846n07255/} }
[Bindal2006] Improving traffic locality in BitTorrent via biased neighbor selection

Bindal, Ruchir, Cao, Pei, Chan, William, Medved, Jan, Suwala, George, Bates, Tony, and Zhang, Amy

2006 2006

DOI abstract Bib

Peer-to-peer (P2P) applications such as BitTorrent ignore traffic costs at ISPs and generate a large amount of cross-ISP traffic. As a result, ISPs often throttle BitTorrent traffic to control the cost. In this paper, we examine a new approach to enhance BitTorrent traffic locality, biased neighbor selection, in which a peer chooses the majority, but not all, of its neighbors from peers within the same ISP. Using simulations, we show that biased neighbor selection maintains the nearly optimal performance of Bit- Torrent in a variety of environments, and fundamentally reduces the cross-ISP traffic by eliminating the traffic’s linear growth with the number of peers. Key to its performance is the rarest first piece replication algorithm used by Bit- Torrent clients. Compared with existing locality-enhancing approaches such as bandwidth limiting, gateway peers, and caching, biased neighbor selection requires no dedicated servers and scales to a large number of BitTorrent networks.
@conference{Bindal2006, author = {Bindal, Ruchir and Cao, Pei and Chan, William and Medved, Jan and Suwala, George and Bates, Tony and Zhang, Amy}, booktitle = {Proceedings of the 26th IEEE International Conference on Distributed Computing Systems}, title = {Improving traffic locality in BitTorrent via biased neighbor selection}, year = {2006}, address = {Lisboa, Portugal}, month = {2006}, organization = {IEEE Computer Society}, pages = {66}, publisher = {IEEE Computer Society}, doi = {10.1109/ICDCS.2006.48}, isbn = {0-7695-2540-7}, issn = {1063-6927}, keywords = {BitTorrent, neighbor selection, peer-to-peer networking, performance, traffic locality}, owner = {tom}, timestamp = {2017-10-10} }
[Feigenbaum:2006:IIR:1134707.1134722] Incentive-compatible interdomain routing

Feigenbaum, Joan, Ramachandran, Vijay, and Schapira, Michael

06/2006 2006

DOI Website abstract Bib

The routing of traffic between Internet domains, or Autonomous Systems (ASes), a task known as interdomain routing, is currently handled by the Border Gateway Protocol (BGP). Using BGP, autonomous systems can apply semantically rich routing policies to choose interdomain routes in a distributed fashion. This expressiveness in routing-policy choice supports domains’ autonomy in network operations and in business decisions, but it comes at a price: The interaction of locally defined routing policies can lead to unexpected global anomalies, including route oscillations or overall protocol divergence. Networking researchers have addressed this problem by devising constraints on policies that guarantee BGP convergence without unduly limiting expressiveness and autonomy.In addition to taking this engineering or "protocol-design" approach, researchers have approached interdomain routing from an economic or "mechanism-design" point of view. It is known that lowest-cost-path (LCP) routing can be implemented in a truthful, BGP-compatible manner but that several other natural classes of routing policies cannot. In this paper, we present a natural class of interdomain-routing policies that is more realistic than LCP routing and admits incentive-compatible, BGP-compatible implementation. We also present several positive steps toward a general theory of incentive-compatible interdomain routing.
@conference{Feigenbaum:2006:IIR:1134707.1134722, author = {Feigenbaum, Joan and Ramachandran, Vijay and Schapira, Michael}, booktitle = {EC{\textquoteright}06. Proceedings of the 7th ACM Conference on Electronic Commerce}, title = {Incentive-compatible interdomain routing}, year = {2006}, address = {Arbor, Michigan}, month = {06/2006}, organization = {ACM}, pages = {130{\textendash}139}, publisher = {ACM}, series = {EC {\textquoteright}06}, doi = {http://doi.acm.org/10.1145/1134707.1134722}, isbn = {1-59593-236-4}, keywords = {border gateway protocol (BGP), distributed algorithmic mechanism design, interdomain routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1134707.1134722} }
[DBLP:journals/corr/abs-cs-0611016] Increasing Data Resilience of Mobile Devices with a Collaborative Backup Service

Martin-Guillerez, Damien, Banâtre, Michel, and Couderc, Paul

CoRR 2006

Website abstract Bib

Whoever has had his cell phone stolen knows how frustrating it is to be unable to get his contact list back. To avoid data loss when losing or destroying a mobile device like a PDA or a cell phone, data is usually backed-up to a fixed station. However, in the time between the last backup and the failure, important data can have been produced and then lost. To handle this issue, we propose a transparent collaborative backup system. Indeed, by saving data on other mobile devices between two connections to a global infrastructure, we can resist to such scenarios. In this paper, after a general description of such a system, we present a way to replicate data on mobile devices to attain a prerequired resilience for the backup.
@article{DBLP:journals/corr/abs-cs-0611016, author = {Martin-Guillerez, Damien and Ban{\^a}tre, Michel and Couderc, Paul}, journal = {CoRR}, title = {Increasing Data Resilience of Mobile Devices with a Collaborative Backup Service}, year = {2006}, volume = {abs/cs/0611016}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.pubzone.org/dblp/journals/corr/abs-cs-0611016} }
[WrightMM06] On Inferring Application Protocol Behaviors in Encrypted Network Traffic

Wright, Charles, Monrose, Fabian, and Masson, Gerald M.

Journal of Machine Learning Research 2006

Website abstract Bib

Several fundamental security mechanisms for restricting access to network resources rely on the ability of a reference monitor to inspect the contents of traffic as it traverses the network. However, with the increasing popularity of cryptographic protocols, the traditional means of inspecting packet contents to enforce security policies is no longer a viable approach as message contents are concealed by encryption. In this paper, we investigate the extent to which common application protocols can be identified using only the features that remain intact after encryption—namely packet size, timing, and direction. We first present what we believe to be the first exploratory look at protocol identification in encrypted tunnels which carry traffic from many TCP connections simultaneously, using only post-encryption observable features. We then explore the problem of protocol identification in individual encrypted TCP connections, using much less data than in other recent approaches. The results of our evaluation show that our classifiers achieve accuracy greater than 90% for several protocols in aggregate traffic, and, for most protocols, greater than 80% when making fine-grained classifications on single connections. Moreover, perhaps most surprisingly, we show that one can even estimate the number of live connections in certain classes of encrypted tunnels to within, on average, better than 20%.
@article{WrightMM06, author = {Wright, Charles and Monrose, Fabian and Masson, Gerald M.}, journal = {Journal of Machine Learning Research}, title = {On Inferring Application Protocol Behaviors in Encrypted Network Traffic}, year = {2006}, issn = {1533-7928}, pages = {2745{\textendash}2769}, volume = {7}, address = {Cambridge, MA, USA}, keywords = {hidden Markov models, traffic classification}, owner = {tom}, publisher = {MIT Press}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1248647} }
[Liberatore:2006] Inferring the Source of Encrypted HTTP Connections

Liberatore, Marc, and Levine, Brian Neil

Oct 2006

DOI Website abstract Bib

We examine the effectiveness of two traffic analysis techniques for identifying encrypted HTTP streams. The techniques are based upon classification algorithms, identifying encrypted traffic on the basis of similarities to features in a library of known profiles. We show that these profiles need not be collected immediately before the encrypted stream; these methods can be used to identify traffic observed both well before and well after the library is created. We give evidence that these techniques will exhibit the scalability necessary to be effective on the Internet. We examine several methods of actively countering the techniques, and we find that such countermeasures are effective, but at a significant increase in the size of the traffic stream. Our claims are substantiated by experiments and simulation on over 400,000 traffic streams we collected from 2,000 distinct web sites during a two month period.
@conference{Liberatore:2006, author = {Liberatore, Marc and Levine, Brian Neil}, booktitle = {Proceedings of the 13th ACM conference on Computer and Communications Security (CCS 2006)}, title = {Inferring the Source of Encrypted HTTP Connections}, year = {2006}, month = oct, organization = {ACM New York, NY, USA}, pages = {255{\textendash}263}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1180405.1180437}, isbn = {1-59593-518-5}, keywords = {latency, network forensics, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1180437} }
[Saito:2004:MTP:968884.969522] i-WAT: The Internet WAT System - An Architecture for Maintaining Trust and Facilitating Peer-to-Peer Barter Relationships

Saito, Kenji

01/2006 2006

Website abstract Bib

Peer-to-peer complementary currencies can be powerful tools for promoting exchanges and building sustainable relationships among selfish peers on the Internet. i-WAT is a proposed such currency based on the WAT System, a polycentric, real-life complementary currency using WAT tickets as its media of exchange. Participants spontaneously issue and circulate the tickets as needed, whose values are backed up by chains of trust. i-WAT implements the tickets electronically by exchanging messages signed in OpenPGP. Contributions of this research include the following: 1.Design of the total architecture of trust and fair exchange. 2.Construction, analysis and verification of the trust model of the system. 3.Construction, analysis and verification of the incentive model of the system, including reduction/multiplicatoin over time features. 4.Claim that the design of i-WAT is incentive-compatible as to protection against moral hazards, or threats caused by selfish peers because they may take advantage of the rules; such hazards are defused in i-WAT if the participants react against misbehaviors of others by pursuing their own benefits. 5.A reference implementation of i-WAT has been developed in the form of an XMPP (Extensible Messaging and Presence Protocol instant messaging client. The author has managed to put the currency system into practical use since June 2004.
@mastersthesis{Saito:2004:MTP:968884.969522, author = {Saito, Kenji}, school = {Keio University,}, title = {i-WAT: The Internet WAT System - An Architecture for Maintaining Trust and Facilitating Peer-to-Peer Barter Relationships}, year = {2006}, address = {Washington, DC, USA}, month = {01/2006}, keywords = {i-WAT, OpenPGP, WAT system}, owner = {tom}, pages = {231}, timestamp = {2017-10-10}, url = {http://www.sfc.wide.ad.jp/dissertation/ks91_e.html}, volume = {Philosophy (Media and Governance)} }

[Kirsch2006] Less Hashing, Same Performance: Building a Better Bloom Filter

Kirsch, Adam, and Mitzenmacher, Michael

2006

A standard technique from the hashing literature is to use two hash functions h1(x) and h2(x) to simulate additional hash functions of the form gi (x) = h1(x) + ih2(x). We demonstrate that this technique can be usefully applied to Bloom filters and related data structures. Specifically, only two hash functions are necessary to effectively implement a Bloom filter without any loss in the asymptotic false positive probability. This leads to less computation and potentially less need for randomness in practice.

@inbook{Kirsch2006,
  author = {Kirsch, Adam and Mitzenmacher, Michael},
  editor = {Azar, Yossi and Erlebach, Thomas},
  pages = {456-467},
  publisher = {Springer Berlin Heidelberg},
  title = {Less Hashing, Same Performance: Building a Better Bloom Filter},
  year = {2006},
  isbn = {978-3-540-38875-3},
  series = {Lecture Notes in Computer Science},
  volume = {4168},
  booktitle = {Algorithms {\textendash} ESA 2006},
  doi = {10.1007/11841036_42},
  organization = {Springer Berlin Heidelberg},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/11841036_42}
}

[cview:pet2006] Linking Anonymous Transactions: The Consistent View Attack

Pashalidis, Andreas, and Meyer, Bernd

Jun 2006

In this paper we study a particular attack that may be launched by cooperating organisations in order to link the transactions and the pseudonyms of the users of an anonymous credential system. The results of our analysis are both positive and negative. The good (resp. bad) news, from a privacy protection (resp. evidence gathering) viewpoint, is that the attack may be computationally intensive. In particular, it requires solving a problem that is polynomial time equivalent to ALLSAT . The bad (resp. good) news is that a typical instance of this problem may be efficiently solvable.

@conference{cview:pet2006,
  author = {Pashalidis, Andreas and Meyer, Bernd},
  booktitle = {Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)},
  title = {Linking Anonymous Transactions: The Consistent View Attack},
  year = {2006},
  address = {Cambridge, UK},
  editor = {Danezis, George and Golle, Philippe},
  month = jun,
  organization = {Springer},
  pages = {384{\textendash}392},
  publisher = {Springer},
  doi = {10.1007/11957454},
  isbn = {978-3-540-68790-0},
  keywords = {privacy, pseudonym},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/y6l6412387663581/}
}

[di06linyphi] Linyphi: An IPv6-Compatible Implementation of SSR

Di, Pengfei, Marcon, Massimiliano, and Fuhrmann, Thomas

2006

Website abstract Bib

Scalable source routing (SSR) is a self-organizing routing protocol designed for supporting peer-to-peer applications. It is especially suited for networks that do not have a well crafted structure, e. g. ad-hoc and mesh-networks. SSR is based on the combination of source routes and a virtual ring structure. This ring is used in a Chord-like manner to obtain source routes to destinations that are not yet in the respective router cache. This approach makes SSR more message efficient than flooding based ad-hoc routing protocols. Moreover, it directly provides the semantics of a structured routing overlay. In this paper we present Linyphi, an implementation of SSR for wireless accesses routers. Linyphi combines IPv6 and SSR so that unmodified IPv6 hosts have transparent connectivity to both the Linyphi mesh network and the IPv4/v6 Internet. We give a basic outline of the implementation and demonstrate its suitability in real-world mesh network scenarios. Linyphi is available for download (www.linyphi.net).
@conference{di06linyphi, author = {Di, Pengfei and Marcon, Massimiliano and Fuhrmann, Thomas}, booktitle = {Proceedings of the Third International Workshop on Hot Topics in Peer-to-Peer Systems}, title = {Linyphi: An IPv6-Compatible Implementation of SSR}, year = {2006}, address = {Rhodes Island, Greec}, isbn = {1-4244-0054-6}, keywords = {scalable source routing}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[hs-attack06] Locating Hidden Servers

Øverlier, Lasse, and Syverson, Paul

May 2006

DOI Website abstract Bib

Hidden services were deployed on the Tor anonymous communication network in 2004. Announced properties include server resistance to distributed DoS. Both the EFF and Reporters Without Borders have issued guides that describe using hidden services via Tor to protect the safety of dissidents as well as to resist censorship. We present fast and cheap attacks that reveal the location of a hidden server. Using a single hostile Tor node we have located deployed hidden servers in a matter of minutes. Although we examine hidden services over Tor, our results apply to any client using a variety of anonymity networks. In fact, these are the first actual intersection attacks on any deployed public network: thus confirming general expectations from prior theory and simulation. We recommend changes to route selection design and implementation for Tor. These changes require no operational increase in network overhead and are simple to make; but they prevent the attacks we have demonstrated. They have been implemented.
@conference{hs-attack06, author = {{\O}verlier, Lasse and Syverson, Paul}, booktitle = {Proceedings of the 2006 IEEE Symposium on Security and Privacy}, title = {Locating Hidden Servers}, year = {2006}, month = may, organization = {IEEE CS}, publisher = {IEEE CS}, doi = {10.1109/SP.2006.24}, isbn = {0-7695-2574-1}, keywords = {anonymity measurement, Guard, Tor}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1130366} }
[icdcs2006:m2] M2: Multicasting Mixes for Efficient and Anonymous Communication

Perng, Ginger, Reiter, Michael K., and Wang, Chenxi

Jul 2006

DOI Website abstract Bib

We present a technique to achieve anonymous multicasting in mix networks to deliver content from producers to consumers. Employing multicast allows content producers to send (and mixes to forward) information to multiple consumers without repeating work for each individual consumer. In our approach, consumers register interest for content by creating paths in the mix network to the content’s producers. When possible, these paths are merged in the network so that paths destined for the same producer share a common path suffix to the producer. When a producer sends content, the content travels this common suffix toward its consumers (in the reverse direction) and "branches" into multiple messages when necessary. We detail the design of this technique and then analyze the unlinkability of our approach against a global, passive adversary who controls both the producer and some mixes. We show that there is a subtle degradation of unlinkability that arises from multicast. We discuss techniques to tune our design to mitigate this degradation while retaining the benefits of multicast.
@conference{icdcs2006:m2, author = {Perng, Ginger and Reiter, Michael K. and Wang, Chenxi}, booktitle = {Proceedings of the 26th IEEE Conference on Distributed Computing Systems}, title = {M2: Multicasting Mixes for Efficient and Anonymous Communication}, year = {2006}, month = jul, doi = {10.1109/ICDCS.2006.53}, isbn = {0-7695-2540-7}, keywords = {anonymous multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/Xplore/login.jsp?url=http\%3A\%2F\%2Fieeexplore.ieee.org\%2Fiel5\%2F10967\%2F34569\%2F01648846.pdf\%3Ftp\%3D\%26isnumber\%3D\%26arnumber\%3D1648846\&authDecision=-203} }
[ShWa-Relationship] Measuring Relationship Anonymity in Mix Networks

Shmatikov, Vitaly, and Wang, Ming-Hsui

Oct 2006

DOI Website abstract Bib

Many applications of mix networks such as anonymousWeb browsing require relationship anonymity: it should be hard for the attacker to determine who is communicating with whom. Conventional methods for measuring anonymity, however, focus on sender anonymity instead. Sender anonymity guarantees that it is difficult for the attacker to determine the origin of any given message exiting the mix network, but this may not be sufficient to ensure relationship anonymity. Even if the attacker cannot identify the origin of messages arriving to some destination, relationship anonymity will fail if he can determine with high probability that at least one of the messages originated from a particular sender, without necessarily being able to recognize this message among others. We give a formal definition and a calculation methodology for relationship anonymity. Our techniques are similar to those used for sender anonymity, but, unlike sender anonymity, relationship anonymity is sensitive to the distribution of message destinations. In particular, Zipfian distributions with skew values characteristic of Web browsing provide especially poor relationship anonymity. Our methodology takes route selection algorithms into account, and incorporates information-theoretic metrics such as entropy and min-entropy. We illustrate our methodology by calculating relationship anonymity in several simulated mix networks.
@conference{ShWa-Relationship, author = {Shmatikov, Vitaly and Wang, Ming-Hsui}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2006)}, title = {Measuring Relationship Anonymity in Mix Networks}, year = {2006}, month = oct, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1179601.1179611}, isbn = {1-59593-556-8}, keywords = {anonymity, privacy}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1179611} }
[Godfrey:2006:MCD:1151659.1159931] Minimizing churn in distributed systems

Godfrey, Brighten, Shenker, S, and Stoica, Ion

SIGCOMM Computer Communication Review 08/2006 2006

DOI Website abstract Bib

A pervasive requirement of distributed systems is to deal with churn-change in the set of participating nodes due to joins, graceful leaves, and failures. A high churn rate can increase costs or decrease service quality. This paper studies how to reduce churn by selecting which subset of a set of available nodes to use.First, we provide a comparison of the performance of a range of different node selection strategies in five real-world traces. Among our findings is that the simple strategy of picking a uniform-random replacement whenever a node fails performs surprisingly well. We explain its performance through analysis in a stochastic model.Second, we show that a class of strategies, which we call "Preference List" strategies, arise commonly as a result of optimizing for a metric other than churn, and produce high churn relative to more randomized strategies under realistic node failure patterns. Using this insight, we demonstrate and explain differences in performance for designs that incorporate varying degrees of randomization. We give examples from a variety of protocols, including anycast, over-lay multicast, and distributed hash tables. In many cases, simply adding some randomization can go a long way towards reducing churn.
@article{Godfrey:2006:MCD:1151659.1159931, author = {Godfrey, Brighten and Shenker, S and Stoica, Ion}, journal = {SIGCOMM Computer Communication Review}, title = {Minimizing churn in distributed systems}, year = {2006}, issn = {0146-4833}, month = {08/2006}, pages = {147{\textendash}158}, volume = {36}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1151659.1159931}, keywords = {churn, distributed hash table, multicast, node selection}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1151659.1159931} }
[Stefansson06myriadstore] MyriadStore: A Peer-to-Peer Backup System

Stefansson, Birgir, Thodis, Antonios, Ghodsi, Ali, and Haridi, Seif

2006

Website abstract Bib

Traditional backup methods are error prone, cumbersome and expensive. Distributed backup applications have emerged as promising tools able to avoid these disadvantages, by exploiting unused disk space of remote computers. In this paper we propose MyriadStore, a distributed peer-to-peer backup system. MyriadStore makes use of a trading scheme that ensures that a user has as much available storage space in the system as the one he/she contributes to it. A mechanism for making challenges between the system’s nodes ensures that this restriction is fulfilled. Furthermore, MyriadStore minimizes bandwidth requirements and migration costs by treating separately the storage of the system’s meta-data and the storage of the backed up data. This approach also offers great flexibility on the placement of the backed up data, a property that facilitates the deployment of the trading scheme.
@booklet{Stefansson06myriadstore, title = {MyriadStore: A Peer-to-Peer Backup System}, author = {Stefansson, Birgir and Thodis, Antonios and Ghodsi, Ali and Haridi, Seif}, year = {2006}, keywords = {backup, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.102.6985} }
[Fragouli:2006:NCI:1111322.1111337] Network Coding: an Instant Primer

Fragouli, Christina, Boudec, Jean-Yves Le, and Widmer, Jörg

SIGCOMM Computer Communication Review 01/2006 2006

DOI Website abstract Bib

Network coding is a new research area that may have interesting applications in practical networking systems. With network coding, intermediate nodes may send out packets that are linear combinations of previously received information. There are two main benefits of this approach: potential throughput improvements and a high degree of robustness. Robustness translates into loss resilience and facilitates the design of simple distributed algorithms that perform well, even if decisions are based only on partial information. This paper is an instant primer on network coding: we explain what network coding does and how it does it. We also discuss the implications of theoretical results on network coding for realistic settings and show how network coding can be used in practice.
@article{Fragouli:2006:NCI:1111322.1111337, author = {Fragouli, Christina and Boudec, Jean-Yves Le and Widmer, J{\"o}rg}, journal = {SIGCOMM Computer Communication Review}, title = {Network Coding: an Instant Primer}, year = {2006}, issn = {0146-4833}, month = {01/2006}, pages = {63{\textendash}68}, volume = {36}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1111322.1111337}, keywords = {network coding}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1111322.1111337} }
[wpes06:heydt-benjamin] Nonesuch: a mix network with sender unobservability

Serjantov, Andrei, and Defend, Benessa

2006

DOI Website abstract Bib

Oblivious submission to anonymity systems is a process by which a message may be submitted in such a way that neither the anonymity network nor a global passive adversary may determine that a valid message has been sent. We present Nonesuch: a mix network with steganographic submission and probabilistic identification and attenuation of cover traffic. In our system messages are submitted as stegotext hidden inside Usenet postings. The steganographic extraction mechanism is such that the the vast majority of the Usenet postings which do not contain keyed stegotext will produce meaningless output which serves as cover traffic, thus increasing the anonymity of the real messages. This cover traffic is subject to probabilistic attenuation in which nodes have only a small probability of distinguishing cover messages from "real" messages. This attenuation prevents cover traffic from travelling through the network in an infinite loop, while making it infeasible for an entrance node to distinguish senders.
@conference{wpes06:heydt-benjamin, author = {Serjantov, Andrei and Defend, Benessa}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2006)}, title = {Nonesuch: a mix network with sender unobservability}, year = {2006}, address = {New York, NY, USA}, organization = {ACM Press}, pages = {1{\textendash}8}, publisher = {ACM Press}, doi = {10.1145/1179601.1179603}, isbn = {1-59593-556-8}, keywords = {oblivious circuits, public key cryptography, steganography, unobservability}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1179601.1179603} }
[Tati06onobject] On Object Maintenance in Peer-to-Peer Systems

Tati, Kiran, and Voelker, Geoffrey M.

02/2006 2006

abstract Bib

This paper, we revisit object maintenance in peer-to-peer systems, focusing on how temporary and permanent churn impact the overheads associated with object maintenance. We have a number of goals: to highlight how different environments exhibit different degrees of temporary and permanent churn; to provide further insight into how churn in different environments affects the tuning of object maintenance strategies; and to examinehow object maintenance and churn interact with other constraints such as storage capacity. When possible, we highlight behavior independent of particular object maintenance strategies. When an issue depends on a particular strategy, though, we explore it in the context of a strategy in essence similar to TotalRecall, which uses erasure coding, lazy repair of data blocks, and random indirect placement (we also assume that repairs incorporate remaining blocks rather than regenerating redundancy from scratch)
@conference{Tati06onobject, author = {Tati, Kiran and Voelker, Geoffrey M.}, booktitle = {IPTPS{\textquoteright}06 - Proceedings of the 5th International Workshop on Peer-to-Peer Systems}, title = {On Object Maintenance in Peer-to-Peer Systems}, year = {2006}, address = {Santa Barbara, CA, USA}, month = {02/2006}, keywords = {churn, P2P, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10} }
[1128335] OmniStore: A system for ubiquitous personal storage management

Karypidis, Alexandros, and Lalis, Spyros

2006

DOI Website abstract Bib

As personal area networking becomes a reality, the collective management of storage in portable devices such as mobile phones, cameras and music players will grow in importance. The increasing wireless communication capability of such devices makes it possible for them to interact with each other and implement more advanced storage functionality. This paper introduces OmniStore, a system which employs a unified data management approach that integrates portable and backend storage, but also exhibits self-organizing behavior through spontaneous device collaboration.
@conference{1128335, author = {Karypidis, Alexandros and Lalis, Spyros}, booktitle = {PERCOM {\textquoteright}06: Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications}, title = {OmniStore: A system for ubiquitous personal storage management}, year = {2006}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {136{\textendash}147}, publisher = {IEEE Computer Society}, doi = {10.1109/PERCOM.2006.40}, isbn = {0-7695-2518-0}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1128335$\#$} }

[Fitzi:2006:OEM:1146381.1146407] Optimally efficient multi-valued byzantine agreement

Fitzi, Matthias, and Hirt, Martin

2006

@conference{Fitzi:2006:OEM:1146381.1146407,
  author = {Fitzi, Matthias and Hirt, Martin},
  booktitle = {Proceedings of the twenty-fifth annual ACM symposium on Principles of distributed computing},
  title = {Optimally efficient multi-valued byzantine agreement},
  year = {2006},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {163{\textendash}168},
  publisher = {ACM},
  series = {PODC {\textquoteright}06},
  doi = {10.1145/1146381.1146407},
  isbn = {1-59593-384-0},
  keywords = {byzantine agreement, communication complexity, cryptographic security, information-theoretic security},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1146381.1146407}
}

[Dwork2006a] Our Data, Ourselves: Privacy via Distributed Noise Generation

Dwork, Cynthia, Kenthapadi, Krishnaram, McSherry, Frank, Mironov, Ilya, and Naor, Moni

2006

DOI Website abstract Bib

In this work we provide efficient distributed protocols for generating shares of random noise, secure against malicious participants. The purpose of the noise generation is to create a distributed implementation of the privacy-preserving statistical databases described in recent papers [14, 4, 13]. In these databases, privacy is obtained by perturbing the true answer to a database query by the addition of a small amount of Gaussian or exponentially distributed random noise. The computational power of even a simple form of these databases, when the query is just of the form sum over all rows ’i’ in the database of a function f applied to the data in row i, has been demonstrated in [4]. A distributed implementation eliminates the need for a trusted database administrator. The results for noise generation are of independent interest. The generation of Gaussian noise introduces a technique for distributing shares of many unbiased coins with fewer executions of verifiable secret sharing than would be needed using previous approaches (reduced by a factor of n). The generation of exponentially distributed noise uses two shallow circuits: one for generating many arbitrarily but identically biased coins at an amortized cost of two unbiased random bits apiece, independent of the bias, and the other to combine bits of appropriate biases to obtain an exponential distribution.
@conference{Dwork2006a, author = {Dwork, Cynthia and Kenthapadi, Krishnaram and McSherry, Frank and Mironov, Ilya and Naor, Moni}, booktitle = {Proceedings of the 24th Annual International Conference on The Theory and Applications of Cryptographic Techniques}, title = {Our Data, Ourselves: Privacy via Distributed Noise Generation}, year = {2006}, address = {Berlin, Heidelberg}, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, doi = {10.1007/11761679_29}, isbn = {3-540-34546-9, 978-3-540-34546-6}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/11761679_29} }
[Aad06packetcoding] Packet coding for strong anonymity in ad hoc networks

Aad, Imad, Castelluccia, Claude, and Hubaux, Jean-Pierre

2006

Website abstract Bib

Several techniques to improve anonymity have been proposed in the literature. They rely basically on multicast or on onion routing to thwart global attackers or local attackers respectively. None of the techniques provide a combined solution due to the incompatibility between the two components, as we show in this paper. We propose novel packet coding techniques that make the combination possible, thus integrating the advantages in a more complete and robust solution.
@booklet{Aad06packetcoding, title = {Packet coding for strong anonymity in ad hoc networks}, author = {Aad, Imad and Castelluccia, Claude and Hubaux, Jean-Pierre}, year = {2006}, keywords = {anonymity, onion routing, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.88.2407} }
[Marx:2006:PGS:1140638.1140647] Parameterized graph separation problems

Marx, Dániel

Theoretical Computer Science 02/2006 2006

DOI Website abstract Bib

We consider parameterized problems where some separation property has to be achieved by deleting as few vertices as possible. The following five problems are studied: delete k vertices such that (a) each of the given l terminals is separated from the others, (b) each of the given l pairs of terminals is separated, (c) exactly l vertices are cut away from the graph, (d) exactly l connected vertices are cut away from the graph, (e) the graph is separated into at least l components. We show that if both k and l are parameters, then (a), (b) and (d) are fixed-parameter tractable, while (c) and (e) are W[1]-hard.
@article{Marx:2006:PGS:1140638.1140647, author = {Marx, D{\'a}niel}, journal = {Theoretical Computer Science}, title = {Parameterized graph separation problems}, year = {2006}, issn = {0304-3975}, month = {02/2006}, pages = {394{\textendash}406}, volume = {351}, address = {Essex, UK}, doi = {10.1016/j.tcs.2005.10.007}, keywords = {multicasting, multiway cut, parameterized complexity, separator}, owner = {tom}, publisher = {Elsevier Science Publishers Ltd.}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1140638.1140647} }

[Aekaterinidis2006PastryStrings] PastryStrings: A Comprehensive Content-Based Publish/Subscribe DHT Network

Aekaterinidis, Ioannis, and Triantafillou, Peter

2006

@conference{Aekaterinidis2006PastryStrings,
  author = {Aekaterinidis, Ioannis and Triantafillou, Peter},
  booktitle = {Proceedings of the 26th IEEE International Conference on Distributed Computing Systems},
  title = {PastryStrings: A Comprehensive Content-Based Publish/Subscribe DHT Network},
  year = {2006},
  address = {Washington, DC, USA},
  organization = {IEEE Computer Society},
  pages = {23{\textendash}},
  publisher = {IEEE Computer Society},
  series = {ICDCS {\textquoteright}06},
  doi = {10.1109/ICDCS.2006.63},
  isbn = {0-7695-2540-7},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1109/ICDCS.2006.63}
}

[Massoulie:2006:PCS:1146381.1146402] Peer counting and sampling in overlay networks: random walk methods

Massoulié, Laurent, Merrer, Erwan Le, Kermarrec, Anne-Marie, and Ganesh, Ayalvadi

07/2006 2006

DOI Website abstract Bib

In this article we address the problem of counting the number of peers in a peer-to-peer system, and more generally of aggregating statistics of individual peers over the whole system. This functionality is useful in many applications, but hard to achieve when each node has only a limited, local knowledge of the whole system. We propose two generic techniques to solve this problem. The Random Tour method is based on the return time of a continuous time random walk to the node originating the query. The Sample and Collide method is based on counting the number of random samples gathered until a target number of redundant samples are obtained. It is inspired by the "birthday paradox" technique of [6], upon which it improves by achieving a target variance with fewer samples. The latter method relies on a sampling sub-routine which returns randomly chosen peers. Such a sampling algorithm is of independent interest. It can be used, for instance, for neighbour selection by new nodes joining the system. We use a continuous time random walk to obtain such samples. We analyse the complexity and accuracy of the two methods. We illustrate in particular how expansion properties of the overlay affect their performance.
@conference{Massoulie:2006:PCS:1146381.1146402, author = {Massouli{\'e}, Laurent and Merrer, Erwan Le and Kermarrec, Anne-Marie and Ganesh, Ayalvadi}, booktitle = {PODC {\textquoteright}06 - Proceedings of the 25th Annual ACM Symposium on Principles of Distributed Computing}, title = {Peer counting and sampling in overlay networks: random walk methods}, year = {2006}, address = {Denver, Colorado, USA}, month = {07/2006}, organization = {ACM}, pages = {123{\textendash}132}, publisher = {ACM}, series = {PODC {\textquoteright}06}, doi = {http://doi.acm.org/10.1145/1146381.1146402}, isbn = {1-59593-384-0}, keywords = {expander graphs, random walks, sampling}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1146381.1146402} }
[Merrer2006] Peer to peer size estimation in large and dynamic networks: A comparative study

Merrer, Erwan Le, Kermarrec, Anne-Marie, and Massoulié, Laurent

06/2006 2006

DOI abstract Bib

As the size of distributed systems keeps growing, the peer to peer communication paradigm has been identified as the key to scalability. Peer to peer overlay networks are characterized by their self-organizing capabilities, resilience to failure and fully decentralized control. In a peer to peer overlay, no entity has a global knowledge of the system. As much as this property is essential to ensure the scalability, monitoring the system under such circumstances is a complex task. Yet, estimating the size of the system is core functionality for many distributed applications to parameter setting or monitoring purposes. In this paper, we propose a comparative study between three algorithms that estimate in a fully decentralized way the size of a peer to peer overlay. Candidate approaches are generally applicable irrespective of the underlying structure of the peer to peer overlay. The paper reports the head to head comparison of estimation system size algorithms. The simulations have been conducted using the same simulation framework and inputs and highlight the differences in cost and accuracy of the estimation between the algorithms both in static and dynamic settings
@conference{Merrer2006, author = {Merrer, Erwan Le and Kermarrec, Anne-Marie and Massouli{\'e}, Laurent}, booktitle = {HPDC{\textquoteright}06 - 15th IEEE International Symposium on High Performance Distributed Computing}, title = {Peer to peer size estimation in large and dynamic networks: A comparative study}, year = {2006}, address = {Paris, France}, month = {06/2006}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/HPDC.2006.1652131}, isbn = {1-4244-0307-3}, keywords = {comparison, counting, network size estimation, peer to peer}, owner = {tom}, timestamp = {2017-10-10} }
[1161264] Performance evaluation of chord in mobile ad hoc networks

Cramer, Curt, and Fuhrmann, Thomas

2006

DOI Website abstract Bib

Mobile peer-to-peer applications recently have received growing interest. However, it is often assumed that structured peer-to-peer overlays cannot efficiently operate in mobile ad hoc networks (MANETs). The prevailing opinion is that this is due to the protocols’ high overhead cost. In this paper, we show that this opinion is misguided.We present a thorough simulation study evaluating Chord in the well-known MANET simulator GloMoSim. We found the main issue of deploying Chord in a MANET not to be its overhead, but rather the protocol’s pessimistic timeout and failover strategy. This strategy enables fast lookup resolution in spite of highly dynamic node membership, which is a significant problem in the Internet context. However, with the inherently higher packet loss rate in a MANET, this failover strategy results in lookups being inconsistently forwarded even if node membership does not change.
@conference{1161264, author = {Cramer, Curt and Fuhrmann, Thomas}, booktitle = {MobiShare {\textquoteright}06: Proceedings of the 1st international workshop on Decentralized resource sharing in mobile computing and networking}, title = {Performance evaluation of chord in mobile ad hoc networks}, year = {2006}, address = {New York, NY, USA}, organization = {ACM}, pages = {48{\textendash}53}, publisher = {ACM}, doi = {10.1145/1161252.1161264}, isbn = {1-59593-558-4}, keywords = {Chord, mobile Ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1161264$\#$} }

[albrecht2006planetlab] PlanetLab application management using Plush

Albrecht, J., Tuttle, C., Snoeren, A.C., and Vahdat, A.

ACM SIGOPS Operating Systems Review 2006

Bib

@article{albrecht2006planetlab,
  author = {Albrecht, J. and Tuttle, C. and Snoeren, A.C. and Vahdat, A.},
  journal = {ACM SIGOPS Operating Systems Review},
  title = {PlanetLab application management using Plush},
  year = {2006},
  number = {1},
  pages = {33{\textendash}40},
  volume = {40},
  keywords = {application management, PlanetLab, plush, resource allocation, resource discovery},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10}
}

[heydt-benjamin:pet2006] Privacy for Public Transportation

Heydt-Benjamin, Thomas S., Chae, Hee-Jin, Defend, Benessa, and Fu, Kevin

Jun 2006

DOI Website abstract Bib

We propose an application of recent advances in e-cash, anonymous credentials, and proxy re-encryption to the problem of privacy in public transit systems with electronic ticketing. We discuss some of the interesting features of transit ticketing as a problem domain, and provide an architecture sufficient for the needs of a typical metropolitan transit system. Our system maintains the security required by the transit authority and the user while significantly increasing passenger privacy. Our hybrid approach to ticketing allows use of passive RFID transponders as well as higher powered computing devices such as smartphones or PDAs. We demonstrate security and privacy features offered by our hybrid system that are unavailable in a homogeneous passive transponder architecture, and which are advantageous for users of passive as well as active devices.
@conference{heydt-benjamin:pet2006, author = {Heydt-Benjamin, Thomas S. and Chae, Hee-Jin and Defend, Benessa and Fu, Kevin}, booktitle = {Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)}, title = {Privacy for Public Transportation}, year = {2006}, address = {Cambridge, UK}, editor = {Danezis, George and Golle, Philippe}, month = jun, organization = {Springer}, pages = {1{\textendash}19}, publisher = {Springer}, doi = {10.1007/11957454}, isbn = {978-3-540-68790-0}, keywords = {anonymity, privacy, re-encryption}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/c75053mr42n82wv5/} }
[Shaneck2006] Privacy Preserving Nearest Neighbor Search

Shaneck, M., Kim, Yongdae, and Kumar, V.

Dec 2006

DOI abstract Bib

Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this work we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification
@conference{Shaneck2006, author = {Shaneck, M. and Kim, Yongdae and Kumar, V.}, booktitle = {Data Mining Workshops, 2006. ICDM Workshops 2006. Sixth IEEE International Conference on}, title = {Privacy Preserving Nearest Neighbor Search}, year = {2006}, month = dec, doi = {10.1109/ICDMW.2006.133}, keywords = {Clustering algorithms, Computer science, Conferences, cryptography, Data mining, data privacy, distributed computing, Kernel, kNN classification, LOF outlier detection, Medical diagnostic imaging, multiparty computation primitives, nearest neighbor search, Nearest neighbor searches, pattern clustering, privacy preservation, SNN clustering}, owner = {tom}, timestamp = {2017-10-10} }
[pianese:pulse] PULSE, a Flexible P2P Live Streaming System

Pianese, Fabio, Keller, Joaquı́n, and Biersack, E W

04/2006 2006

DOI abstract Bib

With the widespread availability of inexpensive broadband Internet connections for home-users, a large number of bandwidth-intensive applications previously not feasible have now become practical. This is the case for multimedia live streaming, for which end-user’s dial-up/ISDN modem connections once were the bottleneck. The bottleneck is now mostly found on the server side: the bandwidth required for serving many clients at once is large and thus very costly to the broadcasting entity. Peer-to-peer systems for on-demand and live streaming have proved to be an encouraging solution, since they can shift the burden of content distribution from the server to the users of the network. In this work we introduce PULSE, a P2P system for live streaming whose main goals are flexibility, scalability, and robustness. We present the fundamental concepts that stand behind the design of PULSE along with its intended global behavior, and describe in detail the main algorithms running on its nodes.
@conference{pianese:pulse, author = {Pianese, Fabio and Keller, Joaqu{\'\i}n and Biersack, E W}, booktitle = {INFOCOM{\textquoteright}06. Proceedings of the 25th IEEE International Conference on Computer Communications}, title = {PULSE, a Flexible P2P Live Streaming System}, year = {2006}, address = {Barcelona, Catalunya, Spain}, month = {04/2006}, organization = {IEEE Computer Society}, pages = {-1{\textendash}1}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/INFOCOM.2006.42}, isbn = {1-4244-0221-2}, keywords = {peer-to-peer networking, pulse}, owner = {tom}, timestamp = {2017-10-10} }
[fuhrmann06pushing-tr] Pushing Chord into the Underlay: Scalable Routing for Hybrid MANETs

Fuhrmann, Thomas, Di, Pengfei, Kutzner, Kendy, and Cramer, Curt

2006

Website abstract Bib

SCALABLE SOURCE ROUTING is a novel routing approach for large unstructured networks, for example hybrid mobile ad hoc networks (MANETs), mesh networks, or sensor-actuator networks. It is especially suited for organically growing networks of many resource-limited mobile devices supported by a few fixed-wired nodes. SCALABLE SOURCE ROUTING is a full-fledged routing protocol that directly provides the semantics of a structured peer-to-peer overlay. Hence, it can serve as an efficient basis for fully decentralized applications on mobile devices. SCALABLE SOURCE ROUTING combines source routing in the physical network with Chord-like routing in the virtual ring formed by the address space. Message forwarding greedily decreases the distance in the virtual ring while preferring physically short paths. Unlike previous approaches, scalability is achieved without imposing artificial hierarchies or assigning location-dependent addresses. SCALABLE SOURCE ROUTING enables any-to-any communication in a flat address space without maintaining any-to-any routes. Each node proactively discovers its virtual vicinity using an iterative process. Additionally, it passively caches a limited amount of additional paths. By means of extensive simulation, we show that SCALABLE SOURCE ROUTING is resource-efficient and scalable well beyond 10,000 nodes.
@booklet{fuhrmann06pushing-tr, title = {Pushing Chord into the Underlay: Scalable Routing for Hybrid MANETs}, author = {Fuhrmann, Thomas and Di, Pengfei and Kutzner, Kendy and Cramer, Curt}, year = {2006}, number = {2006-12}, owner = {tom}, publisher = {Fakult{\"a}t f{\"u}r Informatik, Universit{\"a}t Karlsruhe}, timestamp = {2017-10-10}, type = {Interner Bericht}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[1109601] The rainbow skip graph: a fault-tolerant constant-degree distributed data structure

Goodrich, Michael T., Nelson, Michael J., and Sun, Jonathan Z.

2006

DOI abstract Bib

We present a distributed data structure, which we call the rainbow skip graph. To our knowledge, this is the first peer-to-peer data structure that simultaneously achieves high fault-tolerance, constant-sized nodes, and fast update and query times for ordered data. It is a non-trivial adaptation of the SkipNet/skip-graph structures of Harvey et al. and Aspnes and Shah, so as to provide fault-tolerance as these structures do, but to do so using constant-sized nodes, as in the family tree structure of Zatloukal and Harvey. It supports successor queries on a set of n items using O(log n) messages with high probability, an improvement over the expected O(log n) messages of the family tree. Our structure achieves these results by using the following new constructs:• Rainbow connections: parallel sets of pointers between related components of nodes, so as to achieve good connectivity between "adjacent" components, using constant-sized nodes.• Hydra components: highly-connected, highly fault-tolerant components of constant-sized nodes, which will contain relatively large connected subcomponents even under the failure of a constant fraction of the nodes in the component.We further augment the hydra components in the rainbow skip graph by using erasure-resilient codes to ensure that any large subcomponent of nodes in a hydra component is sufficient to reconstruct all the data stored in that component. By carefully maintaining the size of related components and hydra components to be O(log n), we are able to achieve fast times for updates and queries in the rainbow skip graph. In addition, we show how to make the communication complexity for updates and queries be worst case, at the expense of more conceptual complexity and a slight degradation in the node congestion of the data structure.
@conference{1109601, author = {Goodrich, Michael T. and Nelson, Michael J. and Sun, Jonathan Z.}, booktitle = {SODA {\textquoteright}06: Proceedings of the seventeenth annual ACM-SIAM symposium on Discrete algorithm}, title = {The rainbow skip graph: a fault-tolerant constant-degree distributed data structure}, year = {2006}, address = {New York, NY, USA}, organization = {ACM}, pages = {384{\textendash}393}, publisher = {ACM}, doi = {http://doi.acm.org/10.1145/1109557.1109601}, isbn = {0-89871-605-5}, keywords = {distributed hash table, Hydra, rainbow, RSG, skip graph, SkipNet}, owner = {tom}, timestamp = {2017-10-10} }
[1148681] Raptor codes

Shokrollahi, M. Amin

IEEE/ACM Trans. Netw. 2006

abstract Bib

LT-codes are a new class of codes introduced by Luby for the purpose of scalable and fault-tolerant distribution of data over computer networks. In this paper, we introduce Raptor codes, an extension of LT-codes with linear time encoding and decoding. We will exhibit a class of universal Raptor codes: for a given integer k and any real ε > 0, Raptor codes in this class produce a potentially infinite stream of symbols such that any subset of symbols of size k(1 + ε) is sufficient to recover the original k symbols with high probability. Each output symbol is generated using O(log(1/ ε)) operations, and the original symbols are recovered from the collected ones with O(k log(1/ε)) operations.We will also introduce novel techniques for the analysis of the error probability of the decoder for finite length Raptor codes. Moreover, we will introduce and analyze systematic versions of Raptor codes, i.e., versions in which the first output elements of the coding system coincide with the original k elements.
@article{1148681, author = {Shokrollahi, M. Amin}, journal = {IEEE/ACM Trans. Netw.}, title = {Raptor codes}, year = {2006}, issn = {1063-6692}, number = {SI}, pages = {2551{\textendash}2567}, volume = {14}, address = {Piscataway, NJ, USA}, keywords = {802.11, encoding, erasure coding}, owner = {tom}, publisher = {IEEE Press}, timestamp = {2021-01-27} }
[Cramer2006] Reactive Clustering in MANETs

Cramer, Curt, Stanze, Oliver, Weniger, Kilian, and Zitterbart, Martina

International Journal of Pervasive Computing and Communications 2006

DOI Website abstract Bib

Many clustering protocols for mobile ad hoc networks (MANETs) have been proposed in the literature. With only one exception so far (1), all these protocols are proactive, thus wasting bandwidth when their function is not currently needed. To reduce the signalling traffic load, reactive clustering may be employed.We have developed a clustering protocol named “On-Demand Group Mobility-Based Clustering” (ODGMBC) (2), (3) which is reactive. Its goal is to build clusters as a basis for address autoconfiguration and hierarchical routing. In contrast to the protocol described in ref. (1), the design process especially addresses the notions of group mobility and of multi-hop clusters in a MANET. As a result, ODGMBC maps varying physical node groups onto logical clusters. In this paper, ODGMBC is described. It was implemented for the ad hoc network simulator GloMoSim (4) and evaluated using several performance indicators. Simulation results are promising and show that ODGMBC leads to stable clusters. This stability is advantageous for autoconfiguration and routing mechansims to be employed in conjunction with the clustering algorithm.
@article{Cramer2006, author = {Cramer, Curt and Stanze, Oliver and Weniger, Kilian and Zitterbart, Martina}, journal = {International Journal of Pervasive Computing and Communications}, title = {Reactive Clustering in MANETs}, year = {2006}, pages = {81 - 90}, volume = {2}, doi = {10.1108/17427370780000143}, keywords = {mobile Ad-hoc networks, multi-hop networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.emeraldinsight.com/journals.htm?articleid=1615724\&show=pdf} }

[regroup2006] Regroup-And-Go mixes to counter the (n-1) attack

Shi, Jin-Qiao, Fang, Bin-Xing, and Shao, Li-Jie

2006

@article{regroup2006,
  author = {Shi, Jin-Qiao and Fang, Bin-Xing and Shao, Li-Jie},
  journal = {Journal of Internet Research},
  title = {Regroup-And-Go mixes to counter the (n-1) attack},
  year = {2006},
  issn = {1066-2243},
  number = {2},
  pages = {213{\textendash}223},
  volume = {16},
  doi = {10.1108/10662240610656528},
  keywords = {anonymity, mix, privacy},
  owner = {tom},
  publisher = {Emerald Group Publishing Limited},
  timestamp = {2021-01-27},
  type = {Journal},
  url = {http://www.emeraldinsight.com/Insight/viewContentItem.do;jsessionid=6C3CF32A99DF3971C2144B461C8F2CF5?contentType=Article\&hdAction=lnkpdf\&contentId=1550662}
}

[Dellarocas2006] Reputation Mechanisms

Dellarocas, Chrysanthos

2006

Bib

@inbook{Dellarocas2006,
  author = {Dellarocas, Chrysanthos},
  pages = {629-660},
  publisher = {Elsevier},
  title = {Reputation Mechanisms},
  year = {2006},
  booktitle = {Handbook on Information Systems and Economics},
  keywords = {online marketplace, reputation mechanism},
  organization = {Elsevier},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Miller06robustcomposition:] Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control

Miller, Mark Samuel

2006

Website abstract Bib

Permission is hereby granted to make and distribute verbatim copies of this document without royalty or fee. Permission is granted to quote excerpts from this documented provided the original source is properly cited. ii When separately written programs are composed so that they may cooperate, they may instead destructively interfere in unanticipated ways. These hazards limit the scale and functionality of the software systems we can successfully compose. This dissertation presents a framework for enabling those interactions between components needed for the cooperation we intend, while minimizing the hazards of destructive interference. Great progress on the composition problem has been made within the object paradigm, chiefly in the context of sequential, single-machine programming among benign components. We show how to extend this success to support robust composition of concurrent and potentially malicious components distributed over potentially malicious machines. We present E, a distributed, persistent, secure programming language, and CapDesk, a virus-safe desktop built in E, as embodiments of the techniques we explain.
@booklet{Miller06robustcomposition:, title = {Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control}, author = {Miller, Mark Samuel}, year = {2006}, keywords = {robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.101.4674} }
[Salsa] Salsa: A Structured Approach to Large-Scale Anonymity

Nambiar, Arjun

Oct 2006

DOI Website abstract Bib

Highly distributed anonymous communications systems have the promise to reduce the effectiveness of certain attacks and improve scalability over more centralized approaches. Existing approaches, however, face security and scalability issues. Requiring nodes to have full knowledge of the other nodes in the system, as in Tor and Tarzan, limits scalability and can lead to intersection attacks in peer-to-peer configurations. MorphMix avoids this requirement for complete system knowledge, but users must rely on untrusted peers to select the path. This can lead to the attacker controlling the entire path more often than is acceptable.To overcome these problems, we propose Salsa, a structured approach to organizing highly distributed anonymous communications systems for scalability and security. Salsa is designed to select nodes to be used in anonymous circuits randomly from the full set of nodes, even though each node has knowledge of only a subset of the network. It uses a distributed hash table based on hashes of the nodes’ IP addresses to organize the system. With a virtual tree structure, limited knowledge of other nodes is enough to route node lookups throughout the system. We use redundancy and bounds checking when performing lookups to prevent malicious nodes from returning false information without detection. We show that our scheme prevents attackers from biasing path selection, while incurring moderate overheads, as long as the fraction of malicious nodes is less than 20%. Additionally, the system prevents attackers from obtaining a snapshot of the entire system until the number of attackers grows too large (e.g. 15% for 10000 peers and 256 groups). The number of groups can be used as a tunable parameter in the system, depending on the number of peers, that can be used to balance performance and security.
@conference{Salsa, author = {Nambiar, Arjun}, booktitle = {Proceedings of CCS 2006}, title = {Salsa: A Structured Approach to Large-Scale Anonymity}, year = {2006}, month = oct, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1180405.1180409}, isbn = {1-59593-518-5}, keywords = {P2P, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1180409} }
[2006a] Scalable Routing in Sensor Actuator Networks with Churn

09/2006 2006

DOI Website abstract Bib

Routing in wireless networks is inherently difficult since their network topologies are typically unstructured and unstable. Therefore, many routing protocols for ad-hoc networks and sensor networks revert to flooding to acquire routes to previously unknown destinations. However, such an approach does not scale to large networks, especially when nodes need to communicate with many different destinations. This paper advocates a novel approach, the scalable source routing (SSR) protocol. It combines overlay-like routing in a virtual network structure with source routing in the physical network structure. As a consequence, SSR can efficiently provide the routing semantics of a structured routing overlay, making it an efficient basis for the scalable implementation of fully decentralized applications. In T. Fuhrmann (2005) it has been demonstrated that SSR can almost entirely avoid flooding, thus leading to a both memory and message efficient routing mechanism for large unstructured networks. This paper extends SSR to unstable networks, i. e. networks with churn where nodes frequently join and leave, the latter potentially ungracefully
@conference{2006a, booktitle = {Sensor and Ad Hoc Communications and Networks, 2006. SECON {\textquoteright}06. 2006 3rd Annual IEEE Communications Society on}, title = {Scalable Routing in Sensor Actuator Networks with Churn}, year = {2006}, month = {09/2006}, doi = {10.1109/SAHCN.2006.288406}, isbn = {1-4244-0626-9}, keywords = {ad-hoc networks, scalable source routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/Xplore/login.jsp?url=http\%3A\%2F\%2Fieeexplore.ieee.org\%2Fiel5\%2F4068086\%2F4068087\%2F04068105.pdf\%3Farnumber\%3D4068105\&authDecision=-203} }
[Atallah2006] Secure Collaborative Planning, Forecasting, and Replenishment

Atallah, Mikhail, Blanton, Marina, Deshpand, Vinayak, Frikken, Keith, Li, Jiangtao, and Schwarz, Leroy

2006

abstract Bib

Although the benefits of information sharing between supply-chain partners are well known, many companies are averse to share their “private” information due to fear of adverse impact of information leakage. This paper uses techniques from Secure Multiparty Computation (SMC) to develop “secure protocols” for the CPFR (Collaborative Planning, Forecasting, and Replenishment) business process. The result is a process that permits supply-chain partners to capture all of the benefits of information-sharing and collaborative decision-making, but without disclosing their “private” demandsignal (e.g., promotions) and cost information to one another. In our collaborative CPFR) scenario, the retailer and supplier engage in SMC protocols that result in: (1) a forecast that uses both the retailers and the suppliers observed demand signals to better forecast demand; and (2) prescribed order/shipment quantities based on system-wide costs and inventory levels (and on the joint forecasts) that minimize supply-chain expected cost/period. Our contributions are as follows: (1) we demonstrate that CPFR can be securely implemented without disclosing the private information of either partner; (2) we show that the CPFR business process is not incentive compatible without transfer payments and develop an incentive-compatible linear transfer-payment scheme for collaborative forecasting; (3) we demonstrate that our protocols are not only secure (i.e., privacy preserving), but that neither partner is able to make accurate inferences about the others future demand signals from the outputs of the protocols; and (4) we illustrate the benefits of secure collaboration using simulation.
@conference{Atallah2006, author = {Atallah, Mikhail and Blanton, Marina and Deshpand, Vinayak and Frikken, Keith and Li, Jiangtao and Schwarz, Leroy}, booktitle = {Proceedings of Multi-Echelon/Public Applications of Supply Chain Management Conference}, title = {Secure Collaborative Planning, Forecasting, and Replenishment}, year = {2006}, note = {only published on CD}, pages = {1-52}, keywords = {chain computation management, CPFR, privacy, secure multi-party computation, secure supply, security, SMC}, owner = {tom}, timestamp = {2021-01-27} }
[brands06] Secure User Identification Without Privacy Erosion

Brands, Stefan

University of Ottawa Law & Technology Journal 2006

Website abstract Bib

Individuals are increasingly confronted with requests to identify themselves when accessing services provided by government organizations, companies, and other service providers. At the same time, traditional transaction mechanisms are increasingly being replaced by electronic mechanisms that underneath their hood automatically capture and record globally unique identifiers. Taken together, these interrelated trends are currently eroding the privacy and security of individuals in a manner unimaginable just a few decades ago. Privacy activists are facing an increasingly hopeless battle against new privacy-invasive identification initiatives: the cost of computerized identification systems is rapidly going down, their accuracy and efficiency is improving all the time, much of the required data communication infrastructure is now in place, forgery of non-electronic user credentials is getting easier all the time, and data sharing imperatives have gone up dramatically. This paper argues that the privacy vs. identification debate should be moved into less polarized territory. Contrary to popular misbelief, identification and privacy are not opposite interests that need to be balanced: the same technological advances that threaten to annihilate privacy can be exploited to save privacy in an electronic age. The aim of this paper is to clarify that premise on the basis of a careful analysis of the concept of user identification itself. Following an examination of user identifiers and its purposes, I classify identification technologies in a manner that enables their privacy and security implications to be clearly articulated and contrasted. I also include an overview of a modern privacy-preserving approach to user identification.
@article{brands06, author = {Brands, Stefan}, journal = {University of Ottawa Law \& Technology Journal}, title = {Secure User Identification Without Privacy Erosion}, year = {2006}, pages = {205{\textendash}223}, volume = {3}, keywords = {authentication, cryptography, data sharing, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=999695} }
[kutzner06securessr] Securing the Scalable Source Routing Protocol

Kutzner, Kendy, Wallenta, Christian, and Fuhrmann, Thomas

2006

Website abstract Bib

The Scalable Source Routing (SSR) protocol combines overlay-like routing in a virtual network structure with source routing in the physical network to a single cross-layer architecture. Thereby, it can provide indirect routing in networks that lack a well-crafted structure. SSR is well suited for mobile ad hoc networks, sensor-actuator networks, and especially for mesh networks. Moreover, SSR directly provides the routing semantics of a structured routing overlay, making it an efficient basis for the scalable implementation of fully decentralized applications. In this paper we analyze SSR with regard to security: We show where SSR is prone to attacks, and we describe protocol modifications that make SSR robust in the presence of malicious nodes. The core idea is to introduce cryptographic certificates that allow nodes to discover forged protocol messages. We evaluate our proposed modifications by means of simulations, and thus demonstrate that they are both effective and efficient.
@conference{kutzner06securessr, author = {Kutzner, Kendy and Wallenta, Christian and Fuhrmann, Thomas}, booktitle = {Proceedings of the World Telecommunications Congress 2006}, title = {Securing the Scalable Source Routing Protocol}, year = {2006}, address = {Budapest, Hungary}, keywords = {cryptography, scalable source routing, sensor networks}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[1158641] Security Considerations in Space and Delay Tolerant Networks

Farrell, Stephen, and Cahill, Vinny

2006

DOI Website abstract Bib

This paper reviews the Internet-inspired security work on delay tolerant networking, in particular, as it might apply to space missions, and identifies some challenges arising, for both the Internet security community and for space missions. These challenges include the development of key management schemes suited for space missions as well as a characterization of the actual security requirements applying. A specific goal of this paper is therefore to elicit feedback from space mission IT specialists in order to guide the development of security mechanisms for delay tolerant networking.
@conference{1158641, author = {Farrell, Stephen and Cahill, Vinny}, booktitle = {SMC-IT {\textquoteright}06: Proceedings of the 2nd IEEE International Conference on Space Mission Challenges for Information Technology}, title = {Security Considerations in Space and Delay Tolerant Networks}, year = {2006}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {29{\textendash}38}, publisher = {IEEE Computer Society}, doi = {10.1109/SMC-IT.2006.66}, isbn = {0-7695-2644-6}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1158336.1158641$\#$} }

[tap:pet2006] On the Security of the Tor Authentication Protocol

Goldberg, Ian

Jun 2006

Tor is a popular anonymous Internet communication system, used by an estimated 250,000 users to anonymously exchange over five terabytes of data per day. The security of Tor depends on properly authenticating nodes to clients, but Tor uses a custom protocol, rather than an established one, to perform this authentication. In this paper, we provide a formal proof of security of this protocol, in the random oracle model, under reasonable cryptographic assumptions.

@conference{tap:pet2006,
  author = {Goldberg, Ian},
  booktitle = {Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)},
  title = {On the Security of the Tor Authentication Protocol},
  year = {2006},
  address = {Cambridge, UK},
  editor = {Danezis, George and Golle, Philippe},
  month = jun,
  organization = {Springer},
  pages = {316{\textendash}331},
  publisher = {Springer},
  doi = {10.1007/11957454},
  isbn = {978-3-540-68790-0},
  keywords = {Tor},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/n77w19002743xu51/}
}

[Karnstedt2006SimilarityQueries] Similarity Queries on Structured Data in Structured Overlays

Karnstedt, Marcel, Sattler, Kai-Uwe, Hauswirth, Manfred, and Schmidt, Roman

2006

@conference{Karnstedt2006SimilarityQueries,
  author = {Karnstedt, Marcel and Sattler, Kai-Uwe and Hauswirth, Manfred and Schmidt, Roman},
  booktitle = {Proceedings of the 22nd International Conference on Data Engineering Workshops},
  title = {Similarity Queries on Structured Data in Structured Overlays},
  year = {2006},
  address = {Washington, DC, USA},
  organization = {IEEE Computer Society},
  pages = {32{\textendash}},
  publisher = {IEEE Computer Society},
  series = {ICDEW {\textquoteright}06},
  doi = {10.1109/ICDEW.2006.137},
  isbn = {0-7695-2571-7},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1109/ICDEW.2006.137}
}

[Fuhrmann2006a] Software Engineering for Ambient Intelligence Systems

Fuhrmann, Thomas

2006

abstract Bib

AmbiComp is a new research project that will invest about 30 person years into the development of a new and simple software engineering approach for mobile embedded interactive systems. In order to achieve its ambitious goals, it will combine research from different fields such as mobile peer-to-peer networks and operating systems. As a result, developing applications across multiple embedded devices shall be greatly facilitated.
@proceedings{Fuhrmann2006a, title = {Software Engineering for Ambient Intelligence Systems}, year = {2006}, author = {Fuhrmann, Thomas}, keywords = {P2P}, owner = {tom}, timestamp = {2017-10-10} }
[1170307] Storage Tradeoffs in a Collaborative Backup Service for Mobile Devices

Courtes, Ludovic, Killijian, Marc-Olivier, and Powell, David

2006

DOI Website abstract Bib

Mobile devices are increasingly relied on but are used in contexts that put them at risk of physical dam- age, loss or theft. We consider a fault-tolerance ap- proach that exploits spontaneous interactions to imple- ment a collaborative backup service. We define the con- straints implied by the mobile environment,analyze how they translate into the storage layer of such a backup system and examine various design options. The paper concludes with a presentation of our prototype imple- mentation of the storage layer, an evaluation of the im- pact of several compression methods,and directions for future work.
@conference{1170307, author = {Courtes, Ludovic and Killijian, Marc-Olivier and Powell, David}, booktitle = {EDCC {\textquoteright}06: Proceedings of the Sixth European Dependable Computing Conference}, title = {Storage Tradeoffs in a Collaborative Backup Service for Mobile Devices}, year = {2006}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {129{\textendash}138}, publisher = {IEEE Computer Society}, doi = {10.1109/EDCC.2006.26}, isbn = {0-7695-2648-9}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1170307$\#$} }
[Levine:2006] A Survey of Solutions to the Sybil Attack

Levine, Brian Neil, Shields, Clay, and Margolin, N. Boris

10/2006 2006

Website abstract Bib

Many security mechanisms are based on specific assumptions of identity and are vulnerable to attacks when these assumptions are violated. For example, impersonation is the well-known consequence when authenticating credentials are stolen by a third party. Another attack on identity occurs when credentials for one identity are purposely shared by multiple individuals, for example to avoid paying twice for a service. In this paper, we survey the impact of the Sybil attack, an attack against identity in which an individual entity masquerades as multiple simultaneous identities. The Sybil attack is a fundamental problem in many systems, and it has so far resisted a universally applicable solution.
@article{Levine:2006, author = {Levine, Brian Neil and Shields, Clay and Margolin, N. Boris}, title = {A Survey of Solutions to the Sybil Attack}, year = {2006}, month = {10/2006}, number = {2006-052}, address = {Amherst, MA}, institution = {University of Massachusetts Amherst}, keywords = {anonymity, security, Sybil attack}, owner = {tom}, timestamp = {2017-10-10}, type = {Tech report}, url = {http://prisms.cs.umass.edu/brian/pubs/levine.sybil.tr.2006.pdf} }
[Altman2006] A survey on networking games in telecommunications

Altman, Eitan, Boulogne, Thomas, El-Azouzi, Rachid, Jiménez, Tania, and Wynter, Laura

Computers & Operations Research 02/2006 2006

DOI abstract Bib

In this survey, we summarize different modeling and solution concepts of networking games, as well as a number of different applications in telecommunications that make use of or can make use of networking games. We identify some of the mathematical challenges and methodologies that are involved in these problems. We include here work that has relevance to networking games in telecommunications from other areas, in particular from transportation planning.
@article{Altman2006, author = {Altman, Eitan and Boulogne, Thomas and El-Azouzi, Rachid and Jim{\'e}nez, Tania and Wynter, Laura}, journal = {Computers \& Operations Research}, title = {A survey on networking games in telecommunications}, year = {2006}, month = {02/2006}, pages = {286-311}, volume = {33}, doi = {10.1016/j.cor.2004.06.005}, keywords = {communication network, game theory}, owner = {tom}, publisher = {Elsevier}, timestamp = {2017-10-10} }
[Yu:2006:SDA:1159913.1159945] SybilGuard: defending against sybil attacks via social networks

Yu, Haifeng, Kaminsky, Michael, Gibbons, Phillip B., and Flaxman, Abraham

09/2006 2006

DOI Website abstract Bib

Peer-to-peer and other decentralized,distributed systems are known to be particularly vulnerable to sybil attacks. In a sybil attack,a malicious user obtains multiple fake identities and pretends to be multiple, distinct nodes in the system. By controlling a large fraction of the nodes in the system,the malicious user is able to "out vote" the honest users in collaborative tasks such as Byzantine failure defenses. This paper presents SybilGuard, a novel protocol for limiting the corruptive influences of sybil attacks.Our protocol is based on the "social network "among user identities, where an edge between two identities indicates a human-established trust relationship. Malicious users can create many identities but few trust relationships. Thus, there is a disproportionately-small "cut" in the graph between the sybil nodes and the honest nodes. SybilGuard exploits this property to bound the number of identities a malicious user can create.We show the effectiveness of SybilGuard both analytically and experimentally.
@conference{Yu:2006:SDA:1159913.1159945, author = {Yu, Haifeng and Kaminsky, Michael and Gibbons, Phillip B. and Flaxman, Abraham}, booktitle = {SIGCOMM{\textquoteright}06. Proceedings of the 2006 conference on Applications, Technologies, Architectures, and Protocols for Computer Communications}, title = {SybilGuard: defending against sybil attacks via social networks}, year = {2006}, address = {Pisa, Italy}, month = {09/2006}, organization = {ACM}, pages = {267{\textendash}278}, publisher = {ACM}, series = {SIGCOMM {\textquoteright}06}, doi = {http://doi.acm.org/10.1145/1159913.1159945}, isbn = {1-59593-308-5}, keywords = {social networks, Sybil attack, sybilGuard}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1159913.1159945} }
[citeulike:530977] Taxonomy of trust: Categorizing P2P reputation systems

Marti, Sergio, and Garcia-Molina, Hector

Management in Peer-to-Peer Systems Mar 2006

DOI Website abstract Bib

The field of peer-to-peer reputation systems has exploded in the last few years. Our goal is to organize existing ideas and work to facilitate system design. We present a taxonomy of reputation system components, their properties, and discuss how user behavior and technical constraints can conflict. In our discussion, we describe research that exemplifies compromises made to deliver a useable, implementable system.
@article{citeulike:530977, author = {Marti, Sergio and Garcia-Molina, Hector}, journal = {Management in Peer-to-Peer Systems}, title = {Taxonomy of trust: Categorizing P2P reputation systems}, year = {2006}, month = mar, number = {4}, pages = {472{\textendash}484}, volume = {50}, doi = {10.1016/j.comnet.2005.07.011}, keywords = {P2P, trust}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1139713} }
[ShWa-Timing06] Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses

Shmatikov, Vitaly, and Wang, Ming-Hsui

Sep 2006

DOI Website abstract Bib

Mix networks are a popular mechanism for anonymous Internet communications. By routing IP traffic through an overlay chain of mixes, they aim to hide the relationship between its origin and destination. Using a realistic model of interactive Internet traffic, we study the problem of defending low-latency mix networks against attacks based on correlating inter-packet intervals on two or more links of the mix chain. We investigate several attack models, including an active attack which involves adversarial modification of packet flows in order to “fingerprint” them, and analyze the tradeoffs between the amount of cover traffic, extra latency, and anonymity properties of the mix network. We demonstrate that previously proposed defenses are either ineffective, or impose a prohibitively large latency and/or bandwidth overhead on communicating applications. We propose a new defense based on adaptive padding.
@conference{ShWa-Timing06, author = {Shmatikov, Vitaly and Wang, Ming-Hsui}, booktitle = {Proceedings of ESORICS 2006}, title = {Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses}, year = {2006}, month = sep, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11863908}, isbn = {978-3-540-44601-9}, keywords = {anonymity}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/3n136578m4211484/} }
[conf/infocom/SunHYL06] A Trust Evaluation Framework in Distributed Networks: Vulnerability Analysis and Defense Against Attacks.

Sun, Yan L., Han, Zhu, Yu, Wei, and Liu, K. J. Ray

2006

DOI Website abstract Bib

Evaluation of trustworthiness of participating entities is an effective method to stimulate collaboration and improve network security in distributed networks. Similar to other security related protocols, trust evaluation is an attractive target for adversaries. Currently, the vulnerabilities of trust evaluation system have not been well understood. In this paper, we present several attacks that can undermine the accuracy of trust evaluation, and then develop defense techniques. Based on our investigation on attacks and defense, we implement a trust evaluation system in ad hoc networks for securing ad hoc routing and assisting malicious node detection. Extensive simulations are performed to illustrate various attacks, the effectiveness of the proposed defense techniques, and the overall performance of the trust evaluation system.
@conference{conf/infocom/SunHYL06, author = {Sun, Yan L. and Han, Zhu and Yu, Wei and Liu, K. J. Ray}, booktitle = {INFOCOM}, title = {A Trust Evaluation Framework in Distributed Networks: Vulnerability Analysis and Defense Against Attacks.}, year = {2006}, organization = {IEEE}, publisher = {IEEE}, doi = {10.1109/CISS.2006.286695}, isbn = {1-4244-0349-9}, keywords = {ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dblp.uni-trier.de/db/conf/infocom/infocom2006.html$\#$SunHYL06} }
[Damgard2006] Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation

Damgárd, Ivan, Fitzi, Matthias, Kiltz, Eike, Nielsen, JesperBuus, and Toft, Tomas

2006

DOI Website abstract Bib

We show that if a set of players hold shares of a value a ∈ Fp for some prime p (where the set of shares is written [a] p ), it is possible to compute, in constant rounds and with unconditional security, sharings of the bits of a, i.e., compute sharings [a0] p , ..., [al- 1] p such that l = ⌈ log2 p ⌉, a0,...,al - 1 ∈ 0,1 and a = summation of ai * 2^i where 0 <= i <= l- 1. Our protocol is secure against active adversaries and works for any linear secret sharing scheme with a multiplication protocol. The complexity of our protocol is O(llogl) invocations of the multiplication protocol for the underlying secret sharing scheme, carried out in O(1) rounds. This result immediately implies solutions to other long-standing open problems such as constant-rounds and unconditionally secure protocols for deciding whether a shared number is zero, comparing shared numbers, raising a shared number to a shared exponent and reducing a shared number modulo a shared modulus.
@inbook{Damgard2006, author = {Damg{\'a}rd, Ivan and Fitzi, Matthias and Kiltz, Eike and Nielsen, JesperBuus and Toft, Tomas}, editor = {Halevi, Shai and Rabin, Tal}, pages = {285-304}, publisher = {Springer Berlin Heidelberg}, title = {Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation}, year = {2006}, isbn = {978-3-540-32731-8}, series = {Lecture Notes in Computer Science}, volume = {3876}, booktitle = {Theory of Cryptography}, doi = {10.1007/11681878_15}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/11681878_15} }
[Stutzbach:2006:UCP:1177080.1177105] Understanding churn in peer-to-peer networks

Stutzbach, Daniel, and Rejaie, Reza

10/2006 2006

DOI Website abstract Bib

The dynamics of peer participation, or churn, are an inherent property of Peer-to-Peer (P2P) systems and critical for design and evaluation. Accurately characterizing churn requires precise and unbiased information about the arrival and departure of peers, which is challenging to acquire. Prior studies show that peer participation is highly dynamic but with conflicting characteristics. Therefore, churn remains poorly understood, despite its significance.In this paper, we identify several common pitfalls that lead to measurement error. We carefully address these difficulties and present a detailed study using three widely-deployed P2P systems: an unstructured file-sharing system (Gnutella), a content-distribution system (BitTorrent), and a Distributed Hash Table (Kad). Our analysis reveals several properties of churn: (i) overall dynamics are surprisingly similar across different systems, (ii) session lengths are not exponential, (iii) a large portion of active peers are highly stable while the remaining peers turn over quickly, and (iv) peer session lengths across consecutive appearances are correlated. In summary, this paper advances our understanding of churn by improving accuracy, comparing different P2P file sharingdistribution systems, and exploring new aspects of churn.
@conference{Stutzbach:2006:UCP:1177080.1177105, author = {Stutzbach, Daniel and Rejaie, Reza}, booktitle = {IMC{\textquoteright}06. Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement}, title = {Understanding churn in peer-to-peer networks}, year = {2006}, address = {Rio de Janeriro, Brazil}, month = {10/2006}, organization = {ACM}, pages = {189{\textendash}202}, publisher = {ACM}, series = {IMC {\textquoteright}06}, doi = {http://doi.acm.org/10.1145/1177080.1177105}, isbn = {1-59593-561-4}, keywords = {BitTorrent, churn, Gnutella, KAD, peer-to-peer networking, session length, uptime}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1177080.1177105} }
[valet:pet2006] Valet Services: Improving Hidden Servers with a Personal Touch

Øverlier, Lasse, and Syverson, Paul

Jun 2006

DOI Website abstract Bib

Location hidden services have received increasing attention as a means to resist censorship and protect the identity of service operators. Research and vulnerability analysis to date has mainly focused on how to locate the hidden service. But while the hiding techniques have improved, almost no progress has been made in increasing the resistance against DoS attacks directly or indirectly on hidden services. In this paper we suggest improvements that should be easy to adopt within the existing hidden service design, improvements that will both reduce vulnerability to DoS attacks and add QoS as a service option. In addition we show how to hide not just the location but the existence of the hidden service from everyone but the users knowing its service address. Not even the public directory servers will know how a private hidden service can be contacted, or know it exists.
@conference{valet:pet2006, author = {{\O}verlier, Lasse and Syverson, Paul}, booktitle = {Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006)}, title = {Valet Services: Improving Hidden Servers with a Personal Touch}, year = {2006}, address = {Cambridge, UK}, editor = {Danezis, George and Golle, Philippe}, month = jun, organization = {Springer}, pages = {223{\textendash}244}, publisher = {Springer}, doi = {10.1007/11957454}, isbn = {978-3-540-68790-0}, keywords = {censorship resistance, information hiding}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.springerlink.com/content/d58607007777r8l1/} }
[nguyen2006vsf] Verifiable shuffles: a formal model and a Paillier-based three-round construction with provable security

Nguyen, Lan, Safavi-Naini, Rei, and Kurosawa, Kaoru

International Journal of Information Security 2006

DOI Website abstract Bib

A shuffle takes a list of ciphertexts and outputs a permuted list of re-encryptions of the input ciphertexts. Mix-nets, a popular method for anonymous routing, can be constructed from a sequence of shuffles and decryption. We propose a formal model for security of verifiable shuffles and a new verifiable shuffle system based on the Paillier encryption scheme, and prove its security in the proposed dmodel. The model is general and can be extended to provide provable security for verifiable shuffle decryption.
@article{nguyen2006vsf, author = {Nguyen, Lan and Safavi-Naini, Rei and Kurosawa, Kaoru}, journal = {International Journal of Information Security}, title = {Verifiable shuffles: a formal model and a Paillier-based three-round construction with provable security}, year = {2006}, issn = {1615-5262}, number = {4}, pages = {241{\textendash}255}, volume = {5}, doi = {10.1007/s10207-006-0004-8}, keywords = {formal security model, paillier public-key system, privacy, verifiable shuffles}, owner = {tom}, publisher = {Springer}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1164438} }
[Widmer_abstractnetwork] ABSTRACT Network Coding for Efficient Communication in Extreme Networks

Widmer, Jörg

2005

DOI Website abstract Bib

Some forms of ad-hoc networks need to operate in extremely performance-challenged environments where end-to-end connectivity is rare. Such environments can be found for example in very sparse mobile networks where nodes ”meet ” only occasionally and are able to exchange information, or in wireless sensor networks where nodes sleep most of the time to conserve energy. Forwarding mechanisms in such networks usually resort to some form of intelligent flooding, as for example in probabilistic routing. We propose a communication algorithm that significantly reduces the overhead of probabilistic routing algorithms, making it a suitable building block for a delay-tolerant network architecture. Our forwarding scheme is based on network coding. Nodes do not simply forward packets they overhear but may send out information that is coded over the contents of several packets they received. We show by simulation that this algorithm achieves the reliability and robustness of flooding at a small fraction of the overhead.
@booklet{Widmer_abstractnetwork, title = {ABSTRACT Network Coding for Efficient Communication in Extreme Networks}, author = {Widmer, J{\"o}rg}, year = {2005}, doi = {10.1145/1080139.1080147}, isbn = {1-59593-026-4}, keywords = {ad-hoc networks, delay tolerant network, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.102.5368} }
[pet05-borisov] An Analysis of Parallel Mixing with Attacker-Controlled Inputs

Borisov, Nikita

May 2005

DOI Website abstract Bib

Parallel mixing [7] is a technique for optimizing the latency of a synchronous re-encryption mix network. We analyze the anonymity of this technique when an adversary can learn the output positions of some of the inputs to the mix network. Using probabilistic modeling, we show that parallel mixing falls short of achieving optimal anonymity in this case. In particular, when the number of unknown inputs is small, there are significant anonymity losses in the expected case. This remains true even if all the mixes in the network are honest, and becomes worse as the number of mixes increases. We also consider repeatedly applying parallel mixing to the same set of inputs. We show that an attacker who knows some input–output relationships will learn new information with each mixing and can eventually link previously unknown inputs and outputs.
@conference{pet05-borisov, author = {Borisov, Nikita}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2005)}, title = {An Analysis of Parallel Mixing with Attacker-Controlled Inputs}, year = {2005}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {12{\textendash}25}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11767831}, isbn = {978-3-540-34745-3}, keywords = {anonymity, mix}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/b0t0714165846m42/} }

[DiazThesis05] Anonymity and Privacy in Electronic Services

Diaz, Claudia

Dec 2005

Bib

@mastersthesis{DiazThesis05,
  author = {Diaz, Claudia},
  school = {Katholieke Universiteit Leuven},
  title = {Anonymity and Privacy in Electronic Services},
  year = {2005},
  address = {Leuven, Belgium},
  month = dec,
  type = {phd},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Borisov:CSD-05-1390] Anonymity in Structured Peer-to-Peer Networks

Borisov, Nikita, and Waddle, Jason

May 2005

Website abstract Bib

Existing peer-to-peer systems that aim to provide anonymity to its users are based on networks with unstructured or loosely-structured routing algorithms. Structured routing offers performance and robustness guarantees that these systems are unable to achieve. We therefore investigate adding anonymity support to structured peer-to-peer networks. We apply an entropy-based anonymity metric to Chord and use this metric to quantify the improvements in anonymity afforded by several possible extensions. We identify particular properties of Chord that have the strongest effect on anonymity and propose a routing extension that allows a general trade-off between anonymity and performance. Our results should be applicable to other structured peer-to-peer systems.
@booklet{Borisov:CSD-05-1390, title = {Anonymity in Structured Peer-to-Peer Networks}, author = {Borisov, Nikita and Waddle, Jason}, month = may, year = {2005}, number = {UCB/CSD-05-1390}, owner = {tom}, publisher = {EECS Department, University of California, Berkeley}, timestamp = {2017-10-10}, url = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2005/6509.html} }

[sofem05-Klonowski] Anonymous Communication with On-line and Off-line Onion Encoding

Klonowski, Marek, Kutylowski, Miroslaw, and Zagorski, Filip

Jan 2005

Anonymous communication with onions requires that a user application determines the whole routing path of an onion. This scenario has certain disadvantages, it might be dangerous in some situations, and it does not fit well to the current layered architecture of dynamic communication networks. We show that applying encoding based on universal re-encryption can solve many of these problems by providing much flexibility – the onions can be created on-the-fly or in advance by different parties.

@conference{sofem05-Klonowski,
  author = {Klonowski, Marek and Kutylowski, Miroslaw and Zagorski, Filip},
  booktitle = {Proceedings of Conference on Current Trends in Theory and Practice of Informatics (SOFSEM 2005)},
  title = {Anonymous Communication with On-line and Off-line Onion Encoding},
  year = {2005},
  month = jan,
  organization = {Springer Berlin / Heidelberg},
  publisher = {Springer Berlin / Heidelberg},
  doi = {10.1007/b105088},
  isbn = {978-3-540-24302-1},
  keywords = {onion routing, universal re-encryption},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/9023b6ad0thaf51p/}
}

[1080833] Architecture and evaluation of an unplanned 802.11b mesh network

Bicket, John, Aguayo, Daniel, Biswas, Sanjit, and Morris, Robert

2005

DOI Website abstract Bib

This paper evaluates the ability of a wireless mesh architecture to provide high performance Internet access while demanding little deployment planning or operational management. The architecture considered in this paper has unplanned node placement (rather than planned topology), omni-directional antennas (rather than directional links), and multi-hop routing (rather than single-hop base stations). These design decisions contribute to ease of deployment, an important requirement for community wireless networks. However, this architecture carries the risk that lack of planning might render the network’s performance unusably low. For example, it might be necessary to place nodes carefully to ensure connectivity; the omni-directional antennas might provide uselessly short radio ranges; or the inefficiency of multi-hop forwarding might leave some users effectively disconnected.The paper evaluates this unplanned mesh architecture with a case study of the Roofnet 802.11b mesh network. Roofnet consists of 37 nodes spread over four square kilometers of an urban area. The network provides users with usable performance despite lack of planning: the average inter-node throughput is 627 kbits/second, even though the average route has three hops.The paper evaluates multiple aspects of the architecture: the effect of node density on connectivity and throughput; the characteristics of the links that the routing protocol elects to use; the usefulness of the highly connected mesh afforded by omni-directional antennas for robustness and throughput; and the potential performance of a single-hop network using the same nodes as Roofnet.
@conference{1080833, author = {Bicket, John and Aguayo, Daniel and Biswas, Sanjit and Morris, Robert}, booktitle = {MobiCom {\textquoteright}05: Proceedings of the 11th annual international conference on Mobile computing and networking}, title = {Architecture and evaluation of an unplanned 802.11b mesh network}, year = {2005}, address = {New York, NY, USA}, organization = {ACM}, pages = {31{\textendash}42}, publisher = {ACM}, doi = {10.1145/1080829.1080833}, isbn = {1-59593-020-5}, keywords = {ad-hoc networks, mesh networks, multi-hop networks, route metrics, wireless routing}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1080833$\#$} }
[1095816] BAR fault tolerance for cooperative services

Aiyer, Amitanand S., Alvisi, Lorenzo, Clement, Allen, Dahlin, Mike, Martin, Jean-Philippe, and Porth, Carl

SIGOPS Oper. Syst. Rev. 2005

DOI Website abstract Bib

This paper describes a general approach to constructing cooperative services that span multiple administrative domains. In such environments, protocols must tolerate both Byzantine behaviors when broken, misconfigured, or malicious nodes arbitrarily deviate from their specification and rational behaviors when selfish nodes deviate from their specification to increase their local benefit. The paper makes three contributions: (1) It introduces the BAR (Byzantine, Altruistic, Rational) model as a foundation for reasoning about cooperative services; (2) It proposes a general three-level architecture to reduce the complexity of building services under the BAR model; and (3) It describes an implementation of BAR-B the first cooperative backup service to tolerate both Byzantine users and an unbounded number of rational users. At the core of BAR-B is an asynchronous replicated state machine that provides the customary safety and liveness guarantees despite nodes exhibiting both Byzantine and rational behaviors. Our prototype provides acceptable performance for our application: our BAR-tolerant state machine executes 15 requests per second, and our BAR-B backup service can back up 100MB of data in under 4 minutes.
@article{1095816, author = {Aiyer, Amitanand S. and Alvisi, Lorenzo and Clement, Allen and Dahlin, Mike and Martin, Jean-Philippe and Porth, Carl}, journal = {SIGOPS Oper. Syst. Rev.}, title = {BAR fault tolerance for cooperative services}, year = {2005}, issn = {0163-5980}, number = {5}, pages = {45{\textendash}58}, volume = {39}, address = {New York, NY, USA}, doi = {10.1145/1095809.1095816}, keywords = {byzantine fault tolerance, game theory, reliability}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1095816$\#$} }
[Pouwelse05thebittorrent] The BiTtorrent P2P File-sharing System: Measurements and Analysis

Pouwelse, Johan, Garbacki, Pawel, Epema, Dick H. J., and Sips, Henk J.

02/2005 2005

DOI abstract Bib

Of the many P2P file-sharing prototypes in existence, BitTorrent is one of the few that has managed to attract millions of users. BitTorrent relies on other (global) components for file search, employs a moderator system to ensure the integrity of file data, and uses a bartering technique for downloading in order to prevent users from freeriding. In this paper we present a measurement study of BitTorrent in which we focus on four issues, viz. availability, integrity, flashcrowd handling, and download performance. The purpose of this paper is to aid in the understanding of a real P2P system that apparently has the right mechanisms to attract a large user community, to provide measurement data that may be useful in modeling P2P systems, and to identify design issues in such systems.
@conference{Pouwelse05thebittorrent, author = {Pouwelse, Johan and Garbacki, Pawel and Epema, Dick H. J. and Sips, Henk J.}, booktitle = {IPTPS{\textquoteright}05. Proceedings of the 4th International Workshop on Peer-To-Peer Systems}, title = {The BiTtorrent P2P File-sharing System: Measurements and Analysis}, year = {2005}, address = {Ithaca, NY, USA}, month = {02/2005}, organization = {Springer}, pages = {205-216}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {3640}, doi = {10.1007/11558989_19}, keywords = {BitTorrent, file-sharing}, owner = {tom}, timestamp = {2017-10-10} }

[ih05-Luke] On Blending Attacks For Mixes with Memory

O’Connor, Luke

Jun 2005

Blending attacks are a general class of traffic-based attacks, exemplified by the (n–1)-attack. Adding memory or pools to mixes mitigates against such attacks, however there are few known quantitative results concerning the effect of pools on blending attacks. In this paper we give a precise analysis of the number of rounds required to perform an (n–1)-attack on the pool mix, timed pool mix, timed dynamic pool mix and the binomial mix.

@conference{ih05-Luke,
  author = {O{\textquoteright}Connor, Luke},
  booktitle = {Proceedings of Information Hiding Workshop (IH 2005)},
  title = {On Blending Attacks For Mixes with Memory},
  year = {2005},
  month = jun,
  organization = {Springer Berlin / Heidelberg},
  pages = {39{\textendash}52},
  publisher = {Springer Berlin / Heidelberg},
  doi = {10.1007/11558859},
  isbn = {978-3-540-29039-1},
  keywords = {mix, traffic analysis},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/index/y78350424h77u578.pdf}
}

[1108067] Boundary Chord: A Novel Peer-to-Peer Algorithm for Replica Location Mechanism in Grid Environment

Jin, Hai, Wang, Chengwei, and Chen, Hanhua

2005

DOI Website abstract Bib

The emerging grids need an efficient replica location mechanism. In the experience of developing 1 ChinaGrid Supporting Platform (CGSP), a grid middleware that builds a uniform platform supporting multiple grid-based applications, we meet a challenge of utilizing the properties of locality in replica location process to construct a practical and high performance replica location mechanism. The key of the solution to this challenge is to design an efficient replica location algorithm that meets above requirements. Some previous works have been done to build a replica location mechanism, but they are not suitable for replica location in a grid environment with multiple applications like ChinaGrid. In this paper, we present a novel peer-to-peer algorithm for replica location mechanism, Boundary Chord, which has the merits of locality awareness, self-organization, and load balancing. Simulation results show that the algorithm has better performance than other structured peer-to-peer solutions to the replica location problem.
@conference{1108067, author = {Jin, Hai and Wang, Chengwei and Chen, Hanhua}, booktitle = {ISPAN {\textquoteright}05: Proceedings of the 8th International Symposium on Parallel Architectures,Algorithms and Networks}, title = {Boundary Chord: A Novel Peer-to-Peer Algorithm for Replica Location Mechanism in Grid Environment}, year = {2005}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {262{\textendash}267}, publisher = {IEEE Computer Society}, doi = {10.1109/ISPAN.2005.21}, isbn = {0-7695-2509-1}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1108067$\#$} }
[Pfister05capacity-achievingensembles] Capacity-achieving ensembles for the binary erasure channel with bounded complexity

Pfister, Henry D., Sason, Igal, and Urbanke, Rüdiger L.

IEEE TRANS. INFORMATION THEORY 2005

DOI Website abstract Bib

We present two sequences of ensembles of nonsystematic irregular repeat–accumulate (IRA) codes which asymptotically (as their block length tends to infinity) achieve capacity on the binary erasure channel (BEC) with bounded complexity per information bit. This is in contrast to all previous constructions of capacity-achieving sequences of ensembles whose complexity grows at least like the log of the inverse of the gap (in rate) to capacity. The new bounded complexity result is achieved by puncturing bits, and allowing in this way a sufficient number of state nodes in the Tanner graph representing the codes. We derive an information-theoretic lower bound on the decoding complexity of randomly punctured codes on graphs. The bound holds for every memoryless binary-input output-symmetric (MBIOS) channel and is refined for the binary erasure channel.
@article{Pfister05capacity-achievingensembles, author = {Pfister, Henry D. and Sason, Igal and Urbanke, R{\"u}diger L.}, journal = {IEEE TRANS. INFORMATION THEORY}, title = {Capacity-achieving ensembles for the binary erasure channel with bounded complexity}, year = {2005}, number = {7}, pages = {2352{\textendash}2379}, volume = {51}, doi = {10.1109/ISIT.2004.1365246}, isbn = {0-7803-8280-3}, keywords = {BEC, coding theory, IRA, MBIOS}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.90.3798} }
[Zhuang05cashmere:resilient] Cashmere: Resilient anonymous routing

Zhuang, Li, Zhou, Feng, Zhao, Ben Y., and Rowstron, Antony

2005

Website abstract Bib

Anonymous routing protects user communication from identification by third-party observers. Existing anonymous routing layers utilize Chaum-Mixes for anonymity by relaying traffic through relay nodes called mixes. The source defines a static forwarding path through which traffic is relayed to the destination. The resulting path is fragile and shortlived: failure of one mix in the path breaks the forwarding path and results in data loss and jitter before a new path is constructed. In this paper, we propose Cashmere, a resilient anonymous routing layer built on a structured peer-to-peer overlay. Instead of single-node mixes, Cashmere selects regions in the overlay namespace as mixes. Any node in a region can act as the MIX, drastically reducing the probability of a mix failure. We analyze Cashmere’s anonymity and measure its performance through simulation and measurements, and show that it maintains high anonymity while providing orders of magnitude improvement in resilience to network dynamics and node failures.
@conference{Zhuang05cashmere:resilient, author = {Zhuang, Li and Zhou, Feng and Zhao, Ben Y. and Rowstron, Antony}, booktitle = {In Proc. of NSDI}, title = {Cashmere: Resilient anonymous routing}, year = {2005}, organization = {ACM/USENIX}, publisher = {ACM/USENIX}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251203.1251225$\#$} }
[ih05-csispir] Censorship Resistance Revisited

Perng, Ginger, Reiter, Michael K., and Wang, Chenxi

Jun 2005

DOI Website abstract Bib

“Censorship resistant” systems attempt to prevent censors from imposing a particular distribution of content across a system. In this paper, we introduce a variation of censorship resistance (CR) that is resistant to selective filtering even by a censor who is able to inspect (but not alter) the internal contents and computations of each data server, excluding only the server’s private signature key. This models a service provided by operators who do not hide their identities from censors. Even with such a strong adversarial model, our definition states that CR is only achieved if the censor must disable the entire system to filter selected content. We show that existing censorship resistant systems fail to meet this definition; that Private Information Retrieval (PIR) is necessary, though not sufficient, to achieve our definition of CR; and that CR is achieved through a modification of PIR for which known implementations exist.
@conference{ih05-csispir, author = {Perng, Ginger and Reiter, Michael K. and Wang, Chenxi}, booktitle = {Proceedings of Information Hiding Workshop (IH 2005)}, title = {Censorship Resistance Revisited}, year = {2005}, month = jun, organization = {Springer Berlin / Heidelberg}, pages = {62{\textendash}76}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11558859}, isbn = {978-3-540-29039-1}, keywords = {censorship resistance, private information retrieval}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/f08707qw34614340/} }

[Pai2005] Chainsaw: Eliminating Trees from Overlay Multicast

Pai, Vinay, Kumar, Kapil, Tamilmani, Karthik, Sambamurthy, Vinay, and Mohr, Alexander E.

11/2005 2005

In this paper, we present Chainsaw, a p2p overlay multicast system that completely eliminates trees. Peers are notified of new packets by their neighbors and must explicitly request a packet from a neighbor in order to receive it. This way, duplicate data can be eliminated and a peer can ensure it receives all packets. We show with simulations that Chainsaw has a short startup time, good resilience to catastrophic failure and essentially no packet loss. We support this argument with real-world experiments on Planetlab and compare Chainsaw to Bullet and Splitstream using MACEDON.

@conference{Pai2005,
  author = {Pai, Vinay and Kumar, Kapil and Tamilmani, Karthik and Sambamurthy, Vinay and Mohr, Alexander E.},
  booktitle = {4th International Workshop},
  title = {Chainsaw: Eliminating Trees from Overlay Multicast},
  year = {2005},
  address = {Ithaca, NY, USA},
  editor = {Castro, Miguel and Renesse, Robbert Van},
  month = {11/2005},
  organization = {Springer Berlin / Heidelberg},
  pages = {127-140},
  publisher = {Springer Berlin / Heidelberg},
  series = {Lecture Notes in Computer Science (Peer-to-peer Systems IV)},
  volume = {3640},
  doi = {10.1007/11558989},
  isbn = {978-3-540-29068-1},
  issn = {1611-3349 (Online)},
  keywords = {chainsaw, p2p overlay multicast system, packet loss, trees},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/l13550223q12l65v/about/}
}

[guha05characterization] Characterization and measurement of tcp traversal through nats and firewalls

Guha, Saikat, and Francis, Paul

2005

Website abstract Bib

In recent years, the standards community has developed techniques for traversing NAT/firewall boxes with UDP (that is, establishing UDP flows between hosts behind NATs). Because of the asymmetric nature of TCP connection establishment, however, NAT traversal of TCP is more difficult. Researchers have recently proposed a variety of promising approaches for TCP NAT traversal. The success of these approaches, however, depend on how NAT boxes respond to various sequences of TCP (and ICMP) packets. This paper presents the first broad study of NAT behavior for a comprehensive set of TCP NAT traversal techniques over a wide range of commercial NAT products. We developed a publicly available software test suite that measures the NAT’s responses both to a variety of isolated probes and to complete TCP connection establishments. We test sixteen NAT products in the lab, and 93 home NATs in the wild. Using these results, as well as market data for NAT products, we estimate the likelihood of successful NAT traversal for home networks. The insights gained from this paper can be used to guide both design of TCP NAT traversal protocols and the standardization of NAT/firewall behavior, including the IPv4-IPv6 translating NATs critical for IPv6 transition.
@booklet{guha05characterization, title = {Characterization and measurement of tcp traversal through nats and firewalls}, author = {Guha, Saikat and Francis, Paul}, year = {2005}, keywords = {firewall, NAT}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251086.1251104} }
[chl05-full:eurocrypt2005] Compact E-Cash

Camenisch, Jan, Hohenberger, Susan, and Lysyanskaya, Anna

2005

DOI Website abstract Bib

This paper presents efficient off-line anonymous e-cash schemes where a user can withdraw a wallet containing 2^l coins each of which she can spend unlinkably. Our first result is a scheme, secure under the strong RSA and the y-DDHI assumptions, where the complexity of the withdrawal and spend operations is O(l+k) and the user’s wallet can be stored using O(l+k) bits, where k is a security parameter. The best previously known schemes require at least one of these complexities to be O(2^l k). In fact, compared to previous e-cash schemes, our whole wallet of 2^l coins has about the same size as one coin in these schemes. Our scheme also offers exculpability of users, that is, the bank can prove to third parties that a user has double-spent. We then extend our scheme to our second result, the first e-cash scheme that provides traceable coins without a trusted third party. That is, once a user has double spent one of the 2^l coins in her wallet, all her spendings of these coins can be traced. We present two alternate constructions. One construction shares the same complexities with our first result but requires a strong bilinear map assumption that is only conjectured to hold on MNT curves. The second construction works on more general types of elliptic curves, but the price for this is that the complexity of the spending and of the withdrawal protocols becomes O(lk) and O(lk + k^2) bits, respectively, and wallets take O(lk) bits of storage. All our schemes are secure in the random oracle model.
@conference{chl05-full:eurocrypt2005, author = {Camenisch, Jan and Hohenberger, Susan and Lysyanskaya, Anna}, booktitle = {Proceedings of EUROCRYPT 2005}, title = {Compact E-Cash}, year = {2005}, editor = {Cramer, Ronald}, organization = {Springer}, pages = {302{\textendash}321}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {3494}, doi = {10.1007/b136415}, isbn = {3-540-25910-4}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/vwkgkfpdmrdky5a8/} }
[ih05-danezisclulow] Compulsion Resistant Anonymous Communications

Danezis, George, and Clulow, Jolyon

Jun 2005

DOI Website abstract Bib

We study the effect compulsion attacks, through which an adversary can request a decryption or key from an honest node, have on the security of mix based anonymous communication systems. Some specific countermeasures are proposed that increase the cost of compulsion attacks, detect that tracing is taking place and ultimately allow for some anonymity to be preserved even when all nodes are under compulsion. Going beyond the case when a single message is traced, we also analyze the effect of multiple messages being traced and devise some techniques that could retain some anonymity. Our analysis highlights that we can reason about plausible deniability in terms of the information theoretic anonymity metrics.
@conference{ih05-danezisclulow, author = {Danezis, George and Clulow, Jolyon}, booktitle = {Proceedings of Information Hiding Workshop (IH 2005)}, title = {Compulsion Resistant Anonymous Communications}, year = {2005}, month = jun, organization = {Springer Berlin / Heidelberg}, pages = {11{\textendash}25}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11558859}, isbn = {978-3-540-29039-1}, keywords = {countermeasure, mix}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/74461772r675l828/} }
[Bolton2005] Cooperation among strangers with limited information about reputation

Bolton, Gary E., Katok, Elena, and Ockenfels, Axel

Journal of Public Economics 08/2005 2005

DOI Website abstract Bib

The amount of institutional intervention necessary to secure efficiency-enhancing cooperation in markets and organizations, in circumstances where interactions take place among essentially strangers, depends critically on the amount of information informal reputation mechanisms need transmit. Models based on subgame perfection find that the information necessary to support cooperation is recursive in nature and thus information generating and processing requirements are quite demanding. Models that do not rely on subgame perfection, on the other hand, suggest that the information demands may be quite modest. The experiment we present indicates that even without any reputation information there is a non-negligible amount of cooperation that is, however, quite sensitive to the cooperation costs. For high costs, providing information about a partner’s immediate past action increases cooperation. Recursive information about the partners’ previous partners’ reputation further promotes cooperation, regardless of the cooperation costs.
@article{Bolton2005, author = {Bolton, Gary E. and Katok, Elena and Ockenfels, Axel}, journal = {Journal of Public Economics}, title = {Cooperation among strangers with limited information about reputation}, year = {2005}, month = {08/2005}, pages = {1457-1468}, volume = {89}, doi = {doi:10.1016/j.jpubeco.2004.03.008}, keywords = {cooperation, experimental economics, reputation}, owner = {tom}, timestamp = {2017-10-10}, url = {doi:10.1016/j.jpubeco.2004.03.008} }

[Allavena2005] Correctness of a gossip based membership protocol

Allavena, Andre, Demers, Alan, and Hopcroft, John E.

2005

Bib

@conference{Allavena2005,
  author = {Allavena, Andre and Demers, Alan and Hopcroft, John E.},
  booktitle = {PDOC{\textquoteright}05},
  title = {Correctness of a gossip based membership protocol},
  year = {2005},
  organization = {ACM},
  publisher = {ACM},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Moore05counteringhidden-action] Countering Hidden-action Attacks on Networked Systems

Moore, Tyler

06/2005 2005

We define an economic category of hidden-action attacks: actions made attractive by a lack of observation. We then consider its implications for computer systems. Rather than structure contracts to compensate for incentive problems, we rely on insights from social capital theory to design network topologies and interactions that undermine the potential for hidden-action attacks.

@conference{Moore05counteringhidden-action,
  author = {Moore, Tyler},
  booktitle = {WEIS{\textquoteright}05. Fourth Workshop on the Economics of Information Security},
  title = {Countering Hidden-action Attacks on Networked Systems},
  year = {2005},
  address = {Cambridge, England},
  month = {06/2005},
  doi = {10.1.1.119.8132},
  keywords = {asymmetric information, computer security, decentralized, economics, information security, moral hazard, social capital},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Massoulie:2005:CRS:1064212.1064215] Coupon replication systems

Massoulié, Laurent, and Vojnović, Milan

06/2005 2005

DOI Website abstract Bib

Motivated by the study of peer-to-peer file swarming systems à la BitTorrent, we introduce a probabilistic model of coupon replication systems. These systems consist of users, aiming to complete a collection of distinct coupons. Users are characterised by their current collection of coupons, and leave the system once they complete their coupon collection. The system evolution is then specified by describing how users of distinct types meet, and which coupons get replicated upon such encounters.For open systems, with exogenous user arrivals, we derive necessary and sufficient stability conditions in a layered scenario, where encounters are between users holding the same number of coupons. We also consider a system where encounters are between users chosen uniformly at random from the whole population. We show that performance, captured by sojourn time, is asymptotically optimal in both systems as the number of coupon types becomes large.We also consider closed systems with no exogenous user arrivals. In a special scenario where users have only one missing coupon, we evaluate the size of the population ultimately remaining in the system, as the initial number of users, N, goes to infinity. We show that this decreases geometrically with the number of coupons, K. In particular, when the ratio K/log(N) is above a critical threshold, we prove that this number of left-overs is of order log(log(N)).These results suggest that performance of file swarming systems does not depend critically on either altruistic user behavior, or on load balancing strategies such as rarest first.
@conference{Massoulie:2005:CRS:1064212.1064215, author = {Massouli{\'e}, Laurent and Vojnovi{\'c}, Milan}, booktitle = {SIGMETRICS{\textquoteright}05. Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems}, title = {Coupon replication systems}, year = {2005}, address = {Banff, Alberta, Canada}, month = {06/2005}, organization = {ACM}, pages = {2{\textendash}13}, publisher = {ACM}, series = {SIGMETRICS {\textquoteright}05}, doi = {http://doi.acm.org/10.1145/1064212.1064215}, isbn = {1-59593-022-1}, keywords = {content distribution, file swarming, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1064212.1064215} }
[Kostoulas:2005:DSS:1097873.1098292] Decentralized Schemes for Size Estimation in Large and Dynamic Groups

Kostoulas, Dionysios, Psaltoulis, Dimitrios, Gupta, Indranil, Birman, Kenneth P., and Demers, Alan

07/2005 2005

DOI Website abstract Bib

Large-scale and dynamically changing distributed systems such as the Grid, peer-to-peer overlays, etc., need to collect several kinds of global statistics in a decentralized manner. In this paper, we tackle a specific statistic collection problem called Group Size Estimation, for estimating the number of non-faulty processes present in the global group at any given point of time. We present two new decentralized algorithms for estimation in dynamic groups, analyze the algorithms, and experimentally evaluate them using real-life traces. One scheme is active: it spreads a gossip into the overlay first, and then samples the receipt times of this gossip at different processes. The second scheme is passive: it measures the density of processes when their identifiers are hashed into a real interval. Both schemes have low latency, scalable perprocess overheads, and provide high levels of probabilistic accuracy for the estimate. They are implemented as part of a size estimation utility called PeerCounter that can be incorporated modularly into standard peer-to-peer overlays. We present experimental results from both the simulations and PeerCounter, running on a cluster of 33 Linux servers.
@conference{Kostoulas:2005:DSS:1097873.1098292, author = {Kostoulas, Dionysios and Psaltoulis, Dimitrios and Gupta, Indranil and Birman, Kenneth P. and Demers, Alan}, booktitle = {NCA{\textquoteright}05 - Proceedings of the 4th IEEE International Symposium on Network Computing and Applications}, title = {Decentralized Schemes for Size Estimation in Large and Dynamic Groups}, year = {2005}, address = {Cambridge, MA, USA}, month = {07/2005}, organization = {IEEE Computer Society}, pages = {41{\textendash}48}, publisher = {IEEE Computer Society}, doi = {10.1109/NCA.2005.15}, isbn = {0-7695-2326-9}, keywords = {decentralized, distributed systems, network size estimation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1097873.1098292} }
[You05deepstore:] Deep Store: An archival storage system architecture

You, Lawrence L., Pollack, Kristal T., and Long, Darrell D. E.

2005

DOI Website abstract Bib

We present the Deep Store archival storage architecture, a large-scale storage system that stores immutable dataefficiently and reliably for long periods of time. Archived data is stored across a cluster of nodes and recorded to hard disk. The design differentiates itself from traditional file systems by eliminating redundancy within and across files, distributing content for scalability, associating rich metadata with content, and using variable levels of replication based on the importance or degree of dependency of each piece of stored data. We evaluate the foundations of our design, including PRESIDIO, a virtual content-addressable storage framework with multiple methods for inter-file and intra-file compression that effectively addresses the data-dependent variability of data compression. We measure content and metadata storage efficiency, demonstrate the need for a variable-degree replication model, and provide preliminary results for storage performance.
@conference{You05deepstore:, author = {You, Lawrence L. and Pollack, Kristal T. and Long, Darrell D. E.}, booktitle = {In Proceedings of the 21st International Conference on Data Engineering (ICDE {\textquoteright}05}, title = {Deep Store: An archival storage system architecture}, year = {2005}, organization = {IEEE}, pages = {804{\textendash}815}, publisher = {IEEE}, doi = {10.1109/ICDE.2005.47}, isbn = {0-7695-2285-8}, keywords = {storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.66.6928} }
[Electrical04designingincentives] Designing Incentives for Peer-to-Peer Routing

Blanc, Alberto, Liu, Yi-Kai, and Vahdat, Amin

03/2005 2005

DOI abstract Bib

In a peer-to-peer network, nodes are typically required to route packets for each other. This leads to a problem of "free-loaders", nodes that use the network but refuse to route other nodes’ packets. In this paper we study ways of designing incentives to discourage free-loading. We model the interactions between nodes as a "random matching game", and describe a simple reputation system that provides incentives for good behavior. Under certain assumptions, we obtain a stable subgame-perfect equilibrium. We use simulations to investigate the robustness of this scheme in the presence of noise and malicious nodes, and we examine some of the design trade-offs. We also evaluate some possible adversarial strategies, and discuss how our results might apply to real peer-to-peer systems.
@conference{Electrical04designingincentives, author = {Blanc, Alberto and Liu, Yi-Kai and Vahdat, Amin}, booktitle = {INFOCOM 2005, 24th Annual Joint Conference of the IEEE Computer and Communications Societies}, title = {Designing Incentives for Peer-to-Peer Routing}, year = {2005}, address = {Miami, FL, USA}, month = {03/2005}, organization = {IEEE Computer Society}, pages = {374-385}, publisher = {IEEE Computer Society}, volume = {1}, doi = {10.1109/INFCOM.2005.1497907}, isbn = {0743-166X}, issn = {0-7803-8968-9}, keywords = {economics, free-loader, free-loading, peer-to-peer networking, system design}, owner = {tom}, timestamp = {2017-10-10} }
[1251207] Detecting BGP configuration faults with static analysis

Feamster, Nick, and Balakrishnan, Hari

2005

Website abstract Bib

The Internet is composed of many independent autonomous systems (ASes) that exchange reachability information to destinations using the Border Gateway Protocol (BGP). Network operators in each AS configure BGP routers to control the routes that are learned, selected, and announced to other routers. Faults in BGP configuration can cause forwarding loops, packet loss, and unintended paths between hosts, each of which constitutes a failure of the Internet routing infrastructure. This paper describes the design and implementation of rcc, the router configuration checker, a tool that finds faults in BGP configurations using static analysis. rcc detects faults by checking constraints that are based on a high-level correctness specification. rcc detects two broad classes of faults: route validity faults, where routers may learn routes that do not correspond to usable paths, and path visibility faults, where routers may fail to learn routes for paths that exist in the network. rcc enables network operators to test and debug configurations before deploying them in an operational network, improving on the status quo where most faults are detected only during operation. rcc has been downloaded by more than sixty-five network operators to date, some of whom have shared their configurations with us. We analyze network-wide configurations from 17 different ASes to detect a wide variety of faults and use these findings to motivate improvements to the Internet routing infrastructure.
@conference{1251207, author = {Feamster, Nick and Balakrishnan, Hari}, booktitle = {NSDI{\textquoteright}05: Proceedings of the 2nd conference on Symposium on Networked Systems Design \& Implementation}, title = {Detecting BGP configuration faults with static analysis}, year = {2005}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {43{\textendash}56}, publisher = {USENIX Association}, keywords = {autonomous systems, border gateway protocol}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251207$\#$} }
[Khorshadi:2005:DPR:1090948.1091369] Determining the Peer Resource Contributions in a P2P Contract

Khorshadi, Behrooz, Liu, Xin, and Ghosal, Dipak

07/2005 2005

DOI Website abstract Bib

In this paper we study a scheme called P2P contract which explicitly specifies the resource contributions that are required from the peers. In particular, we consider a P2P file sharing system in which when a peer downloads the file it is required to serve the file to upto N other peers within a maximum period of time T. We study the behavior of this contribution scheme in both centralized and decentralized P2P networks. In a centralized architecture, new requests are forwarded to a central server which hands out the contract along with a list of peers from where the file can be downloaded. We show that a simple fixed contract (i.e., fixed values of N and T) is sufficient to create the required server capacity which adapts to the load. Furthermore, we show that T, the time part of the contract is a more important control parameter than N. In the case of a decentralized P2P architecture, each new request is broadcast to a certain neighborhood determined by the time-to-live (TTL) parameter. Each server receiving the request independently doles out a contract and the requesting peer chooses the one which is least constraining. If there are no servers in the neighborhood, the request fails. To achieve a good request success ratio, we propose an adaptive scheme to set the contracts without requiring global information. Through both analysis and simulation, we show that the proposed scheme adapts to the load and achieves low request failure rate with high server efficiency.
@conference{Khorshadi:2005:DPR:1090948.1091369, author = {Khorshadi, Behrooz and Liu, Xin and Ghosal, Dipak}, booktitle = {HOT-P2P 2005. Proceedings of the Second International Workshop on Hot Topics in Peer-to-Peer Systems}, title = {Determining the Peer Resource Contributions in a P2P Contract}, year = {2005}, address = {La Jolla, California, USA}, month = {07/2005}, organization = {IEEE Computer Society}, pages = {2{\textendash}9}, publisher = {IEEE Computer Society}, doi = {10.1109/HOT-P2P.2005.9}, isbn = {0-7695-2417-6}, keywords = {contracts, P2P, peer resource contribution, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1090948.1091369} }
[Wehrle2005] Distributed Hash Tables

Wehrle, Klaus, Götz, Stefan, and Rieche, Simon

2005

DOI abstract Bib

In the last few years, an increasing number of massively distributed systems with millions of participants has emerged within very short time frames. Applications, such as instant messaging, file-sharing, and content distribution have attracted countless numbers of users. For example, Skype gained more than 2.5 millions of users within twelve months, and more than 50% of Internet traffic is originated by BitTorrent. These very large and still rapidly growing systems attest to a new era for the design and deployment of distributed systems. In particular, they reflect what the major challenges are today for designing and implementing distributed systems: scalability, flexibility, and instant deployment.
@inbook{Wehrle2005, author = {Wehrle, Klaus and G{\"o}tz, Stefan and Rieche, Simon}, chapter = {7}, publisher = {Springer}, title = {Distributed Hash Tables}, year = {2005}, series = {Lecture Notes in Computer Science}, volume = {3485}, booktitle = {Peer-to-Peer Systems and Applications}, doi = {10.1007/11530657_7}, keywords = {distributed hash table}, organization = {Springer}, owner = {tom}, timestamp = {2017-10-10} }

[Yang2005] An empirical study of free-riding behavior in the maze p2p file-sharing system

Yang, Mao, Zhang, Zheng, Li, Xiaoming, and Dai, Yafei

2005

@conference{Yang2005,
  author = {Yang, Mao and Zhang, Zheng and Li, Xiaoming and Dai, Yafei},
  booktitle = {Proceedings of the 4th international conference on Peer-to-Peer Systems},
  title = {An empirical study of free-riding behavior in the maze p2p file-sharing system},
  year = {2005},
  address = {Berlin, Heidelberg},
  organization = {Springer-Verlag},
  publisher = {Springer-Verlag},
  doi = {10.1007/11558989_17},
  isbn = {3-540-29068-0, 978-3-540-29068-1},
  keywords = {free-riding, incentives, Sybil attack},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/11558989_17}
}

[Bickson05theemule] The eMule Protocol Specification

Kulbak, Yoram, and Bickson, Danny

01/2005 2005

this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitle "GNU Free Documentation License"

@article{Bickson05theemule,
  author = {Kulbak, Yoram and Bickson, Danny},
  title = {The eMule Protocol Specification},
  year = {2005},
  month = {01/2005},
  number = {TR-2005-03},
  address = {Jerusalem, Israel},
  institution = {Leibniz Center, School of Computer Science and Engineering, The Hebrew University},
  owner = {tom},
  timestamp = {2017-10-10},
  type = {Tech report},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.60.7750}
}

[Wang05erasure-codingbased] Erasure-coding based routing for opportunistic networks

Wang, Yong, Jain, Sushant, Martonosi, Margaret, and Fall, Kevin

2005

DOI Website abstract Bib

mobility is a challenging problem because disconnections are prevalent and lack of knowledge about network dynamics hinders good decision making. Current approaches are primarily based on redundant transmissions. They have either high overhead due to excessive transmissions or long delays due to the possibility of making wrong choices when forwarding a few redundant copies. In this paper, we propose a novel forwarding algorithm based on the idea of erasure codes. Erasure coding allows use of a large number of relays while maintaining a constant overhead, which results in fewer cases of long delays. We use simulation to compare the routing performance of using erasure codes in DTN with four other categories of forwarding algorithms proposed in the literature. Our simulations are based on a real-world mobility trace collected in a large outdoor wild-life environment. The results show that the erasure-coding based algorithm provides the best worst-case delay performance with a fixed amount of overhead. We also present a simple analytical model to capture the delay characteristics of erasure-coding based forwarding, which provides insights on the potential of our approach.
@conference{Wang05erasure-codingbased, author = {Wang, Yong and Jain, Sushant and Martonosi, Margaret and Fall, Kevin}, title = {Erasure-coding based routing for opportunistic networks}, year = {2005}, organization = {ACM Press}, pages = {229{\textendash}236}, publisher = {ACM Press}, doi = {10.1145/1080139.1080140}, keywords = {delay tolerant network, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1080139.1080140} }
[Anagnostakis2005] Exchange-based incentive mechanisms for peer-to-peer file sharing

Anagnostakis, Kostas G., and Greenwald, Michael B.

03/2004 2005

DOI abstract Bib

Performance of peer-to-peer resource sharing networks depends upon the level of cooperation of the participants. To date, cash-based systems have seemed too complex, while lighter-weight credit mechanisms have not provided strong incentives for cooperation. We propose exchange-based mechanisms that provide incentives for cooperation in peer-to-peer file sharing networks. Peers give higher service priority to requests from peers that can provide a simultaneous and symmetric service in return. We generalize this approach to n-way exchanges among rings of peers and present a search algorithm for locating such rings. We have used simulation to analyze the effect of exchanges on performance. Our results show that exchange-based mechanisms can provide strong incentives for sharing, offering significant improvements in service times for sharing users compared to free-riders, without the problems and complexity of cash- or credit-based systems.
@conference{Anagnostakis2005, author = {Anagnostakis, Kostas G. and Greenwald, Michael B.}, booktitle = {Proceedings of International Conference on Distributed Computing Systems 2004}, title = {Exchange-based incentive mechanisms for peer-to-peer file sharing}, year = {2005}, address = {Tokyo, Japan}, month = {03/2004}, organization = {IEEE Computer Society}, pages = {524-533}, publisher = {IEEE Computer Society}, doi = {10.1109/ICDCS.2004.1281619}, isbn = {0-7695-2086-3}, keywords = {exchange-based mechanism, peer-to-peer networking, sharing}, owner = {tom}, timestamp = {2017-10-10} }
[conf/infocom/GollapudiSZ05] Exploiting anarchy in networks: a game-theoretic approach to combining fairness and throughput.

Gollapudi, Sreenivas, Sivakumar, D., and Zhang, Aidong

03/2005 2005

DOI Website abstract Bib

We propose a novel mechanism for routing and bandwidth allocation that exploits the selfish and rational behavior of flows in a network. Our mechanism leads to allocations that simultaneously optimize throughput and fairness criteria. We analyze the performance of our mechanism in terms of the induced Nash equilibrium. We compare the allocations at the Nash equilibrium with throughput-optimal allocations as well as with fairness-optimal allocations. Our mechanism offers a smooth trade-off between these criteria, and allows us to produce allocations that are approximately optimal with respect to both. Our mechanism is also fairly simple and admits an efficient distributed implementation.
@conference{conf/infocom/GollapudiSZ05, author = {Gollapudi, Sreenivas and Sivakumar, D. and Zhang, Aidong}, booktitle = {INFOCOM 2005. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies}, title = {Exploiting anarchy in networks: a game-theoretic approach to combining fairness and throughput.}, year = {2005}, address = {Miami, FL, USA}, month = {03/2005}, organization = {IEEE Computer Society}, pages = {2147-2158}, publisher = {IEEE Computer Society}, doi = {10.1109/INFCOM.2005.1498490}, isbn = {0-7803-8968-9}, keywords = {bandwidth allocation, dblp, nash equilibrium, routing allocation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dblp.uni-trier.de/db/conf/infocom/infocom2005.html$\#$GollapudiSZ05} }
[10.1109/MOBIQUITOUS.2005.29] Exploiting co-location history for ef.cient service selection in ubiquitous computing systems

Karypidis, Alexandros, and Lalis, Spyros

Mobile and Ubiquitous Systems, Annual International Conference on 2005

DOI Website abstract Bib

As the ubiquitous computing vision materializes, the number and diversity of digital elements in our environment increases. Computing capability comes in various forms and is embedded in different physical objects, ranging from miniature devices such as human implants and tiny sensor particles, to large constructions such as vehicles and entire buildings. The number of possible interactions among such elements, some of which may be invisible or offer similar functionality, is growing fast so that it becomes increasingly hard to combine or select between them. Mechanisms are thus required for intelligent matchmaking that will achieve controlled system behavior, yet without requiring the user to continuously input desirable options in an explicit manner. In this paper we argue that information about the colocation relationship of computing elements is quite valuable in this respect and can be exploited to guide automated service selection with minimal or no user involvement. We also discuss the implementation of such mechanism that is part of our runtime system for smart objects.
@article{10.1109/MOBIQUITOUS.2005.29, author = {Karypidis, Alexandros and Lalis, Spyros}, journal = {Mobile and Ubiquitous Systems, Annual International Conference on}, title = {Exploiting co-location history for ef.cient service selection in ubiquitous computing systems}, year = {2005}, pages = {202-212}, address = {Los Alamitos, CA, USA}, doi = {10.1109/MOBIQUITOUS.2005.29}, isbn = {0-7695-2375-7}, owner = {tom}, publisher = {IEEE Computer Society}, timestamp = {2017-10-10}, url = {http://www.computer.org/portal/web/csdl/doi/10.1109/MOBIQUITOUS.2005.29} }

[10.1109/MASCOT.2005.73] The Feasibility of DHT-based Streaming Multicast

Birrer, Stefan, and Bustamante, Fabian E.

2012 IEEE 20th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems 2005

@article{10.1109/MASCOT.2005.73,
  author = {Birrer, Stefan and Bustamante, Fabian E.},
  journal = {2012 IEEE 20th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems},
  title = {The Feasibility of DHT-based Streaming Multicast},
  year = {2005},
  issn = {1526-7539},
  pages = {288-298},
  address = {Los Alamitos, CA, USA},
  doi = {http://doi.ieeecomputersociety.org/10.1109/MASCOT.2005.73},
  owner = {tom},
  publisher = {IEEE Computer Society},
  timestamp = {2017-10-10}
}

[Wang05findingcollisions] Finding Collisions in the Full SHA-1

Wang, Xiaoyun, Yin, Yiqun Lisa, and Yu, Hongbo

2005

In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 2 69 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 2 80 theoretical bound. Keywords: Hash functions, collision search attacks, SHA-1, SHA-0. 1

@conference{Wang05findingcollisions,
  author = {Wang, Xiaoyun and Yin, Yiqun Lisa and Yu, Hongbo},
  booktitle = {In Proceedings of Crypto},
  title = {Finding Collisions in the Full SHA-1},
  year = {2005},
  organization = {Springer},
  pages = {17{\textendash}36},
  publisher = {Springer},
  doi = {10.1007/11535218},
  isbn = {978-3-540-28114-6},
  keywords = {cryptography},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.94.4261}
}

[DBLP:conf/p2p/EberspacherS05a] First and Second Generation of Peer-to-Peer Systems

Eberspächer, Jörg, and Schollmeier, Rüdiger

2005

abstract Bib

Peer-to-Peer (P2P) networks appeared roughly around the year 2000 when a broadband Internet infrastructure (even at the network edge) became widely available. Other than traditional networks Peer-to-Peer networks do not rely on a specific infrastructure offering transport services. Instead they form “overlay structures” focusing on content allocation and distribution based on TCP or HTTP connections. Whereas in a standard Client-Server configuration content is stored and provided only via some central server(s), Peer-to-Peer networks are highly decentralized and locate a desired content at some participating peer and provide the corresponding IP address of that peer to the searching peer. The download of that content is then initiated using a separate connection, often using HTTP. Thus, the high load usually resulting for a central server and its surrounding network is avoided leading to a more even distribution of load on the underlying physical network. On the other hand, such networks are typically subject to frequent changes because peers join and leave the network without any central control.
@inbook{DBLP:conf/p2p/EberspacherS05a, author = {Ebersp{\"a}cher, J{\"o}rg and Schollmeier, R{\"u}diger}, pages = {35-56}, publisher = {Springer Berlin / Heidelberg}, title = {First and Second Generation of Peer-to-Peer Systems}, year = {2005}, series = {Lecture Notes in Computer Science}, volume = {3485}, booktitle = {Peer-to-Peer Systems and Applications}, keywords = {generation, P2P, peer-to-peer networking}, organization = {Springer Berlin / Heidelberg}, owner = {tom}, timestamp = {2017-10-10} }

[rhea2005fixing] Fixing the embarrassing slowness of OpenDHT on PlanetLab

Rhea, S., Chun, B.G., Kubiatowicz, J., and Shenker, S

2005

Bib

@conference{rhea2005fixing,
  author = {Rhea, S. and Chun, B.G. and Kubiatowicz, J. and Shenker, S},
  booktitle = {Proc. of the Second USENIX Workshop on Real, Large Distributed Systems},
  title = {Fixing the embarrassing slowness of OpenDHT on PlanetLab},
  year = {2005},
  pages = {25{\textendash}30},
  keywords = {distributed hash table, openDHT, peer-to-peer, PlanetLab},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Fu::FlowMarking::2005] On Flow Marking Attacks in Wireless Anonymous Communication Networks

Fu, Xinwen, Zhu, Ye, Graham, Bryan, Bettati, Riccardo, and Zhao, Wei

Apr 2005

Website abstract Bib

This paper studies the degradation of anonymity in a flow-based wireless mix network under flow marking attacks, in which an adversary embeds a recognizable pattern of marks into wireless traffic flows by electromagnetic interference. We find that traditional mix technologies are not effective in defeating flow marking attacks, and it may take an adversary only a few seconds to recognize the communication relationship between hosts by tracking suchartificial marks. Flow marking attacks utilize frequency domain analytical techniques and convert time domain marks into invariant feature frequencies. To counter flow marking attacks, we propose a new countermeasure based on digital filtering technology, and show that this filter-based counter-measure can effectively defend a wireless mix network from flow marking attacks.
@conference{Fu::FlowMarking::2005, author = {Fu, Xinwen and Zhu, Ye and Graham, Bryan and Bettati, Riccardo and Zhao, Wei}, booktitle = {Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS)}, title = {On Flow Marking Attacks in Wireless Anonymous Communication Networks}, year = {2005}, month = apr, organization = {IEEE Computer Society Washington, DC, USA}, publisher = {IEEE Computer Society Washington, DC, USA}, isbn = {0-7695-2331-5}, keywords = {802.11, anonymity, Bluetooth, flow marking attack}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1069397} }
[camlys05] A Formal Treatment of Onion Routing

Camenisch, Jan, and Lysyanskaya, Anna

Aug 2005

DOI Website abstract Bib

Anonymous channels are necessary for a multitude of privacy-protecting protocols. Onion routing is probably the best known way to achieve anonymity in practice. However, the cryptographic aspects of onion routing have not been sufficiently explored: no satisfactory definitions of security have been given, and existing constructions have only had ad-hoc security analysis for the most part. We provide a formal definition of onion-routing in the universally composable framework, and also discover a simpler definition (similar to CCA2 security for encryption) that implies security in the UC framework. We then exhibit an efficient and easy to implement construction of an onion routing scheme satisfying this definition.
@conference{camlys05, author = {Camenisch, Jan and Lysyanskaya, Anna}, booktitle = {Proceedings of CRYPTO 2005}, title = {A Formal Treatment of Onion Routing}, year = {2005}, editor = {Shoup, Victor}, month = aug, organization = {Springer-Verlag, LNCS 3621}, pages = {169{\textendash}187}, publisher = {Springer-Verlag, LNCS 3621}, doi = {10.1007/11535218}, isbn = {978-3-540-28114-6}, keywords = {onion routing, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/0jmg1krt9ph147ql/} }
[10.1109/MDSO.2005.31] Free Riding on Gnutella Revisited: The Bell Tolls?

Hughes, Daniel, Coulson, Geoff, and Walkerdine, James

IEEE Distributed Systems Online 06/2005 2005

DOI abstract Bib

Individuals who use peer-to-peer (P2P) file-sharing networks such as Gnutella face a social dilemma. They must decide whether to contribute to the common good by sharing files or to maximize their personal experience by free riding, downloading files while not contributing any to the network. Individuals gain no personal benefits from uploading files (in fact, it’s inconvenient), so it’s "rational" for users to free ride. However, significant numbers of free riders degrade the entire system’s utility, creating a "tragedy of the digital commons." In this article, a new analysis of free riding on the Gnutella network updates data from 2000 and points to an increasing downgrade in the network’s overall performance and the emergence of a "metatragedy" of the commons among Gnutella developers.
@article{10.1109/MDSO.2005.31, author = {Hughes, Daniel and Coulson, Geoff and Walkerdine, James}, journal = {IEEE Distributed Systems Online}, title = {Free Riding on Gnutella Revisited: The Bell Tolls?}, year = {2005}, issn = {1541-4922}, month = {06/2005}, volume = {6}, address = {Los Alamitos, CA, USA}, chapter = {1}, doi = {http://doi.ieeecomputersociety.org/10.1109/MDSO.2005.31}, keywords = {distributed systems, free riding, Gnutella, peer-to-peer networking}, owner = {tom}, publisher = {IEEE Computer Society}, timestamp = {2017-10-10} }
[Sahai2005] Fuzzy Identity-Based Encryption

Sahai, Amit, and Waters, Brent

05/2005 2005

abstract Bib

We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω , if and only if the identities ω and ω are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”. In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.
@conference{Sahai2005, author = {Sahai, Amit and Waters, Brent}, booktitle = {EUROCRYPT{\textquoteright}05 Workshop on the Theory and Application of of Cryptographic Techniques}, title = {Fuzzy Identity-Based Encryption}, year = {2005}, address = {Aarhus, Denmark}, month = {05/2005}, organization = {Springer}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {3494}, keywords = {Fuzzy IBE, IBE}, owner = {tom}, timestamp = {2021-01-27} }
[Jelasity:2005:GAL:1082469.1082470] Gossip-based aggregation in large dynamic networks

Jelasity, Márk, Montresor, Alberto, and Babaoglu, Ozalp

ACM Transactions on Computer Systems Aug 2005

DOI Website abstract Bib

As computer networks increase in size, become more heterogeneous and span greater geographic distances, applications must be designed to cope with the very large scale, poor reliability, and often, with the extreme dynamism of the underlying network. Aggregation is a key functional building block for such applications: it refers to a set of functions that provide components of a distributed system access to global information including network size, average load, average uptime, location and description of hotspots, and so on. Local access to global information is often very useful, if not indispensable for building applications that are robust and adaptive. For example, in an industrial control application, some aggregate value reaching a threshold may trigger the execution of certain actions; a distributed storage system will want to know the total available free space; load-balancing protocols may benefit from knowing the target average load so as to minimize the load they transfer. We propose a gossip-based protocol for computing aggregate values over network components in a fully decentralized fashion. The class of aggregate functions we can compute is very broad and includes many useful special cases such as counting, averages, sums, products, and extremal values. The protocol is suitable for extremely large and highly dynamic systems due to its proactive structure—all nodes receive the aggregate value continuously, thus being able to track any changes in the system. The protocol is also extremely lightweight, making it suitable for many distributed applications including peer-to-peer and grid computing systems. We demonstrate the efficiency and robustness of our gossip-based protocol both theoretically and experimentally under a variety of scenarios including node and communication failures.
@article{Jelasity:2005:GAL:1082469.1082470, author = {Jelasity, M{\'a}rk and Montresor, Alberto and Babaoglu, Ozalp}, journal = {ACM Transactions on Computer Systems}, title = {Gossip-based aggregation in large dynamic networks}, year = {2005}, issn = {0734-2071}, month = aug, pages = {219{\textendash}252}, volume = {23}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1082469.1082470}, keywords = {Gossip-based protocols, proactive aggregation}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1082469.1082470} }
[Godfrey05heterogeneityand] Heterogeneity and Load Balance in Distributed Hash Tables

Godfrey, Brighten, and Stoica, Ion

2005

Website abstract Bib

Existing solutions to balance load in DHTs incur a high overhead either in terms of routing state or in terms of load movement generated by nodes arriving or departing the system. In this paper, we propose a set of general techniques and use them to develop a protocol based on Chord, called Y0 , that achieves load balancing with minimal overhead under the typical assumption that the load is uniformly distributed in the identifier space. In particular, we prove that Y0 can achieve near-optimal load balancing, while moving little load to maintain the balance and increasing the size of the routing tables by at most a constant factor
@conference{Godfrey05heterogeneityand, author = {Godfrey, Brighten and Stoica, Ion}, booktitle = {IN PROC. OF IEEE INFOCOM}, title = {Heterogeneity and Load Balance in Distributed Hash Tables}, year = {2005}, keywords = {Chord, distributed hash table, load balancing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.6740} }
[Feldman:2005:HMR:1064009.1064022] Hidden-action in multi-hop routing

Feldman, Michal, Chuang, John, Stoica, Ion, and Shenker, S

06/2005 2005

DOI Website abstract Bib

In multi-hop networks, the actions taken by individual intermediate nodes are typically hidden from the communicating endpoints; all the endpoints can observe is whether or not the end-to-end transmission was successful. Therefore, in the absence of incentives to the contrary, rational (i.e., selfish) intermediate nodes may choose to forward packets at a low priority or simply not forward packets at all. Using a principal-agent model, we show how the hidden-action problem can be overcome through appropriate design of contracts, in both the direct (the endpoints contract with each individual router) and recursive (each router contracts with the next downstream router) cases. We further demonstrate that per-hop monitoring does not necessarily improve the utility of the principal or the social welfare in the system. In addition, we generalize existing mechanisms that deal with hidden-information to handle scenarios involving both hidden-information and hidden-action.
@conference{Feldman:2005:HMR:1064009.1064022, author = {Feldman, Michal and Chuang, John and Stoica, Ion and Shenker, S}, booktitle = {EC{\textquoteright}05. Proceedings of the 6th ACM Conference on Electronic Commerce}, title = {Hidden-action in multi-hop routing}, year = {2005}, address = {Vancouver, Canada}, month = {06/2005}, organization = {ACM}, pages = {117{\textendash}126}, publisher = {ACM}, series = {EC {\textquoteright}05}, doi = {http://doi.acm.org/10.1145/1064009.1064022}, isbn = {1-59593-049-3}, keywords = {contracts, hidden-action, incentives, mechanism design, moral-hazard, multi-hop, principal-agent model, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1064009.1064022} }

[IPTPS05] High Availability in DHTs: Erasure Coding vs. Replication

Rodrigues, Rodrigo, and Liskov, Barbara

02/2005 2005

High availability in peer-to-peer DHTs requires data redundancy. This paper compares two popular redundancy schemes: replication and erasure coding. Unlike previous comparisons, we take the characteristics of the nodes that comprise the overlay into account, and conclude that in some cases the benefits from coding are limited, and may not be worth its disadvantages.

@conference{IPTPS05,
  author = {Rodrigues, Rodrigo and Liskov, Barbara},
  booktitle = {IPTPS{\textquoteright}05 - Proceedings of the 4th International Workshop in Peer-to-Peer Systems},
  title = {High Availability in DHTs: Erasure Coding vs. Replication},
  year = {2005},
  address = {Ithaca, New York},
  month = {02/2005},
  organization = {Springer},
  publisher = {Springer},
  series = {Lecture Notes in Computer Science},
  volume = {3640},
  doi = {10.1007/11558989_21},
  keywords = {distributed hash table, erasure coding, high availability, peer-to-peer networking, redundancy, Replication},
  owner = {tom},
  timestamp = {2017-10-10}
}

[1103797] Hydra: a platform for survivable and secure data storage systems

Xu, Lihao

2005

DOI Website abstract Bib

This paper introduces Hydra, a platform that we are developing for highly survivable and secure data storage systems that distribute information over networks and adapt timely to environment changes, enabling users to store and access critical data in a continuously available and highly trustable fashion. The Hydra platform uses MDS array codes that can be encoded and decoded efficiently for distributing and recovering user data. Novel uses of MDS array codes in Hydra are discussed, as well as Hydra’s design goals, general structures and a set of basic operations on user data. We also explore Hydra’s applications in survivable and secure data storage systems.
@conference{1103797, author = {Xu, Lihao}, booktitle = {StorageSS {\textquoteright}05: Proceedings of the 2005 ACM workshop on Storage security and survivability}, title = {Hydra: a platform for survivable and secure data storage systems}, year = {2005}, address = {New York, NY, USA}, organization = {ACM}, pages = {108{\textendash}114}, publisher = {ACM}, doi = {10.1145/1103780.1103797}, isbn = {1-59593-233-X}, keywords = {storage}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1103797$\#$} }
[1095944] Impacts of packet scheduling and packet loss distribution on FEC Performances: observations and recommendations

Neumann, Christoph, Francillon, Aurélien, and Furodet, David

2005

DOI Website abstract Bib

Forward Error Correction (FEC) is commonly used for content broadcasting. The performance of the FEC codes largely vary, depending in particular on the code used and on the object size, and these parameters have already been studied in detail by the community. However the FEC performances are also largely dependent on the packet scheduling used during transmission and on the loss pattern introduced by the channel. Little attention has been devoted to these aspects so far. Therefore the present paper analyzes their impacts on the three FEC codes: LDGM Staircase, LDGM Triangle, two large block codes, and Reed-Solomon. Thanks to this analysis, we define several recommendations on how to best use these codes, depending on the test case and on the channel, which turns out to be of utmost importance.
@conference{1095944, author = {Neumann, Christoph and Francillon, Aur{\'e}lien and Furodet, David}, booktitle = {CoNEXT{\textquoteright}05: Proceedings of the 2005 ACM conference on Emerging network experiment and technology}, title = {Impacts of packet scheduling and packet loss distribution on FEC Performances: observations and recommendations}, year = {2005}, address = {New York, NY, USA}, organization = {ACM Press}, pages = {166{\textendash}176}, publisher = {ACM Press}, doi = {10.1145/1095921.1095944}, isbn = {1-59593-197-X}, keywords = {forward error correction, LDPC, loss pattern, multicast, packet scheduling, Reed-Solomon}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.63.8807} }
[1646697] Improving delivery ratios for application layer multicast in mobile ad hoc networks

Baumung, Peter, Zitterbart, Martina, and Kutzner, Kendy

Comput. Commun. 2005

DOI Website abstract Bib

Delivering multicast data using application layer approaches offers different advantages, as group members communicate using so-called overlay networks. These consist of a multicast group’s members connected by unicast tunnels. Since existing approaches for application layer delivery of multicast data in mobile ad hoc networks (short MANETs) only deal with routing but not with error recovery, this paper evaluates tailored mechanisms for handling packet losses and congested networks. Although illustrated at the example of a specific protocol, the mechanisms may be applied to arbitrary overlays. This paper also investigates how application layer functionality based on overlay networks can turn existing multicast routing protocols (like ODMRP, M-AODV,...) into (almost) reliable transport protocols.
@article{1646697, author = {Baumung, Peter and Zitterbart, Martina and Kutzner, Kendy}, journal = {Comput. Commun.}, title = {Improving delivery ratios for application layer multicast in mobile ad hoc networks}, year = {2005}, issn = {0140-3664}, number = {14}, pages = {1669{\textendash}1679}, volume = {28}, address = {Newton, MA, USA}, doi = {10.1016/j.comcom.2005.02.008}, keywords = {mobile Ad-hoc networks, multicast, reliability}, owner = {tom}, publisher = {Butterworth-Heinemann}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1646697$\#$} }
[Jun:2005:IBI:1080192.1080199] Incentives in BitTorrent Induce Free Riding

Jun, Seung, and Ahamad, Mustaque

08/2005 2005

DOI Website abstract Bib

We investigate the incentive mechanism of BitTorrent, which is a peer-to-peer file distribution system. As downloaders in BitTorrent are faced with the conflict between the eagerness to download and the unwillingness to upload, we relate this problem to the iterated prisoner’s dilemma, which suggests guidelines to design a good incentive mechanism. Based on these guidelines, we propose a new, simple incentive mechanism. Our analysis and the experimental results using PlanetLab show that the original incentive mechanism of BitTorrent can induce free riding because it is not effective in rewarding and punishing downloaders properly. In contrast, a new mechanism proposed by us is shown to be more robust against free riders.
@conference{Jun:2005:IBI:1080192.1080199, author = {Jun, Seung and Ahamad, Mustaque}, booktitle = {P2PECON{\textquoteright}05. Proceedings of the 2005 ACM SIGCOMM Workshop on Economics of Peer-to-Peer Systems}, title = {Incentives in BitTorrent Induce Free Riding}, year = {2005}, address = {Philadelphia, Pennsylvania, USA}, month = {08/2005}, organization = {ACM}, pages = {116{\textendash}121}, publisher = {ACM}, series = {P2PECON {\textquoteright}05}, doi = {http://doi.acm.org/10.1145/1080192.1080199}, isbn = {1-59593-026-4}, keywords = {BitTorrent, data dissemination, prisoner{\textquoteright}s dilemma, strategy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1080192.1080199} }

[Andrade:2005:ICB:1080192.1080198] Influences on cooperation in BitTorrent communities

Andrade, Nazareno, Mowbray, Miranda, Lima, Aliandro, Wagner, Gustavo, and Ripeanu, Matei

08/2005 2005

We collect BitTorrent usage data across multiple file-sharing communities and analyze the factors that affect users’ cooperative behavior. We find evidence that the design of the BitTorrent protocol results in increased cooperative behavior over other P2P protocols used to share similar content (e.g. Gnutella). We also investigate two additional community-specific mechanisms that foster even more cooperation.

@conference{Andrade:2005:ICB:1080192.1080198,
  author = {Andrade, Nazareno and Mowbray, Miranda and Lima, Aliandro and Wagner, Gustavo and Ripeanu, Matei},
  booktitle = {P2PEcon{\textquoteright}05. Proceedings of the 2005 ACM SIGCOMM workshop on Economics of peer-to-peer systems},
  title = {Influences on cooperation in BitTorrent communities},
  year = {2005},
  address = {Philadelphia, Pennsylvania, USA},
  month = {08/2005},
  organization = {ACM},
  pages = {111{\textendash}115},
  publisher = {ACM},
  series = {P2PECON {\textquoteright}05},
  doi = {http://doi.acm.org/10.1145/1080192.1080198},
  isbn = {1-59593-026-4},
  keywords = {BitTorrent, cooperation, P2P},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1080192.1080198}
}

[Liu2005] On the Interaction Between Overlay Routing and Underlay Routing

Liu, Yong, Zhang, Honggang, Gong, Weibo, and Towsley, Don

2005

Bib

@proceedings{Liu2005,
  title = {On the Interaction Between Overlay Routing and Underlay Routing},
  year = {2005},
  author = {Liu, Yong and Zhang, Honggang and Gong, Weibo and Towsley, Don},
  journal = {IEEE INFOCOM {\textquoteright}05},
  owner = {tom},
  pages = {2543--2553},
  timestamp = {2017-10-10}
}

[cramer05isprp] ISPRP: A Message-Efficient Protocol for Initializing Structured P2P Networks

Cramer, Curt, and Fuhrmann, Thomas

2005

Website abstract Bib

Most research activities in the field of peer-to-peer (P2P) computing are concerned with routing in virtualized overlay networks. These overlays generally assume node connectivity to be provided by an underlying network-layer routing protocol. This duplication of functionality can give rise to severe inefficiencies. In contrast, we suggest a cross-layer approach where the P2P overlay network also provides the required network-layer routing functionality by itself. Especially in sensor networks, where special attention has to be paid to the nodes’ limited capabilities, this can greatly help in reducing the message overhead. In this paper, we present a key building block for such a protocol, the iterative successor pointer rewiring protocol (ISPRP), which efficiently initializes a P2P routing network among a freshly deployed set of nodes having but link-layer connectivity. ISPRP works in a fully self-organizing way and issues only a small per-node amount of messages by keeping interactions between nodes as local as possible.
@conference{cramer05isprp, author = {Cramer, Curt and Fuhrmann, Thomas}, booktitle = {Proceedings of the 24th IEEE International Performance, Computing, and Communications Conference (IPCCC)}, title = {ISPRP: A Message-Efficient Protocol for Initializing Structured P2P Networks}, year = {2005}, address = {Phoenix, AZ}, pages = {365{\textendash}370}, keywords = {P2P}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[1064217] On lifetime-based node failure and stochastic resilience of decentralized peer-to-peer networks

Leonard, Derek, Rai, Vivek, and Loguinov, Dmitri

SIGMETRICS Perform. Eval. Rev. 2005

DOI Website abstract Bib

To understand how high rates of churn and random departure decisions of end-users affect connectivity of P2P networks, this paper investigates resilience of random graphs to lifetime-based node failure and derives the expected delay before a user is forcefully isolated from the graph and the probability that this occurs within his/her lifetime. Our results indicate that systems with heavy-tailed lifetime distributions are more resilient than those with light-tailed (e.g., exponential) distributions and that for a given average degree, k-regular graphs exhibit the highest resilience. As a practical illustration of our results, each user in a system with n = 100 billion peers, 30-minute average lifetime, and 1-minute node-replacement delay can stay connected to the graph with probability 1 - 1 n using only 9 neighbors. This is in contrast to 37 neighbors required under previous modeling efforts. We finish the paper by showing that many P2P networks are almost surely (i.e., with probability 1-o(1)) connected if they have no isolated nodes and derive a simple model for the probability that a P2P system partitions under churn.
@article{1064217, author = {Leonard, Derek and Rai, Vivek and Loguinov, Dmitri}, journal = {SIGMETRICS Perform. Eval. Rev.}, title = {On lifetime-based node failure and stochastic resilience of decentralized peer-to-peer networks}, year = {2005}, issn = {0163-5999}, number = {1}, pages = {26{\textendash}37}, volume = {33}, address = {New York, NY, USA}, doi = {10.1145/1071690.1064217}, keywords = {P2P, pareto, stochastic lifetime resilience}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1071690.1064217$\#$} }
[esorics05-Klonowski] Local View Attack on Anonymous Communication

Gogolewski, Marcin, Klonowski, Marek, and Kutylowski, Miroslaw

Sep 2005

DOI Website abstract Bib

We consider anonymous communication protocols based on onions: each message is sent in an encrypted form through a path chosen at random by its sender, and the message is re-coded by each server on the path. Recently, it has been shown that if the anonymous paths are long enough, then the protocols provide provable security for some adversary models. However, it was assumed that all users choose intermediate servers uniformly at random from the same set of servers. We show that if a single user chooses only from a constrained subset of possible intermediate servers, anonymity level may dramatically decrease. A thumb rule is that if Alice is aware of much less than 50% of possible intermediate servers, then the anonymity set for her message becomes surprisingly small with high probability. Moreover, for each location in the anonymity set an adversary may compute probability that it gets a message of Alice. Since there are big differences in these probabilities, in most cases the true destination of the message from Alice is in a small group of locations with the highest probabilities. Our results contradict some beliefs that the protocols mentioned guarantee anonymity provided that the set of possible intermediate servers for each user is large.
@conference{esorics05-Klonowski, author = {Gogolewski, Marcin and Klonowski, Marek and Kutylowski, Miroslaw}, booktitle = {Proceedings of ESORICS 2005}, title = {Local View Attack on Anonymous Communication}, year = {2005}, month = sep, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11555827}, isbn = {978-3-540-28963-0}, keywords = {anonymity measurement, onion routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/ewblt5k80xrgqe4j/} }
[1042380] Location Awareness in Unstructured Peer-to-Peer Systems

Liu, Yunhao, Xiao, Li, Liu, Xiaomei, Ni, Lionel M., and Zhang, Xiaodong

IEEE Trans. Parallel Distrib. Syst. 2005

DOI Website abstract Bib

Peer-to-Peer (P2P) computing has emerged as a popular model aiming at further utilizing Internet information and resources. However, the mechanism of peers randomly choosing logical neighbors without any knowledge about underlying physical topology can cause a serious topology mismatch between the P2P overlay network and the physical underlying network. The topology mismatch problem brings great stress in the Internet infrastructure. It greatly limits the performance gain from various search or routing techniques. Meanwhile, due to the inefficient overlay topology, the flooding-based search mechanisms cause a large volume of unnecessary traffic. Aiming at alleviating the mismatching problem and reducing the unnecessary traffic, we propose a location-aware topology matching (LTM) technique. LTM builds an efficient overlay by disconnecting slow connections and choosing physically closer nodes as logical neighbors while still retaining the search scope and reducing response time for queries. LTM is scalable and completely distributed in the sense that it does not require any global knowledge of the whole overlay network. The effectiveness of LTM is demonstrated through simulation studies.
@article{1042380, author = {Liu, Yunhao and Xiao, Li and Liu, Xiaomei and Ni, Lionel M. and Zhang, Xiaodong}, journal = {IEEE Trans. Parallel Distrib. Syst.}, title = {Location Awareness in Unstructured Peer-to-Peer Systems}, year = {2005}, issn = {1045-9219}, number = {2}, pages = {163{\textendash}174}, volume = {16}, address = {Piscataway, NJ, USA}, doi = {10.1109/TPDS.2005.21}, keywords = {flooding attacks, location-aware topology, P2P, search efficiency, topology matching}, owner = {tom}, publisher = {IEEE Press}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1042380$\#$} }
[torta05] Low-Cost Traffic Analysis of Tor

Murdoch, Steven J., and Danezis, George

May 2005

Website abstract Bib

Tor is the second generation Onion Router, supporting the anonymous transport of TCP streams over the Internet. Its low latency makes it very suitable for common tasks, such as web browsing, but insecure against traffic-analysis attacks by a global passive adversary. We present new traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams and therefore greatly reduce the anonymity provided by Tor. Furthermore, we show that otherwise unrelated streams can be linked back to the same initiator. Our attack is feasible for the adversary anticipated by the Tor designers. Our theoretical attacks are backed up by experiments performed on the deployed, albeit experimental, Tor network. Our techniques should also be applicable to any low latency anonymous network. These attacks highlight the relationship between the field of traffic-analysis and more traditional computer security issues, such as covert channel analysis. Our research also highlights that the inability to directly observe network links does not prevent an attacker from performing traffic-analysis: the adversary can use the anonymising network as an oracle to infer the traffic load on remote nodes in order to perform traffic-analysis.
@conference{torta05, author = {Murdoch, Steven J. and Danezis, George}, booktitle = {Proceedings of the 2005 IEEE Symposium on Security and Privacy}, title = {Low-Cost Traffic Analysis of Tor}, year = {2005}, month = may, organization = {IEEE CS}, publisher = {IEEE CS}, isbn = {0-7695-2339-0}, keywords = {anonymity, onion routing, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1059390} }
[Fiat05makingchord] Making chord robust to byzantine attacks

Fiat, Amos, Saia, Jared, and Young, Maxwell

2005

DOI Website abstract Bib

Chord is a distributed hash table (DHT) that requires only O(log n) links per node and performs searches with latency and message cost O(log n), where n is the number of peers in the network. Chord assumes all nodes behave according to protocol. We give a variant of Chord which is robust with high probability for any time period during which: 1) there are always at least z total peers in the network for some integer z; 2) there are never more than (1/4–ε)z Byzantine peers in the network for a fixed ε > 0; and 3) the number of peer insertion and deletion events is no more than zk for some tunable parameter k. We assume there is an adversary controlling the Byzantine peers and that the IP-addresses of all the Byzantine peers and the locations where they join the network are carefully selected by this adversary. Our notion of robustness is rather strong in that we not only guarantee that searches can be performed but also that we can enforce any set of “proper behavior” such as contributing new material, etc. In comparison to Chord, the resources required by this new variant are only a polylogarithmic factor greater in communication, messaging, and linking costs.
@conference{Fiat05makingchord, author = {Fiat, Amos and Saia, Jared and Young, Maxwell}, booktitle = {In Proc. of the European Symposium on Algorithms (ESA}, title = {Making chord robust to byzantine attacks}, year = {2005}, organization = {Springer}, pages = {803{\textendash}814}, publisher = {Springer}, doi = {10.1007/11561071}, keywords = {Chord, distributed hash table, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/422llxn7khwej72n/} }
[wang:market-driven] Market-driven bandwidth allocation in selfish overlay networks.

Wang, Weihong, and Li, Baochun

03/2005 2005

DOI abstract Bib

Selfish overlay networks consist of autonomous nodes that develop their own strategies by optimizing towards their local objectives and self-interests, rather than following prescribed protocols. It is thus important to regulate the behavior of selfish nodes, so that system-wide properties are optimized. In this paper, we investigate the problem of bandwidth allocation in overlay networks, and propose to use a market-driven approach to regulate the behavior of selfish nodes that either provide or consume services. In such markets, consumers of services select the best service providers, taking into account both the performance and the price of the service. On the other hand, service providers are encouraged to strategically decide their respective prices in a pricing game, in order to maximize their economic revenues and minimize losses in the long run. In order to overcome the limitations of previous models towards similar objectives, we design a decentralized algorithm that uses reinforcement learning to help selfish nodes to incrementally adapt to the local market, and to make optimized strategic decisions based on past experiences. We have simulated our proposed algorithm in randomly generated overlay networks, and have shown that the behavior of selfish nodes converges to their optimal strategies, and resource allocations in the entire overlay are near-optimal, and efficiently adapts to the dynamics of overlay networks.
@conference{wang:market-driven, author = {Wang, Weihong and Li, Baochun}, booktitle = {INFOCOM{\textquoteright}05. Proceedings of the 24th IEEE International Conference on Computer Communications}, title = {Market-driven bandwidth allocation in selfish overlay networks.}, year = {2005}, address = {Miami, FL, USA}, month = {03/2005}, organization = {IEEE Computer Society}, pages = {2578-2589}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/INFCOM.2005.1498542}, isbn = {0-7803-8968-9}, keywords = {bandwidth allocation, economics, market-driven, prescribed protocol, selfish overlay network}, owner = {tom}, timestamp = {2017-10-10} }
[Guo:2005:MAM:1251086.1251090] Measurements, analysis, and modeling of BitTorrent-like systems

Guo, Lei, Chen, Songqing, Xiao, Zhen, Tan, Enhua, Ding, Xiaoning, and Zhang, Xiaodong

10/2005 2005

Website abstract Bib

Existing studies on BitTorrent systems are single-torrent based, while more than 85% of all peers participate in multiple torrents according to our trace analysis. In addition, these studies are not sufficiently insightful and accurate even for single-torrent models, due to some unrealistic assumptions. Our analysis of representative Bit-Torrent traffic provides several new findings regarding the limitations of BitTorrent systems: (1) Due to the exponentially decreasing peer arrival rate in reality, service availability in such systems becomes poor quickly, after which it is difficult for the file to be located and downloaded. (2) Client performance in the BitTorrent-like systems is unstable, and fluctuates widely with the peer population. (3) Existing systems could provide unfair services to peers, where peers with high downloading speed tend to download more and upload less. In this paper, we study these limitations on torrent evolution in realistic environments. Motivated by the analysis and modeling results, we further build a graph based multi-torrent model to study inter-torrent collaboration. Our model quantitatively provides strong motivation for inter-torrent collaboration instead of directly stimulating seeds to stay longer. We also discuss a system design to show the feasibility of multi-torrent collaboration.
@conference{Guo:2005:MAM:1251086.1251090, author = {Guo, Lei and Chen, Songqing and Xiao, Zhen and Tan, Enhua and Ding, Xiaoning and Zhang, Xiaodong}, booktitle = {IMC{\textquoteright}05. Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement}, title = {Measurements, analysis, and modeling of BitTorrent-like systems}, year = {2005}, address = {Berkeley, CA, USA}, month = {10/2005}, organization = {USENIX Association}, pages = {4{\textendash}4}, publisher = {USENIX Association}, series = {IMC {\textquoteright}05}, keywords = {bittorrent system, intertorrent collaboration, multi-torrent collaboration, multiple torrents}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.usenix.org/events/imc05/tech/full_papers/guo/guo_html/} }
[kutzner05overnet] Measuring Large Overlay Networks - The Overnet Example

Kutzner, Kendy, and Fuhrmann, Thomas

2005

DOI Website abstract Bib

Peer-to-peer overlay networks have grown significantly in size and sophistication over the last years. Meanwhile, distributed hash tables (DHT) provide efficient means to create global scale overlay networks on top of which various applications can be built. Although filesharing still is the most prominent example, other applications are well conceivable. In order to rationally design such applications, it is important to know (and understand) the properties of the overlay networks as seen from the respective application. This paper reports the results from a two week measurement of the entire Overnet network, the currently most widely deployed DHT-based overlay. We describe both, the design choices that made that measurement feasible and the results from the measurement itself. Besides the basic determination of network size, node availability and node distribution, we found unexpected results for the overlay latency distribution.
@conference{kutzner05overnet, author = {Kutzner, Kendy and Fuhrmann, Thomas}, booktitle = {Konferenzband der 14. Fachtagung Kommunikation in Verteilten Systemen (KiVS 2005)}, title = {Measuring Large Overlay Networks - The Overnet Example}, year = {2005}, address = {Kaiserslautern, Germany}, doi = {10.1007/b138861}, isbn = {978-3-540-24473-8}, keywords = {distributed hash table, overlay networks, P2P}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[pet05-serjantov] Message Splitting Against the Partial Adversary

Serjantov, Andrei, and Murdoch, Steven J.

May 2005

DOI Website abstract Bib

We review threat models used in the evaluation of anonymity systems’ vulnerability to traffic analysis. We then suggest that, under the partial adversary model, if multiple packets have to be sent through these systems, more anonymity can be achieved if senders route the packets via different paths. This is in contrast to the normal technique of using the same path for them all. We comment on the implications of this for message-based and connection-based anonymity systems. We then proceed to examine the only remaining traffic analysis attack – one which considers the entire system as a black box. We show that it is more difficult to execute than the literature suggests, and attempt to empirically estimate the parameters of the Mixmaster and the Mixminion systems needed in order to successfully execute the attack.
@conference{pet05-serjantov, author = {Serjantov, Andrei and Murdoch, Steven J.}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2005)}, title = {Message Splitting Against the Partial Adversary}, year = {2005}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {26{\textendash}39}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11767831}, isbn = {978-3-540-34745-3}, keywords = {anonymity, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/375x2pv385388h86/} }
[pet05-camenisch] Mix-network with Stronger Security

Camenisch, Jan, and Mityagin, Anton

May 2005

DOI Website abstract Bib

We consider a mix-network as a cryptographic primitive that provides anonymity. A mix-network takes as input a number of ciphertexts and outputs a random shuffle of the corresponding plaintexts. Common applications of mix-nets are electronic voting and anonymous network traffic. In this paper, we present a novel construction of a mix-network, which is based on shuffling ElGamal encryptions. Our scheme is the first mix-net to meet the strongest security requirements: it is robust and secure against chosen ciphertext attacks as well as against active attacks in the Universally Composable model. Our construction allows one to securely execute several mix-net instances concurrently, as well as to run multiple mix-sessions without changing a set of keys. Nevertheless, the scheme is efficient: it requires a linear work (in the number of input messages) per mix-server.
@conference{pet05-camenisch, author = {Camenisch, Jan and Mityagin, Anton}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2005)}, title = {Mix-network with Stronger Security}, year = {2005}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {128{\textendash}147}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11767831}, isbn = {978-3-540-34745-3}, keywords = {anonymity, electronic voting}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/v32m5122127m78v0/} }
[gkantsidis:network] Network coding for large scale content distribution

Gkantsidis, Christos, and Rodriguez, Pablo

03/2005 2005

DOI abstract Bib

We propose a new scheme for content distribution of large files that is based on network coding. With network coding, each node of the distribution network is able to generate and transmit encoded blocks of information. The randomization introduced by the coding process eases the scheduling of block propagation, and, thus, makes the distribution more efficient. This is particularly important in large unstructured overlay networks, where the nodes need to make block forwarding decisions based on local information only. We compare network coding to other schemes that transmit unencoded information (i.e. blocks of the original file) and, also, to schemes in which only the source is allowed to generate and transmit encoded packets. We study the performance of network coding in heterogeneous networks with dynamic node arrival and departure patterns, clustered topologies, and when incentive mechanisms to discourage free-riding are in place. We demonstrate through simulations of scenarios of practical interest that the expected file download time improves by more than 20-30% with network coding compared to coding at the server only and, by more than 2-3 times compared to sending unencoded information. Moreover, we show that network coding improves the robustness of the system and is able to smoothly handle extreme situations where the server and nodes leave the system.
@conference{gkantsidis:network, author = {Gkantsidis, Christos and Rodriguez, Pablo}, booktitle = {INFOCOM{\textquoteright}05. Proceedings of the 24th IEEE International Conference on Computer Communications}, title = {Network coding for large scale content distribution}, year = {2005}, address = {Miami, FL, USA}, month = {03/2005}, organization = {IEEE Computer Society}, pages = {2235-2245}, publisher = {IEEE Computer Society}, doi = {http://dx.doi.org/10.1109/INFCOM.2005.1498511}, isbn = {0-7803-8968-9}, keywords = {large scale content distribution, network coding}, owner = {tom}, timestamp = {2017-10-10} }
[Sanghavi:2005:NMF:1080192.1080200] A new mechanism for the free-rider problem

Sanghavi, Sujay, and Hajek, Bruce

08/2005 2005

DOI Website abstract Bib

The free-rider problem arises in the provisioning of public resources, when users of the resource have to contribute towards the cost of production. Selfish users may have a tendency to misrepresent preferences – so as to minimize individual contributions – leading to inefficient levels of production of the resource. Groves and Loeb formulated a classic model capturing this problem, and proposed (what later came to be known as) the VCG mechanism as a solution. However, in the presence of heterogeneous users and communication constraints, or in decentralized settings, implementing this mechanism places an unrealistic communication burden. In this paper we propose a class of alternative mechanisms for the same problem as considered by Groves and Loeb, but with the added constraint of severely limited communication between users and the provisioning authority. When these mechanisms are used, efficient production is ensured as a Nash equilibrium outcome, for a broad class of users. Furthermore, a natural bid update strategy is shown to globally converge to efficient Nash equilibria. An extension to multiple public goods with inter-related valuations is also presented.
@conference{Sanghavi:2005:NMF:1080192.1080200, author = {Sanghavi, Sujay and Hajek, Bruce}, booktitle = {P2PEcon{\textquoteright}05. Proceedings of the 2005 ACM SIGCOMM Workshop on Economics of Peer-to-Peer Systems}, title = {A new mechanism for the free-rider problem}, year = {2005}, address = {Philadelphia, Pennsylvania, USA}, month = {08/2005}, organization = {ACM}, pages = {122{\textendash}127}, publisher = {ACM}, series = {P2PECON {\textquoteright}05}, doi = {http://doi.acm.org/10.1145/1080192.1080200}, isbn = {1-59593-026-4}, keywords = {free-rider, problem}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1080192.1080200} }

[1251532] Non-transitive connectivity and DHTs

Freedman, Michael J., Lakshminarayanan, Karthik, Rhea, Sean C., and Stoica, Ion

2005

@conference{1251532,
  author = {Freedman, Michael J. and Lakshminarayanan, Karthik and Rhea, Sean C. and Stoica, Ion},
  booktitle = {WORLDS{\textquoteright}05: Proceedings of the 2nd conference on Real, Large Distributed Systems},
  title = {Non-transitive connectivity and DHTs},
  year = {2005},
  address = {Berkeley, CA, USA},
  organization = {USENIX Association},
  pages = {55{\textendash}60},
  publisher = {USENIX Association},
  keywords = {Chord, distributed hash table},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1251532$\#$}
}

[cryptoeprint:2005:394] Obfuscated Ciphertext Mixing

Adida, Ben, and Wikström, Douglas

Nov 2005

Website abstract Bib

Mixnets are a type of anonymous channel composed of a handful of trustees that, each in turn, shu#e and rerandomize a batch ciphertexts. For applications that require verifiability, each trustee provides a proof of correct mixing. Though mixnets have recently been made quite e#cient, they still require secret computation and proof generation after the mixing process. We introduce and implement Obfuscated Ciphertext Mixing, the obfuscation of a mixnet program. Using this technique, all proofs can be performed before the mixing process, even before the inputs are available. In addition, the mixing program does not need to be secret: anyone can publicly compute the shuffle (though not the decryption). We frame this functionality in the strongest obfuscation setting proposed by Barak et. al. [4], tweaked for the public-key setting. For applications where the secrecy of the shuffle permutation is particularly important (e.g. voting), we also consider the Distributed Obfuscation of a Mixer, where multiple trustees cooperate to generate an obfuscated mixer program such that no single trustee knows the composed shuffle permutation.
@booklet{cryptoeprint:2005:394, title = {Obfuscated Ciphertext Mixing}, author = {Adida, Ben and Wikstr{\"o}m, Douglas}, month = nov, year = {2005}, keywords = {obfuscated ciphertext mixing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.60.6592} }
[Garcia05off-linekarma:] Off-line Karma: A Decentralized Currency for Peer-to-peer and Grid Applications

Garcia, Flavio D., and Hoepman, Jaap-Henk

06/2005 2005

DOI abstract Bib

Peer-to-peer (P2P) and grid systems allow their users to exchange information and share resources, with little centralised or hierarchical control, instead relying on the fairness of the users to make roughly as much resources available as they use. To enforce this balance, some kind of currency or barter (called karma) is needed that must be exchanged for resources thus limiting abuse. We present a completely decentralised, off-line karma implementation for P2P and grid systems, that detects double-spending and other types of fraud under varying adversarial scenarios. The system is based on tracing the spending pattern of coins, and distributing the normally central role of a bank over a predetermined, but random, selection of nodes. The system is designed to allow nodes to join and leave the system at arbitrary times.
@conference{Garcia05off-linekarma:, author = {Garcia, Flavio D. and Hoepman, Jaap-Henk}, booktitle = {ACNS{\textquoteright}05. 3rd Applied Cryptography and Network Security Conference}, title = {Off-line Karma: A Decentralized Currency for Peer-to-peer and Grid Applications}, year = {2005}, address = {New York, NY, USA}, month = {06/2005}, organization = {Springer}, pages = {364{\textendash}377}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {3531}, doi = {10.1007/11496137_25}, keywords = {decentralized, free-riding, GRID, micropayments, peer-to-peer networking, security}, owner = {tom}, timestamp = {2017-10-10} }

[2005a] OpenDHT: a public DHT service and its uses

2005

@conference{2005a,
  booktitle = {Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications},
  title = {OpenDHT: a public DHT service and its uses},
  year = {2005},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {73{\textendash}84},
  publisher = {ACM},
  series = {SIGCOMM {\textquoteright}05},
  doi = {10.1145/1080091.1080102},
  isbn = {1-59593-009-4},
  keywords = {distributed hash table, openDHT, peer-to-peer, resource allocation},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1080091.1080102}
}

[Feldman:2005:OFB:1120717.1120723] Overcoming free-riding behavior in peer-to-peer systems

Feldman, Michal, and Chuang, John

ACM SIGecom Exchanges 07/2005 2005

DOI Website abstract Bib

While the fundamental premise of peer-to-peer (P2P) systems is that of voluntary resource sharing among individual peers, there is an inherent tension between individual rationality and collective welfare that threatens the viability of these systems. This paper surveys recent research at the intersection of economics and computer science that targets the design of distributed systems consisting of rational participants with diverse and selfish interests. In particular, we discuss major findings and open questions related to free-riding in P2P systems: factors affecting the degree of free-riding, incentive mechanisms to encourage user cooperation, and challenges in the design of incentive mechanisms for P2P systems.
@article{Feldman:2005:OFB:1120717.1120723, author = {Feldman, Michal and Chuang, John}, journal = {ACM SIGecom Exchanges}, title = {Overcoming free-riding behavior in peer-to-peer systems}, year = {2005}, issn = {1551-9031}, month = {07/2005}, pages = {41{\textendash}50}, volume = {5}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1120717.1120723}, keywords = {algorithms, cooperation, design, economics, game-theory, hidden-action, hidden-information, incentives, peer-to-peer networking, performance, reliability}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1120717.1120723} }
[Ghosal2005] P2P Contracts: a Framework for Resource and Service Exchange

Ghosal, Dipak, Poon, Benjamin K., and Kong, Keith

FGCS. Future Generations Computer Systems 03/2005 2005

DOI abstract Bib

A crucial aspect of Peer-to-Peer (P2P) systems is that of providing incentives for users to contribute their resources to the system. Without such incentives, empirical data show that a majority of the participants act asfree riders. As a result, a substantial amount of resource goes untapped, and, frequently, P2P systems devolve into client-server systems with attendant issues of performance under high load. We propose to address the free rider problem by introducing the notion of a P2P contract. In it, peers are made aware of the benefits they receive from the system as a function of their contributions. In this paper, we first describe a utility-based framework to determine the components of the contract and formulate the associated resource allocation problem. We consider the resource allocation problem for a flash crowd scenario and show how the contract mechanism implemented using a centralized server can be used to quickly create pseudoservers that can serve out the requests. We then study a decentralized implementation of the P2P contract scheme in which each node implements the contract based on local demand. We show that in such a system, other than contributing storage and bandwidth to serve out requests, it is also important that peer nodes function as application-level routers to connect pools of available pseudoservers. We study the performance of the distributed implementation with respect to the various parameters including the terms of the contract and the triggers to create pseudoservers and routers.
@article{Ghosal2005, author = {Ghosal, Dipak and Poon, Benjamin K. and Kong, Keith}, journal = {FGCS. Future Generations Computer Systems}, title = {P2P Contracts: a Framework for Resource and Service Exchange}, year = {2005}, issn = {0167-739X}, month = {03/2005}, pages = {333-347}, volume = {21}, doi = {10.1016/j.future.2004.04.013}, keywords = {contracts, framework, P2P, peer-to-peer networking, resource exchange, service exchange}, owner = {tom}, timestamp = {2017-10-10} }
[busca:pastis:] Pastis: A Highly-Scalable Multi-user Peer-to-Peer File System.

Busca, Jean-Michel, Picconi, Fabio, and Sens, Pierre

09/2005 2005

DOI abstract Bib

We introduce Pastis, a completely decentralized multi-user read-write peer-to-peer file system. In Pastis every file is described by a modifiable inode-like structure which contains the addresses of the immutable blocks in which the file contents are stored. All data are stored using the Past distributed hash table (DHT), which we have modified in order to reduce the number of network messages it generates, thus optimizing replica retrieval. Pastis’ design is simple compared to other existing systems, as it does not require complex algorithms like Byzantine-fault tolerant (BFT) replication or a central administrative authority. It is also highly scalable in terms of the number of network nodes and users sharing a given file or portion of the file system. Furthermore, Pastis takes advantage of the fault tolerance and good locality properties of its underlying storage layer, the Past DHT. We have developed a prototype based on the FreePastry open-source implementation of the Past DHT. We have used this prototype to evaluate several characteristics of our file system design. Supporting the close-to-open consistency model, plus a variant of the read-your-writes model, our prototype shows that Pastis is between 1.4 to 1.8 times slower than NFS. In comparison, Ivy and Oceanstore are between two to three times slower than NFS.
@conference{busca:pastis:, author = {Busca, Jean-Michel and Picconi, Fabio and Sens, Pierre}, booktitle = {Euro-Par{\textquoteright}05 Parallel Processing}, title = {Pastis: A Highly-Scalable Multi-user Peer-to-Peer File System.}, year = {2005}, address = {Lisboa, Portugal}, month = {09/2005}, organization = {Springer-Verlag}, pages = {1173-1182}, publisher = {Springer-Verlag}, doi = {10.1007/11549468_128}, keywords = {distributed hash table, multi-user, Pastis, peer-to-peer file system, read-write}, owner = {tom}, timestamp = {2017-10-10} }
[Massachusetts05peer-to-peercommunication] Peer-to-Peer Communication Across Network Address Translators

Srisuresh, Pyda, Ford, Bryan, and Kegel, Dan

04/2005 2005

Website abstract Bib

Network Address Translation (NAT) causes well-known difficulties for peer-to-peer (P2P) communication, since the peers involved may not be reachable at any globally valid IP address. Several NAT traversal techniques are known, but their documentation is slim, and data about their robustness or relative merits is slimmer. This paper documents and analyzes one of the simplest but most robust and practical NAT traversal techniques, commonly known as hole punching. Hole punching is moderately well-understood for UDP communication, but we show how it can be reliably used to set up peer-to-peer TCP streams as well. After gathering data on the reliability of this technique on a wide variety of deployed NATs, we nd that about 82% of the NATs tested support hole punching for UDP, and about 64% support hole punching for TCP streams. As NAT vendors become increasingly conscious of the needs of important P2P applications such as Voice over IP and online gaming protocols, support for hole punching is likely to increase in the future.
@conference{Massachusetts05peer-to-peercommunication, author = {Srisuresh, Pyda and Ford, Bryan and Kegel, Dan}, booktitle = {ATEC05. Proceedings of the USENIX Annual Technical Conference}, title = {Peer-to-Peer Communication Across Network Address Translators}, year = {2005}, address = {Anaheim, CA}, month = {04/2005}, organization = {USENIX Association}, pages = {179{\textendash}192}, publisher = {USENIX Association}, keywords = {communication network, ip address, NAT, nat traversal techniques, network address translation, P2P, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.59.6799\&rep=rep1\&type=pdf} }
[Fuhrmann_aplatform] A platform for lab exercises in sensor networks

Fuhrmann, Thomas, and Harbaum, Till

2005

Website abstract Bib

Programming of and experiences with sensor network nodes are about to enter the curricula of technical universities. Often however, practical obstacles complicate the implementation of a didactic concept. In this paper we present our approach that uses a Java virtual machine to decouple experiments with algorithm and protocol concepts from the odds of embedded system programming. This concept enables students to load Java classes via an SD-card into a sensor node. An LC display provides detailed information if the program aborts due to bugs.
@booklet{Fuhrmann_aplatform, title = {A platform for lab exercises in sensor networks}, author = {Fuhrmann, Thomas and Harbaum, Till}, year = {2005}, keywords = {sensor networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.72.8036} }
[Ali:2005:PTA:1082473.1082631] Preprocessing techniques for accelerating the DCOP algorithm ADOPT

Ali, Syed, Koenig, Sven, and Tambe, Milind

07/2005 2005

DOI Website abstract Bib

Methods for solving Distributed Constraint Optimization Problems (DCOP) have emerged as key techniques for distributed reasoning. Yet, their application faces significant hurdles in many multiagent domains due to their inefficiency. Preprocessing techniques have successfully been used to speed up algorithms for centralized constraint satisfaction problems. This paper introduces a framework of different preprocessing techniques that are based on dynamic programming and speed up ADOPT, an asynchronous complete and optimal DCOP algorithm. We investigate when preprocessing is useful and which factors influence the resulting speedups in two DCOP domains, namely graph coloring and distributed sensor networks. Our experimental results demonstrate that our preprocessing techniques are fast and can speed up ADOPT by an order of magnitude.
@conference{Ali:2005:PTA:1082473.1082631, author = {Ali, Syed and Koenig, Sven and Tambe, Milind}, booktitle = {AAMAS{\textquoteright}05 - Proceedings of the fourth international joint conference on Autonomous agents and multiagent systems}, title = {Preprocessing techniques for accelerating the DCOP algorithm ADOPT}, year = {2005}, address = {Utrecht, Netherlands}, month = {07/2005}, organization = {ACM}, pages = {1041{\textendash}1048}, publisher = {ACM}, series = {AAMAS {\textquoteright}05}, doi = {10.1145/1082473.1082631}, isbn = {1-59593-093-0}, keywords = {ADOPT algorithm, DCOP, distributed constraint optimization}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1082473.1082631} }
[Jensen2005] Privacy Practices of Internet Users: Self-reports Versus Observed Behavior

Jensen, Carlos, Potts, Colin, and Jensen, Christian

Int. J. Hum.-Comput. Stud. 2005

DOI Website abstract Bib

Several recent surveys conclude that people are concerned about privacy and consider it to be an important factor in their online decision making. This paper reports on a study in which (1) user concerns were analysed more deeply and (2) what users said was contrasted with what they did in an experimental e-commerce scenario. Eleven independent variables were shown to affect the online behavior of at least some groups of users. Most significant were trust marks present on web pages and the existence of a privacy policy, though users seldom consulted the policy when one existed. We also find that many users have inaccurate perceptions of their own knowledge about privacy technology and vulnerabilities, and that important user groups, like those similar to the Westin "privacy fundamentalists", do not appear to form a cohesive group for privacy-related decision making.In this study we adopt an experimental economic research paradigm, a method for examining user behavior which challenges the current emphasis on survey data. We discuss these issues and the implications of our results on user interpretation of trust marks and interaction design. Although broad policy implications are beyond the scope of this paper, we conclude by questioning the application of the ethical/legal doctrine of informed consent to online transactions in the light of the evidence that users frequently do not consult privacy policies.
@article{Jensen2005, author = {Jensen, Carlos and Potts, Colin and Jensen, Christian}, journal = {Int. J. Hum.-Comput. Stud.}, title = {Privacy Practices of Internet Users: Self-reports Versus Observed Behavior}, year = {2005}, issn = {1071-5819}, pages = {203{\textendash}227}, volume = {63}, doi = {10.1016/j.ijhcs.2005.04.019}, keywords = {decision-making, design, e-commerce, economic models, policy, privacy, survey}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1016/j.ijhcs.2005.04.019} }
[pet05-bissias] Privacy Vulnerabilities in Encrypted HTTP Streams

Bissias, George Dean, Liberatore, Marc, and Levine, Brian Neil

May 2005

DOI Website abstract Bib

Encrypting traffic does not prevent an attacker from performing some types of traffic analysis. We present a straightforward traffic analysis attack against encrypted HTTP streams that is surprisingly effective in identifying the source of the traffic. An attacker starts by creating a profile of the statistical characteristics of web requests from interesting sites, including distributions of packet sizes and inter-arrival times. Later, candidate encrypted streams are compared against these profiles. In our evaluations using real traffic, we find that many web sites are subject to this attack. With a training period of 24 hours and a 1 hour delay afterwards, the attack achieves only 23% accuracy. However, an attacker can easily pre-determine which of trained sites are easily identifiable. Accordingly, against 25 such sites, the attack achieves 40% accuracy; with three guesses, the attack achieves 100% accuracy for our data. Longer delays after training decrease accuracy, but not substantially. We also propose some countermeasures and improvements to our current method. Previous work analyzed SSL traffic to a proxy, taking advantage of a known flaw in SSL that reveals the length of each web object. In contrast, we exploit the statistical characteristics of web streams that are encrypted as a single flow, which is the case with WEP/WPA, IPsec, and SSH tunnels.
@conference{pet05-bissias, author = {Bissias, George Dean and Liberatore, Marc and Levine, Brian Neil}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2005)}, title = {Privacy Vulnerabilities in Encrypted HTTP Streams}, year = {2005}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {1{\textendash}11}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11767831}, isbn = {978-3-540-34745-3}, keywords = {privacy, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/1062w684754754h4/} }
[Kissner2005] Privacy-Preserving Set Operations

Kissner, Lea, and Song, Dawn

2005

DOI Website abstract Bib

In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacy-preserving computation; that is, no party learns more information about other parties’ private input sets than what can be deduced from the result. In this paper, we propose efficient techniques for privacy-preserving operations on multisets. By building a framework of multiset operations, employing the mathematical properties of polynomials, we design efficient, secure, and composable methods to enable privacy-preserving computation of the union, intersection, and element reduction operations. We apply these techniques to a wide range of practical problems, achieving more efficient results than those of previous work.
@inbook{Kissner2005, author = {Kissner, Lea and Song, Dawn}, editor = {Shoup, Victor}, pages = {241-257}, publisher = {Springer Berlin Heidelberg}, title = {Privacy-Preserving Set Operations}, year = {2005}, isbn = {978-3-540-28114-6}, series = {Lecture Notes in Computer Science}, volume = {3621}, booktitle = {Advances in Cryptology {\textendash} CRYPTO 2005}, doi = {10.1007/11535218_15}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/11535218_15} }

[Goethals2005] On Private Scalar Product Computation for Privacy-Preserving Data Mining

Goethals, Bart, Laur, Sven, Lipmaa, Helger, and Mielikäinen, Taneli

2005

In mining and integrating data from multiple sources, there are many privacy and security issues. In several different contexts, the security of the full privacy-preserving data mining protocol depends on the security of the underlying private scalar product protocol. We show that two of the private scalar product protocols, one of which was proposed in a leading data mining conference, are insecure. We then describe a provably private scalar product protocol that is based on homomorphic encryption and improve its efficiency so that it can also be used on massive datasets.

@inbook{Goethals2005,
  author = {Goethals, Bart and Laur, Sven and Lipmaa, Helger and Mielik{\"a}inen, Taneli},
  editor = {Park, Choon-sik and Chee, Seongtaek},
  pages = {104-120},
  publisher = {Springer Berlin Heidelberg},
  title = {On Private Scalar Product Computation for Privacy-Preserving Data Mining},
  year = {2005},
  isbn = {978-3-540-26226-8},
  series = {Lecture Notes in Computer Science},
  volume = {3506},
  booktitle = {Information Security and Cryptology {\textendash} ICISC 2004},
  doi = {10.1007/11496618_9},
  keywords = {Privacy-preserving data mining, private scalar product protocol, vertically partitioned frequent pattern mining},
  organization = {Springer Berlin Heidelberg},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/11496618_9}
}

[GHPvR05] Provable Anonymity

Garcia, Flavio D., Hasuo, Ichiro, Pieters, Wolter, and Rossum, Peter

Nov 2005

DOI Website abstract Bib

This paper provides a formal framework for the analysis of information hiding properties of anonymous communication protocols in terms of epistemic logic.The key ingredient is our notion of observational equivalence, which is based on the cryptographic structure of messages and relations between otherwise random looking messages. Two runs are considered observationally equivalent if a spy cannot discover any meaningful distinction between them.We illustrate our approach by proving sender anonymity and unlinkability for two anonymizing protocols, Onion Routing and Crowds. Moreover, we consider a version of Onion Routing in which we inject a subtle error and show how our framework is capable of capturing this flaw.
@conference{GHPvR05, author = {Garcia, Flavio D. and Hasuo, Ichiro and Pieters, Wolter and van Rossum, Peter}, booktitle = {Proceedings of the 3rd ACM Workshop on Formal Methods in Security Engineering (FMSE05)}, title = {Provable Anonymity}, year = {2005}, address = {Alexandria, VA, USA}, month = nov, doi = {10.1145/1103576.1103585}, isbn = {1-59593-231-3}, keywords = {cryptography, onion routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1103576.1103585} }
[ih05-Klonowski] Provable Anonymity for Networks of Mixes

Klonowski, Marek, and Kutylowski, Miroslaw

Jun 2005

DOI Website abstract Bib

We analyze networks of mixes used for providing untraceable communication. We consider a network consisting of k mixes working in parallel and exchanging the outputs – which is the most natural architecture for composing mixes of a certain size into networks able to mix a larger number of inputs at once. We prove that after O(log k) rounds the network considered provides a fair level of privacy protection for any number of messages. No mathematical proof of this kind has been published before. We show that if at least one of server is corrupted we need substantially more rounds to meet the same requirements of privacy protection.
@conference{ih05-Klonowski, author = {Klonowski, Marek and Kutylowski, Miroslaw}, booktitle = {Proceedings of Information Hiding Workshop (IH 2005)}, title = {Provable Anonymity for Networks of Mixes}, year = {2005}, month = jun, organization = {Springer Berlin / Heidelberg}, pages = {26{\textendash}38}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11558859}, isbn = {978-3-540-29039-1}, keywords = {anonymity, coupling, Markov chain, rapid mixing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/777769630v335773/} }
[cramer05pns] Proximity Neighbor Selection for a DHT in Wireless Multi-Hop Networks

Cramer, Curt, and Fuhrmann, Thomas

2005

DOI Website abstract Bib

A mobile ad hoc network (MANET) is a multi-hop wireless network having no infrastructure. Thus, the mobile nodes have to perform basic control tasks, such as routing, and higher-level tasks, such as service discovery, in a cooperative and distributed way. Originally conceived as a peer-to-peer application for the Internet, distributed hash tables (DHTs) are data structures offering both, scalable routing and a convenient abstraction for the design of applications in large, dynamic networks. Hence, DHTs and MANETs seem to be a good match, and both have to cope with dynamic, self-organizing networks. DHTs form a virtual control structure oblivious to the underlying network. Several techniques to improve the performance of DHTs in wired networks have been established in the literature. A particularly efficient one is proximity neighbor selection (PNS). PNS has to continuously adapt the virtual network to the physical network, incurring control traffic. The applicability of PNS and DHTs for MANETs commonly is regarded as hard because of this control traffic,the complexity of the adaptation algorithms, and the dynamics of a MANET. Using simulations supported by analytical methods, we show that by making a minor addition to PNS, it is also applicable for MANETs. We additionally show that the specifics of a MANET make PNS an easy exercise there. Thus, DHTs deliver good performance in MANETs.
@conference{cramer05pns, author = {Cramer, Curt and Fuhrmann, Thomas}, booktitle = {Proceedings of the 5th IEEE International Conference on Peer-to-Peer Computing}, title = {Proximity Neighbor Selection for a DHT in Wireless Multi-Hop Networks}, year = {2005}, address = {Konstanz, Germany}, organization = {IEEE Computer Society Washington, DC, USA}, pages = {3{\textendash}10}, publisher = {IEEE Computer Society Washington, DC, USA}, doi = {10.1109/P2P.2005.28}, isbn = {0-7695-2376-5}, keywords = {distributed hash table, multi-hop networks, proximity neighbor selection}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }

[sassaman:wpes2005] The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval

Sassaman, Len, Cohen, Bram, and Mathewson, Nick

Nov 2005

We describe the Pynchon Gate, a practical pseudonymous message retrieval system. Our design uses a simple distributed-trust private information retrieval protocol to prevent adversaries from linking recipients to their pseudonyms, even when some of the infrastructure has been compromised. This approach resists global traffic analysis significantly better than existing deployed pseudonymous email solutions, at the cost of additional bandwidth. We examine security concerns raised by our model, and propose solutions.

@conference{sassaman:wpes2005,
  author = {Sassaman, Len and Cohen, Bram and Mathewson, Nick},
  booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2005)},
  title = {The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval},
  year = {2005},
  address = {Arlington, VA, USA},
  month = nov,
  organization = {ACM New York, NY, USA},
  publisher = {ACM New York, NY, USA},
  doi = {10.1145/1102199.1102201},
  isbn = {1-59593-228-3},
  keywords = {private information retrieval, pseudonym},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1102199.1102201}
}

[HanLLHP05] A Random Walk Based Anonymous Peer-to-Peer Protocol Design

Han, Jinsong, Liu, Yunhao, Lu, Li, Hu, Lei, and Patil, Abhishek

2005

Anonymity has been one of the most challenging issues in Ad Hoc environment such as P2P systems. In this paper, we propose an anonymous protocol called Random Walk based Anonymous Protocol (RWAP), in decentralized P2P systems. We evaluate RWAP by comprehensive trace driven simulations. Results show that RWAP significantly reduces traffic cost and encryption overhead compared with existing approaches.

@conference{HanLLHP05,
  author = {Han, Jinsong and Liu, Yunhao and Lu, Li and Hu, Lei and Patil, Abhishek},
  booktitle = {Proceedings of ICCNMC},
  title = {A Random Walk Based Anonymous Peer-to-Peer Protocol Design},
  year = {2005},
  organization = {Springer Berlin / Heidelberg},
  pages = {143{\textendash}152},
  publisher = {Springer Berlin / Heidelberg},
  doi = {10.1007/11534310},
  isbn = {978-3-540-28102-3},
  keywords = {anonymity, P2P, RWAP},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/0642hvq80b27vv1f/}
}

[Aspelund05retrivabilityof] Retrivability of data in ad-hoc backup

Aspelund, Trond

2005

Website abstract Bib

This master thesis looks at aspects with backup of data and restore in ad-hoc networks. Ad-hoc networks are networks made between arbitrary nodes without any form of infrastructure or central control. Backup in such environments would have to rely on other nodes to keep backups. The key problem is knowing whom to trust. Backup in ad-hoc network is meant to be a method to offer extra security to data that is created outside of a controlled environment. The most important aspects of backup are the ability to retrieve data after it is lost from the original device. In this project an ad-hoc network is simulated, to measure how much of the data can be retrieved as a function of the size of the network. The distance to the data and how many of the distributed copies are available is measured. The network is simulated using User-mode Linux and the centrality and connectivity of the simulated network is measured. Finding the device that keeps your data when a restoration is needed can be like looking for a needle in a haystack. A simple solution to this is to not only rely on the ad-hoc network but also make it possible for devices that keep backups to upload data to others or back to a host that is available to the source itself.
@mastersthesis{Aspelund05retrivabilityof, author = {Aspelund, Trond}, school = {Oslo University}, title = {Retrivability of data in ad-hoc backup}, year = {2005}, type = {Master thesis}, keywords = {ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.106.141}, volume = {Master} }
[1698181] Routing with Byzantine robustness

Perlman, Radia

2005

Website abstract Bib

This paper describes how a network can continue to function in the presence of Byzantine failures. A Byzantine failure is one in which a node, instead of halting (as it would in a fail-stop failure), continues to operate, but incorrectly. It might lie about routing information, perform the routing algorithm itself flawlessly, but then fail to forward some class of packets correctly, or flood the network with garbage traffic. Our goal is to design a network so that as long as one nonfaulty path connects nonfaulty nodes A and B, they will be able to communicate, with some fair share of bandwidth, even if all the other components in the network are maximally malicious. We review work from 1988 that presented a network design that had that property, but required the network to be small enough so that every router could keep state proportional to n2, where n is the total number of nodes in the network. This would work for a network of size on the order of a thousand nodes, but to build a large network, we need to introduce hierarchy. This paper presents a new design, building on the original work, that works with hierarchical networks. This design not only defends against malicious routers, but because it guarantees fair allocation of resources, can mitigate against many other types of denial of service attacks.
@booklet{1698181, title = {Routing with Byzantine robustness}, address = {Mountain View, CA, USA}, author = {Perlman, Radia}, year = {2005}, keywords = {routing}, owner = {tom}, publisher = {Sun Microsystems, Inc.}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1698181$\#$} }
[XuFZBCZ05] SAS: A Scalar Anonymous Communication System

Xu, Hongyun, Fu, Xinwen, Zhu, Ye, Bettati, Riccardo, Chen, Jianer, and Zhao, Wei

2005

DOI Website abstract Bib

Anonymity technologies have gained more and more attention for communication privacy. In general, users obtain anonymity at a certain cost in an anonymous communication system, which uses rerouting to increase the system’s robustness. However, a long rerouting path incurs large overhead and decreases the quality of service (QoS). In this paper, we propose the Scalar Anonymity System (SAS) in order to provide a tradeoff between anonymity and cost for different users with different requirements. In SAS, by selecting the level of anonymity, a user obtains the corresponding anonymity and QoS and also sustains the corresponding load of traffic rerouting for other users. Our theoretical analysis and simulation experiments verify the effectiveness of SAS.
@conference{XuFZBCZ05, author = {Xu, Hongyun and Fu, Xinwen and Zhu, Ye and Bettati, Riccardo and Chen, Jianer and Zhao, Wei}, booktitle = {Proceedings of ICCNMC}, title = {SAS: A Scalar Anonymous Communication System}, year = {2005}, organization = {Springer Berlin / Heidelberg}, pages = {452{\textendash}461}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/11534310}, isbn = {978-3-540-28102-3}, keywords = {anonymity, privacy, QoS}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/9b2k6u5wval6cep1/} }
[Fuhrmann05scalablerouting] Scalable routing for networked sensors and actuators

Fuhrmann, Thomas

2005

Website abstract Bib

The design of efficient routing protocols for ad hoc and sensor networks is challenging for several reasons: Physical network topology is random. Nodes have limited computation and memory capabilities. Energy and bisection bandwidth are scarce. Furthermore, in most settings, the lack of centralized components leaves all network control tasks to the nodes acting as decentralized peers. In this paper, we present a novel routing algorithm, scalable source routing (SSR), which is capable of memory and message efficient routing in large random networks. A guiding example is a community of ’digital homes ’ where smart sensors and actuators are installed by laypersons. Such networks combine wireless ad-hoc and infrastructure networks, and lack a well-crafted network topology. Typically, the nodes do not have sufficient processing and memory resources to perform sophisticated routing algorithms. Flooding on the other hand is too bandwidthconsuming in the envisaged large-scale networks. SSR is a fully self-organizing routing protocol for such scenarios. It creates a virtual ring that links all nodes via predecessor/successor source routes. Additionally, each node possesses O(log N) short-cut source routes to nodes in exponentially increasing virtual ring distance. Like with the Chord overlay network, this ensures full connectivity within the network. Moreover, it provides a routing semantic which can efficiently support indirection schemes like i3. Memory and message efficiency are achieved by the introduction of a route cache together with a set of path manipulation rules that allow to produce near-to-optimal paths.
@conference{Fuhrmann05scalablerouting, author = {Fuhrmann, Thomas}, booktitle = {In Proceedings of the Second Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks}, title = {Scalable routing for networked sensors and actuators}, year = {2005}, keywords = {scalable source routing, sensor networks, wireless sensor network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.67.6509} }
[1049775] Scalable Service Discovery for MANET

Sailhan, Francoise, and Issarny, Valerie

2005

DOI Website abstract Bib

Mobile Ad hoc NETworks (MANETs) conveniently complement infrastructure-based networks, allowing mobile nodes to spontaneously form a network and share their services, including bridging with other networks, either infrastructure-based or ad hoc. However, distributed service provisioning over MANETs requires adequate support for service discovery and invocation, due to the networkýs dynamics and resource constraints of wireless nodes. While a number of existing service discovery protocols have shown to be effective for the wireless environment, these are mainly aimed at infrastructure-based and/or 1-hop ad hoc wireless networks. Some discovery protocols for MANETs have been proposed over the last couple of years but they induce significant traffic overhead, and are thus primarily suited for small-scale MANETs with few nodes. Building upon the evaluation of existing protocols, we introduce a scalable service discovery protocol for MANETs, which is based on the homogeneous and dynamic deployment of cooperating directories within the network. Scalability of our protocol comes from the minimization of the generatedtraffic, and the use of compact directory summaries that enable to efficiently locate the directory that most likely caches the description of a given service.
@conference{1049775, author = {Sailhan, Francoise and Issarny, Valerie}, booktitle = {PERCOM {\textquoteright}05: Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications}, title = {Scalable Service Discovery for MANET}, year = {2005}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {235{\textendash}244}, publisher = {IEEE Computer Society}, doi = {10.1109/PERCOM.2005.36}, isbn = {0-7695-2299-8}, keywords = {ad-hoc networks, mobile Ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1049775$\#$} }
[Sandberg05searchingin] Searching in a Small World

Sandberg, Oskar

2005

Website abstract Bib

The small-world phenomenon, that the world’s social network is tightly connected, and that any two people can be linked by a short chain of friends, has long been a subject of interest. Famously, the psychologist Stanley Milgram performed an experiment where he asked people to deliver a letter to a stranger by forwarding it to an acquaintance, who could forward it to one his acquaintances, and so on until the destination was reached. The results seemed to confirm that the small-world phenomenon is real. Recently it has been shown by Jon Kleinberg that in order to search in a network, that is to actually find the short paths in the manner of the Milgram experiment, a very special type of a graph model is needed. In this thesis, we present two ideas about searching in the small world stemming from Kleinberg’s results. In the first we study the formation of networks of this type, attempting to see why the kind
@booklet{Sandberg05searchingin, title = {Searching in a Small World}, author = {Sandberg, Oskar}, year = {2005}, keywords = {small-world}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.101.688} }
[conf/p2p/GotzRW05] Selected DHT Algorithms

Götz, Stefan, Rieche, Simon, and Wehrle, Klaus

2005

Website abstract Bib

Several different approaches to realizing the basic principles of DHTs have emerged over the last few years. Although they rely on the same fundamental idea, there is a large diversity of methods for both organizing the identifier space and performing routing. The particular properties of each approach can thus be exploited by specific application scenarios and requirements. This overview focuses on the three DHT systems that have received the most attention in the research community: Chord, Pastry, and Content Addressable Networks (CAN). Furthermore, the systems Symphony, Viceroy, and Kademlia are discussed because they exhibit interesting mechanisms and properties beyond those of the first three systems.
@inbook{conf/p2p/GotzRW05, author = {G{\"o}tz, Stefan and Rieche, Simon and Wehrle, Klaus}, chapter = {8}, pages = {95-117}, publisher = {Springer}, title = {Selected DHT Algorithms}, year = {2005}, isbn = {3-540-29192-X}, series = {Lecture Notes in Computer Science}, volume = {3485}, booktitle = {Peer-to-Peer Systems and Applications}, keywords = {CAN, Chord, Content Addressable Networks, dblp, distributed hash table, Kademlia, Pastry, Symphony, Viceroy}, organization = {Springer}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dblp.uni-trier.de/db/conf/p2p/p2p2005lncs.html$\#$GotzRW05} }
[Gairing:2005:SRI:1073970.1074000] Selfish Routing with Incomplete Information

Gairing, Martin, Monien, Burkhard, and Tiemann, Karsten

07/2005 2005

DOI Website abstract Bib

In his seminal work Harsanyi introduced an elegant approach to study non-cooperative games with incomplete information where the players are uncertain about some parameters. To model such games he introduced the Harsanyi transformation, which converts a game with incomplete information to a strategic game where players may have different types. In the resulting Bayesian game players’ uncertainty about each others types is described by a probability distribution over all possible type profiles.In this work, we introduce a particular selfish routing game with incomplete information that we call Bayesian routing game. Here, n selfish users wish to assign their traffic to one of m links. Users do not know each others traffic. Following Harsanyi’s approach, we introduce for each user a set of possible types.This paper presents a comprehensive collection of results for the Bayesian routing game.We prove, with help of a potential function, that every Bayesian routing game possesses a pure Bayesian Nash equilibrium. For the model of identical links and independent type distribution we give a polynomial time algorithm to compute a pure Bayesian Nash equilibrium.We study structural properties of fully mixed Bayesian Nash equilibria for the model of identical links and show that they maximize individual cost. In general there exists more than one fully mixed Bayesian Nash equilibrium. We characterize the class of fully mixed Bayesian Nash equilibria in the case of independent type distribution.We conclude with results on coordination ratio for the model of identical links for three social cost measures, that is, social cost as expected maximum congestion, sum of individual costs and maximum individual cost. For the latter two we are able to give (asymptotic) tight bounds using our results on fully mixed Bayesian Nash equilibria.To the best of our knowledge this is the first time that mixed Bayesian Nash equilibria have been studied in conjunction with social cost.
@conference{Gairing:2005:SRI:1073970.1074000, author = {Gairing, Martin and Monien, Burkhard and Tiemann, Karsten}, booktitle = {SPAA{\textquoteright}05. Proceedings of the 17th Annual ACM Symposium on Parallelism in Algorithms and Architectures}, title = {Selfish Routing with Incomplete Information}, year = {2005}, address = {Las Vegas, Nevada}, month = {07/2005}, organization = {ACM}, pages = {203{\textendash}212}, publisher = {ACM}, series = {SPAA {\textquoteright}05}, doi = {http://doi.acm.org/10.1145/1073970.1074000}, isbn = {1-58113-986-1}, keywords = {bayesian game, coordination ratio, incomplete information, nash equilibria, selfish routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1073970.1074000} }
[kutzner05dvdr] A Self-Organizing Job Scheduling Algorithm for a Distributed VDR

Kutzner, Kendy, Cramer, Curt, and Fuhrmann, Thomas

2005

Website abstract Bib

In [CKF04], we have reported on our concept of a peer-to-peer extension to the popular video disk recorder (VDR) [Sch04], the Distributed Video Disk Recording (DVDR) system. The DVDR is a collaboration system of existing video disk recorders via a peer to peer network. There, the VDRs communicate about the tasks to be done and distribute the recordings afterwards. In this paper, we report on lessons learnt during its implementation and explain the considerations leading to the design of a new job scheduling algorithm. DVDR is an application which is based on a distributed hash table (DHT) employing proximity route selection (PRS)/proximity neighbor selection (PNS). For our implementation, we chose to use Chord [SMK + 01, GGG + 03]. Using a DHT with PRS/PNS yields two important features: (1) Each hashed key is routed to exactly one destination node within the system. (2) PRS/PNS forces messages originating in one region of the network destined to the same key to be routed through exactly one node in that region (route convergence). The first property enables per-key aggregation trees with a tree being rooted at the node which is responsible for the respective key. This node serves as a rendezvous point. The second property leads to locality (i.e., low latency) in this aggregation tree.
@conference{kutzner05dvdr, author = {Kutzner, Kendy and Cramer, Curt and Fuhrmann, Thomas}, booktitle = {Workshop "Peer-to-Peer-Systeme und -Anwendungen", 14. Fachtagung Kommunikation in Verteilten Systemen (KiVS 2005)}, title = {A Self-Organizing Job Scheduling Algorithm for a Distributed VDR}, year = {2005}, address = {Kaiserslautern, Germany}, keywords = {Chord, distributed hash table, proximity neighbor selection}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[fuhrmann05networking] A Self-Organizing Routing Scheme for Random Networks

Fuhrmann, Thomas

2005

DOI Website abstract Bib

Most routing protocols employ address aggregation to achieve scalability with respect to routing table size. But often, as networks grow in size and complexity, address aggregation fails. Other networks, e.g. sensor-actuator networks or ad-hoc networks, that are characterized by organic growth might not at all follow the classical hierarchical structures that are required for aggregation. In this paper, we present a fully self-organizing routing scheme that is able to efficiently route messages in random networks with randomly assigned node addresses. The protocol combines peer-to-peer techniques with source routing and can be implemented to work with very limited resource demands. With the help of simulations we show that it nevertheless quickly converges into a globally consistent state and achieves a routing stretch of only 1.2 – 1.3 in a network with more than 105 randomly assigned nodes.
@conference{fuhrmann05networking, author = {Fuhrmann, Thomas}, booktitle = {Proceedings of the 4th IFIP-TC6 Networking Conference}, title = {A Self-Organizing Routing Scheme for Random Networks}, year = {2005}, address = {Waterloo, Canada}, organization = {Springer Berlin / Heidelberg}, pages = {1366{\textendash}1370}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/b136094}, isbn = {978-3-540-25809-4}, keywords = {ad-hoc networks, P2P, self-organization}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[Irwin:2005:SVC:1080192.1080194] Self-recharging virtual currency

Irwin, David, Chase, Jeff, Grit, Laura, and Yumerefendi, Aydan

08/2005 2005

DOI Website abstract Bib

Market-based control is attractive for networked computing utilities in which consumers compete for shared resources (computers, storage, network bandwidth). This paper proposes a new self-recharging virtual currency model as a common medium of exchange in a computational market. The key idea is to recycle currency through the economy automatically while bounding the rate of spending by consumers. Currency budgets may be distributed among consumers according to any global policy; consumers spend their budgets to schedule their resource usage through time, but cannot hoard their currency or starve.We outline the design and rationale for self-recharging currency in Cereus, a system for market-based community resource sharing, in which participants are authenticated and sanctions are sufficient to discourage fraudulent behavior. Currency transactions in Cereus are accountable: offline third-party audits can detect and prove cheating, so participants may transfer and recharge currency autonomously without involvement of the trusted banking service.
@conference{Irwin:2005:SVC:1080192.1080194, author = {Irwin, David and Chase, Jeff and Grit, Laura and Yumerefendi, Aydan}, booktitle = {P2PECON{\textquoteright}05. Proceedings of the 2005 ACM SIGCOMM Workshop on Economics of Peer-to-Peer Systems}, title = {Self-recharging virtual currency}, year = {2005}, address = {Philadelphia, Pennsylvania, USA}, month = {08/2005}, organization = {ACM}, pages = {93{\textendash}98}, publisher = {ACM}, series = {P2PECON {\textquoteright}05}, doi = {http://doi.acm.org/10.1145/1080192.1080194}, isbn = {1-59593-026-4}, keywords = {market, virtual currency}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1080192.1080194} }
[cramer05selfstabilizing] Self-Stabilizing Ring Networks on Connected Graphs

Cramer, Curt, and Fuhrmann, Thomas

2005

Website abstract Bib

Large networks require scalable routing. Traditionally, protocol overhead is reduced by introducing a hierarchy. This requires aggregation of nearby nodes under a common address prefix. In fixed networks, this is achieved administratively, whereas in wireless ad-hoc networks, dynamic assignments of nodes to aggregation units are required. As a result of the nodes commonly being assigned a random network address, the majority of proposed ad-hoc routing protocols discovers routes between end nodes by flooding, thus limiting the network size. Peer-to-peer (P2P) overlay networks offer scalable routing solutions by employing virtualized address spaces, yet assume an underlying routing protocol for end-to-end connectivity. We investigate a cross-layer approach to P2P routing, where the virtual address space is implemented with a network-layer routing protocol by itself. The Iterative Successor Pointer Rewiring Protocol (ISPRP) efficiently initializes a ring-structured network among nodes having but link-layer connectivity. It is fully self-organizing and issues only a small per-node amount of messages by keeping interactions between nodes as local as possible. The main contribution of this paper is a proof that ISPRP is self-stabilizing, that is, starting from an arbitrary initial state, the protocol lets the network converge into a correct state within a bounded amount of time.
@conference{cramer05selfstabilizing, author = {Cramer, Curt and Fuhrmann, Thomas}, title = {Self-Stabilizing Ring Networks on Connected Graphs}, year = {2005}, address = {University of Karlsruhe (TH), Fakultaet fuer Informatik, Technical Report 2005-5}, keywords = {ad-hoc networks, P2P}, owner = {tom}, timestamp = {2017-10-10}, type = {Technical Report}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[10.1109/PERSER.2005.1506410] Service discovery using volunteer nodes for pervasive environments

Kim, Mijeom, Kumar, Mohan, and Shirazi, Behrooz

International Conference on Pervasive Services 2005

DOI Website abstract Bib

We propose a service discovery architecture called VSD (service discovery based on volunteers) for heterogeneous and dynamic pervasive computing environments. The proposed architecture uses a small subset of the nodes called volunteers that perform directory services. Relatively stable and capable nodes serve as volunteers, thus recognizing node heterogeneity in terms of mobility and capability. We discuss characteristics of VSD architecture and methods to improve connectivity among volunteers for higher discovery rate. By showing that VSD performs quite well compared to a broadcast based scheme in MANET scenarios, we validate that VSD is a flexible and adaptable architecture appropriate for dynamic pervasive computing environments. VSD incorporates several novel features: i) handles dynamism and supports self-reconfiguration; ii) provides physical locality and scalability; and iii) improves reliability and copes with uncertainty through redundancy by forming overlapped clusters.
@article{10.1109/PERSER.2005.1506410, author = {Kim, Mijeom and Kumar, Mohan and Shirazi, Behrooz}, journal = {International Conference on Pervasive Services}, title = {Service discovery using volunteer nodes for pervasive environments}, year = {2005}, pages = {188-197}, address = {Los Alamitos, CA, USA}, doi = {10.1109/PERSER.2005.1506410}, isbn = {0-7803-9032-6}, owner = {tom}, publisher = {IEEE Computer Society}, timestamp = {2021-01-27}, url = {http://www.computer.org/portal/web/csdl/doi/10.1109/PERSER.2005.1506410} }
[Bartolini:2005:SFA:2167504.2167521] A software framework for automated negotiation

Bartolini, Claudio, Preist, Chris, and Jennings, Nicholas R

2005

Website abstract Bib

If agents are to negotiate automatically with one another they must share a negotiation mechanism, specifying what possible actions each party can take at any given time, when negotiation terminates, and what is the structure of the resulting agreements. Current standardization activities such as FIPA [2] and WS-Agreement [3] represent this as a negotiation protocol specifying the flow of messages. However, they omit other aspects of the rules of negotiation (such as obliging a participant to improve on a previous offer), requiring these to be represented implicitly in an agent’s design, potentially resulting incompatibility, maintenance and re-usability problems. In this chapter, we propose an alternative approach, allowing all of a mechanism to be formal and explicit. We present (i) a taxonomy of declarative rules which can be used to capture a wide variety of negotiation mechanisms in a principled and well-structured way; (ii) a simple interaction protocol, which is able to support any mechanism which can be captured using the declarative rules; (iii) a software framework for negotiation that allows agents to effectively participate in negotiations defined using our rule taxonomy and protocol and (iv) a language for expressing aspects of the negotiation based on OWL-Lite [4]. We provide examples of some of the mechanisms that the framework can support.
@inbook{Bartolini:2005:SFA:2167504.2167521, author = {Bartolini, Claudio and Preist, Chris and Jennings, Nicholas R}, chapter = {A software framework for automated negotiation}, editor = {Choren, Ricardo and Garcia, Alessandro and Lucena, Carlos and Romanovsky, Alexander}, pages = {213{\textendash}235}, publisher = {Springer-Verlag}, title = {A software framework for automated negotiation}, year = {2005}, address = {Berlin, Heidelberg}, isbn = {3-540-24843-9}, series = {Lecture Notes in Computer Science}, volume = {3390}, booktitle = {Software Engineering for Multi-Agent Systems III}, keywords = {framework, negotiation}, organization = {Springer-Verlag}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=2167504.2167521} }

[Bharambe:2005:OBP:1064212.1064273] Some observations on BitTorrent performance

Bharambe, Ashwin R., Herley, Cormac, and Padmanabhan, Venkata N.

06/2005 2005

In this paper, we present a simulation-based study of BitTorrent. Our results confirm that BitTorrent performs near-optimally in terms of uplink bandwidth utilization and download time, except under certain extreme conditions. On fairness, however, our work shows that low bandwidth peers systematically download more than they upload to the network when high bandwidth peers are present. We find that the rate-based tit-for-tat policy is not effective in preventing unfairness. We show how simple changes to the tracker and a stricter, block-based tit-for-tat policy, greatly improves fairness, while maintaining high utilization.

@conference{Bharambe:2005:OBP:1064212.1064273,
  author = {Bharambe, Ashwin R. and Herley, Cormac and Padmanabhan, Venkata N.},
  booktitle = {Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems},
  title = {Some observations on BitTorrent performance},
  year = {2005},
  address = {New York, NY, USA},
  month = {06/2005},
  organization = {ACM},
  pages = {398{\textendash}399},
  publisher = {ACM},
  series = {SIGMETRICS {\textquoteright}05},
  doi = {http://doi.acm.org/10.1145/1064212.1064273},
  isbn = {1-59593-022-1},
  keywords = {bandwidth utilization, BitTorrent, fairness},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1064212.1064273}
}

[LuFSG05] Some Remarks on Universal Re-encryption and A Novel Practical Anonymous Tunnel

Lu, Tianbo, Fang, Bin-Xing, Sun, Yuzhong, and Guo, Li

2005

DOI Website abstract Bib

In 2004 Golle, Jakobsson, Juels and Syverson presented a new encryption scheme called the universal re-encryption [GJJS04] for mixnets [Cha81] which was extended by Gomulkiewicz et al. [GKK04]. We discover that this scheme and its extension both are insecure against a chosen ciphertext attack proposed by Pfitzmann in 1994 [Pfi94]. Another drawback of them is low efficiency for anonymous communications due to their long ciphertexts, i.e., four times the size of plaintext. Accordingly, we devise a novel universal and efficient anonymous tunnel, rWonGoo, for circuit-based low-latency communications in large scale peer-to-peer environments to dramatically decrease possibility to suffer from the attack [Pfi94]. The basic idea behind rWonGoo is to provide anonymity with re-encryption and random forwarding, obtaining practicality, correctness and efficiency in encryption in the way differing from the layered encryption systems [Cha81] that can be difficult to achieve correctness of tunnels.
@conference{LuFSG05, author = {Lu, Tianbo and Fang, Bin-Xing and Sun, Yuzhong and Guo, Li}, booktitle = {Proceedings of ICCNMC}, title = {Some Remarks on Universal Re-encryption and A Novel Practical Anonymous Tunnel}, year = {2005}, pages = {853{\textendash}862}, doi = {10.1007/11534310}, isbn = {978-3-540-28102-3}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/b3x4na87xbmcextx/} }
[Lua05asurvey] A Survey and Comparison of Peer-to-Peer Overlay Network Schemes

Lua, Eng Keong, Crowcroft, Jon, Pias, Marcelo, Sharma, Ravi, and Lim, Steven

IEEE Communications Surveys and Tutorials 2005

DOI Website abstract Bib

Over the Internet today, computing and communications environments are significantly more complex and chaotic than classical distributed systems, lacking any centralized organization or hierarchical control. There has been much interest in emerging Peer-to-Peer (P2P) network overlays because they provide a good substrate for creating large-scale data sharing, content distribution and application-level multicast applications. These P2P networks try to provide a long list of features such as: selection of nearby peers, redundant storage, efficient search/location of data items, data permanence or guarantees, hierarchical naming, trust and authentication, and, anonymity. P2P networks potentially offer an efficient routing architecture that is self-organizing, massively scalable, and robust in the wide-area, combining fault tolerance, load balancing and explicit notion of locality. In this paper, we present a survey and comparison of various Structured and Unstructured P2P networks. We categorize the various schemes into these two groups in the design spectrum and discuss the application-level network performance of each group.
@article{Lua05asurvey, author = {Lua, Eng Keong and Crowcroft, Jon and Pias, Marcelo and Sharma, Ravi and Lim, Steven}, journal = {IEEE Communications Surveys and Tutorials}, title = {A Survey and Comparison of Peer-to-Peer Overlay Network Schemes}, year = {2005}, issn = {1553-877X}, pages = {72{\textendash}93}, volume = {7}, doi = {10.1109/COMST.2005.1610546}, keywords = {overlay, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.slideshare.net/networkingcentral/a-survey-and-comparison-of-peertopeer-overlay-network-schemes} }
[Cheng:2005:SRM:1080192.1080202] Sybilproof reputation mechanisms

Cheng, Alice, and Friedman, Eric

08/2005 2005

DOI Website abstract Bib

Due to the open, anonymous nature of many P2P networks, new identities - or sybils - may be created cheaply and in large numbers. Given a reputation system, a peer may attempt to falsely raise its reputation by creating fake links between its sybils. Many existing reputation mechanisms are not resistant to these types of strategies.Using a static graph formulation of reputation, we attempt to formalize the notion of sybilproofness. We show that there is no symmetric sybilproof reputation function. For nonsymmetric reputations, following the notion of reputation propagation along paths, we give a general asymmetric reputation function based on flow and give conditions for sybilproofness.
@conference{Cheng:2005:SRM:1080192.1080202, author = {Cheng, Alice and Friedman, Eric}, booktitle = {Proceedings of the 2005 ACM SIGCOMM Workshop on Economics of Peer-to-Peer Systems}, title = {Sybilproof reputation mechanisms}, year = {2005}, address = {Philadelphia, PA}, month = {08/2005}, organization = {ACM}, pages = {128{\textendash}132}, publisher = {ACM}, series = {P2PECON {\textquoteright}05}, doi = {http://doi.acm.org/10.1145/1080192.1080202}, isbn = {1-59593-026-4}, keywords = {peer-to-peer networking, reputation, Sybil attack}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1080192.1080202} }
[Danezis05sybil-resistantdht] Sybil-resistant DHT routing

Danezis, George, Lesniewski-laas, Chris, Kaashoek, Frans M., and Anderson, Ross

2005

Website abstract Bib

Distributed Hash Tables (DHTs) are very efficient distributed systems for routing, but at the same time vulnerable to disruptive nodes. Designers of such systems want them used in open networks, where an adversary can perform a sybil attack by introducing a large number of corrupt nodes in the network, considerably degrading its performance. We introduce a routing strategy that alleviates some of the effects of such an attack by making sure that lookups are performed using a diverse set of nodes. This ensures that at least some of the nodes queried are good, and hence the search makes forward progress. This strategy makes use of latent social information present in the introduction graph of the network.
@conference{Danezis05sybil-resistantdht, author = {Danezis, George and Lesniewski-laas, Chris and Kaashoek, Frans M. and Anderson, Ross}, booktitle = {In ESORICS}, title = {Sybil-resistant DHT routing}, year = {2005}, organization = {Springer}, pages = {305{\textendash}318}, publisher = {Springer}, keywords = {distributed hash table, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.65.3947} }
[Nielson05ataxonomy] A Taxonomy of Rational Attacks

Nielson, Seth James, and Crosby, Scott A.

2005

DOI Website abstract Bib

For peer-to-peer services to be effective, participating nodes must cooperate, but in most scenarios a node represents a self-interested party and cooperation can neither be expected nor enforced. A reasonable assumption is that a large fraction of p2p nodes are rational and will attempt to maximize their consumption of system resources while minimizing the use of their own. If such behavior violates system policy then it constitutes an attack. In this paper we identify and create a taxonomy for rational attacks and then identify corresponding solutions if they exist. The most effective solutions directly incentivize cooperative behavior, but when this is not feasible the common alternative is to incentivize evidence of cooperation instead.
@conference{Nielson05ataxonomy, author = {Nielson, Seth James and Crosby, Scott A.}, booktitle = {Proceedings of the 4th International Workshop on Peer-to-Peer Systems (IPTPS {\textquoteright}05}, title = {A Taxonomy of Rational Attacks}, year = {2005}, organization = {Springer-Verlag}, pages = {36{\textendash}46}, publisher = {Springer-Verlag}, doi = {10.1007/11558989}, keywords = {attack, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/lh21385ml723844j/} }
[UCAM-CL-TR-637] The Topology of Covert Conflict

Nagaraja, Shishir, and Anderson, Ross

Jul 2005

DOI Website abstract Bib

This is a short talk on topology of covert conflict, comprising joint work I’ve been doing with Ross Anderson. The background of this work is the following. We consider a conflict, and there are parties to the conflict. There is communication going on that can be abstracted as a network of nodes (parties) and links (social ties between the nodes). We contend that once you’ve got a conflict and you’ve got enough parties to it, these guys start communicating as a result of the conflict. They form connections, that influences the conflict, and the dynamics of the conflict in turn feeds the connectivity of the unfolding network. Modern conflicts often turn on connectivity: consider, for instance, anything from the American army’s attack on the Taleban in Afghanistan, and elsewhere, or medics who are trying to battle a disease, like Aids, or anything else. All of these turn on, making strategic decisions about which nodes to go after in the network. For instance, you could consider that a good first place to give condoms out and start any Aids programme, would be with prostitutes.
@booklet{UCAM-CL-TR-637, title = {The Topology of Covert Conflict}, author = {Nagaraja, Shishir and Anderson, Ross}, month = jul, year = {2005}, doi = {10.1007/978-3-540-77156-2}, number = {UCAM-CL-TR-637}, owner = {tom}, publisher = {University of Cambridge Computer Laboratory}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/p885q38262486876/} }
[kutzner05autonomic] Towards Autonomic Networking using Overlay Routing Techniques

Kutzner, Kendy, and Fuhrmann, Thomas

2005

DOI Website abstract Bib

With an ever-growing number of computers being embedded into our surroundings, the era of ubiquitous computing is approaching fast. However, as the number of networked devices increases, so does system complexity. Contrary to the goal of achieving an invisible computer, the required amount of management and human intervention increases more and more, both slowing down the growth rate and limiting the achievable size of ubiquitous systems. In this paper we present a novel routing approach that is capable of handling complex networks without any administrative intervention. Based on a combination of standard overlay routing techniques and source routes, this approach is capable of efficiently bootstrapping a routable network. Unlike other approaches that try to combine peer-to-peer ideas with ad-hoc networks, sensor networks, or ubiquitous systems, our approach is not based on a routing scheme. This makes the resulting system flexible and powerful with respect at application support as well as efficient with regard to routing overhead and system complexity.
@conference{kutzner05autonomic, author = {Kutzner, Kendy and Fuhrmann, Thomas}, booktitle = {Proceedings of the 18th International Conference on Architecture of Computing Systems (ARCS {\textquoteright}05) - System Aspects in Organic and Pervasive Computing}, title = {Towards Autonomic Networking using Overlay Routing Techniques}, year = {2005}, address = {Innsbruck, Austria}, organization = {Springer Berlin / Heidelberg}, pages = {222?235}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/b106632}, isbn = {978-3-540-25273-3}, keywords = {autonomous systems, overlay networks, P2P}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[WangCJ05] Tracking anonymous peer-to-peer VoIP calls on the internet

Wang, Xinyuan, Chen, Shiping, and Jajodia, Sushil

Nov 2005

DOI Website abstract Bib

Peer-to-peer VoIP calls are becoming increasingly popular due to their advantages in cost and convenience. When these calls are encrypted from end to end and anonymized by low latency anonymizing network, they are considered by many people to be both secure and anonymous.In this paper, we present a watermark technique that could be used for effectively identifying and correlating encrypted, peer-to-peer VoIP calls even if they are anonymized by low latency anonymizing networks. This result is in contrast to many people’s perception. The key idea is to embed a unique watermark into the encrypted VoIP flow by slightly adjusting the timing of selected packets. Our analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied. Our analytical results are backed up by the real-time experiments performed on leading peer-to-peer VoIP client and on a commercially deployed anonymizing network. Our results demonstrate that (1) tracking anonymous peer-to-peer VoIP calls on the Internet is feasible and (2) low latency anonymizing networks are susceptible to timing attacks.
@conference{WangCJ05, author = {Wang, Xinyuan and Chen, Shiping and Jajodia, Sushil}, booktitle = {Proceedings of the ACM Conference on Computer and Communications Security}, title = {Tracking anonymous peer-to-peer VoIP calls on the internet}, year = {2005}, month = nov, organization = {ACM New York, NY, USA}, pages = {81{\textendash}91}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1102120.1102133}, isbn = {1-59593-226-7}, keywords = {anonymity, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1102120.1102133} }

[pet05-zhu] Unmixing Mix Traffic

Zhu, Ye, and Bettati, Riccardo

May 2005

We apply blind source separation techniques from statistical signal processing to separate the traffic in a mix network. Our experiments show that this attack is effective and scalable. By combining the flow separation method and frequency spectrum matching method, a passive attacker can get the traffic map of the mix network. We use a non-trivial network to show that the combined attack works. The experiments also show that multicast traffic can be dangerous for anonymity networks.

@conference{pet05-zhu,
  author = {Zhu, Ye and Bettati, Riccardo},
  booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2005)},
  title = {Unmixing Mix Traffic},
  year = {2005},
  month = may,
  organization = {Springer Berlin / Heidelberg},
  pages = {110{\textendash}127},
  publisher = {Springer Berlin / Heidelberg},
  doi = {10.1007/11767831},
  isbn = {978-3-540-34745-3},
  keywords = {anonymity},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/l5110366246k5003/}
}

[fuhrmann05emnets] The Use of Scalable Source Routing for Networked Sensors

Fuhrmann, Thomas

2005

Website abstract Bib

In this paper, we briefly present a novel routing algorithm, scalable source routing (SSR), which is capable of memory and message efficient routing in networks with ’random topology’. This algorithm enables sensor networks to use recent peer to-peer mechanisms from the field of overlay networks, like e.g. distributed hash tables and indirection infrastructures. Unlike other proposals along that direction, SSR integrates all necessary routing tasks into one simple, highly efficient routing protocol. Simulations demonstrate that in a small-world network with more than 100 000 nodes, SSR requires each node to only store routing data for 255 other nodes to establish routes between arbitrary pairs of nodes. These routes are on average only about 20-30% longer than the globally optimal path between these nodes.
@conference{fuhrmann05emnets, author = {Fuhrmann, Thomas}, booktitle = {Proceedings of the 2nd IEEE Workshop on Embedded Networked Sensors}, title = {The Use of Scalable Source Routing for Networked Sensors}, year = {2005}, address = {Sydney, Australia}, organization = {IEEE Computer Society Washington, DC, USA}, pages = {163{\textendash}165}, publisher = {IEEE Computer Society Washington, DC, USA}, isbn = {0-7803-9246-9}, keywords = {scalable source routing, topology matching}, owner = {tom}, timestamp = {2021-01-27}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[DBLP:conf/sigcomm/JainDPF05] Using redundancy to cope with failures in a delay tolerant network

Jain, Sushant, Demmer, Michael J., Patra, Rabin K., and Fall, Kevin

2005

DOI Website abstract Bib

We consider the problem of routing in a delay tolerant network (DTN) in the presence of path failures. Previous work on DTN routing has focused on using precisely known network dynamics, which does not account for message losses due to link failures, buffer overruns, path selection errors, unscheduled delays, or other problems. We show how to split, replicate, and erasure code message fragments over multiple delivery paths to optimize the probability of successful message delivery. We provide a formulation of this problem and solve it for two cases: a 0/1 (Bernoulli) path delivery model where messages are either fully lost or delivered, and a Gaussian path delivery model where only a fraction of a message may be delivered. Ideas from the modern portfolio theory literature are borrowed to solve the underlying optimization problem. Our approach is directly relevant to solving similar problems that arise in replica placement in distributed file systems and virtual node placement in DHTs. In three different simulated DTN scenarios covering a wide range of applications, we show the effectiveness of our approach in handling failures.
@conference{DBLP:conf/sigcomm/JainDPF05, author = {Jain, Sushant and Demmer, Michael J. and Patra, Rabin K. and Fall, Kevin}, booktitle = {SIGCOMM}, title = {Using redundancy to cope with failures in a delay tolerant network}, year = {2005}, address = {Philadelphia, Pennsylvania, USA}, organization = {ACM New York, NY, USA}, pages = {109-120}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1080091.1080106}, isbn = {1-59593-009-4}, keywords = {delay tolerant network, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?doid=1080091.1080106} }
[Cooley_abs:the] ABS: The Apportioned Backup System

Cooley, Joe, Taylor, Chris, and Peacock, Alen

2004

Website abstract Bib

Many personal computers are operated with no backup strategy for protecting data in the event of loss or failure. At the same time, PCs are likely to contain spare disk space and unused networking resources. We present the Apportioned Backup System (ABS), which provides a reliable collaborative backup resource by leveraging these independent, distributed resources. With ABS, procuring and maintaining specialized backup hardware is unnecessary. ABS makes efficient use of network and storage resources through use of coding techniques, convergent encryption and storage, and efficient versioning and verification processes. The system also painlessly accommodates dynamic expansion of system compute, storage, and network resources, and is tolerant of catastrophic node failures.
@booklet{Cooley_abs:the, title = {ABS: The Apportioned Backup System}, author = {Cooley, Joe and Taylor, Chris and Peacock, Alen}, year = {2004}, keywords = {apportioned backup system}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.120.6858} }
[Baset04ananalysis] An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol

Baset, Salman A., and Schulzrinne, Henning G.

04/2006 2004

Website abstract Bib

Skype is a peer-to-peer VoIP client developed by KaZaa in 2003. Skype claims that it can work almost seamlessly across NATs and firewalls and has better voice quality than the MSN and Yahoo IM applications. It encrypts calls end-to-end, and stores user information in a decentralized fashion. Skype also supports instant messaging and conferencing. This report analyzes key Skype functions such as login, NAT and firewall traversal, call establishment, media transfer, codecs, and conferencing under three different network setups. Analysis is performed by careful study of Skype network traffic.
@conference{Baset04ananalysis, author = {Baset, Salman A. and Schulzrinne, Henning G.}, booktitle = {INFOCOM 2006. Proceedings of the 25th Annual Joint Conference of the IEEE Computer and Communications Societies}, title = {An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol}, year = {2004}, address = {Barcelona, Catalunya, Spain}, month = {04/2006}, keywords = {P2P, VoIP}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.84.2433} }
[newman:pet2004] Anonymity and Covert Channels in Simple Timed Mix-firewalls

Newman, Richard E., Nalla, Vipan R., and Moskowitz, Ira S.

May 2004

DOI Website abstract Bib

Traditional methods for evaluating the amount of anonymity afforded by various Mix configurations have depended on either measuring the size of the set of possible senders of a particular message (the anonymity set size), or by measuring the entropy associated with the probability distribution of the messages possible senders. This paper explores further an alternative way of assessing the anonymity of a Mix system by considering the capacity of a covert channel from a sender behind the Mix to an observer of the Mix’s output. Initial work considered a simple model, with an observer (Eve) restricted to counting the number of messages leaving a Mix configured as a firewall guarding an enclave with one malicious sender (Alice) and some other naive senders (Cluelessi’s). Here, we consider the case where Eve can distinguish between multiple destinations, and the senders can select to which destination their message (if any) is sent each clock tick.
@conference{newman:pet2004, author = {Newman, Richard E. and Nalla, Vipan R. and Moskowitz, Ira S.}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)}, title = {Anonymity and Covert Channels in Simple Timed Mix-firewalls}, year = {2004}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {1{\textendash}16}, publisher = {Springer Berlin / Heidelberg}, series = {LNCS}, volume = {3424}, doi = {10.1007/b136164}, isbn = {978-3-540-26203-9}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/w256n3dfl6wf2q3m/} }
[halpern-oneill-2003] Anonymity and Information Hiding in Multiagent Systems

Halpern, Joseph Y., and O’Neil, Kevin R.

Journal of Computer Security 2004

Website abstract Bib

We Provide a framework for reasoning about information-hiding requirements in multiagent systems and for reasoning about anonymity in particular. Our framework employs the modal logic of knowledge within the context of the runs and systems framework, much in the spirit of our carlier work on secercy [13]. we give several definitions of anonymity with respect to agents, actions and observers in multiagent systems, and we relate our defenitions of anonymity to other definitions of information hiding, such as secrecy. We also give probabilistic definitions of anonymity that are able to quantify an observer’s uncertainty about the state of the system. Finally, we relate our definitions of anonymity to other formalizations of anonymity and information hiding, including defenitions of anonymity in the process algebra CSP and defenitions of information hiding using function views.
@article{halpern-oneill-2003, author = {Halpern, Joseph Y. and O{\textquoteright}Neil, Kevin R.}, journal = {Journal of Computer Security}, title = {Anonymity and Information Hiding in Multiagent Systems}, year = {2004}, issn = {0926-227X}, pages = {483 - 514}, volume = {13}, keywords = {anonymity, epistemic logic, formal methods}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1145953} }

[andrei-thesis] On the Anonymity of Anonymity Systems

Serjantov, Andrei

Jun 2004

Bib

@mastersthesis{andrei-thesis,
  author = {Serjantov, Andrei},
  school = {University of Cambridge},
  title = {On the Anonymity of Anonymity Systems},
  year = {2004},
  month = jun,
  type = {phd},
  owner = {tom},
  timestamp = {2017-10-10}
}

[wisa04-Klonowski] Anonymous Communication with On-line and Off-line Onion Encoding

Gomulkiewicz, Marcin, Klonowski, Marek, and Kutylowski, Miroslaw

Aug 2004

abstract Bib

Encapsulating messages in onions is one of the major techniques providing anonymous communication in computer networks. To some extent, it provides security against traffic analysis by a passive adversary. However, it can be highly vulnerable to attacks by an active adversary. For instance, the adversary may perform a simple so–called repetitive attack: a malicious server sends the same massage twice, then the adversary traces places where the same message appears twice – revealing the route of the original message. A repetitive attack was examined for mix–networks. However, none of the countermeasures designed is suitable for onion–routing. In this paper we propose an “onion-like” encoding design based on universal reencryption. The onions constructed in this way can be used in a protocol that achieves the same goals as the classical onions, however, at the same time we achieve immunity against a repetitive attack. Even if an adversary disturbs communication and prevents processing a message somewhere on the onion path, it is easy to identify the malicious server performing the attack and provide an evidence of its illegal behavior.
@conference{wisa04-Klonowski, author = {Gomulkiewicz, Marcin and Klonowski, Marek and Kutylowski, Miroslaw}, booktitle = {Proceedings of Workshop on Information Security Applications (WISA 2004)}, title = {Anonymous Communication with On-line and Off-line Onion Encoding}, year = {2004}, month = aug, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, isbn = {978-3-540-24302-1}, keywords = {onion routing, repetitive attack, universal re-encryption, unlinkability}, owner = {tom}, timestamp = {2017-10-10} }
[Mislove04ap3:cooperative] AP3: Cooperative, decentralized anonymous communication

2004

DOI Website abstract Bib

This paper describes a cooperative overlay network that provides anonymous communication services for participating users. The Anonymizing Peer-to-Peer Proxy (AP3) system provides clients with three primitives: (i) anonymous message delivery, (ii) anonymous channels, and (iii) secure pseudonyms. AP3 is designed to be lightweight, low-cost and provides "probable innocence" anonymity to participating users, even under a large-scale coordinated attack by a limited fraction of malicious overlay nodes. Additionally, we use AP3’s primitives to build novel anonymous group communication facilities (multicast and anycast), which shield the identity of both publishers and subscribers.
@conference{Mislove04ap3:cooperative, booktitle = {IN PROC. OF SIGOPS EUROPEAN WORKSHOP}, title = {AP3: Cooperative, decentralized anonymous communication}, year = {2004}, doi = {10.1145/1133572.1133578}, keywords = {anonymity, Peer-to-Peer Proxy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1133578} }
[Laurie2004] Apres-a system for anonymous presence

Laurie, Ben

2004

abstract Bib

If Alice wants to know when Bob is online, and they don’t want anyone else to know their interest in each other, what do they do? Once they know they are both online, they would like to be able to exchange messages, send files, make phone calls to each other, and so forth, all without anyone except them knowing they are doing this. Apres is a system that attempts to make this possible.
@booklet{Laurie2004, title = {Apres-a system for anonymous presence}, author = {Laurie, Ben}, year = {2004}, keywords = {anonymous presence, presence}, owner = {tom}, timestamp = {2017-10-10} }
[Antoniadis04anasymptotically] An Asymptotically Optimal Scheme for P2P File Sharing

Antoniadis, Panayotis, Courcoubetis, Costas, and Weber, Richard

2004 2004

Website abstract Bib

The asymptotic analysis of certain public good models for p2p systems suggests that when the aim is to maximize social welfare a fixed contribution scheme in terms of the number of files shared can be asymptotically optimal as the number of participants grows to infinity. Such a simple scheme eliminates free riding, is incentive compatible and obtains a value of social welfare that is within o(n) of that obtained by the second-best policy of the corresponding mechanism design formulation of the problem. We extend our model to account for file popularity, and discuss properties of the resulting equilibria. The fact that a simple optimization problem can be used to closely approximate the solution of the exact model (which is in most cases practically intractable both analytically and computationally), is of great importance for studying several interesting aspects of the system. We consider the evolution of the system to equilibrium in its early life, when both peers and the system planner are still learning about system parameters. We also analyse the case of group formation when peers belong to different classes (such as DSL and dial-up users), and it may be to their advantage to form distinct groups instead of a larger single group, or form such a larger group but avoid disclosing their class. We finally discuss the game that occurs when peers know that a fixed fee will be used, but the distribution of their valuations is unknown to the system designer.
@conference{Antoniadis04anasymptotically, author = {Antoniadis, Panayotis and Courcoubetis, Costas and Weber, Richard}, booktitle = {2nd Workshop on the Economics of Peer-to-Peer Systems}, title = {An Asymptotically Optimal Scheme for P2P File Sharing}, year = {2004}, address = {Harvard University}, month = {2004}, keywords = {asymptotically optimal, P2P, sharing}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.eecs.harvard.edu/p2pecon/confman/papers} }
[Levien04attackresistant] Attack Resistant Trust Metrics

Levien, Raph

2004

Website abstract Bib

This dissertation characterizes the space of trust metrics, under both the scalar assumption where each assertion is evaluated independently, and the group assumption where a group of assertions are evaluated in tandem. We present a quantitative framework for evaluating the attack resistance of trust metrics, and give examples of trust metrics that are within a small factor of optimum compared to theoretical upper bounds. We discuss experiences with a realworld deployment of a group trust metric, the Advogato website. Finally, we explore possible applications of attack resistant trust metrics, including using it as to build a distributed name server, verifying metadata in peer-to-peer networks such as music sharing systems, and a proposal for highly spam resistant e-mail delivery.
@booklet{Levien04attackresistant, title = {Attack Resistant Trust Metrics}, author = {Levien, Raph}, year = {2004}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.9266} }
[2004.Pang.imc.dns] Availability, Usage, and Deployment Characteristics of the Domain Name System

Pang, Jeffrey, Hendricks, James, Akella, Aditya, Maggs, Bruce, Prisco, Roberto De, and Seshan, Srinivasan

10/2004 2004

DOI Website abstract Bib

The Domain Name System (DNS) is a critical part of the Internet’s infrastructure, and is one of the few examples of a robust, highly-scalable, and operational distributed system. Although a few studies have been devoted to characterizing its properties, such as its workload and the stability of the top-level servers, many key components of DNS have not yet been examined. Based on large-scale measurements taken fromservers in a large content distribution network, we present a detailed study of key characteristics of the DNS infrastructure, such as load distribution, availability, and deployment patterns of DNS servers. Our analysis includes both local DNS servers and servers in the authoritative hierarchy. We find that (1) the vast majority of users use a small fraction of deployed name servers, (2) the availability of most name servers is high, and (3) there exists a larger degree of diversity in local DNS server deployment and usage than for authoritative servers. Furthermore, we use our DNS measurements to draw conclusions about federated infrastructures in general. We evaluate and discuss the impact of federated deployment models on future systems, such as Distributed Hash Tables.
@conference{2004.Pang.imc.dns, author = {Pang, Jeffrey and Hendricks, James and Akella, Aditya and Maggs, Bruce and Prisco, Roberto De and Seshan, Srinivasan}, booktitle = {IMC{\textquoteright}04 - Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement}, title = {Availability, Usage, and Deployment Characteristics of the Domain Name System}, year = {2004}, address = {Taormina, Sicily, Italy}, month = {10/2004}, organization = {ACM}, publisher = {ACM}, doi = {http://doi.acm.org/10.1145/1028788.1028790}, isbn = {1-58113-821-0}, keywords = {availability, DNS, federated}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1028788.1028790} }
[1026492] Basic Concepts and Taxonomy of Dependable and Secure Computing

Avizienis, Algirdas, Laprie, Jean-Claude, Randell, Brian, and Landwehr, Carl

IEEE Trans. Dependable Secur. Comput. 2004

DOI Website abstract Bib

This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.
@article{1026492, author = {Avizienis, Algirdas and Laprie, Jean-Claude and Randell, Brian and Landwehr, Carl}, journal = {IEEE Trans. Dependable Secur. Comput.}, title = {Basic Concepts and Taxonomy of Dependable and Secure Computing}, year = {2004}, issn = {1545-5971}, number = {1}, pages = {11{\textendash}33}, volume = {1}, address = {Los Alamitos, CA, USA}, doi = {10.1109/TDSC.2004.2}, keywords = {attack, fault removal, fault-tolerance, index terms-dependability, trust, vulnerability}, owner = {tom}, publisher = {IEEE Computer Society Press}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1026488.1026492$\#$} }

[george-thesis] Better Anonymous Communications

Danezis, George

Jul 2004

@mastersthesis{george-thesis,
  author = {Danezis, George},
  school = {University of Cambridge},
  title = {Better Anonymous Communications},
  year = {2004},
  month = jul,
  type = {phd},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.58.3200}
}

[mixmaster-reliable] Comparison between two practical mix designs

Diaz, Claudia, Sassaman, Len, and Dewitte, Evelyne

Sep 2004

DOI Website abstract Bib

We evaluate the anonymity provided by two popular email mix implementations, Mixmaster and Reliable, and compare their effectiveness through the use of simulations which model the algorithms used by these mixing applications. Our simulations are based on actual traffic data obtained from a public anonymous remailer (mix node). We determine that assumptions made in previous literature about the distribution of mix input traffic are incorrect: in particular, the input traffic does not follow a Poisson distribution. We establish for the first time that a lower bound exists on the anonymity of Mixmaster, and discover that under certain circumstances the algorithm used by Reliable provides no anonymity. We find that the upper bound on anonymity provided by Mixmaster is slightly higher than that provided by Reliable. We identify flaws in the software in Reliable that further compromise its ability to provide anonymity, and review key areas that are necessary for the security of a mix in addition to a sound algorithm. Our analysis can be used to evaluate under which circumstances the two mixing algorithms should be used to best achieve anonymity and satisfy their purpose. Our work can also be used as a framework for establishing a security review process for mix node deployments.
@conference{mixmaster-reliable, author = {Diaz, Claudia and Sassaman, Len and Dewitte, Evelyne}, booktitle = {Proceedings of ESORICS 2004}, title = {Comparison between two practical mix designs}, year = {2004}, address = {France}, month = sep, series = {LNCS}, doi = {10.1007/b100085}, isbn = {978-3-540-22987-2}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/7lvqwn445ty1c7ga/} }
[Zhang2004] A construction of locality-aware overlay network: mOverlay and its performance

Zhang, Xin Yan, Zhang, Qian, Zhang, Zhensheng, Song, Gang, and Zhu, Wenwu

IEEE Journal on Selected Areas in Communications 01/2004 2004

Website abstract Bib

There are many research interests in peer-to-peer (P2P) overlay architectures. Most widely used unstructured P2P networks rely on central directory servers or massive message flooding, clearly not scalable. Structured overlay networks based on distributed hash tables (DHT) are expected to eliminate flooding and central servers, but can require many long-haul message deliveries. An important aspect of constructing an efficient overlay network is how to exploit network locality in the underlying network. We propose a novel mechanism, mOverlay, for constructing an overlay network that takes account of the locality of network hosts. The constructed overlay network can significantly decrease the communication cost between end hosts by ensuring that a message reaches its destination with small overhead and very efficient forwarding. To construct the locality-aware overlay network, dynamic landmark technology is introduced. We present an effective locating algorithm for a new host joining the overlay network. We then present a theoretical analysis and simulation results to evaluate the network performance. Our analysis shows that the overhead of our locating algorithm is O(logN), where N is the number of overlay network hosts. Our simulation results show that the average distance between a pair of hosts in the constructed overlay network is only about 11% of the one in a traditional, randomly connected overlay network. Network design guidelines are also provided. Many large-scale network applications, such as media streaming, application-level multicasting, and media distribution, can leverage mOverlay to enhance their performance.
@article{Zhang2004, author = {Zhang, Xin Yan and Zhang, Qian and Zhang, Zhensheng and Song, Gang and Zhu, Wenwu}, journal = {IEEE Journal on Selected Areas in Communications}, title = {A construction of locality-aware overlay network: mOverlay and its performance}, year = {2004}, month = {01/2004}, pages = {18-28}, volume = {22}, keywords = {distributed hash table, flooding attacks, overlay networks, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://kmweb.twbbs.org/drupal/node/13} }
[1111777] Data durability in peer to peer storage systems

Utard, Gil, and Vernois, Antoine

2004

Website abstract Bib

In this paper we present a quantitative study of data survival in peer to peer storage systems. We first recall two main redundancy mechanisms: replication and erasure codes, which are used by most peer to peer storage systems like OceanStore, PAST or CFS, to guarantee data durability. Second we characterize peer to peer systems according to a volatility factor (a peer is free to leave the system at anytime) and to an availability factor (a peer is not permanently connected to the system). Third we model the behavior of a system as a Markov chain and analyse the average life time of data (MTTF) according to the volatility and availability factors. We also present the cost of the repair process based on these redundancy schemes to recover failed peers. The conclusion of this study is that when there is no high availability of peers, a simple replication scheme may be more efficient than sophisticated erasure codes.
@conference{1111777, author = {Utard, Gil and Vernois, Antoine}, booktitle = {CCGRID {\textquoteright}04: Proceedings of the 2004 IEEE International Symposium on Cluster Computing and the Grid}, title = {Data durability in peer to peer storage systems}, year = {2004}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {90{\textendash}97}, publisher = {IEEE Computer Society}, isbn = {0-7803-8430-X}, keywords = {P2P, redundancy, storage}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1111777$\#$} }

[Garces-Erice2004DataIndexing] Data Indexing in Peer-to-Peer DHT Networks

Garcés-Erice, L, Felber, P. A., Biersack, E W, Urvoy-Keller, G., and Ross, K. W.

2004

@conference{Garces-Erice2004DataIndexing,
  author = {Garc{\'e}s-Erice, L and Felber, P. A. and Biersack, E W and Urvoy-Keller, G. and Ross, K. W.},
  booktitle = {Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS{\textquoteright}04)},
  title = {Data Indexing in Peer-to-Peer DHT Networks},
  year = {2004},
  address = {Washington, DC, USA},
  organization = {IEEE Computer Society},
  pages = {200{\textendash}208},
  publisher = {IEEE Computer Society},
  series = {ICDCS {\textquoteright}04},
  isbn = {0-7695-2086-3},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=977400.977979}
}

[Dowling2004] The Decentralised Coordination of Self-Adaptive Components for Autonomic Distributed Systems

Dowling, Jim

10/2004 2004

Bib

@mastersthesis{Dowling2004,
  author = {Dowling, Jim},
  school = {University of Dublin},
  title = {The Decentralised Coordination of Self-Adaptive Components for Autonomic Distributed Systems},
  year = {2004},
  address = {Dublin, Ireland},
  month = {10/2004},
  keywords = {autonomic distributed system, descentralised coordination},
  owner = {tom},
  pages = {214},
  timestamp = {2017-10-10},
  volume = {Doctor of Philosophy}
}

[1133613] Defending against eclipse attacks on overlay networks

Singh, Atul, Castro, Miguel, Druschel, Peter, and Rowstron, Antony

2004

DOI Website abstract Bib

Overlay networks are widely used to deploy functionality at edge nodes without changing network routers. Each node in an overlay network maintains pointers to a set of neighbor nodes. These pointers are used both to maintain the overlay and to implement application functionality, for example, to locate content stored by overlay nodes. If an attacker controls a large fraction of the neighbors of correct nodes, it can "eclipse" correct nodes and prevent correct overlay operation. This Eclipse attack is more general than the Sybil attack. Attackers can use a Sybil attack to launch an Eclipse attack by inventing a large number of seemingly distinct overlay nodes. However, defenses against Sybil attacks do not prevent Eclipse attacks because attackers may manipulate the overlay maintenance algorithm to mount an Eclipse attack. This paper discusses the impact of the Eclipse attack on several types of overlay and it proposes a novel defense that prevents the attack by bounding the degree of overlay nodes. Our defense can be applied to any overlay and it enables secure implementations of overlay optimizations that choose neighbors according to metrics like proximity. We present preliminary results that demonstrate the importance of defending against the Eclipse attack and show that our defense is effective.
@conference{1133613, author = {Singh, Atul and Castro, Miguel and Druschel, Peter and Rowstron, Antony}, booktitle = {EW 11: Proceedings of the 11th workshop on ACM SIGOPS European workshop}, title = {Defending against eclipse attacks on overlay networks}, year = {2004}, address = {New York, NY, USA}, organization = {ACM}, pages = {21}, publisher = {ACM}, doi = {10.1145/1133572.1133613}, keywords = {attack, overlay networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1133572.1133613$\#$} }
[Cramer04DemandDrivenClustering] Demand-Driven Clustering in MANETs

Cramer, Curt, Stanze, Oliver, Weniger, Kilian, and Zitterbart, Martina

2004

Website abstract Bib

Many clustering protocols for mobile ad hoc networks (MANETs) have been proposed in the literature. With only one exception so far [1], all these protocols are proactive, thus wasting bandwidth when their function is not currently needed. To reduce the signalling traffic load, reactive clustering may be employed. We have developed a clustering protocol named “On-Demand Group Mobility-Based Clustering ” (ODGMBC) which is reactive. Its goal is to build clusters as a basis for address autoconfiguration and hierarchical routing. The design process especially addresses the notion of group mobility in a MANET. As a result, ODGMBC maps varying physical node groups onto logical clusters. In this paper, ODGMBC is described. It was implemented for the ad hoc network simulator GloMoSim [2] and evaluated using several performance indicators. Simulation results are promising and show that ODGMBC leads to stable clusters. This stability is advantageous for autoconfiguration and routing mechansims to be employed in conjunction with the clustering algorithm. Index Terms — clustering, multi-hop, reactive, MANET, group mobility
@conference{Cramer04DemandDrivenClustering, author = {Cramer, Curt and Stanze, Oliver and Weniger, Kilian and Zitterbart, Martina}, booktitle = {Proceedings of the 2004 International Conference on Wireless Networks (ICWN {\textquoteright}04)}, title = {Demand-Driven Clustering in MANETs}, year = {2004}, address = {Las Vegas, NV}, pages = {81{\textendash}87}, volume = {1}, keywords = {mobile Ad-hoc networks, multi-hop networks}, owner = {tom}, timestamp = {2021-01-27}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[Hof04SecureDistributedServiceDirectory] Design of a Secure Distributed Service Directory for Wireless Sensornetworks

Hof, Hans-Joachim, Blass, Erik-Oliver, Fuhrmann, Thomas, and Zitterbart, Martina

2004

DOI Website abstract Bib

Sensor networks consist of a potentially huge number of very small and resource limited self-organizing devices. This paper presents the design of a general distributed service directory architecture for sensor networks which especially focuses on the security issues in sensor networks. It ensures secure construction and maintenance of the underlying storage structure, a Content Addressable Network. It also considers integrity of the distributed service directory and secures communication between service provider and inquirer using self-certifying path names. Key area of application of this architecture are gradually extendable sensor networks where sensors and actuators jointly perform various user defined tasks, e.g., in the field of an office environment.
@conference{Hof04SecureDistributedServiceDirectory, author = {Hof, Hans-Joachim and Blass, Erik-Oliver and Fuhrmann, Thomas and Zitterbart, Martina}, booktitle = {Proceedings of the First European Workshop on Wireless Sensor Networks}, title = {Design of a Secure Distributed Service Directory for Wireless Sensornetworks}, year = {2004}, address = {Berlin, Germany}, doi = {10.1007/978-3-540-24606-0_19}, isbn = {978-3-540-20825-9}, keywords = {sensor networks}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[Dabek:2004:DDL:1251175.1251182] Designing a DHT for Low Latency and High Throughput

Dabek, Frank, Li, Jinyang, Sit, Emil, Robertson, James, Kaashoek, Frans M., and Morris, Robert

03/2004 2004

Website abstract Bib

Designing a wide-area distributed hash table (DHT) that provides high-throughput and low-latency network storage is a challenge. Existing systems have explored a range of solutions, including iterative routing, recursive routing, proximity routing and neighbor selection, erasure coding, replication, and server selection. This paper explores the design of these techniques and their interaction in a complete system, drawing on the measured performance of a new DHT implementation and results from a simulator with an accurate Internet latency model. New techniques that resulted from this exploration include use of latency predictions based on synthetic co-ordinates, efficient integration of lookup routing and data fetching, and a congestion control mechanism suitable for fetching data striped over large numbers of servers. Measurements with 425 server instances running on 150 PlanetLab and RON hosts show that the latency optimizations reduce the time required to locate and fetch data by a factor of two. The throughput optimizations result in a sustainable bulk read throughput related to the number of DHT hosts times the capacity of the slowest access link; with 150 selected PlanetLab hosts, the peak aggregate throughput over multiple clients is 12.8 megabytes per second.
@conference{Dabek:2004:DDL:1251175.1251182, author = {Dabek, Frank and Li, Jinyang and Sit, Emil and Robertson, James and Kaashoek, Frans M. and Morris, Robert}, booktitle = {NSDI{\textquoteright}04 - Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation}, title = {Designing a DHT for Low Latency and High Throughput}, year = {2004}, address = {San Francisco, CA, USA}, month = {03/2004}, organization = {USENIX Association}, pages = {7{\textendash}7}, publisher = {USENIX Association}, keywords = {distributed hash table, high-throughput, latency}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1251175.1251182} }
[Chuang2004] Designing Incentive mechanisms for peer-to-peer systems

Chuang, John

04/2004 2004

DOI abstract Bib

From file-sharing to mobile ad-hoc networks, community networking to application layer overlays, the peer-to-peer networking paradigm promises to revolutionize the way we design, build and use the communications network of tomorrow, transform the structure of the communications industry, and challenge our understanding of markets and democracies in a digital age. The fundamental premise of peer-to-peer systems is that individual peers voluntarily contribute resources to the system. We discuss some of the research opportunities and challenges in the design of incentive mechanisms for P2P systems.
@conference{Chuang2004, author = {Chuang, John}, booktitle = {GECON 2004. 1st IEEE International Workshop on Grid Economics and Business Models}, title = {Designing Incentive mechanisms for peer-to-peer systems}, year = {2004}, address = {Seoul, South Corea}, month = {04/2004}, organization = {IEEE Computer Society}, pages = {67-81}, publisher = {IEEE Computer Society}, doi = {10.1109/GECON.2004.1317584}, isbn = {0-7803-8525-X}, keywords = {incentives, P2P, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10} }
[_digitalfountains:] Digital Fountains: A Survey and Look Forward Abstract — We

2004

Website abstract Bib

survey constructions and applications of digital fountains, an abstraction of erasure coding for network communication. Digital fountains effectively change the standard paradigm where a user receives an ordered stream of packets to one where a user must simply receive enough packets in order to obtain the desired data. Obviating the need for ordered data simplifies data delivery, especially when the data is large or is to be distributed to a large number of users. We also examine barriers to the adoption of digital fountains and discuss whether they can be overcome. I.
@booklet{_digitalfountains:, title = {Digital Fountains: A Survey and Look Forward Abstract {\textemdash} We}, year = {2004}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.114.2282} }
[golle:eurocrypt2004] Dining Cryptographers Revisited

Golle, Philippe, and Juels, Ari

May 2004

DOI Website abstract Bib

Dining cryptographers networks (or DC-nets) are a privacy-preserving primitive devised by Chaum for anonymous message publication. A very attractive feature of the basic DC-net is its non-interactivity. Subsequent to key establishment, players may publish their messages in a single broadcast round, with no player-to-player communication. This feature is not possible in other privacy-preserving tools like mixnets. A drawback to DC-nets, however, is that malicious players can easily jam them, i.e., corrupt or block the transmission of messages from honest parties, and may do so without being traced. Several researchers have proposed valuable methods of detecting cheating players in DC-nets. This is usually at the cost, however, of multiple broadcast rounds, even in the optimistic case, and often of high computational and/or communications overhead, particularly for fault recovery. We present new DC-net constructions that simultaneously achieve non-interactivity and high-probability detection and identification of cheating players. Our proposals are quite efficient, imposing a basic cost that is linear in the number of participating players. Moreover, even in the case of cheating in our proposed system, just one additional broadcast round suffices for full fault recovery. Among other tools, our constructions employ bilinear maps, a recently popular cryptographic technique for reducing communication complexity.
@conference{golle:eurocrypt2004, author = {Golle, Philippe and Juels, Ari}, booktitle = {Proceedings of Eurocrypt 2004}, title = {Dining Cryptographers Revisited}, year = {2004}, month = may, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/b97182}, isbn = {978-3-540-21935-4}, keywords = {anonymity, dining cryptographers, non-interactive, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/ud2tb1fyk5m2ywlu/} }
[izal:dissecting] Dissecting BitTorrent: Five Months in a Torrent’s Lifetime.

Izal, Mikel, Urvoy-Keller, Guillaume, Biersack, E W, Felber, Pascal, Hamra, Anwar Al, and Garcés-Erice, L

04/2004 2004

DOI abstract Bib

Popular content such as software updates is requested by a large number of users. Traditionally, to satisfy a large number of requests, lager server farms or mirroring are used, both of which are expensive. An inexpensive alternative are peer-to-peer based replication systems, where users who retrieve the file, act simultaneously as clients and servers. In this paper, we study BitTorrent, a new and already very popular peer-to-peer application that allows distribution of very large contents to a large set of hosts. Our analysis of BitTorrent is based on measurements collected on a five months long period that involved thousands of peers.
@conference{izal:dissecting, author = {Izal, Mikel and Urvoy-Keller, Guillaume and Biersack, E W and Felber, Pascal and Hamra, Anwar Al and Garc{\'e}s-Erice, L}, booktitle = {PAM {\textquoteright}04. Proceedings of Passive and Active Measurements}, title = {Dissecting BitTorrent: Five Months in a Torrent{\textquoteright}s Lifetime.}, year = {2004}, address = {Antibes Juan-les-Pins, France}, month = {04/2004}, organization = {Springer}, pages = {1-11}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {3015}, doi = {10.1007/978-3-540-24668-8_1}, keywords = {BitTorrent, P2P, peer-to-peer networking, replication system}, owner = {tom}, timestamp = {2017-10-10} }
[Cramer04Scheduling] Distributed Job Scheduling in a Peer-to-Peer Video Recording System

Cramer, Curt, Kutzner, Kendy, and Fuhrmann, Thomas

2004

Website abstract Bib

Since the advent of Gnutella, Peer-to-Peer (P2P) protocols have matured towards a fundamental design element for large-scale, self-organising distributed systems. Many research efforts have been invested to improve various aspects of P2P systems, like their performance, scalability, and so on. However, little experience has been gathered from the actual deployment of such P2P systems apart from the typical file sharing applications. To bridge this gap and to gain more experience in making the transition from theory to practice, we started building advanced P2P applications whose explicit goal is “to be deployed in the wild”. In this paper, we describe a fully decentralised P2P video recording system. Every node in the system is a networked computer (desktop PC or set-top box) capable of receiving and recording DVB-S, i.e. digital satellite TV. Like a normal video recorder, users can program their machines to record certain programmes. With our system, they will be able to schedule multiple recordings in parallel. It is the task of the system to assign the recordings to different machines in the network. Moreover, users can “record broadcasts in the past”, i.e. the system serves as a short-term archival storage.
@conference{Cramer04Scheduling, author = {Cramer, Curt and Kutzner, Kendy and Fuhrmann, Thomas}, booktitle = {Proceedings of the Workshop on Algorithms and Protocols for Efficient Peer-to-Peer Applications (PEPPA) at Informatik 2004}, title = {Distributed Job Scheduling in a Peer-to-Peer Video Recording System}, year = {2004}, address = {Ulm, Germany}, pages = {234{\textendash}238}, keywords = {DVB, P2P}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[mmsec04-Klonowski] DUO–Onions and Hydra–Onions – Failure and Adversary Resistant Onion Protocols

Iwanik, Jan, Klonowski, Marek, and Kutylowski, Miroslaw

Sep 2004

DOI Website abstract Bib

A serious weakness of the onion protocol, one of the major tools for anonymous communication, is its vulnerability to network failures and/or an adversary trying to break the communication. This is facilitated by the fact that each message is sent through a path of a certain length and a failure in a single point of this path prohibits message delivery. Since the path cannot be too short in order to offer anonymity protection (at least logarithmic in the number of nodes), the failure probability might be quite substantial. The simplest solution to this problem would be to send many onions with the same message. We show that this approach can be optimized with respect to communication overhead and resilience to failures and/or adversary attacks. We propose two protocols: the first one mimics K independent onions with a single onion. The second protocol is designed for the case where an adaptive adversary may destroy communication going out of servers chosen according to the traffic observed by him. In this case a single message flows in a stream of K onions — the main point is that even when the adversary kills some of these onions, the stream quickly recovers to the original bandwidth — again K onions with this message would flow through the network.
@conference{mmsec04-Klonowski, author = {Iwanik, Jan and Klonowski, Marek and Kutylowski, Miroslaw}, booktitle = {Proceedings of the IFIP TC-6 TC-11 Conference on Communications and Multimedia Security 2004}, title = {DUO{\textendash}Onions and Hydra{\textendash}Onions {\textendash} Failure and Adversary Resistant Onion Protocols}, year = {2004}, month = sep, organization = {Springer Boston}, publisher = {Springer Boston}, doi = {10.1007/b105674}, isbn = {978-0-387-24485-3}, keywords = {adaptive adversary, anonymity, onion routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/019lu6xp5b9fctn8/} }
[Danezis04theeconomics] The Economics of Censorship Resistance

Danezis, George, and Anderson, Ross

2004

Website abstract Bib

We propose the first economic model of censorship resistance. Early peer-to-peer systems, such as the Eternity Service, sought to achieve censorshop resistance by distributing content randomly over the whole Internet. An alternative approach is to encourage nodes to serve resources they are interested in. Both architectures have been implemented but so far there has been no quantitative analysis of the protection they provide. We develop a model inspired by economics and con ict theory to analyse these systems. Under our assumptions, resource distribution according to nodes’ individual preferences provides better stability and resistance to censorship. Our results may have wider application too.
@conference{Danezis04theeconomics, author = {Danezis, George and Anderson, Ross}, booktitle = {In The Third Annual Workshop on Economics and Information Security (WEIS04}, title = {The Economics of Censorship Resistance}, year = {2004}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.7003\&rep=rep1\&type=pdf} }
[Freedman2004] Efficient Private Matching and Set Intersection

Freedman, MichaelJ., Nissim, Kobbi, and Pinkas, Benny

2004

DOI Website abstract Bib

We consider the problem of computing the intersection of private datasets of two parties, where the datasets contain lists of elements taken from a large domain. This problem has many applications for online collaboration. We present protocols, based on the use of homomorphic encryption and balanced hashing, for both semi-honest and malicious environments. For lists of length k, we obtain O(k) communication overhead and O(k ln ln k) computation. The protocol for the semi-honest environment is secure in the standard model, while the protocol for the malicious environment is secure in the random oracle model. We also consider the problem of approximating the size of the intersection, show a linear lower-bound for the communication overhead of solving this problem, and provide a suitable secure protocol. Lastly, we investigate other variants of the matching problem, including extending the protocol to the multi-party setting as well as considering the problem of approximate matching.
@inbook{Freedman2004, author = {Freedman, MichaelJ. and Nissim, Kobbi and Pinkas, Benny}, editor = {Cachin, Christian and Camenisch, JanL.}, pages = {1-19}, publisher = {Springer Berlin Heidelberg}, title = {Efficient Private Matching and Set Intersection}, year = {2004}, isbn = {978-3-540-21935-4}, series = {Lecture Notes in Computer Science}, volume = {3027}, booktitle = {Advances in Cryptology - EUROCRYPT 2004}, doi = {10.1007/978-3-540-24676-3_1}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/978-3-540-24676-3_1} }
[Helmy04efficientresource] Efficient Resource Discovery in Wireless AdHoc Networks: Contacts Do Help

Helmy, Ahmed

2004

Website abstract Bib

The resource discovery problem poses new challenges in infrastructure-less wireless networks. Due to the highly dynamic nature of these networks and their bandwidth and energy constraints, there is a pressing need for energy-aware communicationefficient resource discovery protocols. This chapter provides an overview of several approaches to resource discovery, discussing their suitability for classes of wireless networks. The approaches discussed in this chapter include flooding-based approaches, hierarchical cluster-based and dominating set schemes, and hybrid loose hierarchy architectures. Furthermore, the chapter provides a detailed case study on the design, evaluation and analysis of an energy-efficient resource discovery protocol based on hybrid loose hierarchy and utilizing the concept of ‘contacts’.
@conference{Helmy04efficientresource, author = {Helmy, Ahmed}, booktitle = {Chapter in: Resource Management in Wireless Networking}, title = {Efficient Resource Discovery in Wireless AdHoc Networks: Contacts Do Help}, year = {2004}, organization = {Kluwer Academic Publishers}, publisher = {Kluwer Academic Publishers}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.76.9310} }

[mrkoot:sirer04] Eluding carnivores: file sharing with strong anonymity

Sirer, Emin Gün, Goel, Sharad, Robson, Mark, and Engin, Dogan

2004

@conference{mrkoot:sirer04,
  author = {Sirer, Emin G{\"u}n and Goel, Sharad and Robson, Mark and Engin, Dogan},
  booktitle = {Proceedings of the 11th Workshop on ACM SIGOPS European Workshop: Beyond the PC (EW11)},
  title = {Eluding carnivores: file sharing with strong anonymity},
  year = {2004},
  address = {New York, NY, USA},
  organization = {ACM Press},
  publisher = {ACM Press},
  doi = {10.1145/1133572.1133611},
  keywords = {anonymity, file-sharing, overlay networks},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1145/1133572.1133611}
}

[1013317] Energy-aware demand paging on NAND flash-based embedded storages

Park, Chanik, Kang, Jeong-Uk, Park, Seon-Yeong, and Kim, Jin-Soo

2004

DOI Website abstract Bib

The ever-increasing requirement for high-performance and huge-capacity memories of emerging embedded applications has led to the widespread adoption of SDRAM and NAND flash memory as main and secondary memories, respectively. In particular, the use of energy consuming memory, SDRAM, has become burdensome in battery-powered embedded systems. Intuitively, though demand paging can be used to mitigate the increasing requirement of main memory size, its applicability should be deliberately elaborated since NAND flash memory has asymmetric operation characteristics in terms of performance and energy consumption.In this paper, we present energy-aware demand paging technique to lower the energy consumption of embedded systems considering the characteristics of interactive embedded applications with large memory footprints. We also propose a flash memory-aware page replacement policy that can reduce the number of write and erase operations in NAND flash memory. With real-life workloads, we show the system-wide Energy\textperiodcenteredDelay can be reduced by 15 30% compared to the traditional shadowing architecture.
@conference{1013317, author = {Park, Chanik and Kang, Jeong-Uk and Park, Seon-Yeong and Kim, Jin-Soo}, booktitle = {ISLPED {\textquoteright}04: Proceedings of the 2004 international symposium on Low power electronics and design}, title = {Energy-aware demand paging on NAND flash-based embedded storages}, year = {2004}, address = {New York, NY, USA}, organization = {ACM}, pages = {338{\textendash}343}, publisher = {ACM}, doi = {10.1145/1013235.1013317}, isbn = {1-58113-929-2}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1013235.1013317} }
[1251279] Energy-efficiency and storage flexibility in the blue file system

Nightingale, Edmund B., and Flinn, Jason

2004

Website abstract Bib

A fundamental vision driving pervasive computing research is access to personal and shared data anywhere at anytime. In many ways, this vision is close to being realized. Wireless networks such as 802.11 offer connectivity to small, mobile devices. Portable storage, such as mobile disks and USB keychains, let users carry several gigabytes of data in their pockets. Yet, at least three substantial barriers to pervasive data access remain. First, power-hungry network and storage devices tax the limited battery capacity of mobile computers. Second, the danger of viewing stale data or making inconsistent updates grows as objects are replicated across more computers and portable storage devices. Third, mobile data access performance can suffer due to variable storage access times caused by dynamic power management, mobility, and use of heterogeneous storage devices. To overcome these barriers, we have built a new distributed file system called BlueFS. Compared to the Coda file system, BlueFS reduces file system energy usage by up to 55% and provides up to 3 times faster access to data replicated on portable storage.
@conference{1251279, author = {Nightingale, Edmund B. and Flinn, Jason}, booktitle = {OSDI{\textquoteright}04: Proceedings of the 6th conference on Symposium on Opearting Systems Design \& Implementation}, title = {Energy-efficiency and storage flexibility in the blue file system}, year = {2004}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {25{\textendash}25}, publisher = {USENIX Association}, keywords = {802.11, file systems}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251279$\#$} }

[1021938] Erasure Code Replication Revisited

Lin, W. K., Chiu, Dah Ming, and Lee, Y. B.

2004

Erasure coding is a technique for achieving high availability and reliability in storage and communication systems. In this paper, we revisit the analysis of erasure code replication and point out some situations when whole-file replication is preferred. The switchover point (from preferring whole-file replication to erasure code replication) is studied, and characterized using asymptotic analysis. We also discuss the additional considerations in building erasure code replication systems.

@conference{1021938,
  author = {Lin, W. K. and Chiu, Dah Ming and Lee, Y. B.},
  booktitle = {P2P {\textquoteright}04: Proceedings of the Fourth International Conference on Peer-to-Peer Computing},
  title = {Erasure Code Replication Revisited},
  year = {2004},
  address = {Washington, DC, USA},
  organization = {IEEE Computer Society},
  pages = {90{\textendash}97},
  publisher = {IEEE Computer Society},
  doi = {10.1109/P2P.2004.17},
  isbn = {0-7695-2156-8},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1021938$\#$}
}

[You04evaluationof] Evaluation of Efficient Archival Storage Techniques

You, Lawrence L., and Karamanolis, Christos

2004

Website abstract Bib

The ever-increasing volume of archival data that need to be retained for long periods of time has motivated the design of low-cost, high-efficiency storage systems. Inter-file compression has been proposed as a technique to improve storage efficiency by exploiting the high degree of similarity among archival data. We evaluate the two main inter-file compression techniques, data chunking and delta encoding, and compare them with traditional intra-file compression. We report on experimental results from a range of representative archival data sets.
@booklet{You04evaluationof, title = {Evaluation of Efficient Archival Storage Techniques}, author = {You, Lawrence L. and Karamanolis, Christos}, year = {2004}, keywords = {compression, storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.11.1341} }

[Karp2004/ALGO] Finite length analysis of LT codes

Karp, Richard, Luby, Michael, and Shokrollahi, M. Amin

2002 2004

@conference{Karp2004/ALGO,
  author = {Karp, Richard and Luby, Michael and Shokrollahi, M. Amin},
  booktitle = {Proceedings of the IEEE International Symposium on Information Theory, ISIT 2004},
  title = {Finite length analysis of LT codes},
  year = {2004},
  month = {2002},
  pages = {39},
  doi = {10.1109/ISIT.2004.1365074},
  isbn = {0-7695-1822-2},
  keywords = {algoweb_ldpc},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1181950}
}

[flow-correlation04] On Flow Correlation Attacks and Countermeasures in Mix Networks

Zhu, Ye, Fu, Xinwen, Graham, Bryan, Bettati, Riccardo, and Zhao, Wei

May 2004

DOI Website abstract Bib

In this paper, we address issues related to flow correlation attacks and the corresponding countermeasures in mix networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures that can defeat various traffic analysis attacks. In this paper, we focus on a particular class of traffic analysis attack, flow correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link at a mix with that over an output link of the same mix. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. Based on our threat model and known strategies in existing mix networks, we perform extensive experiments to analyze the performance of mixes. We find that a mix with any known batching strategy may fail against flow correlation attacks in the sense that for a given flow over an input link, the adversary can correctly determine which output link is used by the same flow. We also investigated methods that can effectively counter the flow correlation attack and other timing attacks. The empirical results provided in this paper give an indication to designers of Mix networks about appropriate configurations and alternative mechanisms to be used to counter flow correlation attacks. This work was supported in part by the National Science Foundation under Contracts 0081761 and 0324988, by the Defense Advanced Research Projects Agency under Contract F30602-99-1-0531, and by Texas A&M University under its Telecommunication and Information Task Force Program. Any opinions, findings, and conclusions or recommendations in this material, either expressed or implied, are those of the authors and do not necessarily reflect the views of the sponsors listed above.
@conference{flow-correlation04, author = {Zhu, Ye and Fu, Xinwen and Graham, Bryan and Bettati, Riccardo and Zhao, Wei}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)}, title = {On Flow Correlation Attacks and Countermeasures in Mix Networks}, year = {2004}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {207{\textendash}225}, publisher = {Springer Berlin / Heidelberg}, series = {LNCS}, volume = {3424}, doi = {10.1007/b136164}, isbn = {978-3-540-26203-9}, keywords = {flow correlation attack}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/kej7uwxee8h71p81/} }
[esorics04-mauw] A formalization of anonymity and onion routing

Mauw, Sjouke, Verschuren, Jan, and Vink, Erik P.

2004

Website abstract Bib

The use of formal methods to verify security protocols with respect to secrecy and authentication has become standard practice. In contrast, the formalization of other security goals, such as privacy, has received less attention. Due to the increasing importance of privacy in the current society, formal methods will also become indispensable in this area. Therefore, we propose a formal definition of the notion of anonymity in presence of an observing intruder. We validate this definition by analyzing a well-known anonymity preserving protocol, viz. onion routing
@conference{esorics04-mauw, author = {Mauw, Sjouke and Verschuren, Jan and de Vink, Erik P.}, booktitle = {Proceedings of ESORICS 2004}, title = {A formalization of anonymity and onion routing}, year = {2004}, address = {Sophia Antipolis}, organization = {LNCS 3193}, pages = {109{\textendash}124}, publisher = {LNCS 3193}, keywords = {anonymity, onion routing, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.75.2547} }
[reiter:ccs2004] Fragile Mixing

Reiter, Michael K., and Wang, XiaoFeng

Oct 2004

DOI Website abstract Bib

No matter how well designed and engineered, a mix server offers little protection if its administrator can be convinced to log and selectively disclose correspondences between its input and output messages, either for profit or to cooperate with an investigation. In this paper we propose a technique, fragile mixing, to discourage an administrator from revealing such correspondences, assuming he is motivated to protect the unlinkability of other communications that flow through the mix (e.g., his own). Briefly, fragile mixing implements the property that any disclosure of an input-message-to-output-message correspondence discloses all such correspondences for that batch of output messages. We detail this technique in the context of a re-encryption mix, its integration with a mix network, and incentive and efficiency issues.
@conference{reiter:ccs2004, author = {Reiter, Michael K. and Wang, XiaoFeng}, booktitle = {Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004)}, title = {Fragile Mixing}, year = {2004}, address = {Washington DC, USA}, month = oct, organization = {ACM Press}, publisher = {ACM Press}, doi = {10.1145/1030083.1030114}, isbn = {1-58113-961-6}, keywords = {anonymity, mix, privacy, unlinkability}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1030114} }
[Feldman:2004:FWP:1016527.1016539] Free-riding and whitewashing in peer-to-peer systems

Feldman, Michal, Papadimitriou, Christos, Chuang, John, and Stoica, Ion

08/2004 2004

DOI Website abstract Bib

We develop a model to study the phenomenon of free-riding in peer-to-peer (P2P) systems. At the heart of our model is a user of a certain type, an intrinsic and private parameter that reflects the user’s willingness to contribute resources to the system. A user decides whether to contribute or free-ride based on how the current contribution cost in the system compares to her type. When the societal generosity (i.e., the average type) is low, intervention is required in order to sustain the system. We present the effect of mechanisms that exclude low type users or, more realistic, penalize free-riders with degraded service. We also consider dynamic scenarios with arrivals and departures of users, and with whitewashers: users who leave the system and rejoin with new identities to avoid reputational penalties. We find that when penalty is imposed on all newcomers in order to avoid whitewashing, system performance degrades significantly only when the turnover rate among users is high.
@conference{Feldman:2004:FWP:1016527.1016539, author = {Feldman, Michal and Papadimitriou, Christos and Chuang, John and Stoica, Ion}, booktitle = {PINS{\textquoteright}04. Proceedings of the ACM SIGCOMM Workshop on Practice and Theory of Incentives in Networked Systems}, title = {Free-riding and whitewashing in peer-to-peer systems}, year = {2004}, address = {Portland, OR}, month = {08/2004}, organization = {ACM}, pages = {228{\textendash}236}, publisher = {ACM}, series = {PINS {\textquoteright}04}, doi = {http://doi.acm.org/10.1145/1016527.1016539}, isbn = {1-58113-942-X}, keywords = {cheap pseudonyms, cooperation, equilibrium, exclusion, free-riding, identity cost, incentives, peer-to-peer networking, whitewashing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1016527.1016539} }

[Awerbuch2004] Group Spreading: A Protocol for Provably Secure Distributed Name Service

Awerbuch, Baruch, and Scheideler, Christian

2004

@inbook{Awerbuch2004,
  author = {Awerbuch, Baruch and Scheideler, Christian},
  editor = {D{\'\i}az, Josep and Karhum{\"a}ki, Juhani and Lepist{\"o}, Arto and Sannella, Donald},
  pages = {183-195},
  publisher = {Springer Berlin Heidelberg},
  title = {Group Spreading: A Protocol for Provably Secure Distributed Name Service},
  year = {2004},
  isbn = {978-3-540-22849-3},
  series = {Lecture Notes in Computer Science},
  volume = {3142},
  booktitle = {Automata, Languages and Programming},
  doi = {10.1007/978-3-540-27836-8_18},
  organization = {Springer Berlin Heidelberg},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/978-3-540-27836-8_18}
}

[hitting-set04] The Hitting Set Attack on Anonymity Protocols

Kesdogan, Dogan, and Pimenidis, Lexi

May 2004

DOI Website abstract Bib

A passive attacker can compromise a generic anonymity protocol by applying the so called disclosure attack, i.e. a special traffic analysis attack. In this work we present a more efficient way to accomplish this goal, i.e. we need less observations by looking for unique minimal hitting sets. We call this the hitting set attack or just HS-attack. In general, solving the minimal hitting set problem is NP-hard. Therefore, we use frequency analysis to enhance the applicability of our attack. It is possible to apply highly efficient backtracking search algorithms. We call this approach the statistical hitting set attack or SHS-attack. However, the statistical hitting set attack is prone to wrong solutions with a given small probability. We use here duality checking algorithms to resolve this problem. We call this final exact attack the HS*-attack.
@conference{hitting-set04, author = {Kesdogan, Dogan and Pimenidis, Lexi}, booktitle = {Proceedings of 6th Information Hiding Workshop (IH 2004)}, title = {The Hitting Set Attack on Anonymity Protocols}, year = {2004}, address = {Toronto}, month = may, series = {LNCS}, doi = {10.1007/b104759}, keywords = {anonymity, hitting set attack, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/t6bkk4tyjvr71m55/} }
[koepsell:wpes2004] How to Achieve Blocking Resistance for Existing Systems Enabling Anonymous Web Surfing

Köpsell, Stefan, and Hilling, Ulf

Oct 2004

DOI Website abstract Bib

We are developing a blocking resistant, practical and usable system for anonymous web surfing. This means, the system tries to provide as much reachability and availability as possible, even to users in countries where the free flow of information is legally, organizationally and physically restricted. The proposed solution is an add-on to existing anonymity systems. First we give a classification of blocking criteria and some general countermeasures. Using these techniques, we outline a concrete design, which is based on the JAP-Web Mixes (aka AN.ON).
@conference{koepsell:wpes2004, author = {K{\"o}psell, Stefan and Hilling, Ulf}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2004)}, title = {How to Achieve Blocking Resistance for Existing Systems Enabling Anonymous Web Surfing}, year = {2004}, address = {Washington, DC, USA}, month = oct, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1029179.1029197}, isbn = {1-58113-968-3}, keywords = {blocking resistance, JAP, mix}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1029179.1029197} }
[fairbrother:pet2004] An Improved Construction for Universal Re-encryption

Fairbrother, Peter

May 2004

DOI Website abstract Bib

Golle et al recently introduced universal re-encryption, defining it as re-encryption by a player who does not know the key used for the original encryption, but which still allows an intended player to recover the plaintext. Universal re-encryption is potentially useful as part of many information-hiding techniques, as it allows any player to make ciphertext unidentifiable without knowing the key used. Golle et al’s techniques for universal re-encryption are reviewed, and a hybrid universal re-encryption construction with improved work and space requirements which also permits indefinite re-encryptions is presented. Some implementational issues and optimisations are discussed.
@conference{fairbrother:pet2004, author = {Fairbrother, Peter}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)}, title = {An Improved Construction for Universal Re-encryption}, year = {2004}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {79{\textendash}87}, publisher = {Springer Berlin / Heidelberg}, series = {LNCS}, volume = {3424}, doi = {10.1007/b136164}, isbn = {978-3-540-26203-9}, keywords = {information hiding, re-encryption}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/q07439n27u1egx0w/} }
[modular-approach] Information Hiding, Anonymity and Privacy: A Modular Approach

Hughes, Dominic, and Shmatikov, Vitaly

Journal of Computer Security 2004

Website abstract Bib

We propose a new specification framework for information hiding properties such as anonymity and privacy. The framework is based on the concept of a function view, which is a concise representation of the attacker’s partial knowledge about a function. We describe system behavior as a set of functions, and formalize different information hiding properties in terms of views of these functions. We present an extensive case study, in which we use the function view framework to systematically classify and rigorously define a rich domain of identity-related properties, and to demonstrate that privacy and anonymity are independent. The key feature of our approach is its modularity. It yields precise, formal specifications of information hiding properties for any protocol formalism and any choice of the attacker model as long as the latter induce an observational equivalence relation on protocol instances. In particular, specifications based on function views are suitable for any cryptographic process calculus that defines some form of indistinguishability between processes. Our definitions of information hiding properties take into account any feature of the security model, including probabilities, random number generation, timing, etc., to the extent that it is accounted for by the formalism in which the system is specified.
@article{modular-approach, author = {Hughes, Dominic and Shmatikov, Vitaly}, journal = {Journal of Computer Security}, title = {Information Hiding, Anonymity and Privacy: A Modular Approach}, year = {2004}, issn = {0926-227X}, number = {1}, pages = {3{\textendash}36}, volume = {12}, keywords = {anonymity, information hiding, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1297694} }
[1096703] Integrating Portable and Distributed Storage

Tolia, Niraj, Harkes, Jan, Kozuch, Michael, and Satyanarayanan, Mahadev

2004

Website abstract Bib

We describe a technique called lookaside caching that combines the strengths of distributed file systems and portable storage devices, while negating their weaknesses. In spite of its simplicity, this technique proves to be powerful and versatile. By unifying distributed storage and portable storage into a single abstraction, lookaside caching allows users to treat devices they carry as merely performance and availability assists for distant file servers. Careless use of portable storage has no catastrophic consequences. Experimental results show that significant performance improvements are possible even in the presence of stale data on the portable device.
@conference{1096703, author = {Tolia, Niraj and Harkes, Jan and Kozuch, Michael and Satyanarayanan, Mahadev}, booktitle = {FAST {\textquoteright}04: Proceedings of the 3rd USENIX Conference on File and Storage Technologies}, title = {Integrating Portable and Distributed Storage}, year = {2004}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {227{\textendash}238}, publisher = {USENIX Association}, keywords = {caching proxies, distributed database}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1096703$\#$} }
[987233] Internet indirection infrastructure

Stoica, Ion, Adkins, Daniel, Zhuang, Shelley, Shenker, S, and Surana, Sonesh

IEEE/ACM Trans. Netw. 2004

DOI Website abstract Bib

Attempts to generalize the Internet’s point-to-point communication abstraction to provide services like multicast, anycast, and mobility have faced challenging technical problems and deployment barriers. To ease the deployment of such services, this paper proposes a general, overlay-based Internet Indirection Infrastructure (i3) that offers a rendezvous-based communication abstraction. Instead of explicitly sending a packet to a destination, each packet is associated with an identifier; this identifier is then used by the receiver to obtain delivery of the packet. This level of indirection decouples the act of sending from the act of receiving, and allows i3 to efficiently support a wide variety of fundamental communication services. To demonstrate the feasibility of this approach, we have designed and built a prototype based on the Chord lookup protocol.
@article{987233, author = {Stoica, Ion and Adkins, Daniel and Zhuang, Shelley and Shenker, S and Surana, Sonesh}, journal = {IEEE/ACM Trans. Netw.}, title = {Internet indirection infrastructure}, year = {2004}, issn = {1063-6692}, number = {2}, pages = {205{\textendash}218}, volume = {12}, address = {Piscataway, NJ, USA}, doi = {10.1109/TNET.2004.826279}, keywords = {indirection, mobility, multicast, network infrastructure, service composition}, owner = {tom}, publisher = {IEEE Press}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=987233$\#$} }

[Menezes2004] An Introduction to Auction Theory

Menezes, Flavio M., and Monteiro, Paulo K.

2004

This book presents an in-depth discussion of the auction theory. It introduces the concept of Bayesian Nash equilibrium and the idea of studying auctions as games. Private, common, and affiliated values models and multi-object auction models are described. A general version of the Revenue Equivalence Theorem is derived and the optimal auction is characterized to relate the field of mechanism design to auction theory.

@book{Menezes2004,
  author = {Menezes, Flavio M. and Monteiro, Paulo K.},
  publisher = {Oxford University Press},
  title = {An Introduction to Auction Theory},
  year = {2004},
  edition = {1st},
  isbn = {9780199275984},
  doi = {10.1093/019927598X.001.0001},
  keywords = {affiliated values model, auction theory, Bayesian Nash equilibrium, common values model, multiple objects, private values model, Revenue Equivalence Theorem},
  organization = {Oxford University Press},
  owner = {tom},
  pages = {199},
  timestamp = {2017-10-10},
  url = {http://www.oxfordscholarship.com/view/10.1093/019927598X.001.0001/acprof-9780199275984}
}

[Amnefelt04keso-] Keso - a Scalable, Reliable and Secure Read/Write Peer-to-Peer File System

Amnefelt, Mattias, and Svenningsson, Johanna

05/2004 2004

Website abstract Bib

In this thesis we present the design of Keso, a distributed and completely decentralized file system based on the peer-to-peer overlay network DKS. While designing Keso we have taken into account many of the problems that exist in today’s distributed file systems. Traditionally, distributed file systems have been built around dedicated file servers which often use expensive hardware to minimize the risk of breakdown and to handle the load. System administrators are required to monitor the load and disk usage of the file servers and to manually add clients and servers to the system. Another drawback with centralized file systems are that a lot of storage space is unused on clients. Measurements we have taken on existing computer systems has shown that a large part of the storage capacity of workstations is unused. In the system we looked at there was three times as much storage space available on workstations than was stored in the distributed file system. We have also shown that much data stored in a production use distributed file system is redundant. The main goals for the design of Keso has been that it should make use of spare resources, avoid storing unnecessarily redundant data, scale well, be self-organizing and be a secure file system suitable for a real world environment. By basing Keso on peer-to-peer techniques it becomes highly scalable, fault tolerant and self-organizing. Keso is intended to run on ordinary workstations and can make use of the previously unused storage space. Keso also provides means for access control and data privacy despite being built on top of untrusted components. The file system utilizes the fact that a lot of data stored in traditional file systems is redundant by letting all files that contains a datablock with the same contents reference the same datablock in the file system. This is achieved while still maintaining access control and data privacy.
@mastersthesis{Amnefelt04keso-, author = {Amnefelt, Mattias and Svenningsson, Johanna}, school = {KTH/Royal Institute of Technology}, title = {Keso - a Scalable, Reliable and Secure Read/Write Peer-to-Peer File System}, year = {2004}, address = {Stockholm}, month = {05/2004}, type = {Master{\textquoteright}s Thesis}, keywords = {decentralized file system, DKS, Keso}, owner = {tom}, pages = {77}, timestamp = {2017-10-10}, url = {http://mattias.amnefe.lt/keso/} }

[Yu04leopard:a] Leopard: A locality-aware peer-to-peer system with no hot spot

Yu, Yinzhe, Lee, Sanghwan, and Zhang, Zhi-li

2004

@booklet{Yu04leopard:a,
  title = {Leopard: A locality-aware peer-to-peer system with no hot spot},
  author = {Yu, Yinzhe and Lee, Sanghwan and Zhang, Zhi-li},
  year = {2004},
  keywords = {distributed hash table, P2P},
  owner = {tom},
  publisher = {In: the 4th IFIP Networking Conference (Networking{\textquoteright}05},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.134.3912}
}

[feamster:wpes2004] Location Diversity in Anonymity Networks

Feamster, Nick, and Dingledine, Roger

Oct 2004

DOI Website abstract Bib

Anonymity networks have long relied on diversity of node location for protection against attacks—typically an adversary who can observe a larger fraction of the network can launch a more effective attack. We investigate the diversity of two deployed anonymity networks, Mixmaster and Tor, with respect to an adversary who controls a single Internet administrative domain. Specifically, we implement a variant of a recently proposed technique that passively estimates the set of administrative domains (also known as autonomous systems, or ASes) between two arbitrary end-hosts without having access to either end of the path. Using this technique, we analyze the AS-level paths that are likely to be used in these anonymity networks. We find several cases in each network where multiple nodes are in the same administrative domain. Further, many paths between nodes, and between nodes and popular endpoints, traverse the same domain.
@conference{feamster:wpes2004, author = {Feamster, Nick and Dingledine, Roger}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2004)}, title = {Location Diversity in Anonymity Networks}, year = {2004}, address = {Washington, DC, USA}, month = oct, doi = {10.1145/1029179.1029199}, keywords = {anonymity, autonomous systems}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1029199} }
[1251195] MACEDON: methodology for automatically creating, evaluating, and designing overlay networks

Rodriguez, Adolfo, Killian, Charles, Bhat, Sooraj, Kostić, Dejan, and Vahdat, Amin

2004

Website abstract Bib

Currently, researchers designing and implementing large-scale overlay services employ disparate techniques at each stage in the production cycle: design, implementation, experimentation, and evaluation. As a result, complex and tedious tasks are often duplicated leading to ineffective resource use and difficulty in fairly comparing competing algorithms. In this paper, we present MACEDON, an infrastructure that provides facilities to: i) specify distributed algorithms in a concise domain-specific language; ii) generate code that executes in popular evaluation infrastructures and in live networks; iii) leverage an overlay-generic API to simplify the interoperability of algorithm implementations and applications; and iv) enable consistent experimental evaluation. We have used MACEDON to implement and evaluate a number of algorithms, including AMMO, Bullet, Chord, NICE, Overcast, Pastry, Scribe, and SplitStream, typically with only a few hundred lines of MACEDON code. Using our infrastructure, we are able to accurately reproduce or exceed published results and behavior demonstrated by current publicly available implementations.
@conference{1251195, author = {Rodriguez, Adolfo and Killian, Charles and Bhat, Sooraj and Kosti{\'c}, Dejan and Vahdat, Amin}, booktitle = {NSDI{\textquoteright}04: Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation}, title = {MACEDON: methodology for automatically creating, evaluating, and designing overlay networks}, year = {2004}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {20{\textendash}20}, publisher = {USENIX Association}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251175.1251195$\#$} }
[TH04] Measuring Anonymity in a Non-adaptive, Real-time System

Tóth, Gergely, and Hornák, Zoltán

2004

Website abstract Bib

Anonymous message transmission should be a key feature in network architectures ensuring that delivered messages are impossible-or at least infeasible-to be traced back to their senders. For this purpose the formal model of the non-adaptive, real-time PROB-channel will be introduced. In this model attackers try to circumvent applied protection measures and to link senders to delivered messages. In order to formally measure the level of anonymity provided by the system, the probability will be given, with which observers can determine the senders of delivered messages (source-hiding property) or the recipients of sent messages (destination-hiding property). In order to reduce the certainty of an observer, possible counter-measures will be defined that will ensure specified upper limit for the probability with which an observer can mark someone as the sender or recipient of a message. Finally results of simulations will be shown to demonstrate the strength of the techniques.
@conference{TH04, author = {T{\'o}th, Gergely and Horn{\'a}k, Zolt{\'a}n}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)}, title = {Measuring Anonymity in a Non-adaptive, Real-time System}, year = {2004}, pages = {226{\textendash}241}, series = {Springer-Verlag, LNCS}, volume = {3424}, isbn = {3-540-26203-2}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.77.851} }
[THV04] Measuring Anonymity Revisited

Tóth, Gergely, Hornák, Zoltán, and Vajda, Ferenc

Nov 2004

Website abstract Bib

Anonymous message transmission systems are the building blocks of several high-level anonymity services (e.g. epayment, e-voting). Therefore, it is essential to give a theoretically based but also practically usable objective numerical measure for the provided level of anonymity. In this paper two entropybased anonymity measures will be analyzed and some shortcomings of these methods will be highlighted. Finally, source- and destination-hiding properties will be introduced for so called local anonymity, an aspect reflecting the point of view of the users
@conference{THV04, author = {T{\'o}th, Gergely and Horn{\'a}k, Zolt{\'a}n and Vajda, Ferenc}, booktitle = {Proceedings of the Ninth Nordic Workshop on Secure IT Systems}, title = {Measuring Anonymity Revisited}, year = {2004}, address = {Espoo, Finland}, editor = {Liimatainen, Sanna and Virtanen, Teemupekka}, month = nov, pages = {85{\textendash}90}, keywords = {anonymity, anonymity measurement}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.7843} }
[1015507] Mercury: supporting scalable multi-attribute range queries

Bharambe, Ashwin R., Agrawal, Mukesh, and Seshan, Srinivasan

SIGCOMM Comput. Commun. Rev. 2004

DOI Website abstract Bib

This paper presents the design of Mercury, a scalable protocol for supporting multi-attribute range-based searches. Mercury differs from previous range-based query systems in that it supports multiple attributes as well as performs explicit load balancing. To guarantee efficient routing and load balancing, Mercury uses novel light-weight sampling mechanisms for uniformly sampling random nodes in a highly dynamic overlay network. Our evaluation shows that Mercury is able to achieve its goals of logarithmic-hop routing and near-uniform load balancing.We also show that Mercury can be used to solve a key problem for an important class of distributed applications: distributed state maintenance for distributed games. We show that the Mercury-based solution is easy to use, and that it reduces the game’s messaging overheard significantly compared to a naı̈ve approach.
@article{1015507, author = {Bharambe, Ashwin R. and Agrawal, Mukesh and Seshan, Srinivasan}, journal = {SIGCOMM Comput. Commun. Rev.}, title = {Mercury: supporting scalable multi-attribute range queries}, year = {2004}, issn = {0146-4833}, number = {4}, pages = {353{\textendash}366}, volume = {34}, address = {New York, NY, USA}, doi = {10.1145/1030194.1015507}, keywords = {distributed hash table, load balancing, mercury, P2P, random sampling, range queries}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1030194.1015507$\#$} }
[danezis:wpes2004] Minx: A simple and efficient anonymous packet format

Danezis, George, and Laurie, Ben

Oct 2004

DOI Website abstract Bib

Minx is a cryptographic message format for encoding anonymous messages, relayed through a network of Chaumian mixes. It provides security against a passive adversary by completely hiding correspondences between input and output messages. Possibly corrupt mixes on the message path gain no information about the route length or the position of the mix on the route. Most importantly Minx resists active attackers that are prepared to modify messages in order to embed tags which they will try to detect elsewhere in the network. The proposed scheme imposes a low communication and computational overhead, and only combines well understood cryptographic primitives.
@conference{danezis:wpes2004, author = {Danezis, George and Laurie, Ben}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2004)}, title = {Minx: A simple and efficient anonymous packet format}, year = {2004}, address = {Washington, DC, USA}, month = oct, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1029179.1029198}, isbn = {1-58113-968-3}, keywords = {anonymity, tagging attack}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1029179.1029198} }

[Qiu:2004:MPA:1015467.1015508] Modeling and performance analysis of BitTorrent-like peer-to-peer networks

Qiu, Dongyu, and Srikant, Rayadurgam

08/2004 2004

In this paper, we develop simple models to study the performance of BitTorrent, a second generation peer-to-peer (P2P) application. We first present a simple fluid model and study the scalability, performance and efficiency of such a file-sharing mechanism. We then consider the built-in incentive mechanism of BitTorrent and study its effect on network performance. We also provide numerical results based on both simulations and real traces obtained from the Internet.

@conference{Qiu:2004:MPA:1015467.1015508,
  author = {Qiu, Dongyu and Srikant, Rayadurgam},
  booktitle = {SIGCOMM{\textquoteright}04. Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications},
  title = {Modeling and performance analysis of BitTorrent-like peer-to-peer networks},
  year = {2004},
  address = {Portland, Oregon, USA},
  month = {08/2004},
  organization = {ACM},
  pages = {367{\textendash}378},
  publisher = {ACM},
  series = {SIGCOMM {\textquoteright}04},
  doi = {http://doi.acm.org/10.1145/1015467.1015508},
  isbn = {1-58113-862-8},
  keywords = {fluid model, game theory, peer-to-peer networking},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/1015467.1015508}
}

[Aberer04multifacetedsimultaneous] Multifaceted Simultaneous Load Balancing in DHT-based P2P systems: A new game with old balls and bins

Aberer, Karl, Datta, Anwitaman, and Hauswirth, Manfred

2004

Website abstract Bib

In this paper we present and evaluate uncoordinated on-line algorithms for simultaneous storage and replication load-balancing in DHT-based peer-to-peer systems. We compare our approach with the classical balls into bins model, and point out the similarities but also the differences which call for new loadbalancing mechanisms specifically targeted at P2P systems. Some of the peculiarities of P2P systems, which make our problem even more challenging are that both the network membership and the data indexed in the network is dynamic, there is neither global coordination nor global information to rely on, and the load-balancing mechanism ideally should not compromise the structural properties and thus the search efficiency of the DHT, while preserving the semantic information of the data (e.g., lexicographic ordering to enable range searches).
@conference{Aberer04multifacetedsimultaneous, author = {Aberer, Karl and Datta, Anwitaman and Hauswirth, Manfred}, booktitle = {Self-* Properties in Complex Information Systems, {\textquotedblleft}Hot Topics{\textquotedblright} series, LNCS}, title = {Multifaceted Simultaneous Load Balancing in DHT-based P2P systems: A new game with old balls and bins}, year = {2004}, organization = {Springer}, publisher = {Springer}, keywords = {distributed hash table, P2P, storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.9.3746} }
[DBLP:conf/infocom/ChandraBB04] MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card

Chandra, Ranveer, Bahl, Victor, and Bahl, Pradeep

2004

Website abstract Bib

There are a number of scenarios where it is desirable to have a wireless device connect to multiple networks simultaneously. Currently, this is possible only by using multiple wireless network cards in the device. Unfortunately, using multiple wireless cards causes excessive energy drain and consequent reduction of lifetime in battery operated devices. In this paper, we propose a software based approach, called MultiNet, that facilitates simultaneous connections to multiple networks by virtualizing a single wireless card. The wireless card is virtualized by introducing an intermediate layer below IP, which continuously switches the card across multiple networks. The goal of the switching algorithm is to be transparent to the user who sees her machine as being connected to multiple networks. We present the design, implementation, and performance of the MultiNet system.We analyze and evaluate buffering and switching algorithms in terms of delay and energy consumption. Our system has been operational for over twelve months, it is agnostic of the upper layer protocols, and works well over popular IEEE 802.11 wireless LAN cards.
@conference{DBLP:conf/infocom/ChandraBB04, author = {Chandra, Ranveer and Bahl, Victor and Bahl, Pradeep}, booktitle = {INFOCOM}, title = {MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card}, year = {2004}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.pubzone.org/dblp/conf/infocom/ChandraBB04} }
[Kleinberg:2004:NFD:982792.982803] Network failure detection and graph connectivity

Kleinberg, Jon, Sandler, Mark, and Slivkins, Aleksandrs

01/2004 2004

Website abstract Bib

We consider a model for monitoring the connectivity of a network subject to node or edge failures. In particular, we are concerned with detecting (ε, k)-failures: events in which an adversary deletes up to network elements (nodes or edges), after which there are two sets of nodes A and B, each at least an ε fraction of the network, that are disconnected from one another. We say that a set D of nodes is an (ε k)-detection set if, for any (ε k)-failure of the network, some two nodes in D are no longer able to communicate; in this way, D "witnesses" any such failure. Recent results show that for any graph G, there is an is (ε k)-detection set of size bounded by a polynomial in k and ε, independent of the size of G.In this paper, we expose some relationships between bounds on detection sets and the edge-connectivity λ and node-connectivity κ of the underlying graph. Specifically, we show that detection set bounds can be made considerably stronger when parameterized by these connectivity values. We show that for an adversary that can delete κλ edges, there is always a detection set of size O((κ/ε) log (1/ε)) which can be found by random sampling. Moreover, an (ε, &lambda)-detection set of minimum size (which is at most 1/ε) can be computed in polynomial time. A crucial point is that these bounds are independent not just of the size of G but also of the value of λ.Extending these bounds to node failures is much more challenging. The most technically difficult result of this paper is that a random sample of O((κ/ε) log (1/ε)) nodes is a detection set for adversaries that can delete a number of nodes up to κ, the node-connectivity.For the case of edge-failures we use VC-dimension techniques and the cactus representation of all minimum edge-cuts of a graph; for node failures, we develop a novel approach for working with the much more complex set of all minimum node-cuts of a graph.
@conference{Kleinberg:2004:NFD:982792.982803, author = {Kleinberg, Jon and Sandler, Mark and Slivkins, Aleksandrs}, booktitle = {SODA{\textquoteright}04 - Proceedings of the Fifteenth Annual ACM-SIAM Symposium on Discrete Algorithms}, title = {Network failure detection and graph connectivity}, year = {2004}, address = {New Orleans, Louisiana}, month = {01/2004}, organization = {Society for Industrial and Applied Mathematics}, pages = {76{\textendash}85}, publisher = {Society for Industrial and Applied Mathematics}, series = {SODA {\textquoteright}04}, isbn = {0-89871-558-X}, keywords = {failure detection, graph connectivity, network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=982792.982803} }
[Ng:2004:NPS:1247415.1247426] A Network Positioning System for the Internet

Ng, T. S. Eugene, and Zhang, Hui

06/2004 2004

Website abstract Bib

Network positioning has recently been demonstrated to be a viable concept to represent the network distance relationships among Internet end hosts. Several subsequent studies have examined the potential benefits of using network position in applications, and proposed alternative network positioning algorithms. In this paper, we study the problem of designing and building a network positioning system (NPS). We identify several key system-building issues such as the consistency, adaptivity and stability of host network positions over time. We propose a hierarchical network positioning architecture that maintains consistency while enabling decentralization, a set of adaptive decentralized algorithms to compute and maintain accurate, stable network positions, and finally present a prototype system deployed on PlanetLab nodes that can be used by a variety of applications. We believe our system is a viable first step to provide a network positioning capability in the Internet.
@conference{Ng:2004:NPS:1247415.1247426, author = {Ng, T. S. Eugene and Zhang, Hui}, booktitle = {ATEC{\textquoteright}04. Proceedings of the Annual Conference on USENIX Annual Technical Conference}, title = {A Network Positioning System for the Internet}, year = {2004}, address = {Boston, Massachusetts, USA}, month = {06/2004}, organization = {USENIX Association}, pages = {11{\textendash}11}, publisher = {USENIX Association}, series = {ATEC {\textquoteright}04}, keywords = {Internet, network positioning algorithms, network positioning system, nps}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1247415.1247426} }
[1251194] Operating system support for planetary-scale network services

Bavier, Andy, Bowman, Mic, Chun, Brent, Culler, David, Karlin, Scott, Muir, Steve, Peterson, Larry, Roscoe, Timothy, Spalink, Tammo, and Wawrzoniak, Mike

2004

Website abstract Bib

PlanetLab is a geographically distributed overlay network designed to support the deployment and evaluation of planetary-scale network services. Two high-level goals shape its design. First, to enable a large research community to share the infrastructure, PlanetLab provides distributed virtualization, whereby each service runs in an isolated slice of PlanetLab’s global resources. Second, to support competition among multiple network services, PlanetLab decouples the operating system running on each node from the network-wide services that define PlanetLab, a principle referred to as unbundled management. This paper describes how Planet-Lab realizes the goals of distributed virtualization and unbundled management, with a focus on the OS running on each node.
@conference{1251194, author = {Bavier, Andy and Bowman, Mic and Chun, Brent and Culler, David and Karlin, Scott and Muir, Steve and Peterson, Larry and Roscoe, Timothy and Spalink, Tammo and Wawrzoniak, Mike}, booktitle = {NSDI{\textquoteright}04: Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation}, title = {Operating system support for planetary-scale network services}, year = {2004}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {19{\textendash}19}, publisher = {USENIX Association}, keywords = {overlay networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251175.1251194$\#$} }
[golle:ccs2004] Parallel Mixing

Golle, Philippe, and Juels, Ari

Oct 2004

DOI Website abstract Bib

Efforts to design faster synchronous mix networks have focused on reducing the computational cost of mixing per server. We propose a different approach: our reencryption mixnet allows servers to mix inputs in parallel. The result is a dramatic reduction in overall mixing time for moderate-to-large numbers of servers. As measured in the model we describe, for n inputs and M servers our parallel re encryption mixnet produces output in time at most 2n – and only around n assuming a majority of honest servers. In contrast, a traditional, sequential, synchronous re-encryption mixnet requires time Mn. Parallel re-encryption mixnets offer security guarantees comparable to those of synchronous mixnets, and in many cases only a slightly weaker guarantee of privacy. Our proposed construction is applicable to many recently proposed re-encryption mixnets, such as those of Furukawa and Sako, Neff, Jakobsson et al., and Golle and Boneh. In practice, parallel mixnets promise a potentially substantial time saving in applications such as anonymous electronic elections.
@conference{golle:ccs2004, author = {Golle, Philippe and Juels, Ari}, booktitle = {Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004)}, title = {Parallel Mixing}, year = {2004}, address = {Washington DC, USA}, month = oct, organization = {ACM Press}, publisher = {ACM Press}, doi = {10.1145/1030083.1030113}, isbn = {1-58113-961-6}, keywords = {anonymity, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1030113} }
[Fakult04peerstore:better] PeerStore: Better Performance by Relaxing in Peer-to-Peer Backup

Landers, Martin, Zhang, Han, and Tan, Kian-Lee

2004

Website abstract Bib

Backup is cumbersome. To be effective, backups have to be made at regular intervals, forcing users to organize and store a growing collection of backup media. In this paper we propose a novel Peer-to-Peer backup system, PeerStore, that allows the user to store his backups on other people’s computers instead. PeerStore is an adaptive, cost-effective system suitable for all types of networks ranging from LAN, WAN to large unstable networks like the Internet. The system consists of two layers: metadata layer and symmetric trading layer. Locating blocks and duplicate checking is accomplished by the metadata layer while the actual data distribution is done between pairs of peers after they have established a symmetric data trade. By decoupling the metadata management from data storage, the system offers a significant reduction of the maintenance cost and preserves fairness among peers. Results show that PeerStore has a reduced maintenance cost comparing to pStore. PeerStore also realizes fairness because of the symmetric nature of the trades.
@booklet{Fakult04peerstore:better, title = {PeerStore: Better Performance by Relaxing in Peer-to-Peer Backup}, author = {Landers, Martin and Zhang, Han and Tan, Kian-Lee}, year = {2004}, keywords = {backup, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.58.8067} }
[Soezer2004] A Peer-to-Peer File Sharing System for Wireless Ad-Hoc Networks

2004

abstract Bib

File sharing in wireless ad-hoc networks in a peer to peer manner imposes many challenges that make conventional peer-to-peer systems operating on wire-line networks inapplicable for this case. Information and workload distribution as well as routing are major problems for members of a wireless ad-hoc network, which are only aware of their neighborhood. In this paper we propose a system that solves peer-to-peer filesharing problem for wireless ad-hoc networks. Our system works according to peer-to-peer principles, without requiring a central server, and distributes information regarding the location of shared files among members of the network. By means of a “hashline” and forming a tree-structure based on the topology of the network, the system is able to answer location queries, and also discover and maintain routing information that is used to transfer files from a source-peer to another peer.
@conference{Soezer2004, title = {A Peer-to-Peer File Sharing System for Wireless Ad-Hoc Networks}, year = {2004}, editor = {S{\"o}zer, Hasan and Kekkalmaz, Metin and K{\"o}rpeoglu, Ibrahim}, keywords = {ad-hoc networks, file systems, P2P}, owner = {tom}, timestamp = {2017-10-10} }
[Steinmetz2004] Peer-to-Peer Networking & -Computing

Steinmetz, Ralf, and Wehrle, Klaus

Informatik Spektrum 02/2004 2004

DOI abstract Bib

Unter dem Begriff Peer-to-Peer etabliert sich ein höchst interessantes Paradigma für die Kommunikation im Internet. Obwohl ursprünglich nur für die sehr pragmatischen und rechtlich umstrittenen Dateitauschbörsen entworfen, können die Peerto-Peer-Mechanismen zur verteilten Nutzung unterschiedlichster Betriebsmittel genutzt werden und neue Möglichkeiten für Internetbasierte Anwendungen eröffnen.
@article{Steinmetz2004, author = {Steinmetz, Ralf and Wehrle, Klaus}, journal = {Informatik Spektrum}, title = {Peer-to-Peer Networking \& -Computing}, year = {2004}, month = {02/2004}, pages = {51-54}, volume = {27}, doi = {10.1007/s00287-003-0362-9}, keywords = {computing, networking, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10} }
[Cramer04LifeScience] Peer-to-Peer Overlays and Data Integration in a Life Science Grid

Cramer, Curt, Schafferhans, Andrea, and Fuhrmann, Thomas

2004

Website abstract Bib

Databases and Grid computing are a good match. With the service orientation of Grid computing, the complexity of maintaining and integrating databases can be kept away from the actual users. Data access and integration is performed via services, which also allow to employ an access control. While it is our perception that many proposed Grid applications rely on a centralized and static infrastructure, Peer-to-Peer (P2P) technologies might help to dynamically scale and enhance Grid applications. The focus does not lie on publicly available P2P networks here, but on the self-organizing capabilities of P2P networks in general. A P2P overlay could, e.g., be used to improve the distribution of queries in a data Grid. For studying the combination of these three technologies, Grid computing, databases, and P2P, in this paper, we use an existing application from the life sciences, drug target validation, as an example. In its current form, this system has several drawbacks. We believe that they can be alleviated by using a combination of the service-based architecture of Grid computing and P2P technologies for implementing the services. The work presented in this paper is in progress. We mainly focus on the description of the current system state, its problems and the proposed new architecture. For a better understanding, we also outline the main topics related to the work presented here.
@conference{Cramer04LifeScience, author = {Cramer, Curt and Schafferhans, Andrea and Fuhrmann, Thomas}, booktitle = {Proceedings of the First International Workshop of the EU Network of Excellence DELOS on Digital Library Architectures}, title = {Peer-to-Peer Overlays and Data Integration in a Life Science Grid}, year = {2004}, address = {Cagliari, Italy}, pages = {127{\textendash}138}, keywords = {GRID, overlay networks, P2P}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[Liu2004] Personalized Web search for improving retrieval effectiveness

Liu, Fang, Yu, C., and Meng, Weiyi

Knowledge and Data Engineering, IEEE Transactions on Jan 2004

DOI abstract Bib

Current Web search engines are built to serve all users, independent of the special needs of any individual user. Personalization of Web search is to carry out retrieval for each user incorporating his/her interests. We propose a novel technique to learn user profiles from users’ search histories. The user profiles are then used to improve retrieval effectiveness in Web search. A user profile and a general profile are learned from the user’s search history and a category hierarchy, respectively. These two profiles are combined to map a user query into a set of categories which represent the user’s search intention and serve as a context to disambiguate the words in the user’s query. Web search is conducted based on both the user query and the set of categories. Several profile learning and category mapping algorithms and a fusion algorithm are provided and evaluated. Experimental results indicate that our technique to personalize Web search is both effective and efficient.
@article{Liu2004, author = {Liu, Fang and Yu, C. and Meng, Weiyi}, journal = {Knowledge and Data Engineering, IEEE Transactions on}, title = {Personalized Web search for improving retrieval effectiveness}, year = {2004}, issn = {1041-4347}, month = jan, pages = {28-40}, volume = {16}, doi = {10.1109/TKDE.2004.1264820}, keywords = {BANDWIDTH, category hierarchy, category mapping algorithms, Displays, fusion algorithm, History, human factors, information filtering, information retrieval, libraries, personalized Web search, profile learning, retrieval effectiveness, search engines, search intention, special needs, user interfaces, user profiles, user search histories, Web search, Web search engines}, owner = {tom}, timestamp = {2017-10-10} }

[Group2004] POSIX - Portable Operating System Interface

Group, The Open, and IEEE,

2004

@booklet{Group2004,
  title = {POSIX - Portable Operating System Interface},
  author = {Group, The Open and IEEE},
  year = {2004},
  journal = {The Open Group Technical Standard Base Specifications, Issue 6},
  keywords = {API, asynchronous, built-in utility, CPU, file access control mechanism, input/output (I/O), job control, network, portable operating system interface (POSIX{\textregistered}), shell, stream, synchronous},
  number = {IEEE Std 1003.n},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://pubs.opengroup.org/onlinepubs/009695399/}
}

[morphmix-fc2004] Practical Anonymity for the Masses with MorphMix

Rennhard, Marc, and Plattner, Bernhard

Feb 2004

DOI Website abstract Bib

MorphMix is a peer-to-peer circuit-based mix network to provide practical anonymous low-latency Internet access for millions of users. The basic ideas of MorphMix have been published before; this paper focuses on solving open problems and giving an analysis of the resistance to attacks and the performance it offers assuming realistic scenarios with very many users. We demonstrate that MorphMix scales very well and can support as many nodes as there are public IP addresses. In addition, we show that MorphMix is indeed practical because it provides good resistance from long-term profiling and offers acceptable performance despite the heterogeneity of the nodes and the fact that nodes can join or leave the system at any time.
@conference{morphmix-fc2004, author = {Rennhard, Marc and Plattner, Bernhard}, booktitle = {Proceedings of Financial Cryptography (FC {\textquoteright}04)}, title = {Practical Anonymity for the Masses with MorphMix}, year = {2004}, editor = {Juels, Ari}, month = feb, organization = {Springer-Verlag, LNCS 3110}, pages = {233{\textendash}250}, publisher = {Springer-Verlag, LNCS 3110}, doi = {10.1007/b98935}, isbn = {978-3-540-22420-4}, keywords = {anonymity, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/dc1qn54t9ta4u3g1/} }
[Cox:2004:PDN:972374.972394] Practical, distributed network coordinates

Cox, Russ, Dabek, Frank, Kaashoek, Frans M., Li, Jinyang, and Morris, Robert

SIGCOMM Computer Communication Review 01/2004 2004

DOI Website abstract Bib

Vivaldi is a distributed algorithm that assigns synthetic coordinates to internet hosts, so that the Euclidean distance between two hosts’ coordinates predicts the network latency between them. Each node in Vivaldi computes its coordinates by simulating its position in a network of physical springs. Vivaldi is both distributed and efficient: no fixed infrastructure need be deployed and a new host can compute useful coordinates after collecting latency information from only a few other hosts. Vivaldi can rely on piggy-backing latency information on application traffic instead of generating extra traffic by sending its own probe packets.This paper evaluates Vivaldi through simulations of 750 hosts, with a matrix of inter-host latencies derived from measurements between 750 real Internet hosts. Vivaldi finds synthetic coordinates that predict the measured latencies with a median relative error of 14 percent. The simulations show that a new host joining an existing Vivaldi system requires fewer than 10 probes to achieve this accuracy. Vivaldi is currently used by the Chord distributed hash table to perform proximity routing, replica selection, and retransmission timer estimation.
@article{Cox:2004:PDN:972374.972394, author = {Cox, Russ and Dabek, Frank and Kaashoek, Frans M. and Li, Jinyang and Morris, Robert}, journal = {SIGCOMM Computer Communication Review}, title = {Practical, distributed network coordinates}, year = {2004}, issn = {0146-4833}, month = {01/2004}, pages = {113{\textendash}118}, volume = {34}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/972374.972394}, keywords = {network coordinates, proximity routing, replica selection, retransmission timer estimation, Vivaldi}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/972374.972394} }
[e2e-traffic] Practical Traffic Analysis: Extending and Resisting Statistical Disclosure

Mathewson, Nick, and Dingledine, Roger

May 2004

DOI Website abstract Bib

We extend earlier research on mounting and resisting passive long-term end-to-end traffic analysis attacks against anonymous message systems, by describing how an eavesdropper can learn sender-receiver connections even when the substrate is a network of pool mixes, the attacker is non-global, and senders have complex behavior or generate padding messages. Additionally, we describe how an attacker can use information about message distinguishability to speed the attack. We simulate our attacks for a variety of scenarios, focusing on the amount of information needed to link senders to their recipients. In each scenario, we show that the intersection attack is slowed but still succeeds against a steady-state mix network. We find that the attack takes an impractical amount of time when message delivery times are highly variable; when the attacker can observe very little of the network; and when users pad consistently and the adversary does not know how the network behaves in their absence.
@conference{e2e-traffic, author = {Mathewson, Nick and Dingledine, Roger}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)}, title = {Practical Traffic Analysis: Extending and Resisting Statistical Disclosure}, year = {2004}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {17{\textendash}34}, publisher = {Springer Berlin / Heidelberg}, series = {LNCS}, volume = {3424}, doi = {10.1007/b136164}, isbn = {978-3-540-26203-9}, keywords = {traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/v6m6cat1lxvbd4yd/} }
[Wright:2004] The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems

Wright, Matthew, Adler, Micah, Levine, Brian Neil, and Shields, Clay

ACM Transactions on Information and System Security (TISSEC) Nov 2004

DOI Website abstract Bib

There have been a number of protocols proposed for anonymous network communication. In this paper, we investigate attacks by corrupt group members that degrade the anonymity of each protocol over time. We prove that when a particular initiator continues communication with a particular responder across path reformations, existing protocols are subject to the attack. We use this result to place an upper bound on how long existing protocols, including Crowds, Onion Routing, Hordes, Web Mixes, and DC-Net, can maintain anonymity in the face of the attacks described. This provides a basis for comparing these protocols against each other. Our results show that fully connected DC-Net is the most resilient to these attacks, but it suffers from scalability issues that keep anonymity group sizes small. We also show through simulation that the underlying topography of the DC-Net affects the resilience of the protocol: as the number of neighbors a node has increases the strength of the protocol increases, at the cost of higher communication overhead.
@article{Wright:2004, author = {Wright, Matthew and Adler, Micah and Levine, Brian Neil and Shields, Clay}, journal = {ACM Transactions on Information and System Security (TISSEC)}, title = {The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems}, year = {2004}, issn = {1094-9224}, month = nov, number = {7}, pages = {489{\textendash}522}, volume = {7}, doi = {10.1145/1042031.1042032}, keywords = {anonymity, predecessor attack, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1042031.1042032\&coll=GUIDE\&dl=GUIDE\&CFID=76057600\&CFTOKEN=15386893} }
[Acquisti04privacyin] Privacy in Electronic Commerce and the Economics of Immediate Gratification

Acquisti, Alessandro

2004

Website abstract Bib

Dichotomies between privacy attitudes and behavior have been noted in the literature but not yet fully explained. We apply lessons from the research on behavioral economics to understand the individual decision making process with respect to privacy in electronic commerce. We show that it is unrealistic to expect individual rationality in this context. Models of self-control problems and immediate gratification offer more realistic descriptions of the decision process and are more consistent with currently available data. In particular, we show why individuals who may genuinely want to protect their privacy might not do so because of psychological distortions well documented in the behavioral literature; we show that these distortions may affect not only ‘naı̈ve’ individuals but also ‘sophisticated’ ones; and we prove that this may occur also when individuals perceive the risks from not protecting their privacy as significant.
@booklet{Acquisti04privacyin, title = {Privacy in Electronic Commerce and the Economics of Immediate Gratification}, author = {Acquisti, Alessandro}, year = {2004}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.58.3760\&rep=rep1\&type=pdf} }
[Atallah:2004:PCF:1029179.1029204] Private collaborative forecasting and benchmarking

Atallah, Mikhail, Bykova, Marina, Li, Jiangtao, Frikken, Keith, and Topkara, Mercan

10/2004 2004

DOI Website abstract Bib

Suppose a number of hospitals in a geographic area want to learn how their own heart-surgery unit is doing compared with the others in terms of mortality rates, subsequent complications, or any other quality metric. Similarly, a number of small businesses might want to use their recent point-of-sales data to cooperatively forecast future demand and thus make more informed decisions about inventory, capacity, employment, etc. These are simple examples of cooperative benchmarking and (respectively) forecasting that would benefit all participants as well as the public at large, as they would make it possible for participants to avail themselves of more precise and reliable data collected from many sources, to assess their own local performance in comparison to global trends, and to avoid many of the inefficiencies that currently arise because of having less information available for their decision-making. And yet, in spite of all these advantages, cooperative benchmarking and forecasting typically do not take place, because of the participants’ unwillingness to share their information with others. Their reluctance to share is quite rational, and is due to fears of embarrassment, lawsuits, weakening their negotiating position (e.g., in case of over-capacity), revealing corporate performance and strategies, etc. The development and deployment of private benchmarking and forecasting technologies would allow such collaborations to take place without revealing any participant’s data to the others, reaping the benefits of collaboration while avoiding the drawbacks. Moreover, this kind of technology would empower smaller organizations who could then cooperatively base their decisions on a much broader information base, in a way that is today restricted to only the largest corporations. This paper is a step towards this goal, as it gives protocols for forecasting and benchmarking that reveal to the participants the desired answers yet do not reveal to any participant any other participant’s private data. We consider several forecasting methods, including linear regression and time series techniques such as moving average and exponential smoothing. One of the novel parts of this work, that further distinguishes it from previous work in secure multi-party computation, is that it involves floating point arithmetic, in particular it provides protocols to securely and efficiently perform division.
@conference{Atallah:2004:PCF:1029179.1029204, author = {Atallah, Mikhail and Bykova, Marina and Li, Jiangtao and Frikken, Keith and Topkara, Mercan}, booktitle = {WPES{\textquoteright}04 - Proceedings of the 2004 ACM workshop on Privacy in the electronic society}, title = {Private collaborative forecasting and benchmarking}, year = {2004}, address = {Washington, DC, USA}, month = {10/2004}, organization = {ACM}, pages = {103{\textendash}114}, publisher = {ACM}, series = {WPES {\textquoteright}04}, doi = {10.1145/1029179.1029204}, isbn = {1-58113-968-3}, keywords = {benchmarking, e-commerce, forecasting, privacy, secure multi-party computation, secure protocol, SMC}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1029179.1029204} }
[kissner04private] Private keyword-based push and pull with applications to anonymous communication

Kissner, Lea, Oprea, Alina, Reiter, Michael K., Song, Dawn Xiaodong, and Yang, Ke

Applied Cryptography and Network Security 2004

Website abstract Bib

We propose a new keyword-based Private Information Retrieval (PIR) model that allows private modification of the database from which information is requested. In our model, the database is distributed over n servers, any one of which can act as a transparent interface for clients. We present protocols that support operations for accessing data, focusing on privately appending labelled records to the database (push) and privately retrieving the next unseen record appended under a given label (pull). The communication complexity between the client and servers is independent of the number of records in the database (or more generally, the number of previous push and pull operations) and of the number of servers. Our scheme also supports access control oblivious to the database servers by implicitly including a public key in each push, so that only the party holding the private key can retrieve the record via pull. To our knowledge, this is the first system that achieves the following properties: private database modification, private retrieval of multiple records with the same keyword, and oblivious access control. We also provide a number of extensions to our protocols and, as a demonstrative application, an unlinkable anonymous communication service using them.
@article{kissner04private, author = {Kissner, Lea and Oprea, Alina and Reiter, Michael K. and Song, Dawn Xiaodong and Yang, Ke}, journal = {Applied Cryptography and Network Security}, title = {Private keyword-based push and pull with applications to anonymous communication}, year = {2004}, issn = {0302-9743}, isbn = {3-540-22217-0}, keywords = {distributed database, private information retrieval, private key, public key cryptography}, owner = {tom}, timestamp = {2017-10-10}, url = {http://cat.inist.fr/?aModele=afficheN\&cpsidt=15852065} }
[Despotovic2004] A Probabilistic Approach to Predict Peers’ Performance in P2P Networks

Despotovic, Zoran, and Aberer, Karl

09/2004 2004

DOI abstract Bib

The problem of encouraging trustworthy behavior in P2P online communities by managing peers’ reputations has drawn a lot of attention recently. However, most of the proposed solutions exhibit the following two problems: huge implementation overhead and unclear trust related model semantics. In this paper we show that a simple probabilistic technique, maximum likelihood estimation namely, can reduce these two problems substantially when employed as the feedback aggregation strategy. Thus, no complex exploration of the feedback is necessary. Instead, simple, intuitive and efficient probabilistic estimation methods suffice.
@conference{Despotovic2004, author = {Despotovic, Zoran and Aberer, Karl}, booktitle = {CIA 2004. Cooperative Information Agents VIII, 8th International Workshop}, title = {A Probabilistic Approach to Predict Peers{\textquoteright} Performance in P2P Networks}, year = {2004}, address = {Erfurt, Germany}, month = {09/2004}, organization = {Springer}, pages = {62-76}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {3191}, doi = {10.1007/978-3-540-30104-2_6}, keywords = {p2p network, peer performance}, owner = {tom}, timestamp = {2017-10-10} }
[crowds-model] Probabilistic Model Checking of an Anonymity System

Shmatikov, Vitaly

Journal of Computer Security 2004

Website abstract Bib

We use the probabilistic model checker PRISM to analyze the Crowds system for anonymous Web browsing. This case study demonstrates how probabilistic model checking techniques can be used to formally analyze security properties of a peer-to-peer group communication system based on random message routing among members. The behavior of group members and the adversary is modeled as a discrete-time Markov chain, and the desired security properties are expressed as PCTL formulas. The PRISM model checker is used to perform automated analysis of the system and verify anonymity guarantees it provides. Our main result is a demonstration of how certain forms of probabilistic anonymity degrade when group size increases or random routing paths are rebuilt, assuming that the corrupt group members are able to identify and/or correlate multiple routing paths originating from the same sender.
@article{crowds-model, author = {Shmatikov, Vitaly}, journal = {Journal of Computer Security}, title = {Probabilistic Model Checking of an Anonymity System}, year = {2004}, number = {3-4}, pages = {355{\textendash}377}, volume = {12}, keywords = {anonymity, P2P, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.10.6570} }
[berman-fc2004] Provable Unlinkability Against Traffic Analysis

Berman, Ron, Fiat, Amos, and Ta-Shma, Amnon

Feb 2004

DOI Website abstract Bib

We consider unlinkability of communication problem: given n users, each sending a message to some destination, encode and route the messages so that an adversary analyzing the traffic in the communication network cannot link the senders with the recipients. A solution should have a small communication overhead, that is, the number of additional messages should be kept low. David Chaum introduced idea of mixes for solving this problem. His approach was developed further by Simon and Rackoff, and implemented later as the onion protocol. Even if the onion protocol is widely regarded as secure and used in practice, formal arguments supporting this claim are rare and far from being complete. On top of that, in certain scenarios very simple tricks suffice to break security without breaking the cryptographic primitives. It turns out that one source of difficulties in analyzing the onion protocols security is the adversary model. In a recent work, Berman, Fiat and Ta-Shma develop a new and more realistic model in which only a constant fraction of communication lines can be accessed by an adversary, the number of messages does not need to be high and the preferences of the users are taken into account. For this model they prove that with high probability a good level of unlinkability is obtained after steps of the onion protocol where n is the number of messages sent. In this paper we improve these results: we show that the same level of unlinkability (expressed as variation distance between certain probability distributions) is obtained with high probability already after steps of the onion protocol. Asymptotically, this is the best result possible, since obviously (log n) steps are necessary. On top of that, our analysis is much simpler. It is based on path coupling technique designed for showing rapid mixing of Markov chains.
@conference{berman-fc2004, author = {Berman, Ron and Fiat, Amos and Ta-Shma, Amnon}, booktitle = {Proceedings of Financial Cryptography (FC {\textquoteright}04)}, title = {Provable Unlinkability Against Traffic Analysis}, year = {2004}, editor = {Juels, Ari}, month = feb, organization = {Springer-Verlag, LNCS 3110}, pages = {266{\textendash}280}, publisher = {Springer-Verlag, LNCS 3110}, doi = {10.1007/b100936}, isbn = {978-3-540-23208-7}, keywords = {anonymity, Markov chain, path coupling, rapid mixing, unlinkability}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/cknab9y9bpete2ha/} }
[Perng04providingcontent-based] Providing content-based services in a peer-to-peer environment

Perng, Ginger, Wang, Chenxi, and Reiter, Michael K.

2004

Website abstract Bib

Information dissemination in wide area networks has recently garnered much attention. Two differing models, publish/subscribe and rendezvous-based multicast atop overlay networks, have emerged as the two leading approaches for this goal. Event-based publish/subscribe supports contentbased services with powerful filtering capabilities, while peer-to-peer rendezvous-based services allow for efficient communication in a dynamic network infrastructure. We describe Reach, a system that integrates these two approaches to provide efficient and scalable content-based services in a dynamic network setting.
@conference{Perng04providingcontent-based, author = {Perng, Ginger and Wang, Chenxi and Reiter, Michael K.}, booktitle = {in Proceedings of the third International Workshop on Distributed Event-Based Systems (DEBS}, title = {Providing content-based services in a peer-to-peer environment}, year = {2004}, pages = {74{\textendash}79}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.92.4393\&rep=rep1\&type=pdf} }
[boneh04publickey] Public-key encryption with keyword search

Boneh, Dan, Crescenzo, Giovanni Di, Ostrovsky, Rafail, and Persiano, Gieseppe

2004 2004

Website abstract Bib

We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email gateway wants to test whether the email contains the keyword "urgent" so that it could route the email accordingly. Alice, on the other hand does not wish to give the gateway the ability to decrypt all her messages. We define and construct a mechanism that enables Alice to provide a key to the gateway that
@conference{boneh04publickey, author = {Boneh, Dan and Crescenzo, Giovanni Di and Ostrovsky, Rafail and Persiano, Gieseppe}, booktitle = {Eurocrypt 2004}, title = {Public-key encryption with keyword search}, year = {2004}, month = {2004}, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, owner = {tom}, timestamp = {2017-10-10}, url = {citeseer.ist.psu.edu/boneh04public.html} }
[pool-dummy04] Reasoning about the Anonymity Provided by Pool Mixes that Generate Dummy Traffic

Diaz, Claudia, and Preneel, Bart

May 2004

abstract Bib

In this paper we study the anonymity provided by genralized mixes that insert dummy traffic. Mixes are an essential component to offer anonymous email services. We indicate how to compute the recipient and sender anonymity and we point out some problems that may arise from the intutitive extension of the metric to make into account dummies. Two possible ways of inserting dummy traffic are disussed and compared. An active attack scenario is considered, and the anonymity provided by mixes under the attack is analyzed.
@conference{pool-dummy04, author = {Diaz, Claudia and Preneel, Bart}, booktitle = {Proceedings of 6th Information Hiding Workshop (IH 2004)}, title = {Reasoning about the Anonymity Provided by Pool Mixes that Generate Dummy Traffic}, year = {2004}, address = {Toronto}, month = may, series = {LNCS}, keywords = {anonymity}, owner = {tom}, timestamp = {2017-10-10} }
[1247420] Redundancy elimination within large collections of files

Kulkarni, Purushottam, Douglis, Fred, Lavoie, Jason, and Tracey, John M.

2004

Website abstract Bib

Ongoing advancements in technology lead to ever-increasing storage capacities. In spite of this, optimizing storage usage can still provide rich dividends. Several techniques based on delta-encoding and duplicate block suppression have been shown to reduce storage overheads, with varying requirements for resources such as computation and memory. We propose a new scheme for storage reduction that reduces data sizes with an effectiveness comparable to the more expensive techniques, but at a cost comparable to the faster but less effective ones. The scheme, called Redundancy Elimination at the Block Level (REBL), leverages the benefits of compression, duplicate block suppression, and delta-encoding to eliminate a broad spectrum of redundant data in a scalable and efficient manner. REBL generally encodes more compactly than compression (up to a factor of 14) and a combination of compression and duplicate suppression (up to a factor of 6.7). REBL also encodes similarly to a technique based on delta-encoding, reducing overall space significantly in one case. Furthermore, REBL uses super-fingerprints, a technique that reduces the data needed to identify similar blocks while dramatically reducing the computational requirements of matching the blocks: it turns O(n2) comparisons into hash table lookups. As a result, using super-fingerprints to avoid enumerating matching data objects decreases computation in the resemblance detection phase of REBL by up to a couple orders of magnitude.
@conference{1247420, author = {Kulkarni, Purushottam and Douglis, Fred and Lavoie, Jason and Tracey, John M.}, booktitle = {ATEC {\textquoteright}04: Proceedings of the annual conference on USENIX Annual Technical Conference}, title = {Redundancy elimination within large collections of files}, year = {2004}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {5{\textendash}5}, publisher = {USENIX Association}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1247420$\#$} }
[Barreto04areplicated] A Replicated File System for Resource Constrained Mobile Devices

Barreto, João, and Ferreira, Paulo

2004

Website abstract Bib

The emergence of more powerful and resourceful mobile devices, as well as new wireless communication technologies, is turning the concept of ad-hoc networking into a viable and promising possibility for ubiquitous information sharing. However, the inherent characteristics of ad-hoc networks bring up new challenges for which most conventional systems don’t provide an appropriate response. Namely, the lack of a pre-existing infrastructure, the high topological dynamism of these networks, the relatively low bandwidth of wireless links, as well as the limited storage and energy resources of mobile devices are issues that strongly affect the efficiency of any distributed system intended to provide ubiquitous information sharing. In this paper we describe Haddock-FS, a transparent replicated file system designed to support collaboration in the novel usage scenarios enabled by mobile environments. Haddock-FS is based on a highly available optimistic consistency protocol. In order to effectively cope with the network bandwidth and device memory constraints of these environments, Haddock-FS employs a limited size log truncation scheme and a cross-file, cross-version content similarity exploitation mechanism.
@conference{Barreto04areplicated, author = {Barreto, Jo{\~a}o and Ferreira, Paulo}, booktitle = {Proceedings of IADIS Applied Computing}, title = {A Replicated File System for Resource Constrained Mobile Devices}, year = {2004}, keywords = {ad-hoc networks, ubiquitous computing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.144.9141} }
[golle:pet2004] Reputable Mix Networks

Golle, Philippe

May 2004

DOI Website abstract Bib

We define a new type of mix network that offers a reduced form of robustness: the mixnet can prove that every message it outputs corresponds to an input submitted by a player without revealing which input (for honest players). We call mixnets with this property reputable mixnets. Reputable mixnets are not fully robust, because they offer no guarantee that distinct outputs correspond to distinct inputs. In particular, a reputable mix may duplicate or erase messages. A reputable mixnet, however, can defend itself against charges of having authored the output messages it produces. This ability is very useful in practice, as it shields the mixnet from liability in the event that an output message is objectionable or illegal. We propose three very efficient protocols for reputable mixnets, all synchronous. The first protocol is based on blind signatures. It works both with Chaumian decryption mixnets or re-encryption mixnets based on ElGamal, but guarantees a slightly weaker form of reputability which we call near-reputability. The other two protocols are based on ElGamal re-encryption over a composite group and offer true reputability. One requires interaction between the mixnet and the players before players submit their inputs. The other assumes no interaction prior to input submission.
@conference{golle:pet2004, author = {Golle, Philippe}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)}, title = {Reputable Mix Networks}, year = {2004}, month = may, pages = {51{\textendash}63}, series = {LNCS}, volume = {3424}, doi = {10.1007/b136164}, isbn = {978-3-540-26203-9}, keywords = {anonymity, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/mqpu4nyljy82ca90/} }

[Gupta:2004:RMF:1018440.1021942] Reputation Management Framework and Its Use as Currency in Large-Scale Peer-to-Peer Networks

Gupta, Rohit, and Somani, Arun K.

08/2004 2004

In this paper we propose a reputation management framework for large-scale peer-to-peer (P2P) networks, wherein all nodes are assumed to behave selfishly. The proposed framework has several advantages. It enables a form of virtual currency, such that the reputation of nodes is a measure of their wealth. The framework is scalable and provides protection against attacks by malicious nodes. The above features are achieved by developing trusted communities of nodes whose members trust each other and cooperate to deal with the problem of nodesý selfishness and possible maliciousness.

@conference{Gupta:2004:RMF:1018440.1021942,
  author = {Gupta, Rohit and Somani, Arun K.},
  booktitle = {P2P{\textquoteright}04. Proceedings of the 4th International Conference on Peer-to-Peer Computing},
  title = {Reputation Management Framework and Its Use as Currency in Large-Scale Peer-to-Peer Networks},
  year = {2004},
  address = {Zurich, Switzerland},
  month = {08/2004},
  organization = {IEEE Computer Society},
  pages = {124{\textendash}132},
  publisher = {IEEE Computer Society},
  series = {P2P {\textquoteright}04},
  doi = {http://dx.doi.org/10.1109/P2P.2004.44},
  isbn = {0-7695-2156-8},
  keywords = {framework, P2P, peer-to-peer networking, reputation management},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1109/P2P.2004.44}
}

[Awerbuch04robustdistributed] Robust Distributed Name Service

Awerbuch, Baruch

2004

@conference{Awerbuch04robustdistributed,
  author = {Awerbuch, Baruch},
  booktitle = {In Proc. of the 3rd International Workshop on Peer-to-Peer Systems (IPTPS},
  title = {Robust Distributed Name Service},
  year = {2004},
  pages = {1{\textendash}8},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.142.4900}
}

[Feldman:2004:RIT:988772.988788] Robust incentive techniques for peer-to-peer networks

Feldman, Michal, Lai, Kevin, Stoica, Ion, and Chuang, John

05/2004 2004

DOI Website abstract Bib

Lack of cooperation (free riding) is one of the key problems that confronts today’s P2P systems. What makes this problem particularly difficult is the unique set of challenges that P2P systems pose: large populations, high turnover, a symmetry of interest, collusion, zero-cost identities, and traitors. To tackle these challenges we model the P2P system using the Generalized Prisoner’s Dilemma (GPD),and propose the Reciprocative decision function as the basis of a family of incentives techniques. These techniques are fullydistributed and include: discriminating server selection, maxflow-based subjective reputation, and adaptive stranger policies. Through simulation, we show that these techniques can drive a system of strategic users to nearly optimal levels of cooperation.
@conference{Feldman:2004:RIT:988772.988788, author = {Feldman, Michal and Lai, Kevin and Stoica, Ion and Chuang, John}, booktitle = {EC{\textquoteright}04. Proceedings of the 5th ACM Conference on Electronic Commerce}, title = {Robust incentive techniques for peer-to-peer networks}, year = {2004}, address = {New York, NY, USA}, month = {05/2004}, organization = {ACM}, pages = {102{\textendash}111}, publisher = {ACM}, series = {EC {\textquoteright}04}, doi = {http://doi.acm.org/10.1145/988772.988788}, isbn = {1-58113-771-0}, keywords = {cheap pseudonyms, collusion, free-riding, incentives, peer-to-peer networking, prisoners dilemma, reputation, whitewash}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/988772.988788} }
[Lewis2004] Scalable byzantine agreement

Lewis, Scott, and Saia, Jared

2004

abstract Bib

This paper gives a scalable protocol for solving the Byzantine agreement problem. The protocol is scalable in the sense that for Byzantine agreement over n processors, each processor sends and receives only O(log n) messages in expectation. To the best of our knowledge this is the first result for the Byzantine agreement problem where each processor sends and receives o(n) messages. The protocol uses randomness and is correct with high probability. 1 It can tolerate any fraction of faulty processors which is strictly less than 1/6. Our result partially answers the following question posed by Kenneth Birman: “How scalable are the traditional solutions to problems such as Consensus or Byzantine Agreement?” [5].
@article{Lewis2004, author = {Lewis, Scott and Saia, Jared}, title = {Scalable byzantine agreement}, year = {2004}, keywords = {byzantine agreement}, owner = {tom}, timestamp = {2021-01-27} }

[Goh04secureindexes] Secure Indexes

Goh, Eu-jin

2004

@conference{Goh04secureindexes,
  author = {Goh, Eu-jin},
  booktitle = {In submission},
  title = {Secure Indexes},
  year = {2004},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://gnunet.org/papers/secureindex.pdf}
}

[Conrad04SecureServiceSignaling] Secure Service Signaling and fast Authorization in Programmable Networks

Conrad, Michael, Fuhrmann, Thomas, Schoeller, Marcus, and Zitterbart, Martina

2004

DOI Website abstract Bib

Programmable networks aim at the fast and flexible creation of services within a network. Often cited examples are audio and video transcoding, application layer multicast, or mobility and resilience support. In order to become commercially viable, programmable networks must provide authentication, authorization and accounting functionality. The mechanisms used to achieve these functionalities must be secure, reliable, and scalable, to be used in production scale programmable networks. Additionally programmable nodes must resist various kinds of attacks, such as denial of service or replay attacks. Fraudulent use by individual users must also be prohibited. This paper describes the design and implementation of a secure, reliable, and scalable signaling mechanism clients can use to initiate service startup and to manage services running on the nodes of a programmable network. This mechanism is designed for production scale networks with AAA-functionality.
@conference{Conrad04SecureServiceSignaling, author = {Conrad, Michael and Fuhrmann, Thomas and Schoeller, Marcus and Zitterbart, Martina}, booktitle = {Proceedings of the 6th International Working Conference on Active Networking (IWAN) 2004}, title = {Secure Service Signaling and fast Authorization in Programmable Networks}, year = {2004}, address = {Lawrence, Kansas}, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/978-3-540-71500-9}, isbn = {978-3-540-71499-6}, keywords = {programmable networks, secrecy}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[Schollmeier2004] Signaling and Networking in Unstructured Peer-to-Peer Networks

Schollmeier, Rüdiger

09/2004 2004

abstract Bib

This work deals with the efficiency of Peer-to-Peer (P2P) networks, which are distributed and self-organizing overlay networks. We contribute to their understanding and design by using new measurement techniques, simulations and analytical methods. In this context we first present measurement methods and results of P2P networks concerning traffic and topology characteristics as well as concerning user behavior. Based on these results we develop stochastic models to describe the user behavior, the traffic and the topology of P2P networks analytically. Using the results of our measurements and analytical investigations, we develop new P2P architectures to improve the efficiency of P2P networks concerning their topology and their signaling traffic. Finally we verify our results for the new architectures by measurements as well as computer-based simulations on different levels of detail.
@mastersthesis{Schollmeier2004, author = {Schollmeier, R{\"u}diger}, school = {Technische Universit{\"a}t M{\"u}nchen}, title = {Signaling and Networking in Unstructured Peer-to-Peer Networks}, year = {2004}, address = {Munich, Germany}, month = {09/2004}, type = {Dissertation}, keywords = {application model, communication network, compression, content availability, cross layer communication, generating functions, overlay networks, random graph theory, self-organization, signaling traffic, simulation, topology measurement, traffic measurement, user model}, owner = {tom}, pages = {177}, timestamp = {2017-10-10} }
[1007919] Simple efficient load balancing algorithms for peer-to-peer systems

Karger, David, and Ruhl, Matthias

2004

DOI Website abstract Bib

Load balancing is a critical issue for the efficient operation of peer-to-peer networks. We give two new load-balancing protocols whose provable performance guarantees are within a constant factor of optimal. Our protocols refine the consistent hashing data structure that underlies the Chord (and Koorde) P2P network. Both preserve Chord’s logarithmic query time and near-optimal data migration cost.Consistent hashing is an instance of the distributed hash table (DHT) paradigm for assigning items to nodes in a peer-to-peer system: items and nodes are mapped to a common address space, and nodes have to store all items residing closeby in the address space.Our first protocol balances the distribution of the key address space to nodes, which yields a load-balanced system when the DHT maps items "randomly" into the address space. To our knowledge, this yields the first P2P scheme simultaneously achieving O(log n) degree, O(log n) look-up cost, and constant-factor load balance (previous schemes settled for any two of the three).Our second protocol aims to directly balance the distribution of items among the nodes. This is useful when the distribution of items in the address space cannot be randomized. We give a simple protocol that balances load by moving nodes to arbitrary locations "where they are needed." As an application, we use the last protocol to give an optimal implementation of a distributed data structure for range searches on ordered data.
@conference{1007919, author = {Karger, David and Ruhl, Matthias}, booktitle = {SPAA {\textquoteright}04: Proceedings of the sixteenth annual ACM symposium on Parallelism in algorithms and architectures}, title = {Simple efficient load balancing algorithms for peer-to-peer systems}, year = {2004}, address = {New York, NY, USA}, organization = {ACM}, pages = {36{\textendash}43}, publisher = {ACM}, doi = {10.1145/1007912.1007919}, isbn = {1-58113-840-7}, keywords = {load balancing, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1007919$\#$} }
[Shnayder04simulatingthe] Simulating the power consumption of large-scale sensor network applications

Shnayder, Victor, Hempstead, Mark, Chen, Bor-rong, Allen, Geoff Werner, and Welsh, Matt

2004

DOI Website abstract Bib

Developing sensor network applications demands a new set of tools to aid programmers. A number of simulation environments have been developed that provide varying degrees of scalability, realism, and detail for understanding the behavior of sensor networks. To date, however, none of these tools have addressed one of the most important aspects of sensor application design: that of power consumption. While simple approximations of overall power usage can be derived from estimates of node duty cycle and communication rates, these techniques often fail to capture the detailed, low-level energy requirements of the CPU, radio, sensors, and other peripherals. In this paper, we present, a scalable simulation environment for wireless sensor networks that provides an accurate, per-node estimate of power consumption. PowerTOSSIM is an extension to TOSSIM, an event-driven simulation environment for TinyOS applications. In PowerTOSSIM, TinyOS components corresponding to specific hardware peripherals (such as the radio, EEPROM, LEDs, and so forth) are instrumented to obtain a trace of each device’s activity during the simulation runPowerTOSSIM employs a novel code-transformation technique to estimate the number of CPU cycles executed by each node, eliminating the need for expensive instruction-level simulation of sensor nodes. PowerTOSSIM includes a detailed model of hardware energy consumption based on the Mica2 sensor node platform. Through instrumentation of actual sensor nodes, we demonstrate that PowerTOSSIM provides accurate estimation of power consumption for a range of applications and scales to support very large simulations.
@conference{Shnayder04simulatingthe, author = {Shnayder, Victor and Hempstead, Mark and Chen, Bor-rong and Allen, Geoff Werner and Welsh, Matt}, booktitle = {In Sensys}, title = {Simulating the power consumption of large-scale sensor network applications}, year = {2004}, organization = {ACM Press}, pages = {188{\textendash}200}, publisher = {ACM Press}, doi = {10.1145/1031495.1031518}, keywords = {sensor networks, TinyOS}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1031495.1031518} }
[DanSer04] Statistical Disclosure or Intersection Attacks on Anonymity Systems

Danezis, George, and Serjantov, Andrei

May 2004

DOI Website abstract Bib

In this paper we look at the information an attacker can extract using a statistical disclosure attack. We provide analytical results about the anonymity of users when they repeatedly send messages through a threshold mix following the model of Kesdogan, Agrawal and Penz [7] and through a pool mix. We then present a statistical disclosure attack that can be used to attack models of anonymous communication networks based on pool mixes. Careful approximations make the attack computationally efficient. Such models are potentially better suited to derive results that could apply to the security of real anonymous communication networks.
@conference{DanSer04, author = {Danezis, George and Serjantov, Andrei}, booktitle = {Proceedings of 6th Information Hiding Workshop (IH 2004)}, title = {Statistical Disclosure or Intersection Attacks on Anonymity Systems}, year = {2004}, address = {Toronto}, month = may, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, series = {LNCS}, doi = {10.1007/b104759}, isbn = {978-3-540-24207-9}, keywords = {anonymity, statistical analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/tqljb3hybk4rubla/} }
[Androutsellis-Theotokis:2004:SPC:1041680.1041681] A survey of peer-to-peer content distribution technologies

Androutsellis-Theotokis, Stephanos, and Spinellis, Diomidis

ACM Computing Surveys 12/2004 2004

DOI Website abstract Bib

Distributed computer architectures labeled "peer-to-peer" are designed for the sharing of computer resources (content, storage, CPU cycles) by direct exchange, rather than requiring the intermediation or support of a centralized server or authority. Peer-to-peer architectures are characterized by their ability to adapt to failures and accommodate transient populations of nodes while maintaining acceptable connectivity and performance.Content distribution is an important peer-to-peer application on the Internet that has received considerable research attention. Content distribution applications typically allow personal computers to function in a coordinated manner as a distributed storage medium by contributing, searching, and obtaining digital content.In this survey, we propose a framework for analyzing peer-to-peer content distribution technologies. Our approach focuses on nonfunctional characteristics such as security, scalability, performance, fairness, and resource management potential, and examines the way in which these characteristics are reflected in—and affected by—the architectural design decisions adopted by current peer-to-peer systems.We study current peer-to-peer systems and infrastructure technologies in terms of their distributed object location and routing mechanisms, their approach to content replication, caching and migration, their support for encryption, access control, authentication and identity, anonymity, deniability, accountability and reputation, and their use of resource trading and management schemes.
@article{Androutsellis-Theotokis:2004:SPC:1041680.1041681, author = {Androutsellis-Theotokis, Stephanos and Spinellis, Diomidis}, journal = {ACM Computing Surveys}, title = {A survey of peer-to-peer content distribution technologies}, year = {2004}, issn = {0360-0300}, month = {12/2004}, pages = {335{\textendash}371}, volume = {36}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1041680.1041681}, keywords = {content distribution, distributed hash table, DOLR, grid computing, P2P, peer-to-peer networking}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1041680.1041681} }
[Tamilmani04swift:a] SWIFT: A System With Incentives For Trading

Tamilmani, Karthik, Pai, Vinay, and Mohr, Alexander E.

06/2004 2004

abstract Bib

In this paper, we present the design of a credit-based trading mechanism for peer-to-peer file sharing networks. We divide files into verifiable pieces; every peer interested in a file requests these pieces individually from the peers it is connected to. Our goal is to build a mechanism that supports fair large scale distribution in which downloads are fast, with low startup latency. We build a trading model in which peers use a pairwise currency to reconcile trading differences with each other and examine various trading strategies that peers can adopt. We show through analysis and simulation that peers who contribute to the network and take risks receive the most benefit in return. Our simulations demonstrate that peers who set high upload rates receive high download rates in return, but free-riders download very slowly compared to peers who upload. Finally, we propose a default trading strategy that is good for both the network as a whole and the peer employing it: deviating from that strategy yields little or no advantage for the peer.
@conference{Tamilmani04swift:a, author = {Tamilmani, Karthik and Pai, Vinay and Mohr, Alexander E.}, booktitle = {P2PECON{\textquoteright}04. Proceedings of the 2nd Workshop on Economics of Peer-to-Peer Systems}, title = {SWIFT: A System With Incentives For Trading}, year = {2004}, address = {Cambridge, Massachusetts, USA}, month = {06/2004}, keywords = {SWIFT, trading}, owner = {tom}, timestamp = {2017-10-10} }
[sync-batching] Synchronous Batching: From Cascades to Free Routes

Dingledine, Roger, Shmatikov, Vitaly, and Syverson, Paul

May 2004

DOI Website abstract Bib

The variety of possible anonymity network topologies has spurred much debate in recent years. In a synchronous batching design, each batch of messages enters the mix network together, and the messages proceed in lockstep through the network. We show that a synchronous batching strategy can be used in various topologies, including a free-route network, in which senders choose paths freely, and a cascade network, in which senders choose from a set of fixed paths. We show that free-route topologies can provide better anonymity as well as better message reliability in the event of partial network failure.
@conference{sync-batching, author = {Dingledine, Roger and Shmatikov, Vitaly and Syverson, Paul}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)}, title = {Synchronous Batching: From Cascades to Free Routes}, year = {2004}, month = may, pages = {186{\textendash}206}, series = {LNCS}, volume = {3424}, doi = {10.1007/b136164}, keywords = {anonymity, network topology}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/uqvfwe97ehlldm8d/} }
[taxonomy-dummy] Taxonomy of Mixes and Dummy Traffic

Diaz, Claudia, and Preneel, Bart

Aug 2004

Website abstract Bib

This paper presents an analysis of mixes and dummy traffic policies, which are building blocks of anonymous services. The goal of the paper is to bring together all the issues related to the analysis and design of mix networks. We discuss continuous and pool mixes, topologies for mix networks and dummy traffic policies. We point out the advantages and disadvantages of design decisions for mixes and dummy policies. Finally, we provide a list of research problems that need further work.
@conference{taxonomy-dummy, author = {Diaz, Claudia and Preneel, Bart}, booktitle = {Proceedings of I-NetSec04: 3rd Working Conference on Privacy and Anonymity in Networked and Distributed Systems}, title = {Taxonomy of Mixes and Dummy Traffic}, year = {2004}, address = {Toulouse, France}, month = aug, keywords = {anonymity, dummy traffic, mix}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.5.9855} }
[timing-fc2004] Timing Attacks in Low-Latency Mix-Based Systems

Levine, Brian Neil, Reiter, Michael K., Wang, Chenxi, and Wright, Matthew

Feb 2004

DOI Website abstract Bib

A mix is a communication proxy that attempts to hide the correspondence between its incoming and outgoing messages. Timing attacks are a significant challenge for mix-based systems that wish to support interactive, low-latency applications. However, the potency of these attacks has not been studied carefully. In this paper, we investigate timing analysis attacks on low-latency mix systems and clarify the threat they pose. We propose a novel technique, defensive dropping, to thwart timing attacks. Through simulations and analysis, we show that defensive dropping can be effective against attackers who employ timing analysis.
@conference{timing-fc2004, author = {Levine, Brian Neil and Reiter, Michael K. and Wang, Chenxi and Wright, Matthew}, booktitle = {Proceedings of Financial Cryptography (FC {\textquoteright}04)}, title = {Timing Attacks in Low-Latency Mix-Based Systems}, year = {2004}, editor = {Juels, Ari}, month = feb, organization = {Springer-Verlag, LNCS 3110}, pages = {251{\textendash}265}, publisher = {Springer-Verlag, LNCS 3110}, doi = {10.1007/b98935}, isbn = {978-3-540-22420-4}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/n4khdtwk7dqvj0u0/} }
[tor-design] Tor: The Second-Generation Onion Router

Dingledine, Roger, Mathewson, Nick, and Syverson, Paul

Aug 2004

Website abstract Bib

We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability, and efficiency. We briefly describe our experiences with an international network of more than 30 nodes. We close with a list of open problems in anonymous communication.
@conference{tor-design, author = {Dingledine, Roger and Mathewson, Nick and Syverson, Paul}, booktitle = {Proceedings of the 13th USENIX Security Symposium}, title = {Tor: The Second-Generation Onion Router}, year = {2004}, month = aug, organization = {USENIX Association Berkeley, CA, USA}, publisher = {USENIX Association Berkeley, CA, USA}, keywords = {onion routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251396} }
[Kiran04totalrecall:] Total Recall: System Support for Automated Availability Management

Kiran, Ranjita Bhagwan, Tati, Kiran, Cheng, Yu-chung, Savage, Stefan, and Voelker, Geoffrey M.

2004

Website abstract Bib

Availability is a storage system property that is both highly desired and yet minimally engineered. While many systems provide mechanisms to improve availability - such as redundancy and failure recovery - how to best configure these mechanisms is typically left to the system manager. Unfortunately, few individuals have the skills to properly manage the trade-offs involved, let alone the time to adapt these decisions to changing conditions. Instead, most systems are configured statically and with only a cursory understanding of how the configuration will impact overall performance or availability. While this issue can be problematic even for individual storage arrays, it becomes increasingly important as systems are distributed - and absolutely critical for the wide-area peer-to-peer storage infrastructures being explored. This paper describes the motivation, architecture and implementation for a new peer-to-peer storage system, called TotalRecall, that automates the task of availability management. In particular, the TotalRecall system automatically measures and estimates the availability of its constituent host components, predicts their future availability based on past behavior, calculates the appropriate redundancy mechanisms and repair policies, and delivers user-specified availability while maximizing efficiency.
@conference{Kiran04totalrecall:, author = {Kiran, Ranjita Bhagwan and Tati, Kiran and Cheng, Yu-chung and Savage, Stefan and Voelker, Geoffrey M.}, booktitle = {In NSDI}, title = {Total Recall: System Support for Automated Availability Management}, year = {2004}, pages = {337{\textendash}350}, keywords = {P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.10.9775} }
[danezis:pet2004] The Traffic Analysis of Continuous-Time Mixes

Danezis, George

May 2004

DOI Website abstract Bib

We apply the information-theoretic anonymity metrics to continuous-time mixes, that individually delay messages instead of batching them. The anonymity of such mixes is measured based on their delay characteristics, and as an example the exponential mix (sg-mix) is analysed, simulated and shown to use the optimal strategy. We also describe a practical and powerful traffic analysis attack against connection based continuous-time mix networks, despite the presence of some cover traffic. Assuming a passive observer, the conditions are calculated that make tracing messages through the network possible.
@conference{danezis:pet2004, author = {Danezis, George}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)}, title = {The Traffic Analysis of Continuous-Time Mixes}, year = {2004}, month = may, organization = {Springer Berlin / Heidelberg}, pages = {35{\textendash}50}, publisher = {Springer Berlin / Heidelberg}, series = {LNCS}, volume = {3424}, doi = {10.1007/b136164}, isbn = {978-3-540-26203-9}, keywords = {anonymity, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/kgenxdaxkyey4ed2/} }
[Jiang_trustand] Trust and Cooperation in Peer-to-Peer Systems

Jiang, Junjie, Bai, Haihuan, and Wang, Weinong

2004

abstract Bib

Most of the past studies on peer-to-peer systems have emphasized routing and lookup. The selfishness of users, which brings on the free riding problem, has not attracted sufficient attention from researchers. In this paper, we introduce a decentralized reputation-based trust model first, in which trust relationships could be built based on the reputation of peers. Subsequently, we use the iterated prisoner’s dilemma to model the interactions in peer-to-peer systems and propose a simple incentive mechanism. By simulations, it’s shown that the stable cooperation can emerge after limited rounds of interaction between peers by using the incentive mechanism.
@inbook{Jiang_trustand, author = {Jiang, Junjie and Bai, Haihuan and Wang, Weinong}, pages = {371-378}, publisher = {Springer Berlin / Heidelberg}, title = {Trust and Cooperation in Peer-to-Peer Systems}, year = {2004}, volume = {3032}, booktitle = {Lecture Notes in Computer Science}, keywords = {cooperation, incentives, iterated prisoner{\textquoteright}s dilemma, peer-to-peer networking}, organization = {Springer Berlin / Heidelberg}, owner = {tom}, timestamp = {2017-10-10} }
[GolleJakobssonJuelsSyverson:universal04] Universal Re-Encryption for Mixnets

Golle, Philippe, Jakobsson, Markus, Juels, Ari, and Syverson, Paul

Feb 2004

DOI Website abstract Bib

We introduce a new cryptographic technique that we call universal re-encryption. A conventional cryptosystem that permits re-encryption, such as ElGamal, does so only for a player with knowledge of the public key corresponding to a given ciphertext. In contrast, universal re-encryption can be done without knowledge of public keys. We propose an asymmetric cryptosystem with universal re-encryption that is half as efficient as standard ElGamal in terms of computation and storage. While technically and conceptually simple, universal re-encryption leads to new types of functionality in mixnet architectures. Conventional mixnets are often called upon to enable players to communicate with one another through channels that are externally anonymous, i.e., that hide information permitting traffic-analysis. Universal re-encryption lets us construct a mixnet of this kind in which servers hold no public or private keying material, and may therefore dispense with the cumbersome requirements of key generation, key distribution, and private-key management. We describe two practical mixnet constructions, one involving asymmetric input ciphertexts, and another with hybrid-ciphertext inputs.
@conference{GolleJakobssonJuelsSyverson:universal04, author = {Golle, Philippe and Jakobsson, Markus and Juels, Ari and Syverson, Paul}, booktitle = {Proceedings of the 2004 RSA Conference, Cryptographer{\textquoteright}s track}, title = {Universal Re-Encryption for Mixnets}, year = {2004}, address = {San Francisco, USA}, month = feb, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/b95630}, isbn = {978-3-540-20996-6}, keywords = {anonymity, private channels, universal re-encryption}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/1fu5qrb1a2kfe7f9/} }
[warta04-Klonowski] Universal Re-encryption of Signatures and Controlling Anonymous Information Flow

Klonowski, Marek, Kutylowski, Miroslaw, Lauks, Anna, and Zagorski, Filip

Jul 2004

Website abstract Bib

Anonymous communication protocols, very essential for preserving privacy of the parties communicating, may lead to severe problems. A malicious server may use anonymous communication protocols for injecting unwelcome messages into the system so that their source can be hardly traced. So anonymity and privacy protection on one side and protection against such phenomena as spam are so far contradictory goals. We propose a mechanism that may be used to limit the mentioned side effects of privacy protection. During the protocol proposed each encrypted message admitted into the system is signed by a respective authority. Then, on its route through the network the encrypted message and the signature are re-encrypted universally. The purpose of universal re-encryption is to hide the routes of the messages from an observer monitoring the traffic. Despite re-encryption, signature of the authority remains valid. Depending on a particular application, verification of the signature is possible either off-line by anybody with the access to the ciphertext and the signature or requires contact with the authority that has issued the signature.
@conference{warta04-Klonowski, author = {Klonowski, Marek and Kutylowski, Miroslaw and Lauks, Anna and Zagorski, Filip}, booktitle = {Proceedings of WARTACRYPT {\textquoteright}04}, title = {Universal Re-encryption of Signatures and Controlling Anonymous Information Flow}, year = {2004}, month = jul, keywords = {anonymity, information hiding, privacy, re-encryption}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.108.4976} }
[Dabek:2004:VDN:1030194.1015471] Vivaldi: a decentralized network coordinate system

Dabek, Frank, Cox, Russ, Kaashoek, Frans M., and Morris, Robert

SIGCOMM Computer Communication Review 10/2004 2004

DOI Website abstract Bib

Large-scale Internet applications can benefit from an ability to predict round-trip times to other hosts without having to contact them first. Explicit measurements are often unattractive because the cost of measurement can outweigh the benefits of exploiting proximity information. Vivaldi is a simple, light-weight algorithm that assigns synthetic coordinates to hosts such that the distance between the coordinates of two hosts accurately predicts the communication latency between the hosts. Vivaldi is fully distributed, requiring no fixed network infrastructure and no distinguished hosts. It is also efficient: a new host can compute good coordinates for itself after collecting latency information from only a few other hosts. Because it requires little com-munication, Vivaldi can piggy-back on the communication patterns of the application using it and scale to a large number of hosts. An evaluation of Vivaldi using a simulated network whose latencies are based on measurements among 1740 Internet hosts shows that a 2-dimensional Euclidean model with height vectors embeds these hosts with low error (the median relative error in round-trip time prediction is 11 percent).
@article{Dabek:2004:VDN:1030194.1015471, author = {Dabek, Frank and Cox, Russ and Kaashoek, Frans M. and Morris, Robert}, journal = {SIGCOMM Computer Communication Review}, title = {Vivaldi: a decentralized network coordinate system}, year = {2004}, issn = {0146-4833}, month = {10/2004}, pages = {15{\textendash}26}, volume = {34}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1030194.1015471}, keywords = {internet topology, network coordinates, Vivaldi}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1030194.1015471} }
[1038318] Vulnerabilities and Security Threats in Structured Overlay Networks: A Quantitative Analysis

Srivatsa, Mudhakar, and Liu, Ling

2004

DOI Website abstract Bib

A number of recent applications have been built on distributed hash tables (DHTs) based overlay networks. Almost all DHT-based schemes employ a tight deterministic data placement and ID mapping schemes. This feature on one hand provides assurance on location of data if it exists, within a bounded number of hops, and on the other hand, opens doors for malicious nodes to lodge attacks that can potentially thwart the functionality of the overlay network. This paper studies several serious security threats in DHT-based systems through two targeted attacks at the overlay network’s protocol layer. The first attack explores the routing anomalies that can be caused by malicious nodes returning incorrect lookup routes. The second attack targets the ID mapping scheme. We disclose that the malicious nodes can target any specific data item in the system; and corrupt/modify the data item to its favor. For each of these attacks, we provide quantitative analysis to estimate the extent of damage that can be caused by the attack; followed by experimental validation and defenses to guard the overlay networks from such attacks.
@conference{1038318, author = {Srivatsa, Mudhakar and Liu, Ling}, booktitle = {ACSAC {\textquoteright}04: Proceedings of the 20th Annual Computer Security Applications Conference}, title = {Vulnerabilities and Security Threats in Structured Overlay Networks: A Quantitative Analysis}, year = {2004}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {252{\textendash}261}, publisher = {IEEE Computer Society}, doi = {10.1109/CSAC.2004.50}, isbn = {0-7695-2252-1}, keywords = {distributed hash table, overlay networks, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1038254.1038318$\#$} }
[Bustamante04wayback:a] Wayback: A User-level Versioning File System for Linux

Bustamante, Fabian, Cornell, Brian, Cornell, Brian, Dinda, Peter, Dinda, Peter, and Bustamante, Fabian

2004

Website abstract Bib

In a typical file system, only the current version of a file (or directory) is available. In Wayback, a user can also access any previous version, all the way back to the file’s creation time. Versioning is done automatically at the write level: each write to the file creates a new version. Wayback implements versioning using an undo log structure, exploiting the massive space available on modern disks to provide its very useful functionality. Wayback is a user-level file system built on the FUSE framework that relies on an underlying file system for access to the disk. In addition to simplifying Wayback, this also allows it to extend any existing file system with versioning: after being mounted, the file system can be mounted a second time with versioning. We describe the implementation of Wayback, and evaluate its performance using several benchmarks.
@conference{Bustamante04wayback:a, author = {Bustamante, Fabian and Cornell, Brian and Cornell, Brian and Dinda, Peter and Dinda, Peter and Bustamante, Fabian}, booktitle = {In Proceedings of USENIX 2004 (Freenix Track)}, title = {Wayback: A User-level Versioning File System for Linux}, year = {2004}, keywords = {file systems, version control}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.11.2672} }
[Andrade04whencan] When Can an Autonomous Reputation Scheme Discourage Free-riding in a Peer-to-Peer System?

Andrade, Nazareno, Mowbray, Miranda, Cirne, Walfredo, and Brasileiro, Francisco

2004

Website abstract Bib

We investigate the circumstances under which it is possible to discourage free-riding in a peer-to-peer system for resource-sharing by prioritizing resource allocation to peers with higher reputation. We use a model to predict conditions necessary for any reputation scheme to succeed in discouraging free-riding by this method. We show with simulations that for representative cases, a very simple autonomous reputation scheme works nearly as well at discouraging free-riding as an ideal reputation scheme. Finally, we investigate the expected dynamic behavior of the system.
@conference{Andrade04whencan, author = {Andrade, Nazareno and Mowbray, Miranda and Cirne, Walfredo and Brasileiro, Francisco}, booktitle = {in: CCGRID {\textquoteright}04: Proceedings of the 2004 IEEE International Symposium on Cluster Computing and the Grid, IEEE Computer Society}, title = {When Can an Autonomous Reputation Scheme Discourage Free-riding in a Peer-to-Peer System?}, year = {2004}, pages = {440{\textendash}448}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.9659\&rep=rep1\&type=pdf} }
[fu-active] Active Traffic Analysis Attacks and Countermeasures

Fu, Xinwen, Graham, Bryan, Bettati, Riccardo, and Zhao, Wei

2003 2003

Website abstract Bib

To explore mission-critical information, an adversary using active traffic analysis attacks injects probing traffic into the victim network and analyzes the status of underlying payload traffic. Active traffic analysis attacks are easy to deploy and hence become a serious threat to mission critical applications. This paper suggests statistical pattern recognition as a fundamental technology to evaluate effectiveness of active traffic analysis attacks and corresponding countermeasures. Our evaluation shows that sample entropy of ping packets ’ round trip time is an effective feature statistic to discover the payload traffic rate. We propose simple countermeasures that can significantly reduce the effectiveness of ping-based active traffic analysis attacks. Our experiments validate the effectiveness of this scheme, which can also be used in other scenarios
@conference{fu-active, author = {Fu, Xinwen and Graham, Bryan and Bettati, Riccardo and Zhao, Wei}, booktitle = {Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing}, title = {Active Traffic Analysis Attacks and Countermeasures}, year = {2003}, month = {2003}, organization = {IEEE Computer Society Washington, DC, USA}, pages = {31{\textendash}39}, publisher = {IEEE Computer Society Washington, DC, USA}, isbn = {0-7695-2033-2}, keywords = {traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=950964} }
[939011] Ad hoc-VCG: a truthful and cost-efficient routing protocol for mobile ad hoc networks with selfish agents

Anderegg, Luzi, and Eidenbenz, Stephan

2003

DOI Website abstract Bib

We introduce a game-theoretic setting for routing in a mobile ad hoc network that consists of greedy, selfish agents who accept payments for forwarding data for other agents if the payments cover their individual costs incurred by forwarding data. In this setting, we propose Ad hoc-VCG, a reactive routing protocol that achieves the design objectives of truthfulness (i.e., it is in the agents’ best interest to reveal their true costs for forwarding data) and cost-efficiency (i.e., it guarantees that routing is done along the most cost-efficient path) in a game-theoretic sense by paying to the intermediate nodes a premium over their actual costs for forwarding data packets. We show that the total overpayment (i.e., the sum of all premiums paid) is relatively small by giving a theoretical upper bound and by providing experimental evidence. Our routing protocol implements a variation of the well-known mechanism by Vickrey, Clarke, and Groves in a mobile network setting. Finally, we analyze a very natural routing protocol that is an adaptation of the Packet Purse Model [8] with auctions in our setting and show that, unfortunately, it does not achieve cost-efficiency or truthfulness.
@conference{939011, author = {Anderegg, Luzi and Eidenbenz, Stephan}, booktitle = {MobiCom {\textquoteright}03: Proceedings of the 9th annual international conference on Mobile computing and networking}, title = {Ad hoc-VCG: a truthful and cost-efficient routing protocol for mobile ad hoc networks with selfish agents}, year = {2003}, address = {New York, NY, USA}, organization = {ACM}, pages = {245{\textendash}259}, publisher = {ACM}, doi = {10.1145/938985.939011}, isbn = {1-58113-753-2}, keywords = {ad-hoc networks, energy efficiency, game theory, mechanism design, routing, selfish agents, VCG mechanism}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=939011$\#$} }
[1251057] An analysis of compare-by-hash

Henson, Val

2003

Website abstract Bib

Recent research has produced a new and perhaps dangerous technique for uniquely identifying blocks that I will call compare-by-hash. Using this technique, we decide whether two blocks are identical to each other by comparing their hash values, using a collision-resistant hash such as SHA-1[5]. If the hash values match, we assume the blocks are identical without further ado. Users of compare-by-hash argue that this assumption is warranted because the chance of a hash collision between any two randomly generated blocks is estimated to be many orders of magnitude smaller than the chance of many kinds of hardware errors. Further analysis shows that this approach is not as risk-free as it seems at first glance.
@conference{1251057, author = {Henson, Val}, booktitle = {HOTOS{\textquoteright}03: Proceedings of the 9th conference on Hot Topics in Operating Systems}, title = {An analysis of compare-by-hash}, year = {2003}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {3{\textendash}3}, publisher = {USENIX Association}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251057$\#$} }
[fu-analytical] Analytical and Empirical Analysis of Countermeasures to Traffic Analysis Attacks

Fu, Xinwen, Graham, Bryan, Bettati, Riccardo, and Zhao, Wei

2003

DOI Website abstract Bib

This paper studies countermeasures to traffic analysis attacks. A common strategy for such countermeasures is link padding. We consider systems where payload traffic is padded so that packets have either constant inter-arrival times or variable inter-arrival times. The adversary applies statistical recognition techniques to detect the payload traffic rates by using statistical measures like sample mean, sample variance, or sample entropy. We evaluate quantitatively the ability of the adversary to make a correct detection and derive closed-form formulas for the detection rate based on analytical models. Extensive experiments were carried out to validate the system performance predicted by the analytical method. Based on the systematic evaluations, we develop design guidelines for the proper configuration of a system in order to minimize the detection rate.
@conference{fu-analytical, author = {Fu, Xinwen and Graham, Bryan and Bettati, Riccardo and Zhao, Wei}, booktitle = {Proceedings of the 2003 International Conference on Parallel Processing}, title = {Analytical and Empirical Analysis of Countermeasures to Traffic Analysis Attacks}, year = {2003}, pages = {483{\textendash}492}, doi = {10.1109/ICPP.2003.1240613}, isbn = {0-7695-2017-0}, keywords = {traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.computer.org/portal/web/csdl/doi?doc=doi/10.1109/ICPP.2003.1240613} }

[SN03] On the Anonymity of Timed Pool Mixes

Serjantov, Andrei, and Newman, Richard E.

May 2003

This paper presents a method for calculating the anonymity of a timed pool mix. Thus we are able to compare it to a threshold pool mix, and any future mixes that might be developed. Although we are only able to compute the anonymity of a timed pool mix after some specic number of rounds, this is a practical approximation to the real anonymity.

@conference{SN03,
  author = {Serjantov, Andrei and Newman, Richard E.},
  booktitle = {Proceedings of the Workshop on Privacy and Anonymity Issues in Networked and Distributed Systems},
  title = {On the Anonymity of Timed Pool Mixes},
  year = {2003},
  address = {Athens, Greece},
  month = may,
  organization = {Kluwer},
  pages = {427{\textendash}434},
  publisher = {Kluwer},
  keywords = {anonymity, mix},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.9.5699}
}

[Hildrum03asymptoticallyefficient] Asymptotically Efficient Approaches to Fault-Tolerance in Peer-to-Peer

Hildrum, Kirsten, and Kubiatowicz, John

2003

DOI Website abstract Bib

In this paper, we show that two peer-to-peer systems, Pastry [13] and Tapestry [17] can be made tolerant to certain classes of failures and a limited class of attacks. These systems are said to operate properly if they can find the closest node matching a requested ID. The system must also be able to dynamically construct the necessary routing information when new nodes enter or the network changes. We show that with an additional factor of storage overhead and communication overhead, they can continue to achieve both of these goals in the presence of a constant fraction nodes that do not obey the protocol. Our techniques are similar in spirit to those of Saia et al. [14] and Naor and Wieder [10]. Some simple simulations show that these techniques are useful even with constant overhead.
@conference{Hildrum03asymptoticallyefficient, author = {Hildrum, Kirsten and Kubiatowicz, John}, booktitle = {In Proc. of DISC}, title = {Asymptotically Efficient Approaches to Fault-Tolerance in Peer-to-Peer}, year = {2003}, pages = {321{\textendash}336}, doi = {10.1007/b13831}, isbn = {978-3-540-20184-7}, keywords = {fault-tolerance, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/7emt7u01cvbb6bu6/} }
[Hurler_automaticcontext] Automatic Context Integration for Group Aware Environments

Hurler, Bernhard, Petrak, Leo, Fuhrmann, Thomas, Brand, Oliver, and Zitterbart, Martina

2003

Website abstract Bib

Tele-collaboration is a valuable tool that can connect learners at different sites and help them benefit from their respective competences. Albeit many e-learning applications provide a high level of technical sophistication, such tools typically fall short of reflecting the learners ’ full context, e.g., their presence and awareness. Hence, these applications cause many disturbances in the social interaction of the learners. This paper describes mechanisms to improve the group awareness in elearning environments with the help of automatic integration of such context information from the physical world. This information is gathered by different embedded sensors in various objects, e.g., a coffee mug or an office chair. This paper also describes first results of the integration of these sensors into an existing CSCW/CSCL framework
@booklet{Hurler_automaticcontext, title = {Automatic Context Integration for Group Aware Environments}, author = {Hurler, Bernhard and Petrak, Leo and Fuhrmann, Thomas and Brand, Oliver and Zitterbart, Martina}, year = {2003}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.71.1450} }

[Chun2003] Bootstrapping a Distributed Computational Economy with Peer-to-Peer Bartering

Chun, Brent, Fu, Yun, and Vahdat, Amin

06/2003 2003

Bib

@conference{Chun2003,
  author = {Chun, Brent and Fu, Yun and Vahdat, Amin},
  booktitle = {Proceedings of the 1st Worshop on Economics of Peer-to-Peer Systems},
  title = {Bootstrapping a Distributed Computational Economy with Peer-to-Peer Bartering},
  year = {2003},
  address = {Berkeley, CA, USA},
  month = {06/2003},
  keywords = {bartering, distributed computational economies, peer-to-peer bartering, resource discovery, resource exchange, resource peering},
  owner = {tom},
  timestamp = {2017-10-10}
}

[nguyen:pet2003] Breaking and Mending Resilient Mix-nets

Nguyen, Lan, and Safavi-Naini, Rei

Mar 2003

In this paper we show two attacks against universally resilient mix-nets. The first attack can be used against a number of mix-nets, including Furukawa-Sako01 [6], Millimix [11], Abe98 [1], MiP-1, MiP-2 [2,3] and Neff01 [19]. We give the details of the attack in the case of Furukawa-Sako01 mix-net. The second attack breaks the correctness of Millimix [11]. We show how to counter these attacks, and give efficiency and security analysis for the proposed countermeasures.

@conference{nguyen:pet2003,
  author = {Nguyen, Lan and Safavi-Naini, Rei},
  booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2003)},
  title = {Breaking and Mending Resilient Mix-nets},
  year = {2003},
  editor = {Dingledine, Roger},
  month = mar,
  organization = {Springer-Verlag, LNCS 2760},
  pages = {66{\textendash}80},
  publisher = {Springer-Verlag, LNCS 2760},
  doi = {10.1007/b94512},
  isbn = {978-3-540-20610-1},
  keywords = {attack, security analysis},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/0e0mwvgyt008wxkf/}
}

[Prabhakar01buildinglow-diameter] Building Low-Diameter P2P Networks

Pandurangan, Gopal, Raghavan, Prabhakar, and Upfal, Eli

IEEE Journal on Selected Areas in Communications Aug 2003

@article{Prabhakar01buildinglow-diameter,
  author = {Pandurangan, Gopal and Raghavan, Prabhakar and Upfal, Eli},
  journal = {IEEE Journal on Selected Areas in Communications},
  title = {Building Low-Diameter P2P Networks},
  year = {2003},
  month = aug,
  pages = {995-1002},
  volume = {21},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.cs.brown.edu/people/eli/papers/focs01.pdf}
}

[Kostic:2003:BHB:945445.945473] Bullet: High Bandwidth Data Dissemination Using an Overlay Mesh

Kostić, Dejan, Rodriguez, Adolfo, Albrecht, Jeannie, and Vahdat, Amin

10/2003 2003

DOI Website abstract Bib

In recent years, overlay networks have become an effective alternative to IP multicast for efficient point to multipoint communication across the Internet. Typically, nodes self-organize with the goal of forming an efficient overlay tree, one that meets performance targets without placing undue burden on the underlying network. In this paper, we target high-bandwidth data distribution from a single source to a large number of receivers. Applications include large-file transfers and real-time multimedia streaming. For these applications, we argue that an overlay mesh, rather than a tree, can deliver fundamentally higher bandwidth and reliability relative to typical tree structures. This paper presents Bullet, a scalable and distributed algorithm that enables nodes spread across the Internet to self-organize into a high bandwidth overlay mesh. We construct Bullet around the insight that data should be distributed in a disjoint manner to strategic points in the network. Individual Bullet receivers are then responsible for locating and retrieving the data from multiple points in parallel.Key contributions of this work include: i) an algorithm that sends data to different points in the overlay such that any data object is equally likely to appear at any node, ii) a scalable and decentralized algorithm that allows nodes to locate and recover missing data items, and iii) a complete implementation and evaluation of Bullet running across the Internet and in a large-scale emulation environment reveals up to a factor two bandwidth improvements under a variety of circumstances. In addition, we find that, relative to tree-based solutions, Bullet reduces the need to perform expensive bandwidth probing. In a tree, it is critical that a node’s parent delivers a high rate of application data to each child. In Bullet however, nodes simultaneously receive data from multiple sources in parallel, making it less important to locate any single source capable of sustaining a high transmission rate.
@conference{Kostic:2003:BHB:945445.945473, author = {Kosti{\'c}, Dejan and Rodriguez, Adolfo and Albrecht, Jeannie and Vahdat, Amin}, booktitle = {SOSP{\textquoteright}03. Proceedings of the 19th ACM Symposium on Operating Systems Principles}, title = {Bullet: High Bandwidth Data Dissemination Using an Overlay Mesh}, year = {2003}, address = {Bolton Landing, NY, USA}, month = {10/2003}, organization = {ACM}, pages = {282{\textendash}297}, publisher = {ACM}, series = {SOSP {\textquoteright}03}, doi = {http://doi.acm.org/10.1145/945445.945473}, isbn = {1-58113-757-5}, keywords = {BANDWIDTH, bullet, overlays, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/945445.945473} }
[buses03] Buses for Anonymous Message Delivery

Beimel, Amos, and Dolev, Shlomi

Journal of Cryptology 2003

DOI Website abstract Bib

This work develops a novel approach to hide the senders and the receivers of messages. The intuition is taken from an everyday activity that hides the ‘‘communication pattern’’—the public transportation system. To describe our protocols, buses are used as a metaphor: Buses, i.e., messages, are traveling on the network, each piece of information is allocated a seat within the bus. Routes are chosen and buses are scheduled to traverse these routes. Deterministic and randomized protocols are presented, the protocols differ in the number of buses in the system, the worst case traveling time, and the required buffer size in a ‘‘station.’’ In particular, a protocol that is based on cluster partition of the network is presented; in this protocol there is one bus traversing each cluster. The clusters’ size in the partition gives time and communication tradeoffs. One advantage of our protocols over previous works is that they are not based on statistical properties for the communication pattern. Another advantage is that they only require the processors in the communication network to be busy periodically.
@article{buses03, author = {Beimel, Amos and Dolev, Shlomi}, journal = {Journal of Cryptology}, title = {Buses for Anonymous Message Delivery}, year = {2003}, issn = {0933-2790}, number = {1}, pages = {25{\textendash}39}, volume = {16}, doi = {10.1007/s00145-002-0128-6}, keywords = {privacy, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/eljjgl3ec01c00xa/} }
[778418] A charging and rewarding scheme for packet forwarding in multi-hop cellular networks

Salem, Naouel Ben, Buttyán, Levente, Hubaux, Jean-Pierre, and Jakobsson, Markus

2003

DOI Website abstract Bib

In multi-hop cellular networks, data packets have to be relayed hop by hop from a given mobile station to a base station and vice-versa. This means that the mobile stations must accept to forward information for the benefit of other stations. In this paper, we propose an incentive mechanism that is based on a charging/rewarding scheme and that makes collaboration rational for selfish nodes. We base our solution on symmetric cryptography to cope with the limited resources of the mobile stations. We provide a set of protocols and study their robustness with respect to various attacks. By leveraging on the relative stability of the routes, our solution leads to a very moderate overhead.
@conference{778418, author = {Salem, Naouel Ben and Butty{\'a}n, Levente and Hubaux, Jean-Pierre and Jakobsson, Markus}, booktitle = {MobiHoc {\textquoteright}03: Proceedings of the 4th ACM international symposium on Mobile ad hoc networking \& computing}, title = {A charging and rewarding scheme for packet forwarding in multi-hop cellular networks}, year = {2003}, address = {New York, NY, USA}, organization = {ACM}, pages = {13{\textendash}24}, publisher = {ACM}, doi = {10.1145/778415.778418}, isbn = {1-58113-684-6}, keywords = {ad-hoc networks, charging, cooperation, hybrid cellular networks, multi-hop networks, packet forwarding}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=778418$\#$} }
[kutzner03connecting] Connecting Vehicle Scatternets by Internet-Connected Gateways

Kutzner, Kendy, Tchouto, Jean-Jacques, Bechler, Marc, Wolf, Lars, Bochow, Bernd, and Luckenbach, Thomas

2003

Website abstract Bib

This paper presents an approach for interconnecting isolated clouds of an ad hoc network that form a scatternet topology using Internet gateways as intermediate nodes. The architecture developed is intended to augment FleetNet, a highly dynamic ad hoc network for inter-vehicle communications. This is achieved by upgrading FleetNet capabilities to establish a communication path between moving vehicles and the Internet via Internet gateways to facilitate direct gateway to gateway communications via the Internet, thus bridging gaps in the network topology and relaying packets closer towards their geographical destination at the same time. After outlining the overall FleetNet approach and its underlying geographical multi-hop routing, we focus on the FleetNet gateway architecture. We describe required modifications to the gateway architecture and to the FleetNet network layer in order to use these gateways as intermediate nodes for FleetNet routing. Finally, we conclude the paper by a short discussion on the prototype gateway implementation and by summarizing first results and ongoing work on inter scatternet communication.
@conference{kutzner03connecting, author = {Kutzner, Kendy and Tchouto, Jean-Jacques and Bechler, Marc and Wolf, Lars and Bochow, Bernd and Luckenbach, Thomas}, booktitle = {Workshop on Multiradio Multimedia Communications MMC 2003}, title = {Connecting Vehicle Scatternets by Internet-Connected Gateways}, year = {2003}, address = {University of Dortmund, Germany}, owner = {tom}, timestamp = {2017-10-10}, type = {publication}, url = {http://i30www.ira.uka.de/research/publications/p2p/} }
[1247343] A cooperative internet backup scheme

Lillibridge, Mark, Elnikety, Sameh, Birrell, Andrew D., Burrows, Mike, and Isard, Michael

2003

Website abstract Bib

We present a novel peer-to-peer backup technique that allows computers connected to the Internet to back up their data cooperatively: Each computer has a set of partner computers, which collectively hold its backup data. In return, it holds a part of each partner’s backup data. By adding redundancy and distributing the backup data across many partners, a highly-reliable backup can be obtained in spite of the low reliability of the average Internet machine. Because our scheme requires cooperation, it is potentially vulnerable to several novel attacks involving free riding (e.g., holding a partner’s data is costly, which tempts cheating) or disruption. We defend against these attacks using a number of new methods, including the use of periodic random challenges to ensure partners continue to hold data and the use of disk-space wasting to make cheating unprofitable. Results from an initial prototype show that our technique is feasible and very inexpensive: it appears to be one to two orders of magnitude cheaper than existing Internet backup services.
@conference{1247343, author = {Lillibridge, Mark and Elnikety, Sameh and Birrell, Andrew D. and Burrows, Mike and Isard, Michael}, booktitle = {ATEC {\textquoteright}03: Proceedings of the annual conference on USENIX Annual Technical Conference}, title = {A cooperative internet backup scheme}, year = {2003}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {3{\textendash}3}, publisher = {USENIX Association}, keywords = {backup, P2P, redundancy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1247343$\#$} }

[Leibowitz:2003:DKN:832311.837393] Deconstructing the Kazaa Network

Leibowitz, Nathaniel, Ripeanu, Matei, and Wierzbicki, Adam

06/2003 2003

Internet traffic is experiencing a shift from webtraffic to file swapping traffic. Today a significant partof Internet traffic is generated by peer-to-peer applications, mostly by the popular Kazaa application.Yet, to date, few studies analyze Kazaa traffic, thusleaving the bulk of Internet traffic in dark. We presenta large-scale investigation of Kazaa traffic based onlogs collected at a large Israeli ISP, which captureroughly a quarter of all traffic between Israel and US.

@conference{Leibowitz:2003:DKN:832311.837393,
  author = {Leibowitz, Nathaniel and Ripeanu, Matei and Wierzbicki, Adam},
  booktitle = {WIAPP{\textquoteright}03 - Proceedings of the The Third IEEE Workshop on Internet Applications},
  title = {Deconstructing the Kazaa Network},
  year = {2003},
  address = {San Jos{\'e}, CA, USA},
  month = {06/2003},
  organization = {IEEE Computer Society},
  pages = {112{\textendash}},
  publisher = {IEEE Computer Society},
  series = {WIAPP {\textquoteright}03},
  isbn = {0-7695-1972-5},
  keywords = {file swapping traffic, kazaa, traffic},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=832311.837393}
}

[wright03] Defending Anonymous Communication Against Passive Logging Attacks

Wright, Matthew, Adler, Micah, Levine, Brian Neil, and Shields, Clay

05/2003 2003

Website abstract Bib

We study the threat that passive logging attacks poseto anonymous communications. Previous work analyzedthese attacks under limiting assumptions. We first describea possible defense that comes from breaking the assumptionof uniformly random path selection. Our analysisshows that the defense improves anonymity in the staticmodel, where nodes stay in the system, but fails in a dynamicmodel, in which nodes leave and join. Additionally,we use the dynamic model to show that the intersectionattack creates a vulnerability in certain peer-to-peer systemsfor anonymous communciations. We present simulationresults that show that attack times are significantlylower in practice than the upper bounds given by previouswork. To determine whether users’ web traffic has communicationpatterns required by the attacks, we collectedand analyzed the web requests of users. We found that,for our study, frequent and repeated communication to thesame web site is common.
@conference{wright03, author = {Wright, Matthew and Adler, Micah and Levine, Brian Neil and Shields, Clay}, booktitle = {Proceedings of the 2003 IEEE Symposium on Security and Privacy}, title = {Defending Anonymous Communication Against Passive Logging Attacks}, year = {2003}, month = {05/2003}, organization = {IEEE Computer Society Washington, DC, USA}, pages = {28{\textendash}43}, publisher = {IEEE Computer Society Washington, DC, USA}, isbn = {0-7695-1940-7}, keywords = {attack, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=830556} }
[863960] A delay-tolerant network architecture for challenged internets

Fall, Kevin

2003

DOI Website abstract Bib

The highly successful architecture and protocols of today’s Internet may operate poorly in environments characterized by very long delay paths and frequent network partitions. These problems are exacerbated by end nodes with limited power or memory resources. Often deployed in mobile and extreme environments lacking continuous connectivity, many such networks have their own specialized protocols, and do not utilize IP. To achieve interoperability between them, we propose a network architecture and application interface structured around optionally-reliable asynchronous message forwarding, with limited expectations of end-to-end connectivity and node resources. The architecture operates as an overlay above the transport layers of the networks it interconnects, and provides key services such as in-network data storage and retransmission, interoperable naming, authenticated forwarding and a coarse-grained class of service.
@conference{863960, author = {Fall, Kevin}, booktitle = {SIGCOMM {\textquoteright}03: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications}, title = {A delay-tolerant network architecture for challenged internets}, year = {2003}, address = {New York, NY, USA}, organization = {ACM}, pages = {27{\textendash}34}, publisher = {ACM}, doi = {10.1145/863955.863960}, isbn = {1-58113-735-4}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=863960$\#$} }
[roca03design] Design and evaluation of a low density generator matrix

Roca, Vincent, Khallouf, Zainab, and Laboure, Julien

2003

DOI Website abstract Bib

Traditional small block Forward Error Correction (FEC) codes, like the Reed-Solomon erasure (RSE) code, are known to raise efficiency problems, in particular when they are applied to the Asynchronous Layered Coding (ALC) reliable multicast protocol. In this paper we describe the design of a simple large block Low Density Generator Matrix (LDGM) codec, a particular case of LDPC code, which is capable of operating on source blocks that are several tens of megabytes long. We also explain how the iterative decoding feature of LDGM/LDPC can be used to protect a large number of small independent objects during time-limited partially-reliable sessions. We illustrate this feature with an example derived from a video streaming scheme over ALC. We then evaluate our LDGM codec and compare its performances with a well known RSE codec. Tests focus on the global efficiency and on encoding/decoding performances. This paper deliberately skips theoretical aspects to focus on practical results. It shows that LDGM/LDPC open many opportunities in the area of bulk data multicasting.
@booklet{roca03design, title = {Design and evaluation of a low density generator matrix}, author = {Roca, Vincent and Khallouf, Zainab and Laboure, Julien}, year = {2003}, doi = {10.1007/b13249}, isbn = {978-3-540-20051-2}, keywords = {ALC, FEC, large block FEC codes, LDGM, LDPC, reliable multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/tdemq6m8b20320hb/} }
[_] A DHT-based Backup System

Sit, Emil, Cates, Josh, and Cox, Russ

2003

Website abstract Bib

Distributed hashtables have been proposed as a way to simplify the construction of large-scale distributed applications(e.g.[1,6]). DHTs are completely decentralized systems that provide block storage on a changing collection of nodes spread throughout the Internet. Each block is identified by aunique key. DHTs spread the load of storing and serving blocks across all of the active nodes and keep the blocks available as nodes join and leave the system. This paper presents the design and implementation of a cooperative off-site backup system, Venti-DHash. Venti-DHash is based on a DHT infrastructure and is designed to support recovery of data after a disaster by keeping regular snapshots of filesystems distributed off-site, on peers on the Internet. Where as conventional backup systems incur significant equipment costs, manual effort and high administrative overhead, we hope that a distributed backup system can alleviate these problems, making backups easy and feasible. By building this system on top of a DHT, the backup application inherits the properties of the DHT, and serves to evaluate the feasibility of using a DHT to build larg escale applications.
@booklet{_, title = {A DHT-based Backup System}, author = {Sit, Emil and Cates, Josh and Cox, Russ}, year = {2003}, keywords = {backup, distributed hash table}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doc.cat-v.org/plan_9/misc/venti-dhash/} }
[Acquisti03onthe] On the Economics of Anonymity

Acquisti, Alessandro, Dingledine, Roger, and Syverson, Paul

2003

Website abstract Bib

Decentralized anonymity infrastructures are still not in wide use today. While there are technical barriers to a secure robust design, our lack of understanding of the incentives to participate in such systems remains a major roadblock. Here we explore some reasons why anonymity systems are particularly hard to deploy, enumerate the incentives to participate either as senders or also as nodes, and build a general model to describe the effects of these incentives. We then describe and justify some simplifying assumptions to make the model manageable, and compare optimal strategies for participants based on a variety of scenarios.
@conference{Acquisti03onthe, author = {Acquisti, Alessandro and Dingledine, Roger and Syverson, Paul}, booktitle = {Financial Cryptography. Springer-Verlag, LNCS 2742}, title = {On the Economics of Anonymity}, year = {2003}, pages = {84{\textendash}102}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.13.5636\&rep=rep1\&type=pdf} }
[Buchegger03theeffect] The Effect of Rumor Spreading in Reputation Systems for Mobile Ad-Hoc Networks

Buchegger, Sonja, and Boudec, Jean-Yves Le

2003

Website abstract Bib

Mobile ad-hoc networks rely on the cooperation of nodes for routing and forwarding. For individual nodes there are however several advantages resulting from noncooperation, the most obvious being power saving. Nodes that act selfishly or even maliciously pose a threat to availability in mobile ad-hoc networks. Several approaches have been proposed to detect noncooperative nodes. In this paper, we investigate the effect of using rumors with respect to the detection time of misbehaved nodes as well as the robustness of the reputation system against wrong accusations. We propose a Bayesian approach for reputation representation, updates, and view integration. We also present a mechanism to detect and exclude potential lies. The simulation results indicate that by using this Bayesian approach, the reputation system is robust against slander while still benefitting from the speed-up in detection time provided by the use of rumors.
@conference{Buchegger03theeffect, author = {Buchegger, Sonja and Boudec, Jean-Yves Le}, booktitle = {In Proceedings of WiOpt {\textquoteleft}03: Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks{\textquotedblright}, Sophia-Antipolis}, title = {The Effect of Rumor Spreading in Reputation Systems for Mobile Ad-Hoc Networks}, year = {2003}, keywords = {ad-hoc networks, reputation, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.9006} }
[Kwon:2003:EPF:827273.829221] An Efficient Peer-to-Peer File Sharing Exploiting Hierarchy and Asymmetry

Kwon, Gisik, and Ryu, Kyung D.

01/2003 2003

DOI Website abstract Bib

Many Peer-to-Peer (P2P) file sharing systems have been proposed to take advantage of high scalability and abundant resources at end-user machines. Previous approaches adopted either simple flooding or routing with complex structures, such as Distributed HashingTables (DHT). However, these approaches did not consider the heterogeneous nature of the machines and the hierarchy of networks on the Internet. This paper presents Peer-to-peer Asymmetric file Sharing System(PASS), a novel approach to P2P file sharing, which accounts for the different capabilities and network locations of the participating machines. Our system selects only a portion of high-capacity machines(supernodes) for routing support, and organizes the network by using location information. We show that our key-coverage based directory replication improves the file search performance to a small constant number of routing hops, regardless of the network size.
@conference{Kwon:2003:EPF:827273.829221, author = {Kwon, Gisik and Ryu, Kyung D.}, booktitle = {SAINT{\textquoteright}03. Proceedings of the 2003 Symposium on Applications and the Internet}, title = {An Efficient Peer-to-Peer File Sharing Exploiting Hierarchy and Asymmetry}, year = {2003}, address = {Orlando, Florida, USA}, month = {01/2003}, organization = {IEEE Computer Society}, pages = {226{\textendash}}, publisher = {IEEE Computer Society}, series = {SAINT {\textquoteright}03}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINT.2003.1183054}, isbn = {0-7695-1872-9}, keywords = {asymmetry, hierarchy, P2P, pass, peer-to-peer asymmetric file sharing system, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=827273.829221} }
[Kamvar:2003:EAR:775152.775242] The EigenTrust algorithm for reputation management in P2P networks

Kamvar, Sepandar D., Schlosser, Mario T., and Garcia-Molina, Hector

05/2003 2003

DOI Website abstract Bib

Peer-to-peer file-sharing networks are currently receiving much attention as a means of sharing and distributing information. However, as recent experience shows, the anonymous, open nature of these networks offers an almost ideal environment for the spread of self-replicating inauthentic files.We describe an algorithm to decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network that assigns each peer a unique global trust value, based on the peer’s history of uploads. We present a distributed and secure method to compute global trust values, based on Power iteration. By having peers use these global trust values to choose the peers from whom they download, the network effectively identifies malicious peers and isolates them from the network.In simulations, this reputation system, called EigenTrust, has been shown to significantly decrease the number of inauthentic files on the network, even under a variety of conditions where malicious peers cooperate in an attempt to deliberately subvert the system.
@conference{Kamvar:2003:EAR:775152.775242, author = {Kamvar, Sepandar D. and Schlosser, Mario T. and Garcia-Molina, Hector}, booktitle = {WWW{\textquoteright}03. Proceedings of the 12th International Conference on World Wide Web}, title = {The EigenTrust algorithm for reputation management in P2P networks}, year = {2003}, address = {Budapest, Hungary}, month = {05/2003}, organization = {ACM}, pages = {640{\textendash}651}, publisher = {ACM}, series = {WWW {\textquoteright}03}, doi = {http://doi.acm.org/10.1145/775152.775242}, isbn = {1-58113-680-3}, keywords = {distributed eigenvector computation, peer-to-peer networking, reputation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/775152.775242} }
[948119] Establishing pairwise keys in distributed sensor networks

Liu, Donggang, and Ning, Peng

2003

DOI Website abstract Bib

Pairwise key establishment is a fundamental security service in sensor networks; it enables sensor nodes to communicate securely with each other using cryptographic techniques. However, due to the resource constraints on sensors, it is infeasible to use traditional key management techniques such as public key cryptography and key distribution center (KDC). To facilitate the study of novel pairwise key predistribution techniques, this paper presents a general framework for establishing pairwise keys between sensors on the basis of a polynomial-based key predistribution protocol [2]. This paper then presents two efficient instantiations of the general framework: a random subset assignment key predistribution scheme and a grid-based key predistribution scheme. The analysis in this paper indicates that these two schemes have a number of nice properties, including high probability (or guarantee) to establish pairwise keys, tolerance of node captures, and low communication overhead. Finally, this paper presents a technique to reduce the computation at sensors required by these schemes.
@conference{948119, author = {Liu, Donggang and Ning, Peng}, booktitle = {CCS {\textquoteright}03: Proceedings of the 10th ACM conference on Computer and communications security}, title = {Establishing pairwise keys in distributed sensor networks}, year = {2003}, address = {New York, NY, USA}, organization = {ACM}, pages = {52{\textendash}61}, publisher = {ACM}, doi = {10.1145/948109.948119}, isbn = {1-58113-738-9}, keywords = {key management, probabilistic key sharing, sensor networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=948119$\#$} }
[Boyd2003] The evolution of altruistic punishment

Boyd, Robert, Gintis, Herbert, Bowles, Samuel, and Richerson, Peter J.

Proceedings of the National Academy of Sciences of the USA 03/2003 2003

DOI abstract Bib

Both laboratory and field data suggest that people punish noncooperators even in one-shot interactions. Although such “altruistic punishment” may explain the high levels of cooperation in human societies, it creates an evolutionary puzzle: existing models suggest that altruistic cooperation among nonrelatives is evolutionarily stable only in small groups. Thus, applying such models to the evolution of altruistic punishment leads to the prediction that people will not incur costs to punish others to provide benefits to large groups of nonrelatives. However, here we show that an important asymmetry between altruistic cooperation and altruistic punishment allows altruistic punishment to evolve in populations engaged in one-time, anonymous interactions. This process allows both altruistic punishment and altruistic cooperation to be maintained even when groups are large and other parameter values approximate conditions that characterize cultural evolution in the small-scale societies in which humans lived for most of our prehistory.
@article{Boyd2003, author = {Boyd, Robert and Gintis, Herbert and Bowles, Samuel and Richerson, Peter J.}, journal = {Proceedings of the National Academy of Sciences of the USA}, title = {The evolution of altruistic punishment}, year = {2003}, month = {03/2003}, pages = {3531-3535}, volume = {100}, doi = {10.1073/pnas.0630443100}, keywords = {altruistic cooperation, altruistic punishment, cooperation, human society, nonrelatives}, owner = {tom}, timestamp = {2017-10-10} }
[Peterson03ext3cow:the] Ext3cow: The Design, Implementation, and Analysis of Metadata for a Time-Shifting File System

Peterson, Zachary N. J., and Burns, Randal C.

2003

Website abstract Bib

The ext3cow file system, built on Linux’s popular ext3 file system, brings snapshot functionality and file versioning to the open-source community. Our implementation of ext3cow has several desirable properties: ext3cow is implemented entirely in the file system and, therefore, does not modify kernel interfaces or change the operation of other file systems; ext3cow provides a time-shifting interface that permits access to data in the past without polluting the file system namespace; and, ext3cow creates versions of files on disk without copying data in memory. Experimental results show that the time-shifting functions of ext3cow do not degrade file system performance. Ext3cow performs comparably to ext3 on many file system benchmarks and trace driven experiments.
@booklet{Peterson03ext3cow:the, title = {Ext3cow: The Design, Implementation, and Analysis of Metadata for a Time-Shifting File System}, author = {Peterson, Zachary N. J. and Burns, Randal C.}, year = {2003}, keywords = {file systems}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.10.2545} }
[Fuhrmann2003] Extremum Feedback with Partial Knowledge

Fuhrmann, Thomas, and Widmer, Jörg

2003

DOI Website abstract Bib

A scalable feedback mechanism to solicit feedback from a potentially very large group of networked nodes is an important building block for many network protocols. Multicast transport protocols use it for negative acknowledgements and for delay and packet loss determination. Grid computing and peer-to-peer applications can use similar approaches to find nodes that are, at a given moment in time, best suited to serve a request. In sensor networks, such mechanisms allow to report extreme values in a resource efficient way. In this paper we analyze several extensions to the exponential feedback algorithm [5,6] that provide an optimal way to collect extreme values from a potentially very large group of networked nodes. In contrast to prior work, we focus on how knowledge about the value distribution in the group can be used to optimize the feedback process. We describe the trade-offs that have to be decided upon when using these extensions and provide additional insight into their performance by means of simulation. Furthermore, we briefly illustrate how sample applications can benefit from the proposed mechanisms.
@article{Fuhrmann2003, author = {Fuhrmann, Thomas and Widmer, J{\"o}rg}, title = {Extremum Feedback with Partial Knowledge}, year = {2003}, issn = {0302-9743}, volume = {Volume 2816/2003}, doi = {10.1007/b13249}, isbn = {978-3-540-20051-2}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/bvelyaew4ukl4aau/} }

[Buragohain2003] A game theoretic framework for incentives in P2P systems

Buragohain, Chiranjeeb, Agrawal, Dvyakant, and Suri, Subhash

09/2003 2003

Peer-to-peer (P2P) networks are self-organizing, distributed systems, with no centralized authority or infrastructure. Because of the voluntary participation, the availability of resources in a P2P system can be highly variable and unpredictable. We use ideas from game theory to study the interaction of strategic and rational peers, and propose a differential service-based incentive scheme to improve the system’s performance.

@conference{Buragohain2003,
  author = {Buragohain, Chiranjeeb and Agrawal, Dvyakant and Suri, Subhash},
  booktitle = {Proceedings of the 3rd International Conference on Peer-to-Peer Computing},
  title = {A game theoretic framework for incentives in P2P systems},
  year = {2003},
  address = {Link{\"o}ping, Sweden},
  month = {09/2003},
  organization = {IEEE Computer Society},
  pages = {48-56},
  publisher = {IEEE Computer Society},
  doi = {10.1109/PTP.2003.1231503},
  isbn = {0-7695-2023-5},
  keywords = {network, P2P, peer-to-peer networking, system performance},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {10.1109/PTP.2003.1231503}
}

[diaz:pet2003] Generalising Mixes

Diaz, Claudia, and Serjantov, Andrei

Mar 2003

DOI Website abstract Bib

In this paper we present a generalised framework for expressing batching strategies of a mix. First, we note that existing mixes can be represented as functions from the number of messages in the mix to the fraction of messages to be flushed. We then show how to express existing mixes in the framework, and then suggest other mixes which arise out of that framework. We note that these cannot be expressed as pool mixes. In particular, we call binomial mix a timed pool mix that tosses coins and uses a probability function that depends on the number of messages inside the mix at the time of flushing. We discuss the properties of this mix.
@conference{diaz:pet2003, author = {Diaz, Claudia and Serjantov, Andrei}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2003)}, title = {Generalising Mixes}, year = {2003}, editor = {Dingledine, Roger}, month = mar, organization = {Springer-Verlag, LNCS 2760}, pages = {18{\textendash}31}, publisher = {Springer-Verlag, LNCS 2760}, doi = {10.1007/b94512}, isbn = {978-3-540-20610-1}, keywords = {mix}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/jvuk0exyqxvcyhvy/} }

[danezis:wpes2003] Heartbeat Traffic to Counter (n-1) Attacks

Danezis, George, and Sassaman, Len

10/2003 2003

A dummy traffic strategy is described that can be implemented by mix nodes in an anonymous communication network to detect and counter active (n - 1) attacks and their variants. Heartbeat messages are sent anonymously from the mix node back to itself in order to establish its state of connectivity with the rest of the network. In case the mix is under attack, the flow of heartbeat messages is interrupted and the mix takes measures to preserve the quality of the anonymity it provides by introducing decoy messages.

@conference{danezis:wpes2003,
  author = {Danezis, George and Sassaman, Len},
  booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2003)},
  title = {Heartbeat Traffic to Counter (n-1) Attacks},
  year = {2003},
  address = {Washington, DC, USA},
  month = {10/2003},
  organization = {ACM New York, NY, USA},
  publisher = {ACM New York, NY, USA},
  doi = {10.1145/1005140.1005154},
  isbn = {1-58113-776-1},
  keywords = {anonymity, flooding attacks},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=1005154}
}

[herbivore:tr] Herbivore: A Scalable and Efficient Protocol for Anonymous Communication

Goel, Sharad, Robson, Mark, Polte, Milo, and Sirer, Emin Gün

Feb 2003

Website abstract Bib

Anonymity is increasingly important for networked applications amidst concerns over censorship and privacy. In this paper, we describe Herbivore, a peer-to-peer, scalable, tamper-resilient communication system that provides provable anonymity and privacy. Building on dining cryptographer networks, Herbivore scales by partitioning the network into anonymizing cliques. Adversaries able to monitor all network traffic cannot deduce the identity of a sender or receiver beyond an anonymizing clique. In addition to strong anonymity, Herbivore simultaneously provides high efficiency and scalability, distinguishing it from other anonymous communication protocols. Performance measurements from a prototype implementation show that the system can achieve high bandwidths and low latencies when deployed over the Internet.
@booklet{herbivore:tr, title = {Herbivore: A Scalable and Efficient Protocol for Anonymous Communication}, address = {Ithaca, NY}, author = {Goel, Sharad and Robson, Mark and Polte, Milo and Sirer, Emin G{\"u}n}, month = feb, year = {2003}, keywords = {anonymity, P2P, privacy}, number = {2003-1890}, owner = {tom}, publisher = {Cornell University}, timestamp = {2017-10-10}, url = {http://ecommons.cornell.edu/handle/1813/5606} }
[10.1109/ICPP.2003.1240580] HIERAS: A DHT Based Hierarchical P2P Routing Algorithm

Xu, Zhiyong, Min, Rui, and Hu, Yiming

Parallel Processing, International Conference on 2003

DOI Website abstract Bib

Routing algorithm has great influence on system overall performance in Peer-to-Peer (P2P) applications. In current DHT based routing algorithms, routing tasks are distributed across all system peers. However, a routing hop could happen between two widely separated peers with high network link latency which greatly increases system routing overheads. In this paper, we propose a new P2P routing algorithm - - HIERAS to relieve this problem, it keeps scalability property of current DHT algorithms and improves system routing performance by the introduction of hierarchical structure. In HIERAS, we create several lower level P2P rings besides the highest level P2P ring. A P2P ring is a subset of the overall P2P overlay network. We create P2P rings in such a strategy that the average link latency between two peers in lower level rings is much smaller than higher level rings. Routing tasks are first executed in lower level rings before they go up to higher level rings, a large portion of routing hops previously executed in the global P2P ring are now replaced by hops in lower level rings, thus routing overheads can be reduced. The simulation results show HIERAS routing algorithm can significantly improve P2P system routing performance.
@article{10.1109/ICPP.2003.1240580, author = {Xu, Zhiyong and Min, Rui and Hu, Yiming}, journal = {Parallel Processing, International Conference on}, title = {HIERAS: A DHT Based Hierarchical P2P Routing Algorithm}, year = {2003}, issn = {0190-3918}, pages = {187}, address = {Los Alamitos, CA, USA}, doi = {10.1109/ICPP.2003.1240580}, keywords = {distributed hash table, P2P}, owner = {tom}, publisher = {IEEE Computer Society}, timestamp = {2017-10-10}, url = {http://www.computer.org/portal/web/csdl/doi/10.1109/ICPP.2003.1240580} }
[Blake:2003:HAS:1251054.1251055] High Availability, Scalable Storage, Dynamic Peer Networks: Pick Two

Blake, Charles, and Rodrigues, Rodrigo

05/2003 2003

Website abstract Bib

Peer-to-peer storage aims to build large-scale, reliable and available storage from many small-scale unreliable, low-availability distributed hosts. Data redundancy is the key to any data guarantees. However, preserving redundancy in the face of highly dynamic membership is costly. We use a simple resource usage model to measured behavior from the Gnutella file-sharing network to argue that large-scale cooperative storage is limited by likely dynamics and cross-system bandwidth – not by local disk space. We examine some bandwidth optimization strategies like delayed response to failures, admission control, and load-shifting and find that they do not alter the basic problem. We conclude that when redundancy, data scale, and dynamics are all high, the needed cross-system bandwidth is unreasonable.
@conference{Blake:2003:HAS:1251054.1251055, author = {Blake, Charles and Rodrigues, Rodrigo}, booktitle = {HotOS IX - Proceedings of the 9th conference on Hot Topics in Operating Systems}, title = {High Availability, Scalable Storage, Dynamic Peer Networks: Pick Two}, year = {2003}, address = {Lihue, Hawaii, USA}, month = {05/2003}, organization = {USENIX Association}, pages = {1{\textendash}1}, publisher = {USENIX Association}, keywords = {distributed hosts, dynamic peer network, peer-to-peer storage, redundancy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1251054.1251055} }
[10.1109/PTP.2003.1231513] Identity Crisis: Anonymity vs. Reputation in P2P Systems

Marti, Sergio, and Garcia-Molina, Hector

09/2003 2003

DOI abstract Bib

The effectiveness of reputation systems for peer-to-peer resource-sharing networks is largely dependent on the reliability of the identities used by peers in the network. Much debate has centered around how closely one’s pseudoidentity in the network should be tied to their real-world identity, and how that identity is protected from malicious spoofing. In this paper we investigate the cost in efficiency of two solutions to the identity problem for peer-to-peer reputation systems. Our results show that, using some simple mechanisms, reputation systems can provide a factor of 4 to 20 improvement in performance over no reputation system, depending on the identity model used.
@conference{10.1109/PTP.2003.1231513, author = {Marti, Sergio and Garcia-Molina, Hector}, booktitle = {P2P{\textquoteright}03. Proceecings of the 3rd International Conference on Peer-to-Peer Computing}, title = {Identity Crisis: Anonymity vs. Reputation in P2P Systems}, year = {2003}, address = {Link{\"o}ping, Sweden}, month = {09/2003}, organization = {IEEE Computer Society}, pages = {134}, publisher = {IEEE Computer Society}, doi = {http://doi.ieeecomputersociety.org/10.1109/PTP.2003.1231513}, isbn = {0-7695-2023-5}, keywords = {anonymity, identity, identity model, P2P, peer-to-peer networking, reliability, reputation, reputation system}, owner = {tom}, timestamp = {2017-10-10} }
[Gummadi:2003:IDR:863955.863998] The impact of DHT routing geometry on resilience and proximity

Gummadi, Krishna Phani, Gummadi, Ramakrishna, Gribble, Steven D., Ratnasamy, Sylvia Paul, Shenker, S, and Stoica, Ion

08/2003 2003

DOI Website abstract Bib

The various proposed DHT routing algorithms embody several different underlying routing geometries. These geometries include hypercubes, rings, tree-like structures, and butterfly networks. In this paper we focus on how these basic geometric approaches affect the resilience and proximity properties of DHTs. One factor that distinguishes these geometries is the degree of flexibility they provide in the selection of neighbors and routes. Flexibility is an important factor in achieving good static resilience and effective proximity neighbor and route selection. Our basic finding is that, despite our initial preference for more complex geometries, the ring geometry allows the greatest flexibility, and hence achieves the best resilience and proximity performance.
@conference{Gummadi:2003:IDR:863955.863998, author = {Gummadi, Krishna Phani and Gummadi, Ramakrishna and Gribble, Steven D. and Ratnasamy, Sylvia Paul and Shenker, S and Stoica, Ion}, booktitle = {SIGCOMM {\textquoteright}03 - Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications}, title = {The impact of DHT routing geometry on resilience and proximity}, year = {2003}, address = {Karlsruhe, Germany}, month = {08/2003}, organization = {ACM}, pages = {381{\textendash}394}, publisher = {ACM}, series = {SIGCOMM {\textquoteright}03}, doi = {http://doi.acm.org/10.1145/863955.863998}, isbn = {1-58113-735-4}, keywords = {distributed hash table, flexibility, routing geometry}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/863955.863998} }
[clayton:pet2003] Improving Onion Notation

Clayton, Richard

Mar 2003

Website abstract Bib

Several di#erent notations are used in the literature of MIX networks to describe the nested encrypted structures now widely known as "onions". The shortcomings of these notations are described and a new notation is proposed, that as well as having some advantages from a typographical point of view, is also far clearer to read and to reason about. The proposed notation generated a lively debate at the PET2003 workshop and the various views, and alternative proposals, are reported upon. The workshop participants did not reach any consensus on improving onion notation, but there is now a heightened awareness of the problems that can arise with existing representations.
@conference{clayton:pet2003, author = {Clayton, Richard}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2003)}, title = {Improving Onion Notation}, year = {2003}, editor = {Dingledine, Roger}, month = mar, organization = {Springer-Verlag, LNCS 2760}, pages = {81{\textendash}87}, publisher = {Springer-Verlag, LNCS 2760}, keywords = {onion routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.14.5965} }

[Cohen2003] Incentives build robustness in BitTorrent

Cohen, Bram

06/2003 2003

abstract Bib

The BitTorrent file distribution system uses tit-for-tat as a method to seeking pareto efficiency. It achieves a higher level of robustness and resource utilization than any currently known cooperative technique. We explain what BitTorrent does, and how economic methods are used to achieve that goal.

@conference{Cohen2003,
  author = {Cohen, Bram},
  booktitle = {NetEcon{\textquoteright}03 - Proceedings of the Workshop on Economics of Peer-to-Peer Systems},
  title = {Incentives build robustness in BitTorrent},
  year = {2003},
  address = {Berkeley, CA, USA},
  month = {06/2003},
  keywords = {BitTorrent, resource utilization, robustness},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Lai03incentivesfor] Incentives for Cooperation in Peer-to-Peer Networks

Lai, Kevin, Feldman, Michal, Stoica, Ion, and Chuang, John

06/2003 2003

Website abstract Bib

this paper, our contributions are to generalize from the traditional symmetric EPD to the asymmetric transactions of P2P applications, map out the design space of EPD-based incentive techniques, and simulate a subset of these techniques. Our findings are as follows: Incentive techniques relying on private history (where entites only use their private histories of entities’ actions) fail as the population size increases.
@conference{Lai03incentivesfor, author = {Lai, Kevin and Feldman, Michal and Stoica, Ion and Chuang, John}, booktitle = {P2PECON. Proceedings of the First Workshop on Economics of Peer-to-Peer Systems}, title = {Incentives for Cooperation in Peer-to-Peer Networks}, year = {2003}, address = {Berkeley, California, USA}, month = {06/2003}, keywords = {P2P, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.14.1949} }
[Ahn03k-anonymousmessage] k-Anonymous Message Transmission

Ahn, Luis, Bortz, Andrew, and Hopper, Nicholas J.

2003 2003

Website abstract Bib

Informally, a communication protocol is sender k - anonymous if it can guarantee that an adversary, trying to determine the sender of a particular message, can only narrow down its search to a set of k suspects. Receiver k-anonymity places a similar guarantee on the receiver: an adversary, at best, can only narrow down the possible receivers to a set of size k. In this paper we introduce the notions of sender and receiver k-anonymity and consider their applications. We show that there exist simple and e#cient protocols which are k-anonymous for both the sender and the receiver in a model where a polynomial time adversary can see all tra#c in the network and can control up to a constant fraction of the participants. Our protocol is provably secure, practical, and does not require the existence of trusted third parties. This paper also provides a conceptually simple augmentation to Chaum’s DC-Nets that adds robustness against adversaries who attempt to disrupt the protocol through perpetual transmission or selective non-participation
@conference{Ahn03k-anonymousmessage, author = {von Ahn, Luis and Bortz, Andrew and Hopper, Nicholas J.}, booktitle = {Conference on Computer and Communications Security}, title = {k-Anonymous Message Transmission}, year = {2003}, address = {Washington D.C., USA}, month = {2003}, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, isbn = {1-58113-738-9}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.9.9348\&rep=rep1\&type=url\&i=2} }
[Vishnumurthy2003] KARMA: a Secure Economic Framework for P2P Resource Sharing

Vishnumurthy, Vivek, Chandrakumar, Sangeeth, and Sirer, Emin Gün

06/2003 2003

abstract Bib

Peer-to-peer systems are typically designed around the assumption that all peers will willingly contribute resources to a global pool. They thus suffer from freeloaders,that is, participants who consume many more resources than they contribute. In this paper, we propose a general economic framework for avoiding freeloaders in peer-to-peer systems. Our system works by keeping track of the resource consumption and resource contributionof each participant. The overall standing of each.
@conference{Vishnumurthy2003, author = {Vishnumurthy, Vivek and Chandrakumar, Sangeeth and Sirer, Emin G{\"u}n}, booktitle = {P2PECON{\textquoteright}05. Proceedings of the 3rd Workshop on Economics of Peer-to-Peer Systems}, title = {KARMA: a Secure Economic Framework for P2P Resource Sharing}, year = {2003}, address = {Berkeley, CA, USA}, month = {06/2003}, keywords = {economic framework, freeloader, karma, p2p resource sharing}, owner = {tom}, timestamp = {2017-10-10} }
[Gupta03kelips:building] Kelips: Building an efficient and stable P2P DHT through increased memory and background overhead

Gupta, Indranil, Birman, Kenneth P., Linga, Prakash, Demers, Alan, and Renesse, Robbert Van

2003

Website abstract Bib

A peer-to-peer (p2p) distributed hash table (DHT) system allows hosts to join and fail silently (or leave), as well as to insert and retrieve files (objects). This paper explores a new point in design space in which increased memory usage and constant background communication overheads are tolerated to reduce file lookup times and increase stability to failures and churn. Our system, called Kelips, uses peer-to-peer gossip to partially replicate file index information. In Kelips, (a) under normal conditions, file lookups are resolved with O(1) time and complexity (i.e., independent of system size), and (b) membership changes (e.g., even when a large number of nodes fail) are detected and disseminated to the system quickly. Per-node memory requirements are small in medium-sized systems. When there are failures, lookup success is ensured through query rerouting. Kelips achieves load balancing comparable to existing systems. Locality is supported by using topologically aware gossip mechanisms. Initial results of an ongoing experimental study are also discussed.
@conference{Gupta03kelips:building, author = {Gupta, Indranil and Birman, Kenneth P. and Linga, Prakash and Demers, Alan and Renesse, Robbert Van}, booktitle = {Proceedings of the 2nd International Workshop on Peer-to-Peer Systems (IPTPS {\textquoteright}03}, title = {Kelips: Building an efficient and stable P2P DHT through increased memory and background overhead}, year = {2003}, keywords = {distributed hash table, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.3464} }

[Kaashoek2003] Koorde: A Simple degree-optimal distributed hash table

Kaashoek, Frans M., and Karger, David

2003

Koorde is a new distributed hash table (DHT) based on Chord 15 and the de Bruijn graphs 2. While inheriting the simplicity of Chord, Koorde meets various lower bounds, such as O(log n) hops per lookup request with only 2 neighbors per node (where n is the number of nodes in the DHT), and O(log n/log log n) hops per lookup request with O(log n) neighbors per node.

@inbook{Kaashoek2003,
  author = {Kaashoek, Frans M. and Karger, David},
  pages = {98--107},
  publisher = {Springer},
  title = {Koorde: A Simple degree-optimal distributed hash table},
  year = {2003},
  address = {Berlin / Heidelberg},
  series = {Lecture Notes in Computer Science},
  volume = {2735/2003},
  booktitle = {Peer-to-Peer Systems II},
  doi = {10.1007/b11823},
  keywords = {de Bruijn graph, distributed hash table, Koorde},
  organization = {Springer},
  owner = {tom},
  timestamp = {2017-10-10}
}

[turner03lightweight] A Lightweight Currency Paradigm for the P2P Resource Market

Turner, David A., and Ross, Keith W.

2003

Website abstract Bib

A P2P resource market is a market in which peers trade resources (including storage, bandwidth and CPU cycles) and services with each other. We propose a specific paradigm for a P2P resource market. This paradigm has five key components: (i) pairwise trading market, with peers setting their own prices for offered resources; (ii) multiple currency economy, in which any peer can issue its own currency; (iii) no legal recourse, thereby limiting the transaction costs in trades; (iv) a simple, secure application-layer protocol; and (v) entity identification based on the entity’s unique public key. We argue that the paradigm can lead to a flourishing P2P resource market, allowing applications to tap into the huge pool of surplus peer resources. We illustrate the paradigm and its corresponding Lightweight Currency Protocol (LCP) with several application examples.
@booklet{turner03lightweight, title = {A Lightweight Currency Paradigm for the P2P Resource Market}, author = {Turner, David A. and Ross, Keith W.}, year = {2003}, keywords = {P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.11.1309} }

[Eugster:2003:LPB:945506.945507] Lightweight probabilistic broadcast

Eugster, Patrick, Guerraoui, Rachid, Handurukande, Sidath B., Kouznetsov, Petr, and Kermarrec, Anne-Marie

ACM Trans. Comput. Syst. Nov 2003

Bib

@article{Eugster:2003:LPB:945506.945507,
  author = {Eugster, Patrick and Guerraoui, Rachid and Handurukande, Sidath B. and Kouznetsov, Petr and Kermarrec, Anne-Marie},
  journal = {ACM Trans. Comput. Syst.},
  title = {Lightweight probabilistic broadcast},
  year = {2003},
  issn = {0734-2071},
  month = nov,
  pages = {341{\textendash}374},
  volume = {21},
  address = {New York, NY, USA},
  keywords = {Broadcast, buffering, garbage collection, gossip, noise, randomization, reliability, scalability},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10}
}

[864000] Making gnutella-like P2P systems scalable

Chawathe, Yatin, Breslau, Lee, Lanham, Nick, and Shenker, S

2003

DOI Website abstract Bib

Napster pioneered the idea of peer-to-peer file sharing, and supported it with a centralized file search facility. Subsequent P2P systems like Gnutella adopted decentralized search algorithms. However, Gnutella’s notoriously poor scaling led some to propose distributed hash table solutions to the wide-area file search problem. Contrary to that trend, we advocate retaining Gnutella’s simplicity while proposing new mechanisms that greatly improve its scalability. Building upon prior research [1, 12, 22], we propose several modifications to Gnutella’s design that dynamically adapt the overlay topology and the search algorithms in order to accommodate the natural heterogeneity present in most peer-to-peer systems. We test our design through simulations and the results show three to five orders of magnitude improvement in total system capacity. We also report on a prototype implementation and its deployment on a testbed.
@conference{864000, author = {Chawathe, Yatin and Breslau, Lee and Lanham, Nick and Shenker, S}, booktitle = {SIGCOMM {\textquoteright}03: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications}, title = {Making gnutella-like P2P systems scalable}, year = {2003}, address = {New York, NY, USA}, organization = {ACM}, pages = {407{\textendash}418}, publisher = {ACM}, doi = {10.1145/863955.864000}, isbn = {1-58113-735-4}, keywords = {distributed hash table, Gnutella, P2P}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=864000$\#$} }
[1090700] Metadata Efficiency in Versioning File Systems

Soules, Craig A. N., Goodson, Garth R., Strunk, John D., and Ganger, Gregory R.

2003

Website abstract Bib

Versioning file systems retain earlier versions of modified files, allowing recovery from user mistakes or system corruption. Unfortunately, conventional versioning systems do not efficiently record large numbers of versions. In particular, versioned metadata can consume as much space as versioned data. This paper examines two space-efficient metadata structures for versioning file systems and describes their integration into the Comprehensive Versioning File System (CVFS), which keeps all versions of all files. Journal-based metadata encodes each metadata version into a single journal entry; CVFS uses this structure for inodes and indirect blocks, reducing the associated space requirements by 80%. Multiversion b-trees extend each entrys key with a timestamp and keep current and historical entries in a single tree; CVFS uses this structure for directories, reducing the associated space requirements by 99%. Similar space reductions are predicted via trace analysis for other versioning strategies (e.g., on-close versioning). Experiments with CVFS verify that its current-version performance is sim-ilar to that of non-versioning file systems while reducing overall space needed for history data by a factor of two. Although access to historical versions is slower than con-ventional versioning systems, checkpointing is shown to mitigate and bound this effect.
@conference{1090700, author = {Soules, Craig A. N. and Goodson, Garth R. and Strunk, John D. and Ganger, Gregory R.}, booktitle = {FAST {\textquoteright}03: Proceedings of the 2nd USENIX Conference on File and Storage Technologies}, title = {Metadata Efficiency in Versioning File Systems}, year = {2003}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {43{\textendash}58}, publisher = {USENIX Association}, keywords = {file systems}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1090694.1090700$\#$} }
[newman:pet2003] Metrics for Traffic Analysis Prevention

Newman, Richard E., Moskowitz, Ira S., Syverson, Paul, and Serjantov, Andrei

Mar 2003

abstract Bib

This paper considers systems for Traffic Analysis Prevention (TAP) in a theoretical model. It considers TAP based on padding and rerouting of messages and describes the effects each has on the difference between the actual and the observed traffic matrix (TM). The paper introduces an entropy-based approach to the amount of uncertainty a global passive adversary has in determining the actual TM, or alternatively, the probability that the actual TM has a property of interest. Unlike previous work, the focus is on determining the overall amount of anonymity a TAP system can provide, or the amount it can provide for a given cost in padding and rerouting, rather than on the amount of protection a afforded particular communications.
@conference{newman:pet2003, author = {Newman, Richard E. and Moskowitz, Ira S. and Syverson, Paul and Serjantov, Andrei}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2003)}, title = {Metrics for Traffic Analysis Prevention}, year = {2003}, editor = {Dingledine, Roger}, month = mar, organization = {Springer-Verlag, LNCS 2760}, pages = {48{\textendash}65}, publisher = {Springer-Verlag, LNCS 2760}, keywords = {traffic analysis, traffic matrix}, owner = {tom}, timestamp = {2021-01-27} }
[mixmaster-spec] Mixmaster Protocol –- Version 2

Möller, Ulf, Cottrell, Lance, Palfrader, Peter, and Sassaman, Len

Jul 2003

abstract Bib

Most e-mail security protocols only protect the message body, leaving useful information such as the the identities of the conversing parties, sizes of messages and frequency of message exchange open to adversaries. This document describes Mixmaster (version 2), a mail transfer protocol designed to protect electronic mail against traffic analysis. Mixmaster is based on D. Chaum’s mix-net protocol. A mix (remailer) is a service that forwards messages, using public key cryptography to hide the correlation between its inputs and outputs. Sending messages through sequences of remailers achieves anonymity and unobservability of communications against a powerful adversary.
@booklet{mixmaster-spec, title = {Mixmaster Protocol {\textendash}- Version 2}, author = {M{\"o}ller, Ulf and Cottrell, Lance and Palfrader, Peter and Sassaman, Len}, month = jul, year = {2003}, keywords = {electronic mail, public key cryptography, traffic analysis}, owner = {tom}, timestamp = {2017-10-10} }
[Danezis03mixminion:design] Mixminion: Design of a Type III Anonymous Remailer Protocol

Danezis, George, Dingledine, Roger, and Mathewson, Nick

2003

Website abstract Bib

We present Mixminion, a message-based anonymous remailer protocol with secure single-use reply blocks. Mix nodes cannot distinguish Mixminion forward messages from reply messages, so forward and reply messages share the same anonymity set. We add directory servers that allow users to learn public keys and performance statistics of participating remailers, and we describe nymservers that provide long-term pseudonyms using single-use reply blocks as a primitive. Our design integrates link encryption between remailers to provide forward anonymity. Mixminion works in a real-world Internet environment, requires little synchronization or coordination between nodes, and protects against known anonymity-breaking attacks as well as or better than other systems with similar design parameters. 1. Overview Chaum first introduced anonymous remailers over 20 years ago [7]
@conference{Danezis03mixminion:design, author = {Danezis, George and Dingledine, Roger and Mathewson, Nick}, booktitle = {In Proceedings of the 2003 IEEE Symposium on Security and Privacy}, title = {Mixminion: Design of a Type III Anonymous Remailer Protocol}, year = {2003}, pages = {2{\textendash}15}, owner = {tom}, timestamp = {2021-01-27}, url = {http://mixminion.net/minion-design.pdf} }
[danezis:pet2003] Mix-networks with Restricted Routes

Danezis, George

Mar 2003

Website abstract Bib

We present a mix network topology that is based on sparse expander graphs, with each mix only communicating with a few neighbouring others. We analyse the anonymity such networks provide, and compare it with fully connected mix networks and mix cascades. We prove that such a topology is e#cient since it only requires the route length of messages to be relatively small in comparison with the number of mixes to achieve maximal anonymity. Additionally mixes can resist intersection attacks while their batch size, that is directly linked to the latency of the network, remains constant. A worked example of a network is also presented to illustrate how these results can be applied to create secure mix networks in practise.
@conference{danezis:pet2003, author = {Danezis, George}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2003)}, title = {Mix-networks with Restricted Routes}, year = {2003}, editor = {Dingledine, Roger}, month = mar, organization = {Springer-Verlag, LNCS 2760}, pages = {1{\textendash}17}, publisher = {Springer-Verlag, LNCS 2760}, keywords = {anonymity, mix cascades, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.6.1188} }
[steinbrecher:pet2003] Modelling Unlinkability

Steinbrecher, Sandra, and Köpsell, Stefan

Mar 2003

DOI Website abstract Bib

While there have been made several proposals to define and measure anonymity (e.g., with information theory, formal languages and logics) unlinkability has not been modelled generally and formally. In contrast to anonymity unlinkability is not restricted to persons. In fact the unlinkability of arbitrary items can be measured. In this paper we try to formalise the notion of unlinkability, give a refinement of anonymity definitions based on this formalisation and show the impact of unlinkability on anonymity. We choose information theory as a method to describe unlinkability because it allows an easy probabilistic description. As an illustration for our formalisation we describe its meaning for communication systems.
@conference{steinbrecher:pet2003, author = {Steinbrecher, Sandra and K{\"o}psell, Stefan}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2003)}, title = {Modelling Unlinkability}, year = {2003}, editor = {Dingledine, Roger}, month = mar, organization = {Springer-Verlag, LNCS 2760}, pages = {32{\textendash}47}, publisher = {Springer-Verlag, LNCS 2760}, doi = {10.1007/b94512}, isbn = {978-3-540-20610-1}, keywords = {anonymity, unlinkability}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/dxteg659uf2jtdd7/} }

[Li:2003:MRQ:958491.958500] Multi-dimensional range queries in sensor networks

Li, Xin, Kim, Young Jin, Govindan, Ramesh, and Hong, Wei

2003

@conference{Li:2003:MRQ:958491.958500,
  author = {Li, Xin and Kim, Young Jin and Govindan, Ramesh and Hong, Wei},
  booktitle = {Proceedings of the 1st international conference on Embedded networked sensor systems},
  title = {Multi-dimensional range queries in sensor networks},
  year = {2003},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {63{\textendash}75},
  publisher = {ACM},
  series = {SenSys {\textquoteright}03},
  doi = {10.1145/958491.958500},
  isbn = {1-58113-707-9},
  keywords = {distributed hash table, multi-dimensional range queries, range queries},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/958491.958500}
}

[Conrad03multiplelanguage] Multiple language family support for programmable network systems

Conrad, Michael, Schoeller, Marcus, Fuhrmann, Thomas, Bocksch, Gerhard, and Zitterbart, Martina

2003

DOI Website abstract Bib

Various programmable networks have been designed and implemented during the last couple of years. Many of them are focused on a single programming language only. This limitation might—to a certain extend—hinder the productivity of service modules being programmed for such networks. Therefore, the concurrent support of service modules written in multiple programming languages was investigated within the FlexiNet project. Basically, support for three major programming paradigms was incorporated into FlexiNet: compiled programming languages like C, interpreted languages (e.g., Java), and hardware description languages such as VHDL. The key concept can be seen in an integral interface that is used by all three programming languages. This leads to a configuration scheme which is totally transparent to the programming languages used to develop the service. In order to get a better idea about the impact of the programming language used, some measurement experiments were conducted.
@conference{Conrad03multiplelanguage, author = {Conrad, Michael and Schoeller, Marcus and Fuhrmann, Thomas and Bocksch, Gerhard and Zitterbart, Martina}, booktitle = {In Proceedings of the 5th Annual International Working Conference on Active Networks (IWAN}, title = {Multiple language family support for programmable network systems}, year = {2003}, doi = {10.1007/b96396}, isbn = {978-3-540-21250-8}, keywords = {flexible service platforms, programmable networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.68.3301} }
[Gay03thenesc] The nesC language: A holistic approach to networked embedded systems

Gay, David, Welsh, Matt, Levis, Philip, Brewer, Eric, Behren, Robert Von, and Culler, David

2003

DOI Website abstract Bib

We present nesC, a programming language for networked embedded systems that represent a new design space for application developers. An example of a networked embedded system is a sensor network, which consists of (potentially) thousands of tiny, low-power "motes," each of which execute concurrent, reactive programs that must operate with severe memory and power constraints.nesC’s contribution is to support the special needs of this domain by exposing a programming model that incorporates event-driven execution, a flexible concurrency model, and component-oriented application design. Restrictions on the programming model allow the nesC compiler to perform whole-program analyses, including data-race detection (which improves reliability) and aggressive function inlining (which reduces resource consumption).nesC has been used to implement TinyOS, a small operating system for sensor networks, as well as several significant sensor applications. nesC and TinyOS have been adopted by a large number of sensor network research groups, and our experience and evaluation of the language shows that it is effective at supporting the complex, concurrent programming style demanded by this new class of deeply networked systems.
@conference{Gay03thenesc, author = {Gay, David and Welsh, Matt and Levis, Philip and Brewer, Eric and Behren, Robert Von and Culler, David}, booktitle = {In Proceedings of Programming Language Design and Implementation (PLDI}, title = {The nesC language: A holistic approach to networked embedded systems}, year = {2003}, pages = {1{\textendash}11}, doi = {10.1145/781131.781133}, keywords = {data races, nesC, TinyOS}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=781133} }
[Fuhrmann_networkservices] Network Services for the Support of Very-Low-Resource Devices

Fuhrmann, Thomas, Harbaum, Till, and Zitterbart, Martina

2003

Website abstract Bib

Visions of future computing scenarios envisage a multitude of very-low-resource devices linked by power-efficient wireless communication means. This paper presents our vision of such a scenario. From this vision requirements are derived for an infrastructure that is able to satisfy the largely differing needs of these devices. The paper also shows how innovative, collaborating applications between distributed sensors and actuators can arise from such an infrastructure. The realization of such innovative applications is illustrated with two examples of straightforward services that have been implemented with the AMnet infrastructure that is currently being developed in the FlexiNet project. Additionally, first performance measurements for one of these services are given. Index terms — Bluetooth, Programmable networks, Sensoractuator networks
@booklet{Fuhrmann_networkservices, title = {Network Services for the Support of Very-Low-Resource Devices}, author = {Fuhrmann, Thomas and Harbaum, Till and Zitterbart, Martina}, year = {2003}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.69.186} }
[Bauer03newcovert] New Covert Channels in HTTP: Adding Unwitting Web Browsers to Anonymity Sets

Bauer, Matthias

2003

Website abstract Bib

This paper presents new methods enabling anonymous communication on the Internet. We describe a new protocol that allows us to create an anonymous overlay network by exploiting the web browsing activities of regular users. We show that the overlay network provides an anonymity set greater than the set of senders and receivers in a realistic threat model. In particular, the protocol provides unobservability in our threat model.
@conference{Bauer03newcovert, author = {Bauer, Matthias}, booktitle = {In Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2003}, title = {New Covert Channels in HTTP: Adding Unwitting Web Browsers to Anonymity Sets}, year = {2003}, organization = {ACM Press}, pages = {72{\textendash}78}, publisher = {ACM Press}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.6246\&rep=rep1\&type=pdf} }

[Klinedinst_anew] A New Generation of File Sharing Tools

Klinedinst, Dan

2003

@booklet{Klinedinst_anew,
  title = {A New Generation of File Sharing Tools},
  author = {Klinedinst, Dan},
  year = {2003},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.4.1694\&rep=rep1\&type=pdf}
}

[Fuhrmann_anode] A Node Evaluation Mechanism for Service Setup in

Fuhrmann, Thomas, Schoeller, Marcus, Schmidt, Christina, and Zitterbart, Martina

2003

Website abstract Bib

AMnet is a programmable network that aims at the flexible and rapid creation of services within an IP network. Examples for typical services include network layer enhancements e.g. for multicast and mobility, transport layer enhancements e.g. to integrate wireless LANs, and various application layer services e.g. for media transcoding and content distribution. AMnet is based on regular Linux boxes that run an execution environment (EE), a resource monitor, and a basic signaling-engine. These so-called active nodes run the services and provide support for resource-management and module-relocation. Services are created by service modules, small pieces of code, that are executed within the EE. Based on the standard netfilter mechanism of Linux, service modules have full access to the network traffic passing through the active node. This paper describes the evaluation mechanism for service setup in AMnet. In order to determine where a service module can be started, service modules are accompanied by evaluation modules. This allows service module authors to implement various customized strategies for node-selection and service setup. Examples that are supported by the AMnet evaluation mechanism are a) service setup at a fixed position, e.g. as gateway, b) along a fixed path (with variable position along that path), c) at variable positions inside the network with preferences for certain constellations, or d) at an unspecified position, e.g. for modification of multicasted traffic. The required path information is gathered by the AMnodes present in the network. By interaction with the resource monitors of the AMnodes and the service module repository of the respective administrative domain, the AMnet evaluation also ensures overall system security and stability.
@booklet{Fuhrmann_anode, title = {A Node Evaluation Mechanism for Service Setup in}, author = {Fuhrmann, Thomas and Schoeller, Marcus and Schmidt, Christina and Zitterbart, Martina}, year = {2003}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.69.8749} }
[Tolia03opportunisticuse] Opportunistic Use of Content Addressable Storage for Distributed File Systems

Tolia, Niraj, Kozuch, Michael, Satyanarayanan, Mahadev, Karp, Brad, Bressoud, Thomas, and Perrig, Adrian

2003

Website abstract Bib

Motivated by the prospect of readily available Content Addressable Storage (CAS), we introduce the concept of file recipes. A file’s recipe is a first-class file system object listing content hashes that describe the data blocks composing the file. File recipes provide applications with instructions for reconstructing the original file from available CAS data blocks. We describe one such application of recipes, the CASPER distributed file system. A CASPER client opportunistically fetches blocks from nearby CAS providers to improve its performance when the connection to a file server traverses a low-bandwidth path. We use measurements of our prototype to evaluate its performance under varying network conditions. Our results demonstrate significant improvements in execution times of applications that use a network file system. We conclude by describing fuzzy block matching, a promising technique for using approximately matching blocks on CAS providers to reconstitute the exact desired contents of a file at a client.
@conference{Tolia03opportunisticuse, author = {Tolia, Niraj and Kozuch, Michael and Satyanarayanan, Mahadev and Karp, Brad and Bressoud, Thomas and Perrig, Adrian}, booktitle = {In Proceedings of the 2003 USENIX Annual Technical Conference}, title = {Opportunistic Use of Content Addressable Storage for Distributed File Systems}, year = {2003}, pages = {127{\textendash}140}, keywords = {file systems, storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.10.740} }
[792493] An Overlay-Network Approach for Distributed Access to SRS

Fuhrmann, Thomas, Schafferhans, Andrea, and Etzold, Thure

2003

Website abstract Bib

SRS is a widely used system for integrating biologicaldatabases. Currently, SRS relies only on locally providedcopies of these databases. In this paper we propose a mechanism that also allows the seamless integration of remotedatabases. To this end, our proposed mechanism splits theexisting SRS functionality into two components and addsa third component that enables us to employ peer-to-peercomputing techniques to create optimized overlay-networkswithin which database queries can efficiently be routed. Asan additional benefit, this mechanism also reduces the administration effort that would be needed with a conventionalapproach using replicated databases.
@conference{792493, author = {Fuhrmann, Thomas and Schafferhans, Andrea and Etzold, Thure}, booktitle = {CCGRID {\textquoteright}03: Proceedings of the 3st International Symposium on Cluster Computing and the Grid}, title = {An Overlay-Network Approach for Distributed Access to SRS}, year = {2003}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {601}, publisher = {IEEE Computer Society}, isbn = {0-7695-1919-9}, keywords = {overlay networks, P2P, SRS}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=792493$\#$} }
[SS03] Passive Attack Analysis for Connection-Based Anonymity Systems

Serjantov, Andrei, and Sewell, Peter

Oct 2003

DOI Website abstract Bib

In this paper we consider low latency connection-based anonymity systems which can be used for applications like web browsing or SSH. Although several such systems have been designed and built, their anonymity has so far not been adequately evaluated. We analyse the anonymity of connection-based systems against passive adversaries. We give a precise description of two attacks, evaluate their effectiveness, and calculate the amount of traffic necessary to provide a minimum degree of protection against them.
@conference{SS03, author = {Serjantov, Andrei and Sewell, Peter}, booktitle = {Proceedings of ESORICS 2003}, title = {Passive Attack Analysis for Connection-Based Anonymity Systems}, year = {2003}, month = oct, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/b13237}, isbn = {978-3-540-20300-1}, keywords = {anonymity}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/8jva7vy8tkert9ur/} }
[Loo03peer-to-peerbackup] Peer-To-Peer Backup for Personal Area Networks

Loo, Boon Thau, LaMarca, Anthony, Borriello, Gaetano, and Loo, Boon Thau

2003

Website abstract Bib

FlashBack is a peer-to-peer backup algorithm designed for powerconstrained devices running in a personal area network (PAN). Backups are performed transparently as local updates initiate the spread of backup data among a subset of the currently available peers. Flashback limits power usage by avoiding flooding and keeping small neighbor sets. Flashback has also been designed to utilize powered infrastructure when possible to further extend device lifetime. We propose our architecture and algorithms, and present initial experimental results that illustrate FlashBack’s performance characteristics.
@booklet{Loo03peer-to-peerbackup, title = {Peer-To-Peer Backup for Personal Area Networks}, author = {Loo, Boon Thau and LaMarca, Anthony and Borriello, Gaetano and Loo, Boon Thau}, year = {2003}, keywords = {backup, P2P, personal area network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.9.7820} }
[Aberer03p-grid:a] P-Grid: A Self-organizing Structured P2P System

Aberer, Karl, Cudre-Mauroux, Philippe, Datta, Anwitaman, Despotovic, Zoran, Hauswirth, Manfred, Punceva, Magdalena, and Schmidt, Roman

2003

Website abstract Bib

this paper was supported in part by the National Competence Center in Research on Mobile Information and Communication Systems (NCCR-MICS), a center supported by the Swiss National Science Foundation under grant number 5005-67322 and by SNSF grant 2100064994, "Peer-to-Peer Information Systems." messages. From the responses it (randomly) selects certain peers to which direct network links are established
@booklet{Aberer03p-grid:a, title = {P-Grid: A Self-organizing Structured P2P System}, author = {Aberer, Karl and Cudre-Mauroux, Philippe and Datta, Anwitaman and Despotovic, Zoran and Hauswirth, Manfred and Punceva, Magdalena and Schmidt, Roman}, year = {2003}, keywords = {P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.3.5649} }

[Cuenca-Acuna03planetp:using] PlanetP: Using Gossiping to Build Content Addressable Peer-to-Peer Information Sharing Communities

Cuenca-Acuna, Francisco Matias, Peery, Christopher, Martin, Richard P., and Nguyen, Thu D.

2003

@conference{Cuenca-Acuna03planetp:using,
  author = {Cuenca-Acuna, Francisco Matias and Peery, Christopher and Martin, Richard P. and Nguyen, Thu D.},
  booktitle = {12th IEEE International Symposium on High Performance Distributed Computing (HPDC-12 {\textquoteright}03),},
  title = {PlanetP: Using Gossiping to Build Content Addressable Peer-to-Peer Information Sharing Communities},
  year = {2003},
  address = {Seattle, Washington},
  organization = {IEEE Press},
  publisher = {IEEE Press},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.14.6056\&rep=rep1\&type=url\&i=0}
}

[DBLP:conf/ccs/YangG03] PPay: micropayments for peer-to-peer systems

Yang, Beverly, and Garcia-Molina, Hector

10/2003 2003

@conference{DBLP:conf/ccs/YangG03,
  author = {Yang, Beverly and Garcia-Molina, Hector},
  booktitle = {CCS{\textquoteright}03. Proceedings od the 10th ACM Conference on Computer and Communications Security},
  title = {PPay: micropayments for peer-to-peer systems},
  year = {2003},
  address = {Washington, DC, USA},
  month = {10/2003},
  organization = {ACM},
  pages = {300-310},
  publisher = {ACM},
  doi = {http://dx.doi.org/10.1145/948109.948150},
  isbn = {1-58113-738-9},
  keywords = {economics, payment},
  owner = {tom},
  timestamp = {2017-10-10}
}

[pt:03:ldpc] On the Practical Use of LDPC Erasure Codes for Distributed Storage Applications

Plank, James S., and Thomason, Michael G.

Sep 2003

Website abstract Bib

This paper has been submitted for publication. Please see the above URL for current publication status. As peer-to-peer and widely distributed storage systems proliferate, the need to perform efficient erasure coding, instead of replication, is crucial to performance and efficiency. Low-Density Parity-Check (LDPC) codes have arisen as alternatives to standard erasure codes, such as Reed-Solomon codes, trading off vastly improved decoding performance for inefficiencies in the amount of data that must be acquired to perform decoding. The scores of papers written on LDPC codes typically analyze their collective and asymptotic behavior. Unfortunately, their practical application requires the generation and analysis of individual codes for finite systems. This paper attempts to illuminate the practical considerations of LDPC codes for peer-to-peer and distributed storage systems. The three main types of LDPC codes are detailed, and a huge variety of codes are generated, then analyzed using simulation. This analysis focuses on the performance of individual codes for finite systems, and addresses several important heretofore unanswered questions about employing LDPC codes in real-world systems. This material is based upon work supported by the National
@booklet{pt:03:ldpc, title = {On the Practical Use of LDPC Erasure Codes for Distributed Storage Applications}, author = {Plank, James S. and Thomason, Michael G.}, month = sep, year = {2003}, keywords = {distributed hash table, distributed storage, LDPC, P2P}, number = {CS-03-510}, owner = {tom}, publisher = {University of Tennessee}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.131.5709} }
[camenisch2003pve] Practical Verifiable Encryption and Decryption of Discrete Logarithms

Camenisch, Jan, and Shoup, Victor

2003

DOI Website abstract Bib

This paper addresses the problem of designing practical protocols for proving properties about encrypted data. To this end, it presents a variant of the new public key encryption of Cramer and Shoup based on Pailliers decision composite residuosity assumption, along with efficient protocols for verifiable encryption and decryption of discrete logarithms (and more generally, of representations with respect to multiple bases). This is the first verifiable encryption system that provides chosen ciphertext security and avoids inefficient cut-and-choose proofs. The presented protocols have numerous applications, including key escrow, optimistic fair exchange, publicly verifiable secret and signature sharing, universally composable commitments, group signatures, and confirmer signatures.
@conference{camenisch2003pve, author = {Camenisch, Jan and Shoup, Victor}, booktitle = {Proceedings of CRYPTO 2003}, title = {Practical Verifiable Encryption and Decryption of Discrete Logarithms}, year = {2003}, organization = {Springer Verlag, LNCS 2729}, pages = {126{\textendash}144}, publisher = {Springer Verlag, LNCS 2729}, doi = {10.1007/b11817}, isbn = {978-3-540-40674-7}, keywords = {public key cryptography}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/wjbh5579hdfd66ed/} }
[agrawal03] Probabilistic Treatment of MIXes to Hamper Traffic Analysis

Agrawal, Dakshi, Kesdogan, Dogan, and Penz, Stefan

05/2003 2003

Website abstract Bib

The goal of anonymity providing techniques is to preserve the privacy of users, who has communicated with whom, for how long, and from which location, by hiding traffic information. This is accomplished by organizing additional traffic to conceal particular communication relationships and by embedding the sender and receiver of a message in their respective anonymity sets. If the number of overall participants is greater than the size of the anonymity set and if the anonymity set changes with time due to unsynchronized participants, then the anonymity technique becomes prone to traffic analysis attacks. In this paper, we are interested in the statistical properties of the disclosure attack, a newly suggested traffic analysis attack on the MIXes. Our goal is to provide analytical estimates of the number of observations required by the disclosure attack and to identify fundamental (but avoidable) ‘weak operational modes’ of the MIXes and thus to protect users against a traffic analysis by the disclosure attack.
@conference{agrawal03, author = {Agrawal, Dakshi and Kesdogan, Dogan and Penz, Stefan}, booktitle = {Proceedings of the 2003 IEEE Symposium on Security and Privacy}, title = {Probabilistic Treatment of MIXes to Hamper Traffic Analysis}, year = {2003}, month = {05/2003}, organization = {IEEE Computer Society Washington, DC, USA}, pages = {16{\textendash}27}, publisher = {IEEE Computer Society Washington, DC, USA}, isbn = {0-7695-1940-7}, keywords = {anonymity measurement, mix, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=829515.830557} }
[BM:mixencrypt] Provably Secure Public-Key Encryption for Length-Preserving Chaumian Mixes

Möller, Bodo

Apr 2003

Website abstract Bib

Mix chains as proposed by Chaum allow sending untraceable electronic e-mail without requiring trust in a single authority: messages are recursively public-key encrypted to multiple intermediates (mixes), each of which forwards the message after removing one layer of encryption. To conceal as much information as possible when using variable (source routed) chains, all messages passed to mixes should be of the same length; thus, message length should not decrease when a mix transforms an input message into the corresponding output message directed at the next mix in the chain. Chaum described an implementation for such length-preserving mixes, but it is not secure against active attacks. We show how to build practical cryptographically secure lengthpreserving mixes. The conventional denition of security against chosen ciphertext attacks is not applicable to length-preserving mixes; we give an appropriate denition and show that our construction achieves provable security.
@conference{BM:mixencrypt, author = {M{\"o}ller, Bodo}, booktitle = {Proceedings of CT-RSA 2003}, title = {Provably Secure Public-Key Encryption for Length-Preserving Chaumian Mixes}, year = {2003}, month = apr, organization = {Springer-Verlag, LNCS 2612}, publisher = {Springer-Verlag, LNCS 2612}, keywords = {mix chain, public key cryptography}, owner = {tom}, timestamp = {2017-10-10}, url = {http://eprints.kfupm.edu.sa/59837/} }

[Serjantov03puzzlesin] Puzzles in P2P Systems

Serjantov, Andrei, and Lewis, Stephen

10/2003 2003

abstract Bib

@conference{Serjantov03puzzlesin,
  author = {Serjantov, Andrei and Lewis, Stephen},
  booktitle = {8th CaberNet Radicals Workshop},
  title = {Puzzles in P2P Systems},
  year = {2003},
  address = {Ajaccio, Corsica},
  month = {10/2003},
  organization = {Network of Excellence in Distributed and Dependable Computing Systems},
  publisher = {Network of Excellence in Distributed and Dependable Computing Systems},
  keywords = {p2p network, puzzle},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Feldman03quantifyingdisincentives] Quantifying Disincentives in Peer-to-Peer Networks

Feldman, Michal, Lai, Kevin, Chuang, John, and Stoica, Ion

06/2003 2003

abstract Bib

In this paper, we use modeling and simulation to better understand the effects of cooperation on user performance and to quantify the performance-based disincentives in a peer-to-peer file sharing system. This is the first step towards building an incentive system. For the models developed in this paper, we have the following results: Although performance improves significantly when cooperation increases from low to moderate levels, the improvement diminishes thereafter. In particular, the mean delay to download a file when 5% of the nodes share files is 8x more than when 40% of the nodes share files, while the mean download delay when 40% of the nodes share is only 1.75x more than when 100% share.
@conference{Feldman03quantifyingdisincentives, author = {Feldman, Michal and Lai, Kevin and Chuang, John and Stoica, Ion}, booktitle = {Workshop on Economics of Peer-to-Peer Systems}, title = {Quantifying Disincentives in Peer-to-Peer Networks}, year = {2003}, address = {Berkeley, CA}, month = {06/2003}, keywords = {incentives, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10} }

[Huebsch:2003:QIP:1315451.1315480] Querying the internet with PIER

Huebsch, Ryan, Hellerstein, Joseph M., Lanham, Nick, Loo, Boon Thau, Shenker, S, and Stoica, Ion

2003

@conference{Huebsch:2003:QIP:1315451.1315480,
  author = {Huebsch, Ryan and Hellerstein, Joseph M. and Lanham, Nick and Loo, Boon Thau and Shenker, S and Stoica, Ion},
  booktitle = {Proceedings of the 29th international conference on Very large data bases - Volume 29},
  title = {Querying the internet with PIER},
  year = {2003},
  organization = {VLDB Endowment},
  pages = {321{\textendash}332},
  publisher = {VLDB Endowment},
  series = {VLDB {\textquoteright}03},
  isbn = {0-12-722442-4},
  keywords = {distributed hash table, PIER, range queries},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=1315451.1315480}
}

[RatnasamyHellersteinShenker2003RangeQueries] Range Queries over DHTs

Ratnasamy, Sylvia, Hellerstein, Joseph M., and Shenker, S

2003

Website abstract Bib

Distributed Hash Tables (DHTs) are scalable peer-to-peer systems that support exact match lookups. This paper describes the construction and use of a Prefix Hash Tree (PHT) – a distributed data structure that supports range queries over DHTs. PHTs use the hash-table interface of DHTs to construct a search tree that is efficient (insertions/lookups take ##### ### #### DHT lookups, where D is the data domain being indexed) and robust (the failure of any given node in the search tree does not affect the availability of data stored at other nodes in the PHT).
@booklet{RatnasamyHellersteinShenker2003RangeQueries, title = {Range Queries over DHTs}, author = {Ratnasamy, Sylvia and Hellerstein, Joseph M. and Shenker, S}, year = {2003}, keywords = {distributed hash table, P2P, queries, range}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.6.243} }
[GKK03] Rapid Mixing and Security of Chaum’s Visual Electronic Voting

Gomulkiewicz, Marcin, Klonowski, Marek, and Kutylowski, Miroslaw

Oct 2003

DOI Website abstract Bib

Recently, David Chaum proposed an electronic voting scheme that combines visual cryptography and digital processing. It was designed to meet not only mathematical security standards, but also to be accepted by voters that do not trust electronic devices. In this scheme mix-servers are used to guarantee anonymity of the votes in the counting process. The mix-servers are operated by different parties, so an evidence of their correct operation is necessary. For this purpose the protocol uses randomized partial checking of Jakobsson et al., where some randomly selected connections between the (encoded) inputs and outputs of a mix-server are revealed. This leaks some information about the ballots, even if intuitively this information cannot be used for any efficient attack. We provide a rigorous stochastic analysis of how much information is revealed by randomized partial checking in the Chaums protocol. We estimate how many mix-servers are necessary for a fair security level. Namely, we consider probability distribution of the permutations linking the encoded votes with the decoded votes given the information revealed by randomized partial checking. We show that the variation distance between this distribution and the uniform distribution is already for a constant number of mix-servers (n is the number of voters). This means that a constant number of trustees in the Chaums protocol is enough to obtain provable security. The analysis also shows that certain details of the Chaums protocol can be simplified without lowering security level.
@conference{GKK03, author = {Gomulkiewicz, Marcin and Klonowski, Marek and Kutylowski, Miroslaw}, booktitle = {Proceedings of ESORICS 2003}, title = {Rapid Mixing and Security of Chaum{\textquoteright}s Visual Electronic Voting}, year = {2003}, month = oct, organization = {Springer Berlin / Heidelberg}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/b13237}, isbn = {978-3-540-20300-1}, keywords = {electronic voting, Markov chain, path coupling, randomized partial checking, rapid mixing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/5gmj68nn4x1xc4j1/} }
[maymounkov:rateless] Rateless Codes and Big Downloads.

Maymounkov, Petar, and Mazières, David

02/2003 2003

DOI abstract Bib

This paper presents a novel algorithm for downloading big files from multiple sources in peer-to-peer networks. The algorithm is simple, but offers several compelling properties. It ensures low hand-shaking overhead between peers that download files (or parts of files) from each other. It is computationally efficient, with cost linear in the amount of data transfered. Most importantly, when nodes leave the network in the middle of uploads, the algorithm minimizes the duplicate information shared by nodes with truncated downloads. Thus, any two peers with partial knowledge of a given file can almost always fully benefit from each other’s knowledge. Our algorithm is made possible by the recent introduction of linear-time, rateless erasure codes.
@conference{maymounkov:rateless, author = {Maymounkov, Petar and Mazi{\`e}res, David}, booktitle = {IPTPS{\textquoteright}03 - Proceedings in the 2th International Workshop on Peer-to-Peer Systems}, title = {Rateless Codes and Big Downloads.}, year = {2003}, address = {Berkeley, CA, USA}, month = {02/2003}, organization = {Springer}, pages = {247-255}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {2735}, doi = {10.1007/978-3-540-45172-3_23}, keywords = {algorithms, big files, download, multiple sources, rateless code}, owner = {tom}, timestamp = {2017-10-10} }
[incomparable-pkeys] Receiver Anonymity via Incomparable Public Keys

Waters, Brent, Felten, Edward W., and Sahai, Amit

Oct 2003

DOI Website abstract Bib

We describe a new method for protecting the anonymity of message receivers in an untrusted network. Surprisingly, existing methods fail to provide the required level of anonymity for receivers (although those methods do protect sender anonymity). Our method relies on the use of multicast, along with a novel cryptographic primitive that we call an Incomparable Public Key cryptosystem, which allows a receiver to efficiently create many anonymous "identities" for itself without divulging that these separate "identities" actually refer to the same receiver, and without increasing the receiver’s workload as the number of identities increases. We describe the details of our method, along with a prototype implementation.
@conference{incomparable-pkeys, author = {Waters, Brent and Felten, Edward W. and Sahai, Amit}, booktitle = {Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003)}, title = {Receiver Anonymity via Incomparable Public Keys}, year = {2003}, editor = {Atluri, Vijay and Liu, Peng}, month = oct, organization = {ACM Press}, pages = {112{\textendash}121}, publisher = {ACM Press}, doi = {10.1145/948109.948127}, isbn = {1-58113-738-9}, keywords = {anonymity, PGP, privacy, public key cryptography}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=948127} }
[rep-anon] Reputation in P2P Anonymity Systems

Dingledine, Roger, Mathewson, Nick, and Syverson, Paul

Jun 2003

Website abstract Bib

Decentralized anonymity systems tend to be unreliable, because users must choose nodes in the network without knowing the entire state of the network. Reputation systems promise to improve reliability by predicting network state. In this paper we focus on anonymous remailers and anonymous publishing, explain why the systems can benefit from reputation, and describe our experiences designing reputation systems for them while still ensuring anonymity. We find that in each example we first must redesign the underlying anonymity system to support verifiable transactions.
@conference{rep-anon, author = {Dingledine, Roger and Mathewson, Nick and Syverson, Paul}, booktitle = {Proceedings of Workshop on Economics of Peer-to-Peer Systems}, title = {Reputation in P2P Anonymity Systems}, year = {2003}, month = jun, keywords = {anonymity, anonymous publishing, remailer, reputation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.14.4740} }
[Padmanabhan:2003:RPS:951950.952204] Resilient Peer-to-Peer Streaming

Padmanabhan, Venkata N., Wang, Helen J., and Chou, Philip A.

11/2003 2003

Website abstract Bib

We consider the problem of distributing "live" streaming media content to a potentially large and highly dynamic population of hosts. Peer-to-peer content distribution is attractive in this setting because the bandwidth available to serve content scales with demand. A key challenge, however, is making content distribution robust to peer transience. Our approach to providing robustness is to introduce redundancy, both in network paths and in data. We use multiple, diverse distribution trees to provide redundancy in network paths and multiple description coding (MDC) to provide redundancy in data.We present a simple tree management algorithm that provides the necessary path diversity and describe an adaptation framework for MDC based on scalable receiver feedback. We evaluate these using MDC applied to real video data coupled with real usage traces from a major news site that experienced a large flash crowd for live streaming content. Our results show very significant benefits in using multiple distribution trees and MDC, with a 22 dB improvement in PSNR in some cases.
@conference{Padmanabhan:2003:RPS:951950.952204, author = {Padmanabhan, Venkata N. and Wang, Helen J. and Chou, Philip A.}, booktitle = {ICNP{\textquoteright}03. Proceedings of the 11th IEEE International Conference on Network Protocols}, title = {Resilient Peer-to-Peer Streaming}, year = {2003}, address = {Atlanta, Georgia, USA}, month = {11/2003}, organization = {IEEE Computer Society}, pages = {16{\textendash}}, publisher = {IEEE Computer Society}, series = {ICNP {\textquoteright}03}, isbn = {0-7695-2024-3}, keywords = {distribution trees, mdc, media content, multiple description coding, peer-to-peer streaming}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=951950.952204} }
[Fuhrmann03resultson] Results on the practical feasibility of programmable network services

Fuhrmann, Thomas, Harbaum, Till, Kassianidis, Panos, Schoeller, Marcus, and Zitterbart, Martina

2003

Website abstract Bib

Active and programmable networks have been subject to intensive and successful research activities during the last couple of years. Many ideas and concepts have been pursued. However, only a few prototype implementations that have been developed so far, can deal with different applications in a larger scale setting. Moreover, detailed performance analyses of such prototypes are greatly missing today. Therefore, this paper does not present yet another architecture for active and programmable networks. In contrast, it rather focuses on the performance evaluation of the so-called AMnet approach that has already been presented previously [1]. As such, the paper demonstrates that an operational high-performance programmable network system with AAA (authentication, authorization, and accounting) security functionality will in fact be feasible in the near future.
@conference{Fuhrmann03resultson, author = {Fuhrmann, Thomas and Harbaum, Till and Kassianidis, Panos and Schoeller, Marcus and Zitterbart, Martina}, booktitle = {In 2nd International Workshop on Active Network Technologies and Applications (ANTA}, title = {Results on the practical feasibility of programmable network services}, year = {2003}, keywords = {programmable networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.67.3074} }
[reusable-channels:wpes2003] Reusable Anonymous Return Channels

Golle, Philippe, and Jakobsson, Markus

10/2003 2003

DOI Website abstract Bib

Mix networks are used to deliver messages anonymously to recipients, but do not straightforwardly allow the recipient of an anonymous message to reply to its sender. Yet the ability to reply one or more times, and to further reply to replies, is essential to a complete anonymous conversation. We propose a protocol that allows a sender of anonymous messages to establish a reusable anonymous return channel. This channel enables any recipient of one of these anonymous messages to send back one or more anonymous replies. Recipients who reply to different messages can not test whether two return channels are the same, and there-fore can not learn whether they are replying to the same person. Yet the fact that multiple recipients may send multiple replies through the same return channel helps defend against the counting attacks that defeated earlier proposals for return channels. In these attacks, an adversary traces the origin of a message by sending a specific number of replies and observing who collects the same number of messages. Our scheme resists these attacks because the replies sent by an attacker are mixed with other replies submitted by other recipients through the same return channel. Moreover, our protocol straightforwardly allows for replies to replies, etc. Our protocol is based upon a re-encryption mix network, and requires four times the amount of computation and communication of a basic mixnet.
@conference{reusable-channels:wpes2003, author = {Golle, Philippe and Jakobsson, Markus}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2003)}, title = {Reusable Anonymous Return Channels}, year = {2003}, address = {Washington, DC, USA}, month = {10/2003}, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/1005140.1005155}, isbn = {1-58113-776-1}, keywords = {anonymity, privacy, return address}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1005155} }
[Dinur2003] Revealing Information While Preserving Privacy

Dinur, Irit, and Nissim, Kobbi

2003

DOI Website abstract Bib

We examine the tradeoff between privacy and usability of statistical databases. We model a statistical database by an n-bit string d1 ,.., dn , with a query being a subset q ⊆ [n] to be answered by summation of values which belong to q. Our main result is a polynomial reconstruction algorithm of data from noisy (perturbed) subset sums. Applying this reconstruction algorithm to statistical databases we show that in order to achieve privacy one has to add perturbation of magnitude Ω (√ n). That is, smaller perturbation always results in a strong violation of privacy. We show that this result is tight by exemplifying access algorithms for statistical databases that preserve privacy while adding perturbation of magnitude O (√ n). For time-T bounded adversaries we demonstrate a privacy-preserving access algorithm whose perturbation magnitude is ≈ √T .
@conference{Dinur2003, author = {Dinur, Irit and Nissim, Kobbi}, booktitle = {Proceedings of the Twenty-second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems}, title = {Revealing Information While Preserving Privacy}, year = {2003}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/773153.773173}, isbn = {1-58113-670-6}, keywords = {data reconstruction, integrity and security, subset-sums with noise}, owner = {tom}, timestamp = {2021-01-27}, url = {http://doi.acm.org/10.1145/773153.773173} }
[Lpcox03samsara:honor] Samsara: Honor Among Thieves in Peer-to-Peer Storage

Cox, Landon P., and Noble, Brian D.

10/2003 2003

Website abstract Bib

Peer-to-peer storage systems assume that their users consume resources in proportion to their contribution. Unfortunately, users are unlikely to do this without some enforcement mechanism. Prior solutions to this problem require centralized infrastructure, constraints on data placement, or ongoing administrative costs. All of these run counter to the design philosophy of peer-to-peer systems. requiring trusted third parties, symmetric storage relationships, monetary payment, or certified identities. Each peer that requests storage of another must agree to hold a claim in return—a placeholder that accounts for available space. After an exchange, each partner checks the other to ensure faithfulness. Samsara punishes unresponsive nodes probabilistically. Because objects are replicated, nodes with transient failures are unlikely to suffer data loss, unlike those that are dishonest or chronically unavailable. Claim storage overhead can be reduced when necessary by forwarding among chains of nodes, and eliminated when cycles are created. Forwarding chains increase the risk of exposure to failure, but such risk is modest under reasonable assumptions of utilization and simultaneous, persistent failure.
@conference{Lpcox03samsara:honor, author = {Cox, Landon P. and Noble, Brian D.}, booktitle = {SOSP{\textquoteright}03 - Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles}, title = {Samsara: Honor Among Thieves in Peer-to-Peer Storage}, year = {2003}, address = {Bolton Landing, NY, USA}, month = {10/2003}, organization = {ACM Press}, pages = {120{\textendash}132}, publisher = {ACM Press}, keywords = {P2P, reputation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.5.6734} }
[Castro2003a] Scalable Application-level Anycast for Highly Dynamic Groups

Castro, Miguel, Druschel, Peter, Kermarrec, Anne-Marie, and Rowstron, Antony

09/2003 2003

DOI abstract Bib

We present an application-level implementation of anycast for highly dynamic groups. The implementation can handle group sizes varying from one to the whole Internet, and membership maintenance is efficient enough to allow members to join for the purpose of receiving a single message. Key to this efficiency is the use of a proximity-aware peer-to-peer overlay network for decentralized, lightweight group maintenance; nodes join the overlay once and can join and leave many groups many times to amortize the cost of maintaining the overlay. An anycast implementation with these properties provides a key building block for distributed applications. In particular, it enables management and location of dynamic resources in large scale peer-to-peer systems. We present several resource management applications that are enabled by our implementation.
@conference{Castro2003a, author = {Castro, Miguel and Druschel, Peter and Kermarrec, Anne-Marie and Rowstron, Antony}, booktitle = {NGC{\textquoteright}03 Networked Group Communication, Fifth International COST264 Workshop}, title = {Scalable Application-level Anycast for Highly Dynamic Groups}, year = {2003}, address = {Munich, Germany}, month = {09/2003}, organization = {Springer}, pages = {47-57}, publisher = {Springer}, series = {Lecture Notes in Computer Science, 2003}, volume = {2816}, doi = {10.1007/978-3-540-39405-1_5}, keywords = {anycast, application-level, highly dynamic groups, peer-to-peer networking}, owner = {tom}, timestamp = {2017-10-10} }

[776703] Security Performance

Menascé, Daniel

IEEE Internet Computing 2003

Several protocols and mechanisms aim to enforce the various dimensions of security in applications ranging from email to e-commerce transactions. Adding such mechanisms and proceduresto applications and systems does not come cheaply, however, as they impose security trade-offs in the areas of performance and scalability.

@article{776703,
  author = {Menasc{\'e}, Daniel},
  journal = {IEEE Internet Computing},
  title = {Security Performance},
  year = {2003},
  issn = {1089-7801},
  number = {3},
  pages = {84{\textendash}87},
  volume = {7},
  address = {Piscataway, NJ, USA},
  doi = {10.1109/MIC.2003.1200305},
  keywords = {security policy, trade-off},
  owner = {tom},
  publisher = {IEEE Educational Activities Department},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=776703$\#$}
}

[Qiu:2003:SRI:863955.863974] On selfish routing in internet-like environments

Qiu, Lili, Yang, Yang Richard, Zhang, Yin, and Shenker, S

08/2003 2003

DOI Website abstract Bib

A recent trend in routing research is to avoid inefficiencies in network-level routing by allowing hosts to either choose routes themselves (e.g., source routing) or use overlay routing networks (e.g., Detour or RON). Such approaches result in selfish routing, because routing decisions are no longer based on system-wide criteria but are instead designed to optimize host-based or overlay-based metrics. A series of theoretical results showing that selfish routing can result in suboptimal system behavior have cast doubts on this approach. In this paper, we use a game-theoretic approach to investigate the performance of selfish routing in Internet-like environments. We focus on intra-domain network environments and use realistic topologies and traffic demands in our simulations. We show that in contrast to theoretical worst cases, selfish routing achieves close to optimal average latency in such environments. However, such performance benefit comes at the expense of significantly increased congestion on certain links. Moreover, the adaptive nature of selfish overlays can significantly reduce the effectiveness of traffic engineering by making network traffic less predictable.
@conference{Qiu:2003:SRI:863955.863974, author = {Qiu, Lili and Yang, Yang Richard and Zhang, Yin and Shenker, S}, booktitle = {SIGCOMM{\textquoteright}03. Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications}, title = {On selfish routing in internet-like environments}, year = {2003}, address = {Karlsruhe, Germany}, month = {08/2003}, organization = {ACM}, pages = {151{\textendash}162}, publisher = {ACM}, series = {SIGCOMM {\textquoteright}03}, doi = {http://doi.acm.org/10.1145/863955.863974}, isbn = {1-58113-735-4}, keywords = {game theory, optimization, overlay, relaxation, selfish routing, traffic engineering, traffic equilibrium}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/863955.863974} }
[766661] Self-Organized Public-Key Management for Mobile Ad Hoc Networks

IEEE Transactions on Mobile Computing 2003

DOI Website abstract Bib

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and to node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories are not well-suited for securing ad hoc networks. In this paper, we propose a fully self-organized public-key management system that allows users to generate their public-private key pairs, to issue certificates, and to perform authentication regardless of the network partitions and without any centralized services. Furthermore, our approach does not require any trusted authority, not even in the system initialization phase.
@article{766661, journal = {IEEE Transactions on Mobile Computing}, title = {Self-Organized Public-Key Management for Mobile Ad Hoc Networks}, year = {2003}, issn = {1536-1233}, number = {1}, pages = {52{\textendash}64}, volume = {2}, address = {Piscataway, NJ, USA}, doi = {10.1109/TMC.2003.1195151}, keywords = {ad-hoc networks, key authentication, PGP, public key cryptography, self-organization}, owner = {tom}, publisher = {IEEE Educational Activities Department}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=766655.766661$\#$} }
[Naor03asimple] A Simple Fault Tolerant Distributed Hash Table

Naor, Moni, and Wieder, Udi

2003

DOI Website abstract Bib

We introduce a distributed hash table (DHT) with logarithmic degree and logarithmic dilation. We show two lookup algorithms. The first has a message complexity of and is robust under random deletion of nodes. The second has parallel time of and message complexity of . It is robust under spam induced by a random subset of the nodes. We then show a construction which is fault tolerant against random deletions and has an optimal degree-dilation tradeoff. The construction has improved parameters when compared to other DHTs. Its main merits are its simplicity, its flexibility and the fresh ideas introduced in its design. It is very easy to modify and to add more sophisticated protocols, such as dynamic caching and erasure correcting codes.
@conference{Naor03asimple, author = {Naor, Moni and Wieder, Udi}, booktitle = {In Second International Workshop on Peer-to-Peer Systems}, title = {A Simple Fault Tolerant Distributed Hash Table}, year = {2003}, pages = {88{\textendash}97}, doi = {10.1007/b11823}, keywords = {distributed hash table, fault-tolerance}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/4e756fgyq4ff4kay/} }

[Harvey:2003:SSO:1251460.1251469] SkipNet: a scalable overlay network with practical locality properties

Harvey, Nicholas J. A., Jones, Michael B., Saroiu, Stefan, Theimer, Marvin, and Wolman, Alec

2003

@conference{Harvey:2003:SSO:1251460.1251469,
  author = {Harvey, Nicholas J. A. and Jones, Michael B. and Saroiu, Stefan and Theimer, Marvin and Wolman, Alec},
  booktitle = {Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4},
  title = {SkipNet: a scalable overlay network with practical locality properties},
  year = {2003},
  address = {Berkeley, CA, USA},
  organization = {USENIX Association},
  pages = {9{\textendash}9},
  publisher = {USENIX Association},
  series = {USITS{\textquoteright}03},
  keywords = {distributed hash table, range queries, SkipNet},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=1251460.1251469}
}

[Freedman03sloppyhashing] Sloppy Hashing and Self-Organizing Clusters

Freedman, Michael J., and Mazières, David

2003

Website abstract Bib

We are building Coral, a peer-to-peer content distribution system. Coral creates self-organizing clusters of nodes that fetch information from each other to avoid communicating with more distant or heavily-loaded servers. Coral indexes data, but does not store it. The actual content resides where it is used, such as in nodes’ local web caches. Thus, replication happens exactly in proportion to demand.
@booklet{Freedman03sloppyhashing, title = {Sloppy Hashing and Self-Organizing Clusters}, author = {Freedman, Michael J. and Mazi{\`e}res, David}, year = {2003}, isbn = {978-3-540-40724-9}, journal = {In IPTPS}, owner = {tom}, pages = {45{\textendash}55}, publisher = {Springer Berlin / Heidelberg}, timestamp = {2017-10-10}, url = {www.coralcdn.org/docs/coral-iptps03.ps}, volume = {Volume 2735/2003} }
[Klemm03aspecial-purpose] A Special-Purpose Peer-to-Peer File Sharing System for Mobile Ad Hoc Networks

Klemm, Alexander, Klemm, Er, Lindemann, Christoph, and Waldhorst, Oliver

2003

Website abstract Bib

Establishing peer-to-peer (P2P) file sharing for mobile ad hoc networks ANET) requires the construction of a search algorithm for transmitting queries and search results as well as the development of a transfer protocol for downloading files matching a query. In this paper, we present a special-purpose system for searching and file transfer tailored to both the characteristics of MANET and the requirements of peer-to-peer file sharing. Our approach is based on an application layer overlay networlc As innovative feature, overlay routes are set up on demand by the search algorithm, closely matching network topology and transparently aggregating redundant transfer paths on a per-file basis. The transfer protocol guarantees high data rates and low transmission overhead by utilizing overlay routes. In a detailed ns2 simulation study, we show that both the search algorithm and the transfer protocol outperform offthe -shelf approaches based on a P2P file sharing system for the wireline Internet, TCP and a MANET routing protocol.
@conference{Klemm03aspecial-purpose, author = {Klemm, Alexander and Klemm, Er and Lindemann, Christoph and Waldhorst, Oliver}, title = {A Special-Purpose Peer-to-Peer File Sharing System for Mobile Ad Hoc Networks}, year = {2003}, keywords = {ad-hoc networks, file-sharing, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.12.9634} }
[Castro:2003:SHM:1165389.945474] SplitStream: high-bandwidth multicast in cooperative environments

Castro, Miguel, Druschel, Peter, Kermarrec, Anne-Marie, Nandi, Animesh, Rowstron, Antony, and Singh, Atul

SIGOPS’03 Operating Systems Review 10/2003 2003

DOI Website abstract Bib

In tree-based multicast systems, a relatively small number of interior nodes carry the load of forwarding multicast messages. This works well when the interior nodes are highly-available, dedicated infrastructure routers but it poses a problem for application-level multicast in peer-to-peer systems. SplitStream addresses this problem by striping the content across a forest of interior-node-disjoint multicast trees that distributes the forwarding load among all participating peers. For example, it is possible to construct efficient SplitStream forests in which each peer contributes only as much forwarding bandwidth as it receives. Furthermore, with appropriate content encodings, SplitStream is highly robust to failures because a node failure causes the loss of a single stripe on average. We present the design and implementation of SplitStream and show experimental results obtained on an Internet testbed and via large-scale network simulation. The results show that SplitStream distributes the forwarding load among all peers and can accommodate peers with different bandwidth capacities while imposing low overhead for forest construction and maintenance.
@article{Castro:2003:SHM:1165389.945474, author = {Castro, Miguel and Druschel, Peter and Kermarrec, Anne-Marie and Nandi, Animesh and Rowstron, Antony and Singh, Atul}, journal = {SIGOPS{\textquoteright}03 Operating Systems Review}, title = {SplitStream: high-bandwidth multicast in cooperative environments}, year = {2003}, issn = {0163-5980}, month = {10/2003}, pages = {298{\textendash}313}, volume = {37}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/1165389.945474}, keywords = {application-level multicast, content distribution, end-system multicast, peer-to-peer networking, video streaming}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/1165389.945474} }

[statistical-disclosure] Statistical Disclosure Attacks: Traffic Confirmation in Open Environments

Danezis, George

May 2003

An improvement over the previously known disclosure attack is presented that allows, using statistical methods, to effectively deanonymize users of a mix system. Furthermore the statistical disclosure attack is computationally efficient, and the conditions for it to be possible and accurate are much better understood. The new attack can be generalized easily to a variety of anonymity systems beyond mix networks.

@conference{statistical-disclosure,
  author = {Danezis, George},
  booktitle = {Proceedings of Security and Privacy in the Age of Uncertainty, (SEC2003)},
  title = {Statistical Disclosure Attacks: Traffic Confirmation in Open Environments},
  year = {2003},
  address = {Athens},
  month = may,
  organization = {IFIP TC11},
  pages = {421{\textendash}426},
  publisher = {IFIP TC11},
  keywords = {anonymity, statistical analysis, traffic analysis},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.4512}
}

[942421] Stimulating cooperation in self-organizing mobile ad hoc networks

Buttyán, Levente, and Hubaux, Jean-Pierre

Mob. Netw. Appl. 2003

DOI Website abstract Bib

In military and rescue applications of mobile ad hoc networks, all the nodes belong to the same authority; therefore, they are motivated to cooperate in order to support the basic functions of the network. In this paper, we consider the case when each node is its own authority and tries to maximize the benefits it gets from the network. More precisely, we assume that the nodes are not willing to forward packets for the benefit of other nodes. This problem may arise in civilian applications of mobile ad hoc networks. In order to stimulate the nodes for packet forwarding, we propose a simple mechanism based on a counter in each node. We study the behavior of the proposed mechanism analytically and by means of simulations, and detail the way in which it could be protected against misuse.
@article{942421, author = {Butty{\'a}n, Levente and Hubaux, Jean-Pierre}, journal = {Mob. Netw. Appl.}, title = {Stimulating cooperation in self-organizing mobile ad hoc networks}, year = {2003}, issn = {1383-469X}, number = {5}, pages = {579{\textendash}592}, volume = {8}, address = {Hingham, MA, USA}, doi = {10.1023/A:1025146013151}, keywords = {ad-hoc networks, cooperation, self-organization}, owner = {tom}, publisher = {Kluwer Academic Publishers}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=942421$\#$} }
[_onthe] On the Strategic Importance of Programmable Middleboxes

Fuhrmann, Thomas

2003

Website abstract Bib

Network protocols suffer from a lock dictated by the need for standardization and Metcalf’s law. Programmable middleboxes can help to relieve the effects of that lock. This paper gives game theoretic arguments that show how the option of having middleboxes can raise the quality of communication protocols. Based on this analysis, design considerations for active and programmable networks are discussed.
@booklet{_onthe, title = {On the Strategic Importance of Programmable Middleboxes}, author = {Fuhrmann, Thomas}, year = {2003}, keywords = {programmable networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.71.7171} }
[792432] Supporting Peer-to-Peer Computing with FlexiNet

Fuhrmann, Thomas

2003

Website abstract Bib

Formation of suitable overlay-network topologiesthat are able to reflect the structure of the underlying network-infrastructure, has rarely been addressedby peer-to-peer applications so far. Often, peer-to-peerprotocols restrain to purely random formation of theiroverlay-network. This leads to a far from optimal performance of such peer-to-peer networks and ruthlesslywastes network resources.In this paper, we describe a simple mechanism thatuses programmable network technologies to improvethe topology formation process of unstructured peer-to-peer networks. Being a network service, our mechanismdoes not require any modification of existing applications or computing systems. By that, it assists networkoperators with improving the performance of their network and relieves programmers from the burden of designing and implementing topology-aware peer-to-peerprotocols.Although we use the well-know Gnutella protocol todescribe the mechanism of our proposed service, it applies to all kinds of unstructured global peer-to-peercomputing applications.
@conference{792432, author = {Fuhrmann, Thomas}, booktitle = {CCGRID {\textquoteright}03: Proceedings of the 3st International Symposium on Cluster Computing and the Grid}, title = {Supporting Peer-to-Peer Computing with FlexiNet}, year = {2003}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {390}, publisher = {IEEE Computer Society}, isbn = {0-7695-1919-9}, keywords = {overlay networks, programmable networks, topology matching}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=791231.792432$\#$} }

[1251470] Symphony: distributed hashing in a small world

Manku, Gurmeet Singh, Bawa, Mayank, and Raghavan, Prabhakar

2003

We present Symphony, a novel protocol for maintaining distributed hash tables in a wide area network. The key idea is to arrange all participants along a ring and equip them with long distance contacts drawn from a family of harmonic distributions. Through simulation, we demonstrate that our construction is scalable, flexible, stable in the presence of frequent updates and offers small average latency with only a handful of long distance links per node. The cost of updates when hosts join and leave is small.

@conference{1251470,
  author = {Manku, Gurmeet Singh and Bawa, Mayank and Raghavan, Prabhakar},
  booktitle = {USITS{\textquoteright}03: Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems},
  title = {Symphony: distributed hashing in a small world},
  year = {2003},
  address = {Berkeley, CA, USA},
  organization = {USENIX Association},
  pages = {10{\textendash}10},
  publisher = {USENIX Association},
  keywords = {small-world},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://portal.acm.org/citation.cfm?id=1251460.1251470$\#$}
}

[958494] Taming the underlying challenges of reliable multihop routing in sensor networks

Woo, Alec, Tong, Terence, and Culler, David

2003

DOI Website abstract Bib

The dynamic and lossy nature of wireless communication poses major challenges to reliable, self-organizing multihop networks. These non-ideal characteristics are more problematic with the primitive, low-power radio transceivers found in sensor networks, and raise new issues that routing protocols must address. Link connectivity statistics should be captured dynamically through an efficient yet adaptive link estimator and routing decisions should exploit such connectivity statistics to achieve reliability. Link status and routing information must be maintained in a neighborhood table with constant space regardless of cell density. We study and evaluate link estimator, neighborhood table management, and reliable routing protocol techniques. We focus on a many-to-one, periodic data collection workload. We narrow the design space through evaluations on large-scale, high-level simulations to 50-node, in-depth empirical experiments. The most effective solution uses a simple time averaged EWMA estimator, frequency based table management, and cost-based routing.
@conference{958494, author = {Woo, Alec and Tong, Terence and Culler, David}, booktitle = {SenSys {\textquoteright}03: Proceedings of the 1st international conference on Embedded networked sensor systems}, title = {Taming the underlying challenges of reliable multihop routing in sensor networks}, year = {2003}, address = {New York, NY, USA}, organization = {ACM}, pages = {14{\textendash}27}, publisher = {ACM}, doi = {10.1145/958491.958494}, isbn = {1-58113-707-9}, keywords = {link estimation, multi-hop networks, neighborhood management, reliability, sensor networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=958494$\#$} }
[feamster:pet2003] Thwarding Web Censorship with Untrusted Messenger Delivery

Feamster, Nick, Balazinska, Magdalena, Wang, Winston, Balakrishnan, Hari, and Karger, David

Mar 2003

abstract Bib

All existing anti-censorship systems for theWeb rely on proxies to grant clients access to censored information. Therefore, they face the proxy discovery problem: how can clients discover the proxies without having the censor discover and block these proxies? To avoid widespread discovery and blocking, proxies must not be widely published and should be discovered in-band. In this paper, we present a proxy discovery mechanism called keyspace hopping that meets this goal. Similar in spirit to frequency hopping in wireless networks, keyspace hopping ensures that each client discovers only a small fraction of the total number of proxies.However, requiring clients to independently discover proxies from a large set makes it practically impossible to verify the trustworthiness of every proxy and creates the possibility of having untrusted proxies. To address this, we propose separating the proxy into two distinct components|the messenger, which the client discovers using keyspace hopping and which simply acts as a gateway to the Internet; and the portal, whose identity is widely-published and whose responsibility it is to interpret and serve the client’s requests for censored content. We show how this separation, as well as in-band proxy discovery, can be applied to a variety of anti-censorship systems.
@conference{feamster:pet2003, author = {Feamster, Nick and Balazinska, Magdalena and Wang, Winston and Balakrishnan, Hari and Karger, David}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2003)}, title = {Thwarding Web Censorship with Untrusted Messenger Delivery}, year = {2003}, editor = {Dingledine, Roger}, month = mar, organization = {Springer-Verlag, LNCS 2760}, pages = {125{\textendash}140}, publisher = {Springer-Verlag, LNCS 2760}, owner = {tom}, timestamp = {2017-10-10} }
[Fuhrmann2003a] On the Topology of Overlay-Networks

Fuhrmann, Thomas

2003

abstract Bib

Random-graph models are about to become an important tool in the study of wireless ad-hoc and sensor-networks, peer-to-peer networks, and, generally, overlay-networks. Such models provide a theoretical basis to assess the capabilities of certain networks, and guide the design of new protocols. Especially the recently proposed models for so-called small-world networks receive much attention from the networking community. This paper proposes the use of two more mathematical concepts for the analysis of network topologies, dimension and curvature. These concepts can intuitively be applied to, e.g., sensor-networks. But they can also be sensibly dened for certain other random-graph models. The latter is non-trivial since such models may describe purely virtual networks that do not inherit properties from an underlying physical world. Analysis of a random-graph model for Gnutella-like overlay-networks yields strong indications that such networks might be characterized as a sphere with fractal dimension.
@article{Fuhrmann2003a, author = {Fuhrmann, Thomas}, title = {On the Topology of Overlay-Networks}, year = {2003}, owner = {tom}, timestamp = {2017-10-10} }

[DBLP:conf/iptps/DabekZDKS03] Towards a Common API for Structured Peer-to-Peer Overlays

Dabek, Frank, Zhao, Ben Y., Druschel, Peter, Kubiatowicz, John, and Stoica, Ion

02/2003 2003

In this paper, we describe an ongoing effort to define common APIs for structured peer-to-peer overlays and the key abstractions that can be built on them. In doing so, we hope to facilitate independent innovation in overlay protocols, services, and applications, to allow direct experimental comparisons, and to encourage application development by third parties. We provide a snapshot of our efforts and discuss open problems in an effort to solicit feedback from the research community.

@conference{DBLP:conf/iptps/DabekZDKS03,
  author = {Dabek, Frank and Zhao, Ben Y. and Druschel, Peter and Kubiatowicz, John and Stoica, Ion},
  booktitle = {IPTPS{\textquoteright}03. Proccedings of the Second International Workshop on Peer-to-Peer Systems},
  title = {Towards a Common API for Structured Peer-to-Peer Overlays},
  year = {2003},
  address = {Berkeley, CA, USA},
  month = {02/2003},
  organization = {Springer},
  pages = {33-44},
  publisher = {Springer},
  series = {Lecture Notes in Computer Science},
  volume = {2735},
  doi = {http://dx.doi.org/10.1007/978-3-540-45172-3_3},
  isbn = {3-540-40724-3},
  keywords = {API, key abstraction},
  owner = {tom},
  timestamp = {2017-10-10}
}

[642636] Usability and privacy: a study of Kazaa P2P file-sharing

Good, Nathaniel S., and Krekelberg, Aaron

2003

DOI Website abstract Bib

P2P file sharing systems such as Gnutella, Freenet, and KaZaA, while primarily intended for sharing multimedia files, frequently allow other types of information to be shared. This raises serious concerns about the extent to which users may unknowingly be sharing private or personal information.In this paper, we report on a cognitive walkthrough and a laboratory user study of the KaZaA file sharing user interface. The majority of the users in our study were unable to tell what files they were sharing, and sometimes incorrectly assumed they were not sharing any files when in fact they were sharing all files on their hard drive. An analysis of the KaZaA network suggested that a large number of users appeared to be unwittingly sharing personal and private files, and that some users were indeed taking advantage of this and downloading files containing ostensibly private information.
@conference{642636, author = {Good, Nathaniel S. and Krekelberg, Aaron}, booktitle = {CHI {\textquoteright}03: Proceedings of the SIGCHI conference on Human factors in computing systems}, title = {Usability and privacy: a study of Kazaa P2P file-sharing}, year = {2003}, address = {New York, NY, USA}, organization = {ACM}, pages = {137{\textendash}144}, publisher = {ACM}, doi = {10.1145/642611.642636}, isbn = {1-58113-630-7}, keywords = {file-sharing, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=642611.642636$\#$} }
[Fuhrmann_usingbluetooth] Using Bluetooth for Informationally Enhanced Environments Abstract

Fuhrmann, Thomas, and Harbaum, Till

2003

Website abstract Bib

The continued miniaturization in computing and wireless communication is about to make informationally enhanced environments become a reality. Already today, devices like a notebook computer or a personal digital assistent (PDA) can easily connect to the Internet via IEEE 802.11 networks (WaveLAN) or similar technologies provided at so-called hot-spots. In the near future, even smaller devices can join a wireless network to exchange status information or send and receive commands. In this paper, we present sample uses of a generic Bluetooth component that we have developed and that has been successfully integrated into various mininature devices to transmit sensor data or exchange control commands. The use of standard protocols like TCP/IP, Obex, and HTTP simplifies the use of those devices with conventional devices (notebook, PDA, cell-phone) without even requiring special drivers or applications for these devices. While such scenarios have already often been dreamt of, we are able to present a working solution based on small and cost-effective standard elements. We describe two applications that illustrate the power this approach in the broad area of e-commerce, e-learning, and e-government: the BlueWand, a small, pen-like device that can control Bluetooth devices in its vincinity by simple gestures, and a door plate that can display messages that are posted to it e.g. by a Bluetooth PDA. Keywords: Human-Computer Interaction, Ubiquitous Computing, Wireless Communications (Bluetooth)
@booklet{Fuhrmann_usingbluetooth, title = {Using Bluetooth for Informationally Enhanced Environments Abstract}, author = {Fuhrmann, Thomas and Harbaum, Till}, year = {2003}, keywords = {Bluetooth, ubiquitous computing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.73.2131} }
[shsm03] Using Caching for Browsing Anonymity

Shubina, Anna, and Smith, Sean

ACM SIGEcom Exchanges Sep 2003

DOI Website abstract Bib

Privacy-providing tools, including tools that provide anonymity, are gaining popularity in the modern world. Among the goals of their users is avoiding tracking and profiling. While some businesses are unhappy with the growth of privacy-enhancing technologies, others can use lack of information about their users to avoid unnecessary liability and even possible harassment by parties with contrary business interests, and to gain a competitive market edge.Currently, users interested in anonymous browsing have the choice only between single-hop proxies and the few more complex systems that are available. These still leave the user vulnerable to long-term intersection attacks.In this paper, we propose a caching proxy system for allowing users to retrieve data from the World-Wide Web in a way that would provide recipient unobservability by a third party and sender unobservability by the recipient and thus dispose with intersection attacks, and report on the prototype we built using Google.
@article{shsm03, author = {Shubina, Anna and Smith, Sean}, journal = {ACM SIGEcom Exchanges}, title = {Using Caching for Browsing Anonymity}, year = {2003}, month = sep, number = {2}, pages = {11 - 20}, volume = {4}, doi = {10.1145/1120709.1120713}, keywords = {anonymity, caching proxies, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1120713} }

[939859] Wireless Community Networks

Jain, Saurabh, and Agrawal, Dharma P.

Computer 2003

@article{939859,
  author = {Jain, Saurabh and Agrawal, Dharma P.},
  journal = {Computer},
  title = {Wireless Community Networks},
  year = {2003},
  issn = {0018-9162},
  number = {8},
  pages = {90{\textendash}92},
  volume = {36},
  address = {Los Alamitos, CA, USA},
  doi = {10.1109/MC.2003.1220588},
  owner = {tom},
  publisher = {IEEE Computer Society Press},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=939824.939859$\#$}
}

[Boulkenafed02adhocfs:sharing] AdHocFS: Sharing Files in WLANs

Boulkenafed, Malika, and Issarny, Valerie

2002

Website abstract Bib

This paper presents the ADHOCFS file system for mobileusers, which realizes transparent, adaptive file accessaccording to the users’ specific situations (e.g., device inuse, network connectivity, etc).The paper concentratesmore specifically on the support of ADHOCFS for collaborativefile sharing within ad hoc groups of trusted nodesthat are in the local communication of each other using theunderlying ad hoc network, which has not been addressedin the past.
@booklet{Boulkenafed02adhocfs:sharing, title = {AdHocFS: Sharing Files in WLANs}, author = {Boulkenafed, Malika and Issarny, Valerie}, year = {2002}, isbn = {0-7695-1938-5}, keywords = {ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=825345} }
[BonehGolle:psp2002] Almost Entirely Correct Mixing With Application to Voting

Boneh, Dan, and Golle, Philippe

Nov 2002

DOI Website abstract Bib

In order to design an exceptionally efficient mix network, both asymptotically and in real terms, we develop the notion of almost entirely correct mixing, and propose a new mix network that is almost entirely correct. In our new mix, the real cost of proving correctness is orders of magnitude faster than all other mix nets. The trade-off is that our mix only guarantees "almost entirely correct" mixing, i.e it guarantees that the mix network processed correctly all inputs with high (but not overwhelming) probability. We use a new technique for verifying correctness. This new technique consists of computing the product of a random subset of the inputs to a mix server, then require the mix server to produce a subset of the outputs of equal product. Our new mix net is of particular value for electronic voting, where a guarantee of almost entirely correct mixing may well be sufficient to announce instantly the result of a large election. The correctness of the result can later be verified beyond a doubt using any one of a number of much slower proofs of perfect-correctness, without having to mix the ballots again.
@conference{BonehGolle:psp2002, author = {Boneh, Dan and Golle, Philippe}, booktitle = {Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002)}, title = {Almost Entirely Correct Mixing With Application to Voting}, year = {2002}, address = {Washington, DC}, editor = {Atluri, Vijay}, month = nov, organization = {ACM New York, NY, USA}, pages = {68{\textendash}77}, publisher = {ACM New York, NY, USA}, doi = {10.1145/586110.586121}, isbn = {1-58113-612-9}, keywords = {electronic voting}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=586121} }
[664025] AMnet 2.0: An Improved Architecture for Programmable Networks

Fuhrmann, Thomas, Harbaum, Till, Schoeller, Marcus, and Zitterbart, Martina

2002

DOI Website abstract Bib

AMnet 2.0 is an improved architecture for programmable networks that is based on the experiences from the previous implementation of AMnet. This paper gives an overview of the AMnet architecture and Linux-based implementation of this software router. It also discusses the differences to the previous version of AMnet. AMnet 2.0 complements application services with net-centric services in an integrated system that provides the fundamental building blocks both for an active node itself and the operation of a larger set of nodes, including code deployment decisions, service relocation, resource management.
@conference{664025, author = {Fuhrmann, Thomas and Harbaum, Till and Schoeller, Marcus and Zitterbart, Martina}, booktitle = {IWAN {\textquoteright}02: Proceedings of the IFIP-TC6 4th International Working Conference on Active Networks}, title = {AMnet 2.0: An Improved Architecture for Programmable Networks}, year = {2002}, address = {London, UK}, organization = {Springer-Verlag}, pages = {162{\textendash}176}, publisher = {Springer-Verlag}, doi = {10.1007/3-540-36199-5}, isbn = {3-540-00223-5}, keywords = {programmable networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=664025$\#$} }
[RRMPH02-1] Analysis of an Anonymity Network for Web Browsing

Rennhard, Marc, Rafaeli, Sandro, Mathy, Laurent, Plattner, Bernhard, and Hutchison, David

Jun 2002

Website abstract Bib

Various systems offering anonymity for near real-time Internet traffic have been operational. However, they did not deliver many quantitative results about performance, bandwidth overhead, or other issues that arise when implementing or operating such a system. Consequently, the problem of designing and operating these systems in a way that they provide a good balance between usability, protection from attacks, and overhead is not well understood. In this paper, we present the analysis of an anonymity network for web browsing that offers a high level of anonymity against a sophisticated attacker and good end-to-end performance at a reasonable bandwidth overhead. We describe a novel way of operating the system that maximizes the protection from traffic analysis attacks while minimizing the bandwidth overhead. We deliver quantitative results about the performance of our system, which should help to give a better understanding of anonymity networks.
@conference{RRMPH02-1, author = {Rennhard, Marc and Rafaeli, Sandro and Mathy, Laurent and Plattner, Bernhard and Hutchison, David}, booktitle = {Proceedings of the IEEE 7th Intl. Workshop on Enterprise Security (WET ICE 2002)}, title = {Analysis of an Anonymity Network for Web Browsing}, year = {2002}, address = {Pittsburgh, USA}, month = jun, organization = {IEEE Computer Society Washington, DC, USA}, pages = {49{\textendash}54}, publisher = {IEEE Computer Society Washington, DC, USA}, isbn = {0-7695-1748-X}, keywords = {anonymity, anonymous web browsing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=759973} }
[wright02] An Analysis of the Degradation of Anonymous Protocols

Wright, Matthew, Adler, Micah, Levine, Brian Neil, and Shields, Clay

Feb 2002

Website abstract Bib

There have been a number of protocols proposed for anonymous network communication. In this paper we investigate attacks by corrupt group members that degrade the anonymity of each protocol over time. We prove that when a particular initiator continues communication with a particular responder across path reformations, existing protocols are subject to the attack. We use this result to place an upper bound on how long existing protocols, including Crowds, Onion Routing, Hordes, Web Mixes, and DC-Net, can maintain anonymity in the face of the attacks described. Our results show that fully-connected DC-Net is the most resilient to these attacks, but it su#ers from scalability issues that keep anonymity group sizes small. Additionally, we show how violating an assumption of the attack allows malicious users to setup other participants to falsely appear to be the initiator of a connection.
@conference{wright02, author = {Wright, Matthew and Adler, Micah and Levine, Brian Neil and Shields, Clay}, booktitle = {Proceedings of the Network and Distributed Security Symposium - NDSS {\textquoteright}02}, title = {An Analysis of the Degradation of Anonymous Protocols}, year = {2002}, month = feb, organization = {IEEE}, publisher = {IEEE}, keywords = {anonymity, Crowds, dining cryptographers, Hordes, onion routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.3.9435} }

[Serjantov02anonymizingcensorship] Anonymizing Censorship Resistant Systems

Serjantov, Andrei

2002

In this paper we propose a new Peer-to-Peer architecture for a censorship resistant system with user, server and active-server document anonymity as well as efficient document retrieval. The retrieval service is layered on top of an existing Peer-to-Peer infrastructure, which should facilitate its implementation

@booklet{Serjantov02anonymizingcensorship,
  title = {Anonymizing Censorship Resistant Systems},
  author = {Serjantov, Andrei},
  year = {2002},
  isbn = {3-540-44179-4},
  owner = {tom},
  pages = {111 - 120},
  publisher = {Springer-Verlag London, UK},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.13.5048\&rep=rep1\&type=pdf},
  volume = {Vol. 2429}
}

[Serj02-iptps] Anonymizing censorship resistant systems

Serjantov, Andrei

03/2002 2002

DOI Website abstract Bib

In this paper we propose a new Peer-to-Peer architecture for a censorship resistant system with user, server and active-server document anonymity as well as efficient document retrieval. The retrieval service is layered on top of an existing Peer-to-Peer infrastructure, which should facilitate its implementation. The key idea is to separate the role of document storers from the machines visible to the users, which makes each individual part of the system less prone to attacks, and therefore to censorship. Indeed, if one server has been pressured into removal, the other server administrators may simply follow the precedent and remove the offending content themselves.
@conference{Serj02-iptps, author = {Serjantov, Andrei}, booktitle = {Proceedings of the 1st International Peer To Peer Systems Workshop (IPTPS 2002)}, title = {Anonymizing censorship resistant systems}, year = {2002}, month = {03/2002}, organization = {Springer-Verlag London, UK}, publisher = {Springer-Verlag London, UK}, doi = {10.1007/3-540-45748-8}, isbn = {978-3-540-44179-3}, keywords = {anonymity, censorship resistance, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=687808} }

[714768] Aspects of AMnet Signaling

Speer, Anke, Schoeller, Marcus, Fuhrmann, Thomas, and Zitterbart, Martina

2002

AMnet provides a framework for flexible and rapid service creation. It is based on Programmable Networking technologies and uses active nodes (AMnodes) within the network for the provision of individual, application-specific services. To this end, these AMnodes execute service modules that are loadable on-demand and enhance the functionality of intermediate systems without the need of long global standardization processes. Placing application-dedicated functionality within the network requires a flexible signaling protocol to discover and announce as well as to establish and maintain the corresponding services. AMnet Signaling was developed for this purpose and will be presented in detail within this paper.

@conference{714768,
  author = {Speer, Anke and Schoeller, Marcus and Fuhrmann, Thomas and Zitterbart, Martina},
  booktitle = {NETWORKING {\textquoteright}02: Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; and Mobile and Wireless Communications},
  title = {Aspects of AMnet Signaling},
  year = {2002},
  address = {London, UK},
  organization = {Springer-Verlag},
  pages = {1214{\textendash}1220},
  publisher = {Springer-Verlag},
  doi = {10.1007/3-540-47906-6},
  isbn = {3-540-43709-6},
  keywords = {multicast, programmable networks},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/4j371710765jg14q/}
}

[beimel-barrier] Breaking the O(n^1/(2k-1)) Barrier for Information-Theoretic Private Information Retrieval

Beimel, Amos, Ishai, Yuval, Kushilevitz, Eyal, and Raymond, Jean-François

2002

Website abstract Bib

Private Information Retrieval (PIR) protocols allow a user to retrieve a data item from a database while hiding the identity of the item being retrieved. Specifically, in information-theoretic, k-server PIR protocols the database is replicated among k servers, and each server learns nothing about the item the user retrieves. The cost of such protocols is measured by the communication complexity of retrieving one out of n bits of data. For any fixed k, the complexity of the best protocols prior to our work was 0(n^\frac12k - 1) (Ambainis, 1997). Since then several methods were developed in an attempt to beat this bound, but all these methods yielded the same asymptotic bound.In this work, this barrier is finally broken and the complexity of information-theoretic k-server PIR is improved to n^0(\frac\log \log kk\log k). The new PIR protocols can also be used to construct k-query binary locally decodable codes of length exp (n^0(\frac\log \log kk\log k)), compared to exp(n^\frac1k - 1) in previous constructions. The improvements presented in this paper apply even for small values of k: the PIR protocols are more efficient than previous ones for every k \geqslant 3, and the locally decodable codes are shorter for every k \geqslant 4.
@conference{beimel-barrier, author = {Beimel, Amos and Ishai, Yuval and Kushilevitz, Eyal and Raymond, Jean-Fran{\c c}ois}, booktitle = {Proceedings of the 43rd IEEE Symposium on Foundations of Computer Science (FOCS)}, title = {Breaking the $O(n^{1/(2k-1)})$ Barrier for Information-Theoretic Private Information Retrieval}, year = {2002}, isbn = {0-7695-1822-2}, keywords = {private information retrieval}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=652187} }
[Mazieres:2002:BSF:571825.571840] Building secure file systems out of Byzantine storage

Mazières, David, and Shasha, Dennis

07/2002 2002

DOI Website abstract Bib

This paper shows how to implement a trusted network file system on an untrusted server. While cryptographic storage techniques exist that allow users to keep data secret from untrusted servers, this work concentrates on the detection of tampering attacks and stale data. Ideally, users of an untrusted storage server would immediately and unconditionally notice any misbehavior on the part of the server. This ideal is unfortunately not achievable. However, we define a notion of data integrity called fork consistency in which, if the server delays just one user from seeing even a single change by another, the two users will never again see one another’s changes—a failure easily detectable with on-line communication. We give a practical protocol for a multi-user network file system called SUNDR, and prove that SUNDR offers fork consistency whether or not the server obeys the protocol.
@conference{Mazieres:2002:BSF:571825.571840, author = {Mazi{\`e}res, David and Shasha, Dennis}, booktitle = {PODC{\textquoteright}02 - Proceedings of the 21st Annual Symposium on Principles of Distributed Computing}, title = {Building secure file systems out of Byzantine storage}, year = {2002}, address = {Monterey, CA, USA}, month = {07/2002}, organization = {ACM}, pages = {108{\textendash}117}, publisher = {ACM}, series = {PODC {\textquoteright}02}, doi = {http://doi.acm.org/10.1145/571825.571840}, isbn = {1-58113-485-1}, keywords = {Byzantine storage, detection, secure file system, stale data, tampering attack, trusted network, untrusted server}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/571825.571840} }
[Oswald02capacity-achievingsequences] Capacity-achieving sequences for the erasure channel

Oswald, Peter, and Shokrollahi, M. Amin

IEEE Trans. Information Theory 12/2002 2002

DOI Website abstract Bib

This paper starts a systematic study of capacity-achieving sequences of low-density paritycheck codes for the erasure channel. We introduce a class A of analytic functions and develop a procedure to obtain degree distributions for the codes. We showvarious properties of this class which will help us construct new distributions from old ones. We then study certain types of capacity-achieving sequences and introduce new measures for their optimality. For instance, it turns out that the right-regular sequence is capacity-achieving in a much stronger sense than, e.g., the Tornado sequence. This also explains why numerical optimization techniques tend to favor graphs with only one degree of check nodes. Using our methods, we attack the problem of reducing the fraction of degree 2 variable nodes, which has important practical implications. It turns out that one can produce capacity achieving sequences for which this fraction remains below any constant, albeit at the price of slower convergence to capacity.
@article{Oswald02capacity-achievingsequences, author = {Oswald, Peter and Shokrollahi, M. Amin}, journal = {IEEE Trans. Information Theory}, title = {Capacity-achieving sequences for the erasure channel}, year = {2002}, issn = {0018-9448}, month = {12/2002}, pages = {3017{\textendash}3028}, volume = {48}, doi = {10.1109/TIT.2002.805067}, keywords = {coding theory, low-density parity-check}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.6722} }
[cebolla] Cebolla: Pragmatic IP Anonymity

Brown, Zach

Jun 2002

Website abstract Bib

Cebolla is an intersection of cryptographic mix networks and the environment of the public Internet. Most of the history of cryptographic mix networks lies in academic attempts to provide anonymity of various sorts to the users of the network. While based on strong cryptographic principles, most attempts have failed to address properties of the public network and the reasonable expectations of most of its users. Cebolla attempts to address this gulf between the interesting research aspects of IP level anonymity and the operational expectations of most uses of the IP network.
@conference{cebolla, author = {Brown, Zach}, booktitle = {Proceedings of the 2002 Ottawa Linux Symposium}, title = {Cebolla: Pragmatic IP Anonymity}, year = {2002}, month = jun, keywords = {anonymity, cryptography}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.linuxinsight.com/ols2002_cebolla_pragmatic_ip_anonymity.html} }
[Fiat02censorshipresistant] Censorship Resistant Peer-to-Peer Content Addressable Networks

Fiat, Amos, and Saia, Jared

2002

Website abstract Bib

We present a censorship resistant peer-to-peer network for accessing n data items in a network of n nodes. Each search for a data item in the network takes O(log n) time and requires at most O(log2n) messages. Our network is censorship resistant in the sense that even after adversarial removal of an arbitrarily large constant fraction of the nodes in the network, all but an arbitrarily small fraction of the remaining nodes can obtain all but an arbitrarily small fraction of the original data items. The network can be created in a fully distributed fashion. It requires only O(log n) memory in each node. We also give a variant of our scheme that has the property that it is highly spam resistant: an adversary can take over complete control of a constant fraction of the nodes in the network and yet will still be unable to generate spam.
@booklet{Fiat02censorshipresistant, title = {Censorship Resistant Peer-to-Peer Content Addressable Networks}, author = {Fiat, Amos and Saia, Jared}, year = {2002}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.16.4761\&rep=rep1\&type=pdf} }
[chaffinch] Chaffinch: Confidentiality in the Face of Legal Threats

Clayton, Richard, and Danezis, George

Oct 2002

DOI Website abstract Bib

We present the design and rationale of a practical system for passing confidential messages. The mechanism is an adaptation of Rivest’s “chaffing and winnowing”, which has the legal advantage of using authentication keys to provide privacy.We identify a weakness in Rivest’s particular choice of his “package transform” as an “all-or-nothing” element within his scheme. We extend the basic system to allow the passing of several messages concurrently. Only some of these messages need be divulged under legal duress, the other messages will be plausibly deniable. We show how this system may have some resilience to the type of legal attack inherent in the UK’s Regulation of Investigatory Powers (RIP) Act.
@conference{chaffinch, author = {Clayton, Richard and Danezis, George}, booktitle = {Proceedings of Information Hiding Workshop (IH 2002)}, title = {Chaffinch: Confidentiality in the Face of Legal Threats}, year = {2002}, editor = {Petitcolas, Fabien}, month = oct, organization = {Springer-Verlag, LNCS 2578}, publisher = {Springer-Verlag, LNCS 2578}, doi = {10.1007/3-540-36415-3}, keywords = {legal attack, RIP}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=647598.732024} }

[511496] Choosing reputable servents in a P2P network

Cornelli, Fabrizio, Damiani, Ernesto, Vimercati, Sabrina De Capitani, Paraboschi, Stefano, and Samarati, Pierangela

2002

@conference{511496,
  author = {Cornelli, Fabrizio and Damiani, Ernesto and di Vimercati, Sabrina De Capitani and Paraboschi, Stefano and Samarati, Pierangela},
  booktitle = {WWW {\textquoteright}02: Proceedings of the 11th international conference on World Wide Web},
  title = {Choosing reputable servents in a P2P network},
  year = {2002},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {376{\textendash}386},
  publisher = {ACM},
  doi = {10.1145/511446.511496},
  isbn = {1-58113-449-5},
  keywords = {credibility, polling protocol, reputation},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=511496$\#$}
}

[571638] COCA: A secure distributed online certification authority

Zhou, Lidong, Schneider, Fred B., and Renesse, Robbert Van

ACM Trans. Comput. Syst. 2002

DOI Website abstract Bib

COCA is a fault-tolerant and secure online certification authority that has been built and deployed both in a local area network and in the Internet. Extremely weak assumptions characterize environments in which COCA’s protocols execute correctly: no assumption is made about execution speed and message delivery delays; channels are expected to exhibit only intermittent reliability; and with 3t + 1 COCA servers up to t may be faulty or compromised. COCA is the first system to integrate a Byzantine quorum system (used to achieve availability) with proactive recovery (used to defend against mobile adversaries which attack, compromise, and control one replica for a limited period of time before moving on to another). In addition to tackling problems associated with combining fault-tolerance and security, new proactive recovery protocols had to be developed. Experimental results give a quantitative evaluation for the cost and effectiveness of the protocols.
@article{571638, author = {Zhou, Lidong and Schneider, Fred B. and Renesse, Robbert Van}, journal = {ACM Trans. Comput. Syst.}, title = {COCA: A secure distributed online certification authority}, year = {2002}, issn = {0734-2071}, number = {4}, pages = {329{\textendash}368}, volume = {20}, address = {New York, NY, USA}, doi = {10.1145/571637.571638}, keywords = {byzantine fault tolerance, certification authority, denial-of-service, proactive secret-sharing, public key cryptography, threshold cryptography}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=571638$\#$} }

[Harren:2002:CQD:646334.687945] Complex Queries in DHT-based Peer-to-Peer Networks

Harren, Matthew, Hellerstein, Joseph M., Huebsch, Ryan, Loo, Boon Thau, Shenker, S, and Stoica, Ion

03/2002 2002

Recently a new generation of P2P systems, offering distributed hash table (DHT) functionality, have been proposed. These systems greatly improve the scalability and exact-match accuracy of P2P systems, but offer only the exact-match query facility. This paper outlines a research agenda for building complex query facilities on top of these DHT-based P2P systems. We describe the issues involved and outline our research plan and current status.

@conference{Harren:2002:CQD:646334.687945,
  author = {Harren, Matthew and Hellerstein, Joseph M. and Huebsch, Ryan and Loo, Boon Thau and Shenker, S and Stoica, Ion},
  booktitle = {IPTPS{\textquoteright}01 - Revised Papers from the First International Workshop on Peer-to-Peer Systems},
  title = {Complex Queries in DHT-based Peer-to-Peer Networks},
  year = {2002},
  address = {Cambridge, MA, USA},
  month = {03/2002},
  organization = {Springer-Verlag},
  pages = {242{\textendash}259},
  publisher = {Springer-Verlag},
  series = {IPTPS {\textquoteright}01},
  isbn = {3-540-44179-4},
  keywords = {distributed hash table},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=646334.687945}
}

[Mui:2002:CMT:820745.821158] A Computational Model of Trust and Reputation

Mui, Lik, Mohtashemi, Mojdeh, and Halberstadt, Ari

01/2002 2002

DOI Website abstract Bib

Despite their many advantages, e-businesses lag behind brick and mortar businesses in several fundamental respects. This paper concerns one of these: relationships based on trust and reputation. Recent studies on simple reputation systems for e-Businesses such as eBay have pointed to the importance of such rating systems for deterring moral hazard and encouraging trusting interactions. However, despite numerous studies on trust and reputation systems, few have taken studies across disciplines to provide an integrated account of these concepts and their relationships. This paper first surveys existing literatures on trust, reputation and a related concept: reciprocity. Based on sociological and biological understandings of these concepts, a computational model is proposed. This model can be implemented in a real system to consistently calculate agents’ trust and reputation scores.
@conference{Mui:2002:CMT:820745.821158, author = {Mui, Lik and Mohtashemi, Mojdeh and Halberstadt, Ari}, booktitle = {HICSS{\textquoteright}02. Proceedings of the 35th Annual Hawaii International Conference on System Sciences}, title = {A Computational Model of Trust and Reputation}, year = {2002}, address = {Big Island, Hawaii, USA}, month = {01/2002}, organization = {IEEE Computer Society}, pages = {2431 - 2439}, publisher = {IEEE Computer Society}, series = {HICSS {\textquoteright}02}, doi = {http://dx.doi.org/10.1109/HICSS.2002.994181}, isbn = {0-7695-1435-9}, keywords = {e-business, moral hazard, reciprocity, reputation, trust}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=820745.821158} }
[Elnikety2002] Cooperative Backup System

Elnikety, Sameh, Lillibridge, Mark, Burrows, Mike, and Zwaenepoel, Willy

2002

abstract Bib

This paper presents the design of a novel backup system built on top of a peer-to-peer architecture with minimal supporting infrastructure. The system can be deployed for both large-scale and small-scale peer-to-peer overlay networks. It allows computers connected to the Internet to back up their data cooperatively. Each computer has a set of partner computers and stores its backup data distributively among those partners. In return, such a way as to achieve both fault-tolerance and high reliability. This form of cooperation poses several interesting technical challenges because these computers have independent failure modes, do not trust each other, and are subject to third party attacks.
@conference{Elnikety2002, author = {Elnikety, Sameh and Lillibridge, Mark and Burrows, Mike and Zwaenepoel, Willy}, booktitle = {In The USENIX Conf. on File and Storage Technologies}, title = {Cooperative Backup System}, year = {2002}, owner = {tom}, timestamp = {2017-10-10} }
[715916] CPCMS: A Configuration Management System Based on Cryptographic Names

Shapiro, Jonathan S., and Vanderburgh, John

2002

Website abstract Bib

CPCMS, the Cryptographically Protected Configuration Management System is a new configuration management system that provides scalability, disconnected commits, and fine-grain access controls. It addresses the novel problems raised by modern open-source development practices, in which projects routinely span traditional organizational boundaries and can involve thousands of participants. CPCMS provides for simultaneous public and private lines of development, with post hoc "publication" of private branches.
@conference{715916, author = {Shapiro, Jonathan S. and Vanderburgh, John}, booktitle = {Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference}, title = {CPCMS: A Configuration Management System Based on Cryptographic Names}, year = {2002}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {207{\textendash}220}, publisher = {USENIX Association}, isbn = {1-880446-01-4}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=715916$\#$} }
[idemix] Design and implementation of the idemix anonymous credential system

Camenisch, Jan, and Herreweghen, Els Van

2002

DOI Website abstract Bib

Anonymous credential systems [8, 9, 12, 24] allow anonymous yet authenticated and accountable transactions between users and service providers. As such, they represent a powerful technique for protecting users’ privacy when conducting Internet transactions. In this paper, we describe the design and implementation of an anonymous credential system based on the protocols developed by [6]. The system is based on new high-level primitives and interfaces allowing for easy integration into access control systems. The prototype was realized in Java. We demonstrate its use and some deployment issues with the description of an operational demonstration scenario.
@conference{idemix, author = {Camenisch, Jan and Herreweghen, Els Van}, booktitle = {Proceedings of the 9th ACM conference on Computer and communications security (CCS 2002)}, title = {Design and implementation of the idemix anonymous credential system}, year = {2002}, address = {New York, NY, USA}, organization = {ACM Press}, pages = {21{\textendash}30}, publisher = {ACM Press}, doi = {http://doi.acm.org/10.1145/586110.586114}, isbn = {1-58113-612-9}, keywords = {anonymity, anonymous credential system}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=586114} }
[713855] Design Evolution of the EROS Single-Level Store

Shapiro, Jonathan S., and Adams, Jonathan

2002

Website abstract Bib

File systems have (at least) two undesirable characteristics: both the addressing model and the consistency semantics differ from those of memory, leading to a change in programming model at the storage boundary. Main memory is a single flat space of pages with a simple durability (persistence) model: all or nothing. File content durability is a complex function of implementation, caching, and timing. Memory is globally consistent. File systems offer no global consistency model. Following a crash recovery, individual files may be lost or damaged, or may be collectively inconsistent even though they are individually sound.
@conference{713855, author = {Shapiro, Jonathan S. and Adams, Jonathan}, booktitle = {ATEC {\textquoteright}02: Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference}, title = {Design Evolution of the EROS Single-Level Store}, year = {2002}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {59{\textendash}72}, publisher = {USENIX Association}, isbn = {1-880446-00-6}, keywords = {file systems}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=713855$\#$} }
[Rubenstein:2000:DSC:345063.339410] Detecting shared congestion of flows via end-to-end measurement

Rubenstein, Dan, Kurose, Jim, and Towsley, Don

IEEE/ACM Transactions on Networking 06/2002 2002

DOI Website abstract Bib

Current Internet congestion control protocols operate independently on a per-flow basis. Recent work has demonstrated that cooperative congestion control strategies between flows can improve performance for a variety of applications, ranging from aggregated TCP transmissions to multiple-sender multicast applications. However, in order for this cooperation to be effective, one must first identify the flows that are congested at the same set of resources. We present techniques based on loss or delay observations at end hosts to infer whether or not two flows experiencing congestion are congested at the same network resources. Our novel result is that such detection can be achieved for unicast flows, but the techniques can also be applied to multicast flows. We validate these techniques via queueing analysis, simulation and experimentation within the Internet. In addition, we demonstrate preliminary simulation results that show that the delay-based technique can determine whether two TCP flows are congested at the same set of resources. We also propose metrics that can be used as a measure of the amount of congestion sharing between two flows
@article{Rubenstein:2000:DSC:345063.339410, author = {Rubenstein, Dan and Kurose, Jim and Towsley, Don}, journal = {IEEE/ACM Transactions on Networking}, title = {Detecting shared congestion of flows via end-to-end measurement}, year = {2002}, issn = {1063-6692}, month = {06/2002}, pages = {381-395}, volume = {10}, address = {New York, NY, USA}, doi = {http://dx.doi.org/10.1109/TNET.2002.1012369}, keywords = {end-to-end measurement, flow, internet congestion protocols, per-flow, shared congestion}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/TNET.2002.1012369} }

[Feigenbaum:2002:DAM:570810.570812] Distributed algorithmic mechanism design: recent results and future directions

Feigenbaum, Joan, and Shenker, S

09/2002 2002

Distributed Algorithmic Mechanism Design (DAMD) combines theoretical computer science’s traditional focus on computational tractability with its more recent interest in incentive compatibility and distributed computing. The Internet’s decentralized nature, in which distributed computation and autonomous agents prevail, makes DAMD a very natural approach for many Internet problems. This paper first outlines the basics of DAMD and then reviews previous DAMD results on multicast cost sharing and interdomain routing. The remainder of the paper describes several promising research directions and poses some specific open problems.

@conference{Feigenbaum:2002:DAM:570810.570812,
  author = {Feigenbaum, Joan and Shenker, S},
  booktitle = {DIALM{\textquoteright}06. Proceedings of the 6th international workshop on Discrete algorithms and methods for mobile computing and communications},
  title = {Distributed algorithmic mechanism design: recent results and future directions},
  year = {2002},
  address = {Atlanta, Georgia},
  month = {09/2002},
  organization = {ACM},
  pages = {1{\textendash}13},
  publisher = {ACM},
  series = {DIALM {\textquoteright}02},
  doi = {http://doi.acm.org/10.1145/570810.570812},
  isbn = {1-58113-587-4},
  keywords = {algorithmic mechanism design, algorithms, distributed computation, multicast, routing},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://jmvidal.cse.sc.edu/library/feigenbaum02a.pdf}
}

[Hildrum:CSD-02-1178] Distributed Data Location in a Dynamic Network

Hildrum, Kirsten, Kubiatowicz, John, Rao, Satish, and Zhao, Ben Y.

Apr 2002

Website abstract Bib

Modern networking applications replicate data and services widely, leading to a need for location-independent routing – the ability to route queries directly to objects using names that are independent of the objects’ physical locations. Two important properties of a routing infrastructure are routing locality and rapid adaptation to arriving and departing nodes. We show how these two properties can be achieved with an efficient solution to the nearest-neighbor problem. We present a new distributed algorithm that can solve the nearest-neighbor problem for a restricted metric space. We describe our solution in the context of Tapestry, an overlay network infrastructure that employs techniques proposed by Plaxton, Rajaraman, and Richa.
@booklet{Hildrum:CSD-02-1178, title = {Distributed Data Location in a Dynamic Network}, author = {Hildrum, Kirsten and Kubiatowicz, John and Rao, Satish and Zhao, Ben Y.}, month = apr, year = {2002}, number = {UCB/CSD-02-1178}, owner = {tom}, publisher = {EECS Department, University of California, Berkeley}, timestamp = {2017-10-10}, url = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2002/5214.html} }

[wagner] Don’t Shoot the Messenger: Limiting the Liability of Anonymous Remailers

Wagner, Robyn

New Mexico Law Review 2002

I will close the remailer for the time being because the legal issues concerning the Internet in Finland are yet undefined. The legal protection of the users needs to be clarified. At the moment the privacy of Internet messages is judicially unclearI have also personally been a target because of the remailer. Unjustified accusations affect both my job and my private life.

@article{wagner,
  author = {Wagner, Robyn},
  journal = {New Mexico Law Review},
  title = {Don{\textquoteright}t Shoot the Messenger: Limiting the Liability of Anonymous Remailers},
  year = {2002},
  number = {Winter},
  pages = {99{\textendash}142},
  volume = {32},
  keywords = {privacy},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {https://litigation-essentials.lexisnexis.com/webcd/app?action=DocumentDisplay\&crawlid=1\&doctype=cite\&docid=32+N.M.L.+Rev.+99\&srctype=smi\&srcid=3B15\&key=008c465fa13eb62c9370e4baa5eea0e5}
}

[langos02] Dummy Traffic Against Long Term Intersection Attacks

Berthold, Oliver, and Langos, Heinrich

Apr 2002

DOI Website abstract Bib

In this paper we propose a method to prevent so called “intersection attacks” on anonymity services. Intersection attacks are possible if not all users of such a service are active all the time and part of the transfered messages are linkable. Especially in real systems, the group of users (anonymity set) will change over time due to online and off-line periods. Our proposed solution is to send pregenerated dummy messages to the communication partner (e.g. the web server), during the user’s off-line periods. For a detailed description of our method we assume a cascade of Chaumian MIXes as anonymity service and respect and fulfill the MIX attacker model.
@conference{langos02, author = {Berthold, Oliver and Langos, Heinrich}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2002)}, title = {Dummy Traffic Against Long Term Intersection Attacks}, year = {2002}, editor = {Dingledine, Roger and Syverson, Paul}, month = apr, organization = {Springer-Verlag, LNCS 2482}, publisher = {Springer-Verlag, LNCS 2482}, doi = {10.1007/3-540-36467-6}, isbn = {978-3-540-00565-0}, keywords = {anonymity service, intersection attacks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/66ybualwu5hmh563/} }
[camenisch2002da] Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials

Camenisch, Jan, and Lysyanskaya, Anna

2002

DOI Website abstract Bib

We introduce the notion of a dynamic accumulator. An accumulator scheme allows one to hash a large set of inputs into one short value, such that there is a short proof that a given input was incorporated into this value. A dynamic accumulator allows one to dynamically add and delete a value, such that the cost of an add or delete is independent of the number of accumulated values. We provide a construction of a dynamic accumulator and an efficient zero-knowledge proof of knowledge of an accumulated value. We prove their security under the strong RSA assumption. We then show that our construction of dynamic accumulators enables efficient revocation of anonymous credentials, and membership revocation for recent group signature and identity escrow schemes.
@conference{camenisch2002da, author = {Camenisch, Jan and Lysyanskaya, Anna}, booktitle = {Proceedings of CRYPTO 2002}, title = {Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials}, year = {2002}, organization = {Springer Verlag, LNCS 2442}, pages = {61{\textendash}76}, publisher = {Springer Verlag, LNCS 2442}, doi = {10.1007/3-540-45708-9}, isbn = {978-3-540-44050-5}, keywords = {anonymity, certificate revocation, credentials, dynamic accumulators, group signatures, identity escrow}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=704437} }
[Saia02dynamicallyfault-tolerant] Dynamically Fault-Tolerant Content Addressable Networks

Saia, Jared, Fiat, Amos, Gribble, Steven D., Karlin, Anna R., and Saroiu, Stefan

2002

DOI Website abstract Bib

We describe a content addressable network which is robust in the face of massive adversarial attacks and in a highly dynamic environment. Our network is robust in the sense that at any time, an arbitrarily large fraction of the peers can reach an arbitrarily large fraction of the data items. The network can be created and maintained in a completely distributed fashion.
@booklet{Saia02dynamicallyfault-tolerant, title = {Dynamically Fault-Tolerant Content Addressable Networks}, author = {Saia, Jared and Fiat, Amos and Gribble, Steven D. and Karlin, Anna R. and Saroiu, Stefan}, year = {2002}, doi = {10.1007/3-540-45748-8}, keywords = {fault-tolerance, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/r7fumjuwmgnd4md1/} }
[605408] Energy-efficient computing for wildlife tracking: design tradeoffs and early experiences with ZebraNet

Juang, Philo, Oki, Hidekazu, Wang, Yong, Martonosi, Margaret, Peh, Li Shiuan, and Rubenstein, Daniel

SIGARCH Comput. Archit. News 2002

DOI Website abstract Bib

Over the past decade, mobile computing and wireless communication have become increasingly important drivers of many new computing applications. The field of wireless sensor networks particularly focuses on applications involving autonomous use of compute, sensing, and wireless communication devices for both scientific and commercial purposes. This paper examines the research decisions and design tradeoffs that arise when applying wireless peer-to-peer networking techniques in a mobile sensor network designed to support wildlife tracking for biology research.The ZebraNet system includes custom tracking collars (nodes) carried by animals under study across a large, wild area; the collars operate as a peer-to-peer network to deliver logged data back to researchers. The collars include global positioning system (GPS), Flash memory, wireless transceivers, and a small CPU; essentially each node is a small, wireless computing device. Since there is no cellular service or broadcast communication covering the region where animals are studied, ad hoc, peer-to-peer routing is needed. Although numerous ad hoc protocols exist, additional challenges arise because the researchers themselves are mobile and thus there is no fixed base station towards which to aim data. Overall, our goal is to use the least energy, storage, and other resources necessary to maintain a reliable system with a very high ‘data homing’ success rate. We plan to deploy a 30-node ZebraNet system at the Mpala Research Centre in central Kenya. More broadly, we believe that the domain-centric protocols and energy tradeoffs presented here for ZebraNet will have general applicability in other wireless and sensor applications.
@article{605408, author = {Juang, Philo and Oki, Hidekazu and Wang, Yong and Martonosi, Margaret and Peh, Li Shiuan and Rubenstein, Daniel}, journal = {SIGARCH Comput. Archit. News}, title = {Energy-efficient computing for wildlife tracking: design tradeoffs and early experiences with ZebraNet}, year = {2002}, issn = {0163-5964}, number = {5}, pages = {96{\textendash}107}, volume = {30}, address = {New York, NY, USA}, doi = {10.1145/635506.605408}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=635506.605408$\#$} }
[687814] Erasure Coding Vs. Replication: A Quantitative Comparison

Weatherspoon, Hakim, and Kubiatowicz, John

2002

DOI Website abstract Bib

Peer-to-peer systems are positioned to take advantage of gains in network bandwidth, storage capacity, and computational resources to provide long-term durable storage infrastructures. In this paper, we quantitatively compare building a distributed storage infrastructure that is self-repairing and resilient to faults using either a replicated system or an erasure-resilient system. We show that systems employing erasure codes have mean time to failures many orders of magnitude higher than replicated systems with similar storage and bandwidth requirements. More importantly, erasure-resilient systems use an order of magnitude less bandwidth and storage to provide similar system durability as replicated systems.
@conference{687814, author = {Weatherspoon, Hakim and Kubiatowicz, John}, booktitle = {IPTPS {\textquoteright}01: Revised Papers from the First International Workshop on Peer-to-Peer Systems}, title = {Erasure Coding Vs. Replication: A Quantitative Comparison}, year = {2002}, address = {London, UK}, organization = {Springer-Verlag}, pages = {328{\textendash}338}, publisher = {Springer-Verlag}, doi = {10.1007/3-540-45748-8}, isbn = {3-540-44179-4}, keywords = {distributed storage, erasure coding, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/e1kmcf729e6updgm/} }

[citeulike:1360149] Experiences Deploying a Large-Scale Emergent Network

O’Hearn, Bryce W.

2002

@booklet{citeulike:1360149,
  title = {Experiences Deploying a Large-Scale Emergent Network},
  author = {O{\textquoteright}Hearn, Bryce W.},
  year = {2002},
  isbn = {3-540-44179-4},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.9607}
}

[Castro2002] Exploiting network proximity in distributed hash tables

Castro, Miguel, Druschel, Peter, and Hu, Y. Charlie

2002

Website abstract Bib

Self-organizing peer-to-peer (p2p) overlay networks like CAN, Chord, Pastry and Tapestry (also called distributed hash tables or DHTs) offer a novel platform for a variety of scalable and decentralized distributed applications. These systems provide efficient and fault-tolerant routing, object location, and load balancing within a self-organizing overlay network. One important aspect of these systems is how they exploit network proximity in the underlying Internet. Three basic approaches have been proposed to exploit network proximity in DHTs, geographic layout, proximity routing and proximity neighbour selection. In this position paper, we briefly discuss the three approaches, contrast their strengths and shortcomings, and consider their applicability in the different DHT routing protocols. We conclude that proximity neighbor selection, when used in DHTs with prefixbased routing like Pastry and Tapestry, is highly effective and appears to dominate the other approaches.
@conference{Castro2002, author = {Castro, Miguel and Druschel, Peter and Hu, Y. Charlie}, booktitle = {in International Workshop on Future Directions in Distributed Computing (FuDiCo}, title = {Exploiting network proximity in distributed hash tables}, year = {2002}, pages = {52{\textendash}55}, keywords = {CAN, distributed hash table, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.126.3062} }
[Castro2002a] Exploiting network proximity in peer-to-peer overlay networks

Castro, Miguel, Druschel, Peter, Hu, Y. Charlie, and Rowstron, Antony

2002

Website abstract Bib

The authors give an overview over various ways to use proximity information to optimize routing in peer-to-peer networks. Their study focuses on Pastry and describe in detail the protocols that are used in Pastry to build routing tables with neighbours that are close in terms of the underlying network. They give some analytical and extensive experimental evidence that the protocols are effective in reducing the length of the routing-path in terms of the link-to-link latency that their implementation uses to measure distance.
@booklet{Castro2002a, title = {Exploiting network proximity in peer-to-peer overlay networks}, author = {Castro, Miguel and Druschel, Peter and Hu, Y. Charlie and Rowstron, Antony}, year = {2002}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.research.microsoft.com/~antr/PAST/location.ps} }
[Adya:2002:FFA:844128.844130] FARSITE: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment

Adya, Atul, Bolosky, William J., Castro, Miguel, Cermak, Gerald, Chaiken, Ronnie, Douceur, John R., Howell, Jon, Lorch, Jacob R., Theimer, Marvin, and Wattenhofer, Roger

ACM SIGOPS Operating Systems Review 12/2002 2002

DOI Website abstract Bib

Farsite is a secure, scalable file system that logically functions as a centralized file server but is physically distributed among a set of untrusted computers. Farsite provides file availability and reliability through randomized replicated storage; it ensures the secrecy of file contents with cryptographic techniques; it maintains the integrity of file and directory data with a Byzantine-fault-tolerant protocol; it is designed to be scalable by using a distributed hint mechanism and delegation certificates for pathname translations; and it achieves good performance by locally caching file data, lazily propagating file updates, and varying the duration and granularity of content leases. We report on the design of Farsite and the lessons we have learned by implementing much of that design.
@article{Adya:2002:FFA:844128.844130, author = {Adya, Atul and Bolosky, William J. and Castro, Miguel and Cermak, Gerald and Chaiken, Ronnie and Douceur, John R. and Howell, Jon and Lorch, Jacob R. and Theimer, Marvin and Wattenhofer, Roger}, journal = {ACM SIGOPS Operating Systems Review}, title = {FARSITE: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment}, year = {2002}, issn = {0163-5980}, month = {12/2002}, pages = {1{\textendash}14}, volume = {36}, address = {New York, NY, USA}, doi = {http://doi.acm.org/10.1145/844128.844130}, keywords = {centralized file server, farsite, file system, randomized replicaed storage}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/844128.844130} }
[Fu:2002:FSD:505452.505453] Fast and secure distributed read-only file system

Fu, Kevin, Kaashoek, Frans M., and Mazières, David

10/2000 2002

DOI Website abstract Bib

Internet users increasingly rely on publicly available data for everything from software installation to investment decisions. Unfortunately, the vast majority of public content on the Internet comes with no integrity or authenticity guarantees. This paper presents the self-certifying read-only file system, a content distribution system providing secure, scalable access to public, read-only data. The read-only file system makes the security of published content independent from that of the distribution infrastructure. In a secure area (perhaps off-line), a publisher creates a digitally-signed database out of a file system’s contents. The publisher then replicates the database on untrusted content-distribution servers, allowing for high availability. The read-only file system protocol furthermore pushes the cryptographic cost of content verification entirely onto clients, allowing servers to scale to a large number of clients. Measurements of an implementation show that an individual server running on a 550 Mhz Pentium III with FreeBSD can support 1,012 connections per second and 300 concurrent clients compiling a large software package.
@conference{Fu:2002:FSD:505452.505453, author = {Fu, Kevin and Kaashoek, Frans M. and Mazi{\`e}res, David}, booktitle = {OSDI 2000 - Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation}, title = {Fast and secure distributed read-only file system}, year = {2002}, address = {San Diego, CA, USA}, month = {10/2000}, organization = {ACM}, pages = {1{\textendash}24}, publisher = {ACM}, volume = {20}, doi = {http://doi.acm.org/10.1145/505452.505453}, issn = {0734-2071}, keywords = {file systems, read-only, security}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/505452.505453} }

[hintz02] Fingerprinting Websites Using Traffic Analysis

Hintz, Andrew

Apr 2002

I present a traffic analysis based vulnerability in Safe Web, an encrypting web proxy. This vulnerability allows someone monitoring the traffic of a Safe Web user to determine if the user is visiting certain websites. I also describe a successful implementation of the attack. Finally, I discuss methods for improving the attack and for defending against the attack.

@conference{hintz02,
  author = {Hintz, Andrew},
  booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2002)},
  title = {Fingerprinting Websites Using Traffic Analysis},
  year = {2002},
  editor = {Dingledine, Roger and Syverson, Paul},
  month = apr,
  organization = {Springer-Verlag, LNCS 2482},
  publisher = {Springer-Verlag, LNCS 2482},
  doi = {10.1007/3-540-36467-6},
  isbn = {978-3-540-00565-0},
  keywords = {traffic analysis, vulnerability},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/c4qwe6d608p2cjyv/}
}

[Di2002] Finite-length analysis of low-density parity-check codes on the binary erasure channel

Di, Changyan, Proietti, David, Telatar, I. Emre, Richardson, Thomas J., and Urbanke, Rüdiger L.

01/2002 2002

DOI Website abstract Bib

In this paper, we are concerned with the finite-length analysis of low-density parity-check (LDPC) codes when used over the binary erasure channel (BEC). The main result is an expression for the exact average bit and block erasure probability for a given regular ensemble of LDPC codes when decoded iteratively. We also give expressions for upper bounds on the average bit and block erasure probability for regular LDPC ensembles and the standard random ensemble under maximum-likelihood (ML) decoding. Finally, we present what we consider to be the most important open problems in this area
@conference{Di2002, author = {Di, Changyan and Proietti, David and Telatar, I. Emre and Richardson, Thomas J. and Urbanke, R{\"u}diger L.}, title = {Finite-length analysis of low-density parity-check codes on the binary erasure channel}, year = {2002}, month = {01/2002}, doi = {10.1109/TIT.2002.1003839}, keywords = {BEC, coding theory, low-density parity-check, maximum-likelihood}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1003839} }
[Dan:SFMix03] Forward Secure Mixes

Danezis, George

Nov 2002

Website abstract Bib

New threats such as compulsion to reveal logs, secret and private keys as well as to decrypt material are studied in the context of the security of mix networks. After a comparison of this new threat model with the traditional one, a new construction is introduced, the fs-mix, that minimizes the impact that such powers have on the security of the network, by using forward secure communication channels and key updating operation inside the mixes. A discussion about the forward security of these new proposals and some extensions is included.
@conference{Dan:SFMix03, author = {Danezis, George}, booktitle = {Proceedings of 7th Nordic Workshop on Secure IT Systems}, title = {Forward Secure Mixes}, year = {2002}, address = {Karlstad, Sweden}, editor = {Fisher-Hubner, Jonsson}, month = nov, pages = {195{\textendash}207}, keywords = {anonymity, forward security, mix, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseer.ist.psu.edu/533725.html} }
[trickle02] From a Trickle to a Flood: Active Attacks on Several Mix Types

Serjantov, Andrei, Dingledine, Roger, and Syverson, Paul

Oct 2002

DOI Website abstract Bib

The literature contains a variety of different mixes, some of which have been used in deployed anonymity systems. We explore their anonymity and message delay properties, and show how to mount active attacks against them by altering the traffic between the mixes. We show that if certain mixes are used, such attacks cannot destroy the anonymity of a particular message completely. We work out the cost of these attacks in terms of the number of messages the attacker must insert into the network and the time he must spend. We discuss advantages and disadvantages of these mixes and the settings in which their use is appropriate. Finally, we look at dummy traffic and SG mixes as other promising ways of protecting against the attacks, point out potential weaknesses in existing designs, and suggest improvements.
@conference{trickle02, author = {Serjantov, Andrei and Dingledine, Roger and Syverson, Paul}, booktitle = {Proceedings of Information Hiding Workshop (IH 2002)}, title = {From a Trickle to a Flood: Active Attacks on Several Mix Types}, year = {2002}, editor = {Petitcolas, Fabien}, month = oct, organization = {Springer-Verlag, LNCS 2578}, publisher = {Springer-Verlag, LNCS 2578}, doi = {10.1007/3-540-36415-3}, isbn = {978-3-540-00421-9}, keywords = {anonymity, attack}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/um0kf3dp88b0eg5v/} }
[Levine:2002] Hordes –- A Multicast Based Protocol for Anonymity

Levine, Brian Neil, and Shields, Clay

Journal of Computer Security 2002

Website abstract Bib

With widespread acceptance of the Internet as a public medium for communication and information retrieval, there has been rising concern that the personal privacy of users can be eroded by cooperating network entities. A technical solution to maintaining privacy is to provide anonymity. We present a protocol for initiator anonymity called Hordes, which uses forwarding mechanisms similar to those used in previous protocols for sending data, but is the first protocol to make use of multicast routing to anonymously receive data. We show this results in shorter transmission latencies and requires less work of the protocol participants, in terms of the messages processed. We also present a comparison of the security and anonymity of Hordes with previous protocols, using the first quantitative definition of anonymity and unlinkability.
@article{Levine:2002, author = {Levine, Brian Neil and Shields, Clay}, journal = {Journal of Computer Security}, title = {Hordes {\textendash}- A Multicast Based Protocol for Anonymity}, year = {2002}, issn = {0926-227X}, number = {3}, pages = {213{\textendash}240}, volume = {10}, keywords = {anonymity, Hordes, multicast, routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=603406} }

[DBLP:conf/eurocrypt/RussellW02] How to Fool an Unbounded Adversary with a Short Key

Russell, Alexander, and Wang, Hong

2002

Bib

@conference{DBLP:conf/eurocrypt/RussellW02,
  author = {Russell, Alexander and Wang, Hong},
  title = {How to Fool an Unbounded Adversary with a Short Key},
  year = {2002},
  pages = {133{\textendash}148},
  owner = {tom},
  timestamp = {2017-10-10}
}

[873217] Improving Data Availability through Dynamic Model-Driven Replication in Large Peer-to-Peer Communities

Ranganathan, Kavitha, Iamnitchi, Adriana, and Foster, Ian

2002

Website abstract Bib

Efficient data sharing in global peer-to-peer systems is complicated by erratic node failure, unreliable networkconnectivity and limited bandwidth.Replicating data onmultiple nodes can improve availability and response time.Yet determining when and where to replicate data in orderto meet performance goals in large-scale systems withmany users and files, dynamic network characteristics, and changing user behavior is difficult.We propose anapproach in which peers create replicas automatically in a decentralized fashion, as required to meet availabilitygoals.The aim of our framework is to maintain a thresholdlevel of availability at all times.We identify a set of factors that hinder data availabilityand propose a model that decides when more replication isnecessary.We evaluate the accuracy and performance ofthe proposed model using simulations.Our preliminaryresults show that the model is effective in predicting therequired number of replicas in the system.
@conference{873217, author = {Ranganathan, Kavitha and Iamnitchi, Adriana and Foster, Ian}, booktitle = {CCGRID {\textquoteright}02: Proceedings of the 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid}, title = {Improving Data Availability through Dynamic Model-Driven Replication in Large Peer-to-Peer Communities}, year = {2002}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {376}, publisher = {IEEE Computer Society}, isbn = {0-7695-1582-7}, keywords = {data sharing, model-driven, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=873217$\#$} }
[Feamster02infranet:circumventing] Infranet: Circumventing Web Censorship and Surveillance

Feamster, Nick, Balazinska, Magdalena, Harfst, Greg, Balakrishnan, Hari, and Karger, David

2002

Website abstract Bib

An increasing number of countries and companies routinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a system that enables clients to surreptitiously retrieve sensitive content via cooperating Web servers distributed across the global Internet. These Infranet servers provide clients access to censored sites while continuing to host normal uncensored content. Infranet uses a tunnel protocol that provides a covert communication channel between its clients and servers, modulated over standard HTTP transactions that resemble innocuous Web browsing. In the upstream direction, Infranet clients send covert messages to Infranet servers by associating meaning to the sequence of HTTP requests being made. In the downstream direction, Infranet servers return content by hiding censored data in uncensored images using steganographic techniques. We describe the design, a prototype implementation, security properties, and performance of Infranet. Our security analysis shows that Infranet can successfully circumvent several sophisticated censoring techniques.
@conference{Feamster02infranet:circumventing, author = {Feamster, Nick and Balazinska, Magdalena and Harfst, Greg and Balakrishnan, Hari and Karger, David}, booktitle = {In Proceedings of the 11th USENIX Security Symposium}, title = {Infranet: Circumventing Web Censorship and Surveillance}, year = {2002}, organization = {Association}, pages = {247{\textendash}262}, publisher = {Association}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.18.5049\&rep=rep1\&type=pdf} }
[Cao:2002:IPG:508325.508330] Internet pricing with a game theoretical approach: concepts and examples

Cao, Xi-Ren, Shen, Hong-Xia, Milito, Rodolfo, and Wirth, Patrica

IEEE/ACM Trans. Netw. 04/2002 2002

Website abstract Bib

The basic concepts of three branches of game theory, leader-follower, cooperative, and two-person nonzero sum games, are reviewed and applied to the study of the Internet pricing issue. In particular, we emphasize that the cooperative game (also called the bargaining problem) provides an overall picture for the issue. With a simple model for Internet quality of service (QoS), we demonstrate that the leader-follower game may lead to a solution that is not Pareto optimal and in some cases may be "unfair," and that the cooperative game may provide a better solution for both the Internet service provider (ISP) and the user. The practical implication of the results is that government regulation or arbitration may be helpful. The QoS model is also applied to study the competition between two ISPs, and we find a Nash equilibrium point from which the two ISPs would not move out without cooperation. The proposed approaches can be applied to other Internet pricing problems such as the Paris Metro pricing scheme.
@article{Cao:2002:IPG:508325.508330, author = {Cao, Xi-Ren and Shen, Hong-Xia and Milito, Rodolfo and Wirth, Patrica}, journal = {IEEE/ACM Trans. Netw.}, title = {Internet pricing with a game theoretical approach: concepts and examples}, year = {2002}, issn = {1063-6692}, month = {04/2002}, pages = {208{\textendash}216}, volume = {10}, address = {Piscataway, NJ, USA}, keywords = {bargaining problems, cooperative games, leader-follower games, Paris metro pricing, quality of services, two-person nonzero sum games}, owner = {tom}, publisher = {IEEE Press}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=508325.508330} }
[stepping-stones] Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones

Wang, Xinyuan, Reeves, Douglas S., and Wu, S. Felix

Oct 2002

DOI Website abstract Bib

Network based intrusions have become a serious threat to the users of the Internet. Intruders who wish to attack computers attached to the Internet frequently conceal their identity by staging their attacks through intermediate “stepping stones”. This makes tracing the source of the attack substantially more difficult, particularly if the attack traffic is encrypted. In this paper, we address the problem of tracing encrypted connections through stepping stones. The incoming and outgoing connections through a stepping stone must be correlated to accomplish this. We propose a novel correlation scheme based on inter-packet timing characteristics of both encrypted and unencrypted connections. We show that (after some filtering) inter-packet delays (IPDs) of both encrypted and unencrypted, interactive connections are preserved across many router hops and stepping stones. The effectiveness of this method for correlation purposes also requires that timing characteristics be distinctive enough to identify connections. We have found that normal interactive connections such as telnet, SSH and rlogin are almost always distinctive enough to provide correct correlation across stepping stones. The number of packets needed to correctly correlate two connections is also an important metric, and is shown to be quite modest for this method.
@conference{stepping-stones, author = {Wang, Xinyuan and Reeves, Douglas S. and Wu, S. Felix}, booktitle = {Proceedings of ESORICS 2002}, title = {Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones}, year = {2002}, month = oct, organization = {Springer Berlin / Heidelberg}, pages = {244{\textendash}263}, publisher = {Springer Berlin / Heidelberg}, doi = {10.1007/3-540-45853-0}, isbn = {978-3-540-44345-2}, keywords = {inter-packet delay, tracing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=699363} }
[morphmix:wpes2002] Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection

Rennhard, Marc, and Plattner, Bernhard

Nov 2002

DOI Website abstract Bib

Traditional mix-based systems are composed of a small set of static, well known, and highly reliable mixes. To resist traffic analysis attacks at a mix, cover traffic must be used, which results in significant bandwidth overhead. End-to-end traffic analysis attacks are even more difficult to counter because there are only a few entry-and exit-points in the system. Static mix networks also suffer from scalability problems and in several countries, institutions operating a mix could be targeted by legal attacks. In this paper, we introduce MorphMix, a system for peer-to-peer based anonymous Internet usage. Each MorphMix node is a mix and anyone can easily join the system. We believe that MorphMix overcomes or reduces several drawbacks of static mix networks. In particular, we argue that our approach offers good protection from traffic analysis attacks without employing cover traffic. But MorphMix also introduces new challenges. One is that an adversary can easily operate several malicious nodes in the system and try to break the anonymity of legitimate users by getting full control over their anonymous paths. To counter this attack, we have developed a collusion detection mechanism, which allows to identify compromised paths with high probability before they are being used.
@conference{morphmix:wpes2002, author = {Rennhard, Marc and Plattner, Bernhard}, booktitle = {Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002)}, title = {Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection}, year = {2002}, address = {Washington, DC, USA}, month = nov, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/644527.644537}, isbn = {1-58113-633-1}, keywords = {collusion detection, legal attack, P2P, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=644537} }
[Freedman02introducingtarzan] Introducing Tarzan, a Peer-to-Peer Anonymizing Network Layer

Freedman, Michael J., Sit, Emil, Cates, Josh, and Morris, Robert

2002

Website abstract Bib

We introduce Tarzan, a peer-to-peer anonymous network layer that provides generic IP forwarding. Unlike prior anonymizing layers, Tarzan is flexible, transparent, decentralized, and highly scalable. Tarzan achieves these properties by building anonymous IP tunnels between an open-ended set of peers. Tarzan can provide anonymity to existing applications, such as web browsing and file sharing, without change to those applications. Performance tests show that Tarzan imposes minimal overhead over a corresponding non-anonymous overlay route.
@booklet{Freedman02introducingtarzan, title = {Introducing Tarzan, a Peer-to-Peer Anonymizing Network Layer}, author = {Freedman, Michael J. and Sit, Emil and Cates, Josh and Morris, Robert}, year = {2002}, isbn = {3-540-44179-4}, journal = {Revised Papers from the First International Workshop on Peer-to-Peer Systems}, owner = {tom}, pages = {121 - 129}, timestamp = {2017-10-10}, url = {http://www.cs.rice.edu/Conferences/IPTPS02/182.pdf}, volume = {Vol. 2429} }

[646334] IPTPS ’01: Revised Papers from the First International Workshop on Peer-to-Peer Systems

2002

@booklet{646334,
  title = {IPTPS {\textquoteright}01: Revised Papers from the First International Workshop on Peer-to-Peer Systems},
  address = {London, UK},
  year = {2002},
  editor = {Druschel, Peter and Kaashoek, Frans M. and Rowstron, Antony},
  isbn = {3-540-44179-4},
  owner = {tom},
  publisher = {Springer-Verlag},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=646334$\#$}
}

[Muthitacharoen02ivy:a] Ivy: A Read/Write Peer-to-Peer File System

Muthitacharoen, Athicha, Morris, Robert, Gil, Thomer M., and Chen, Bengie

2002

Website abstract Bib

Ivy is a multi-user read/write peer-to-peer file system. Ivy has no centralized or dedicated components, and it provides useful integrity properties without requiring users to fully trust either the underlying peer-to-peer storage system or the other users of the file system.
@conference{Muthitacharoen02ivy:a, author = {Muthitacharoen, Athicha and Morris, Robert and Gil, Thomer M. and Chen, Bengie}, title = {Ivy: A Read/Write Peer-to-Peer File System}, year = {2002}, pages = {31{\textendash}44}, keywords = {distributed storage, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.20.2147} }

[Maymounkov02kademlia:a] Kademlia: A Peer-to-peer Information System Based on the XOR Metric

Maymounkov, Petar, and Mazières, David

03/2001 2002

We describe a peer-to-peer distributed hash table with provable consistency and performance in a fault-prone environment. Our system routes queries and locates nodes using a novel XOR-based metric topology that simplifies the algorithm and facilitates our proof. The topology has the property that every message exchanged conveys or reinforces useful contact information. The system exploits this information to send parallel, asynchronous query messages that tolerate node failures without imposing timeout delays on users.

@conference{Maymounkov02kademlia:a,
  author = {Maymounkov, Petar and Mazi{\`e}res, David},
  booktitle = {IPTPS {\textquoteright}01 - Revised Papers from the First International Workshop on Peer-to-Peer System},
  title = {Kademlia: A Peer-to-peer Information System Based on the XOR Metric},
  year = {2002},
  address = {Cambridge, MA, USA},
  month = {03/2001},
  organization = {Springer-Verlag},
  pages = {53{\textendash}65},
  publisher = {Springer-Verlag},
  series = {Lecture Notes in Computer Science},
  volume = {2429},
  doi = {10.1007/3-540-45748-8_5},
  isbn = {3-540-44179-4},
  keywords = {distributed hash table, fault-tolerance, Kademlia, P2P},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/2ekx2a76ptwd24qt/}
}

[DBLP:journals/ijufks/Sweene02] k-Anonymity: A Model for Protecting Privacy

Sweeney, Latanya

International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 2002

Bib

@article{DBLP:journals/ijufks/Sweene02,
  author = {Sweeney, Latanya},
  journal = {{International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems}},
  title = {k-Anonymity: A Model for Protecting Privacy},
  year = {2002},
  number = {5},
  pages = {557{\textendash}570},
  volume = {10},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Eschenauer02akey-management] A Key-Management Scheme for Distributed Sensor Networks

Eschenauer, Laurent, and Gligor, Virgil D.

2002

Website abstract Bib

Distributed Sensor Networks (DSNs) are ad-hoc mobile networks that include sensor nodes with limited computation and communication capabilities. DSNs are dynamic in the sense that they allow addition and deletion of sensor nodes after deployment to grow the network or replace failing and unreliable nodes. DSNs may be deployed in hostile areas where communication is monitored and nodes are subject to capture and surreptitious use by an adversary. Hence DSNs require cryptographic protection of communications, sensorcapture detection, key revocation and sensor disabling. In this paper, we present a key-management scheme designed to satisfy both operational and security requirements of DSNs.
@conference{Eschenauer02akey-management, author = {Eschenauer, Laurent and Gligor, Virgil D.}, booktitle = {In Proceedings of the 9th ACM Conference on Computer and Communications Security}, title = {A Key-Management Scheme for Distributed Sensor Networks}, year = {2002}, organization = {ACM Press}, pages = {41{\textendash}47}, publisher = {ACM Press}, keywords = {DNS, mobile Ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.19.9193} }
[limits-open] Limits of Anonymity in Open Environments

Kesdogan, Dogan, Agrawal, Dakshi, and Penz, Stefan

Oct 2002

Website abstract Bib

A user is only anonymous within a set of other users. Hence, the core functionality of an anonymity providing technique is to establish an anonymity set. In open environments, such as the Internet, the established anonymity sets in the whole are observable and change with every anonymous communication. We use this fact of changing anonymity sets and present a model where we can determine the protection limit of an anonymity technique, i.e. the number of observations required for an attacker to break uniquely a given anonymity technique. In this paper, we use the popular MIX method to demonstrate our attack. The MIX method forms the basis of most of the today’s deployments of anonymity services (e.g. Freedom, Onion Routing, Webmix). We note that our approach is general and can be applied equally well to other anonymity providing techniques.
@conference{limits-open, author = {Kesdogan, Dogan and Agrawal, Dakshi and Penz, Stefan}, booktitle = {Proceedings of Information Hiding Workshop (IH 2002)}, title = {Limits of Anonymity in Open Environments}, year = {2002}, editor = {Petitcolas, Fabien}, month = oct, organization = {Springer-Verlag, LNCS 2578}, publisher = {Springer-Verlag, LNCS 2578}, keywords = {anonymity measurement, attack, mix}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=731881} }
[Halevy:2002:LBE:646767.704291] The LSD Broadcast Encryption Scheme

Halevy, Dani, and Shamir, Adi

08/2002 2002

Website abstract Bib

Broadcast Encryption schemes enable a center to broadcast encrypted programs so that only designated subsets of users can decrypt each program. The stateless variant of this problem provides each user with a fixed set of keys which is never updated. The best scheme published so far for this problem is the "subset difference" (SD) technique of Naor Naor and Lotspiech, in which each one of the n users is initially given O(log2(n)) symmetric encryption keys. This allows the broadcaster to define at a later stage any subset of up to r users as "revoked", and to make the program accessible only to their complement by sending O(r) short messages before the encrypted program, and asking each user to perform an O(log(n)) computation. In this paper we describe the "Layered Subset Difference" (LSD) technique, which achieves the same goal with O(log1+\textquestiondown(n)) keys, O(r) messages, and O(log(n)) computation. This reduces the number of keys given to each user by almost a square root factor without affecting the other parameters. In addition, we show how to use the same LSD keys in order to address any subset defined by a nested combination of inclusion and exclusion conditions with a number of messages which is proportional to the complexity of the description rather than to the size of the subset. The LSD scheme is truly practical, and makes it possible to broadcast an unlimited number of programs to 256,000,000 possible customers by giving each new customer a smart card with one kilobyte of tamper-resistant memory. It is then possible to address any subset defined by t nested inclusion and exclusion conditions by sending less than 4t short messages, and the scheme remains secure even if all the other users form an adversarial coalition.
@conference{Halevy:2002:LBE:646767.704291, author = {Halevy, Dani and Shamir, Adi}, booktitle = {CRYPTO{\textquoteright}02 - Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology}, title = {The LSD Broadcast Encryption Scheme}, year = {2002}, address = {Santa Barbara, CA, USA}, month = {08/2002}, organization = {Springer-Verlag}, pages = {47{\textendash}60}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, isbn = {3-540-44050-X}, keywords = {broadcast encryption scheme, encryption, LSD}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=646767.704291} }

[10.1109/SFCS.2002.1181950] LT Codes

Luby, Michael

Foundations of Computer Science, Annual IEEE Symposium on 2002

@article{10.1109/SFCS.2002.1181950,
  author = {Luby, Michael},
  journal = {Foundations of Computer Science, Annual IEEE Symposium on},
  title = {LT Codes},
  year = {2002},
  issn = {0272-5428},
  pages = {271},
  address = {Los Alamitos, CA, USA},
  doi = {10.1109/SFCS.2002.1181950},
  isbn = {0-7695-1822-2},
  keywords = {coding theory},
  owner = {tom},
  publisher = {IEEE Computer Society},
  timestamp = {2017-10-10},
  url = {http://www.computer.org/portal/web/csdl/abs/proceedings/focs/2002/1822/00/18220271abs.htm}
}

[randomized-checking] Making mix nets robust for electronic voting by randomized partial checking

Jakobsson, Markus, Juels, Ari, and Rivest, Ron

Aug 2002

Website abstract Bib

We propose a new technique for making mix nets robust, called randomized partial checking (RPC). The basic idea is that rather than providing a proof of completely correct operation, each server provides strong evidence of its correct operation by revealing a pseudo-randomly selected subset of its input/output relations. Randomized partial checking is exceptionally efficient compared to previous proposals for providing robustness; the evidence provided at each layer is shorter than the output of that layer, and producing the evidence is easier than doing the mixing. It works with mix nets based on any encryption scheme (i.e., on public-key alone, and on hybrid schemes using public-key/symmetric-key combinations). It also works both with Chaumian mix nets where the messages are successively encrypted with each server’s key, and with mix nets based on a single public key with randomized re-encryption at each layer. Randomized partial checking is particularly well suited for voting systems, as it ensures voter privacy and provides assurance of correct operation. Voter privacy is ensured (either probabilistically or cryptographically) with appropriate design and parameter selection. Unlike previous work, our work provides voter privacy as a global property of the mix net rather than as a property ensured by a single honest server. RPC-based mix nets also provide high assurance of a correct election result, since a corrupt server is very likely to be caught if it attempts to tamper with even a couple of ballots.
@conference{randomized-checking, author = {Jakobsson, Markus and Juels, Ari and Rivest, Ron}, booktitle = {Proceedings of the 11th USENIX Security Symposium}, title = {Making mix nets robust for electronic voting by randomized partial checking}, year = {2002}, month = aug, organization = {USENIX Association Berkeley, CA, USA}, publisher = {USENIX Association Berkeley, CA, USA}, isbn = {1-931971-00-5}, keywords = {electronic voting, public verifiability, randomized partial checking, shuffle network}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=647253.720294} }
[Thomas:2002:MAO:767821.769444] A Market-Based Approach to Optimal Resource Allocation in Integrated-Services Connection-Oriented Networks

Thomas, Panagiotis, Teneketzis, Demosthenis, and MacKie-Mason, Jeffrey K.

Operations Research 07/2002 2002

DOI Website abstract Bib

We present an approach to the admission control and resource allocation problem in connection-oriented networks that offer multiple services to users. Users’ preferences are summarized by means of their utility functions, and each user is allowed to request more than one type of service. Multiple types of resources are allocated at each link along the path of a connection. We assume that the relation between Quality of Service (QoS) and resource allocation is given, and we incorporate it as a constraint into a static optimization problem. The objective of the optimization problem is to determine the amount of and required resources for each type of service to maximize the sum of the users’ utilities. We prove the existence of a solution of the optimization problem and describe a competitive market economy that implements the solution and satisfies the informational constraints imposed by the nature of the decentralized resource allocation problem. The economy consists of four different types of agents: resource providers, service providers, users, and an auctioneer that regulates the prices based on the observed aggregate excess demand. The goods that are sold are: (i) the resources at each link of the network, and (ii) services constructed from these resources and then delivered to users. We specify an iterative procedure that is used by the auctioneer to update the prices, and we show that it leads to an allocation that is arbitrarily close to a solution of the optimization problem in a finite number of iterations.
@article{Thomas:2002:MAO:767821.769444, author = {Thomas, Panagiotis and Teneketzis, Demosthenis and MacKie-Mason, Jeffrey K.}, journal = {Operations Research}, title = {A Market-Based Approach to Optimal Resource Allocation in Integrated-Services Connection-Oriented Networks}, year = {2002}, issn = {0030-364X}, month = {07/2002}, number = {4}, pages = {603{\textendash}616}, volume = {50}, address = {Institute for Operations Research and the Management Sciences (INFORMS), Linthicum, Maryland, USA}, doi = {10.1287/opre.50.4.603.2862}, keywords = {algorithms, economics, integrated-services networks, network, nonlinear, pricing schemes, programming, resource allocation}, owner = {tom}, publisher = {INFORMS}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1287/opre.50.4.603.2862} }

[Saroiu02ameasurement] A Measurement Study of Peer-to-Peer File Sharing Systems

Saroiu, Stefan, Gummadi, P. Krishna, and Gribble, Steven D.

Jan 2002

@conference{Saroiu02ameasurement,
  author = {Saroiu, Stefan and Gummadi, P. Krishna and Gribble, Steven D.},
  booktitle = {Multimedia Computing and Networking (MMCN),},
  title = {A Measurement Study of Peer-to-Peer File Sharing Systems},
  year = {2002},
  address = {San Jose},
  month = jan,
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.4223\&rep=rep1\&type=pdf}
}

[dwork02memorybound] On memory-bound functions for fighting spam

Dwork, Cynthia, Goldberg, Andrew, and Naor, Moni

2002

DOI Website abstract Bib

In 1992, Dwork and Naor proposed that e-mail messages be accompanied by easy-to-check proofs of computational effort in order to discourage junk e-mail, now known as spam. They proposed specific CPU-bound functions for this purpose. Burrows suggested that, since memory access speeds vary across machines much less than do CPU speeds, memory-bound functions may behave more equitably than CPU-bound functions; this approach was first explored by Abadi, Burrows, Manasse, and Wobber [5]. We further investigate this intriguing proposal. Specifically, we 1) Provide a formal model of computation and a statement of the problem; 2) Provide an abstract function and prove an asymptotically tight amortized lower bound on the number of memory accesses required to compute an acceptable proof of effort; specifically, we prove that, on average, the sender of a message must perform many unrelated accesses to memory, while the receiver, in order to verify the work, has to perform significantly fewer accesses; 3) Propose a concrete instantiation of our abstract function, inspired by the RC4 stream cipher; 4) Describe techniques to permit the receiver to verify the computation with no memory accesses; 5) Give experimental results showing that our concrete memory-bound function is only about four times slower on a 233 MHz settop box than on a 3.06 GHz workstation, and that speedup of the function is limited even if an adversary knows the access sequence and uses optimal off-line cache replacement.
@booklet{dwork02memorybound, title = {On memory-bound functions for fighting spam}, author = {Dwork, Cynthia and Goldberg, Andrew and Naor, Moni}, year = {2002}, doi = {10.1007/b11817}, owner = {tom}, timestamp = {2017-10-10}, url = {citeseer.ist.psu.edu/dwork02memorybound.html} }

[Hand2002] Mnemosyne: Peer-to-Peer Steganographic Storage

Hand, Steven, and Roscoe, Timothy

2002

@inbook{Hand2002,
  author = {Hand, Steven and Roscoe, Timothy},
  editor = {Druschel, Peter and Kaashoek, Frans and Rowstron, Antony},
  pages = {130-140},
  publisher = {Springer Berlin Heidelberg},
  title = {Mnemosyne: Peer-to-Peer Steganographic Storage},
  year = {2002},
  isbn = {978-3-540-44179-3},
  series = {Lecture Notes in Computer Science},
  volume = {2429},
  booktitle = {Peer-to-Peer Systems},
  doi = {10.1007/3-540-45748-8_13},
  organization = {Springer Berlin Heidelberg},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/3-540-45748-8_13}
}

[Maymounkov02onlinecodes] Online codes (Extended Abstract)

Maymounkov, Petar

2002

Website abstract Bib

We introduce online codes – a class of near-optimal codes for a very general loss channel which we call the free channel. Online codes are linear encoding/decoding time codes, based on sparse bipartite graphs, similar to Tornado codes, with a couple of novel properties: local encodability and rateless-ness. Local encodability is the property that each block of the encoding of a message can be computed independently from the others in constant time. This also implies that each encoding block is only dependent on a constant-sized part of the message and a few preprocessed bits. Rateless-ness is the property that each message has an encoding of practically infinite size. We argue that rateless codes are more appropriate than fixed-rate codes for most situations where erasure codes were considered a solution. Furthermore, rateless codes meet new areas of application, where they are not replaceable by fixed-rate codes. One such area is information dispersal over peer-to-peer networks.
@booklet{Maymounkov02onlinecodes, title = {Online codes (Extended Abstract)}, author = {Maymounkov, Petar}, year = {2002}, keywords = {coding theory, local encodability, rateless-ness, sparse bipartite graphs}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.112.1333} }
[Sherwood_p5:a] P5: A Protocol for Scalable Anonymous Communication

Sherwood, Rob, Bhattacharjee, Bobby, and Srinivasan, Aravind

Journal of Computer Security Dec 2002

Website abstract Bib

We present a protocol for anonymous communication over the Internet. Our protocol, called P (Peer-to-Peer Personal Privacy Protocol) provides sender-, receiver-, and sender-receiver anonymity. P is designed to be implemented over the current Internet protocols, and does not require any special infrastructure support. A novel feature of P is that it allows individual participants to trade-off degree of anonymity for communication efficiency, and hence can be used to scalably implement large anonymous groups. We present a description of P , an analysis of its anonymity and communication efficiency, and evaluate its performance using detailed packet-level simulations.
@article{Sherwood_p5:a, author = {Sherwood, Rob and Bhattacharjee, Bobby and Srinivasan, Aravind}, journal = {Journal of Computer Security}, title = {P5: A Protocol for Scalable Anonymous Communication}, year = {2002}, month = dec, pages = {839 - 876}, volume = {Volume 13 ,}, owner = {tom}, publisher = {IOS Press Amsterdam, The Netherlands}, timestamp = {2021-01-27}, url = {http://www.cs.umd.edu/projects/p5/p5.pdf} }
[Cox02pastiche:making] Pastiche: Making Backup Cheap and Easy

Cox, Landon P., Murray, Christopher D., and Noble, Brian D.

2002

Website abstract Bib

Backup is cumbersome and expensive. Individual users almost never back up their data, and backup is a significant cost in large organizations. This paper presents Pastiche, a simple and inexpensive backup system. Pastiche exploits excess disk capacity to perform peer-to-peer backup with no administrative costs. Each node minimizes storage overhead by selecting peers that share a significant amount of data. It is easy for common installations to find suitable peers, and peers with high overlap can be identified with only hundreds of bytes. Pastiche provides mechanisms for confidentiality, integrity, and detection of failed or malicious peers. A Pastiche prototype suffers only 7.4% overhead for a modified Andrew Benchmark, and restore performance is comparable to cross-machine copy.
@booklet{Cox02pastiche:making, title = {Pastiche: Making Backup Cheap and Easy}, author = {Cox, Landon P. and Murray, Christopher D. and Noble, Brian D.}, year = {2002}, keywords = {backup, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.15.3254} }
[513828] Performance analysis of the CONFIDANT protocol

Buchegger, Sonja, and Boudec, Jean-Yves Le

2002

DOI Website abstract Bib

Mobile ad-hoc networking works properly only if the participating nodes cooperate in routing and forwarding. However,it may be advantageous for individual nodes not to cooperate. We propose a protocol, called CONFIDANT, for making misbehavior unattractive; it is based on selective altruism and utilitarianism. It aims at detecting and isolating misbehaving nodes, thus making it unattractive to deny cooperation. Trust relationships and routing decisions are based on experienced, observed, or reported routing and forwarding behavior of other nodes. The detailed implementation of CONFIDANT in this paper assumes that the network layer is based on the Dynamic Source Routing (DSR) protocol. We present a performance analysis of DSR fortified by CONFIDANT and compare it to regular defenseless DSR. It shows that a network with CONFIDANT and up to 60% of misbehaving nodes behaves almost as well as a benign network, in sharp contrast to a defenseless network. All simulations have been implemented and performed in GloMoSim.
@conference{513828, author = {Buchegger, Sonja and Boudec, Jean-Yves Le}, booktitle = {MobiHoc {\textquoteright}02: Proceedings of the 3rd ACM international symposium on Mobile ad hoc networking \& computing}, title = {Performance analysis of the CONFIDANT protocol}, year = {2002}, address = {New York, NY, USA}, organization = {ACM}, pages = {226{\textendash}236}, publisher = {ACM}, doi = {10.1145/513800.513828}, isbn = {1-58113-501-7}, keywords = {cooperation, fairness, mobile Ad-hoc networks, reputation, robustness, routing, trust}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=513828$\#$} }

[Minsky02practicalset] Practical Set Reconciliation

Minsky, Yaron, and Trachtenberg, Ari

2002

Bib

@booklet{Minsky02practicalset,
  title = {Practical Set Reconciliation},
  author = {Minsky, Yaron and Trachtenberg, Ari},
  year = {2002},
  keywords = {set reconciliation},
  owner = {tom},
  timestamp = {2017-10-10}
}

[fiveyearslater] Privacy-enhancing technologies for the Internet, II: Five years later

Goldberg, Ian

Apr 2002

Five years ago, “Privacy-enhancing technologies for the Internet” [23] examined the state of the then newly emerging privacy-enhancing technologies. In this survey paper, we look back at the last five years to see what has changed, what has stagnated, what has succeeded, what has failed, and why. We also look at current trends with a view towards the future.

@conference{fiveyearslater,
  author = {Goldberg, Ian},
  booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2002)},
  title = {Privacy-enhancing technologies for the Internet, II: Five years later},
  year = {2002},
  editor = {Dingledine, Roger and Syverson, Paul},
  month = apr,
  organization = {Springer-Verlag, LNCS 2482},
  publisher = {Springer-Verlag, LNCS 2482},
  doi = {10.1007/3-540-36467-6},
  isbn = {978-3-540-00565-0},
  keywords = {privacy},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/740p21gl5a9f640m/}
}

[c.rhea:probabilistic] Probabilistic Location and Routing

Rhea, Sean C., and Kubiatowicz, John

06/2002 2002

We propose probabilistic location to enhance the performance of existing peer-to-peer location mechanisms in the case where a replica for the queried data item exists close to the query source. We introduce the attenuated Bloom filter, a lossy distributed index data structure. We describe how to use these data structures for document location and how to maintain them despite document motion. We include a detailed performance study which indicates that our algorithm performs as desired, both finding closer replicas and finding them faster than deterministic algorithms alone.

@conference{c.rhea:probabilistic,
  author = {Rhea, Sean C. and Kubiatowicz, John},
  booktitle = {INFOCOM{\textquoteright}02. Proceedings of the 21th Annual Joint Conference of the IEEE Computer and Communications Societies},
  title = {Probabilistic Location and Routing},
  year = {2002},
  address = {New York, NY, USA},
  month = {06/2002},
  organization = {IEEE Computer Society},
  pages = {-1{\textendash}1},
  publisher = {IEEE Computer Society},
  doi = {http://dx.doi.org/10.1109/INFCOM.2002.1019375},
  isbn = {0-7803-7476-2},
  keywords = {Bloom filter, document location, document motion, probabilistic location},
  owner = {tom},
  timestamp = {2017-10-10}
}

[586136] Query-flood DoS attacks in gnutella

Daswani, Neil, and Garcia-Molina, Hector

2002

We describe a simple but effective traffic model that can be used to understand the effects of denial-of-service (DoS) attacks based on query floods in Gnutella networks. We run simulations based on the model to analyze how different choices of network topology and application level load balancing policies can minimize the effect of these types of DoS attacks. In addition, we also study how damage caused by query floods is distributed throughout the network, and how application-level policies can localize the damage.

@conference{586136,
  author = {Daswani, Neil and Garcia-Molina, Hector},
  booktitle = {CCS {\textquoteright}02: Proceedings of the 9th ACM conference on Computer and communications security},
  title = {Query-flood DoS attacks in gnutella},
  year = {2002},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {181{\textendash}192},
  publisher = {ACM},
  doi = {10.1145/586110.586136},
  isbn = {1-58113-612-9},
  keywords = {denial-of-service, P2P},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=586110.586136$\#$}
}

[Douceur:2002:RSD:850928.851884] Reclaiming Space from Duplicate Files in a Serverless Distributed File System

Douceur, John R., Adya, Atul, Bolosky, William J., Simon, Dan, and Theimer, Marvin

07/2002 2002

DOI Website abstract Bib

The Farsite distributed file system provides availability by replicating each file onto multiple desktop computers. Since this replication consumes significant storage space, it is important to reclaim used space where possible. Measurement of over 500 desktop file systems shows that nearly half of all consumed space is occupied by duplicate files. We present a mechanism to reclaim space from this incidental duplication to make it available for controlled file replication. Our mechanism includes: (1) convergent encryption, which enables duplicate files to be coalesced into the space of a single file, even if the files are encrypted with different users’ keys; and (2) SALAD, a Self-Arranging Lossy Associative Database for aggregating file content and location information in a decentralized, scalable, fault-tolerant manner. Large-scale simulation experiments show that the duplicate-file coalescing system is scalable, highly effective, and fault-tolerant.
@conference{Douceur:2002:RSD:850928.851884, author = {Douceur, John R. and Adya, Atul and Bolosky, William J. and Simon, Dan and Theimer, Marvin}, booktitle = {ICDCS{\textquoteright}02 - Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS{\textquoteright}02)}, title = {Reclaiming Space from Duplicate Files in a Serverless Distributed File System}, year = {2002}, address = {Vienna, Austria}, month = {07/2002}, organization = {IEEE Computer Society}, pages = {617{\textendash}}, publisher = {IEEE Computer Society}, series = {ICDCS {\textquoteright}02}, doi = {http://dx.doi.org/10.1109/ICDCS.2002.1022312}, isbn = {0-7695-1585-1}, keywords = {convergent encryption, distributed file system, duplicate files, farsite, SALAD, serverless}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=850928.851884} }

[Dingledine02reliablemix] Reliable MIX Cascade Networks through Reputation

Dingledine, Roger, and Syverson, Paul

2002

@conference{Dingledine02reliablemix,
  author = {Dingledine, Roger and Syverson, Paul},
  booktitle = {Financial Cryptography. Springer-Verlag, LNCS 2357},
  title = {Reliable MIX Cascade Networks through Reputation},
  year = {2002},
  organization = {Springer Verlag},
  publisher = {Springer Verlag},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.9316\&rep=rep1\&type=pdf}
}

[Cohen02replicationstrategies] Replication Strategies in Unstructured Peer-to-Peer Networks

Cohen, Edith, and Shenker, S

Oct 2002

The Peer-to-Peer (P2P) architectures that are most prevalent in today’s Internet are decentralized and unstructured. Search is blind in that it is independent of the query and is thus not more effective than probing randomly chosen peers. One technique to improve the effectiveness of blind search is to proactively replicate data.

@conference{Cohen02replicationstrategies,
  author = {Cohen, Edith and Shenker, S},
  booktitle = {Proceedings of the 2002 SIGCOMM conference},
  title = {Replication Strategies in Unstructured Peer-to-Peer Networks},
  year = {2002},
  address = {Pittsburgh},
  month = oct,
  organization = {ACM New York, NY, USA},
  pages = {177{\textendash}190},
  publisher = {ACM New York, NY, USA},
  volume = {Volume 32 , Issue 4},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.9873\&rep=rep1\&type=pdf}
}

[Damiani2002] A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks

Damiani, Ernesto, Vimercati, Sabrina De Capitani, Paraboschi, Stefano, Samarati, Pierangela, and Violante, Fabio

2002

Website abstract Bib

Peer-to-peer (P2P) applications have seen an enormous success, and recently introduced P2P services have reached tens of millions of users. A feature that significantly contributes to the success of many P2P applications is user anonymity. However, anonymity opens the door to possible misuses and abuses, exploiting the P2P network as a way to spread tampered with resources, including Trojan Horses, viruses, and spam. To address this problem we propose a self-regulating system where the P2P network is used to implement a robust reputation mechanism. Reputation sharing is realized through a distributed polling algorithm by which resource requestors can assess the reliability of a resource offered by a participant before initiating the download. This way, spreading of malicious contents will be reduced and eventually blocked. Our approach can be straightforwardly piggybacked on existing P2P protocols and requires modest modifications to current implementations.
@conference{Damiani2002, author = {Damiani, Ernesto and di Vimercati, Sabrina De Capitani and Paraboschi, Stefano and Samarati, Pierangela and Violante, Fabio}, booktitle = {In Proceedings of the 9th ACM Conference on Computer and Communications Security}, title = {A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks}, year = {2002}, organization = {ACM Press}, pages = {207{\textendash}216}, publisher = {ACM Press}, owner = {tom}, timestamp = {2021-01-27}, url = {http://seclab.dti.unimi.it/Papers/ccs02.ps} }
[beimel-robust] Robust information-theoretic private information retrieval

Beimel, Amos, and Stahl, Yoav

2002

DOI Website abstract Bib

A Private Information Retrieval (PIR) protocol allows a user to retrieve a data item of its choice from a database, such that the servers storing the database do not gain information on the identity of the item being retrieved. PIR protocols were studied in depth since the subject was introduced in Chor, Goldreich, Kushilevitz, and Sudan 1995. The standard definition of PIR protocols raises a simple question - what happens if some of the servers crash during the operation? How can we devise a protocol which still works in the presence of crashing servers? Current systems do not guarantee availability of servers at all times for many reasons, e.g., crash of server or communication problems. Our purpose is to design robust PIR protocols, i.e., protocols which still work correctly even if only k out of l servers are available during the protocols’ operation (the user does not know in advance which servers are available). We present various robust PIR protocols giving different tradeofis between the different parameters. These protocols are incomparable, i.e., for different values of n and k we will get better results using different protocols. We first present a generic transformation from regular PIR protocols to robust PIR protocols, this transformation is important since any improvement in the communication complexity of regular PIR protocol will immediately implicate improvement in the robust PIR protocol communication. We also present two specific robust PIR protocols. Finally, we present robust PIR protocols which can tolerate Byzantine servers, i.e., robust PIR protocols which still work in the presence of malicious servers or servers with corrupted or obsolete databases.
@conference{beimel-robust, author = {Beimel, Amos and Stahl, Yoav}, booktitle = {Proceedings of the 3rd Conference on Security in Communication Networks}, title = {Robust information-theoretic private information retrieval}, year = {2002}, organization = {Springer-Verlag}, pages = {326{\textendash}341}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, volume = {2576}, doi = {10.1007/3-540-36413-7}, isbn = {978-3-540-00420-2}, keywords = {obsolete database, private information retrieval, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/9bnlbf2e2lp9u9p4/} }
[633045] Scalable application layer multicast

Banerjee, Suman, Bhattacharjee, Bobby, and Kommareddy, Christopher

2002

DOI Website abstract Bib

We describe a new scalable application-layer multicast protocol, specifically designed for low-bandwidth, data streaming applications with large receiver sets. Our scheme is based upon a hierarchical clustering of the application-layer multicast peers and can support a number of different data delivery trees with desirable properties.We present extensive simulations of both our protocol and the Narada application-layer multicast protocol over Internet-like topologies. Our results show that for groups of size 32 or more, our protocol has lower link stress (by about 25%), improved or similar end-to-end latencies and similar failure recovery properties. More importantly, it is able to achieve these results by using orders of magnitude lower control traffic.Finally, we present results from our wide-area testbed in which we experimented with 32-100 member groups distributed over 8 different sites. In our experiments, average group members established and maintained low-latency paths and incurred a maximum packet loss rate of less than 1% as members randomly joined and left the multicast group. The average control overhead during our experiments was less than 1 Kbps for groups of size 100.
@conference{633045, author = {Banerjee, Suman and Bhattacharjee, Bobby and Kommareddy, Christopher}, booktitle = {SIGCOMM {\textquoteright}02: Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications}, title = {Scalable application layer multicast}, year = {2002}, address = {New York, NY, USA}, organization = {ACM}, pages = {205{\textendash}217}, publisher = {ACM}, doi = {10.1145/633025.633045}, isbn = {1-58113-570-X}, keywords = {application layer multicast, hierarchy, overlay networks, P2P, scalability}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=633045$\#$} }

[937250] A scalable content-addressable network

Ratnasamy, Sylvia Paul

2002

@mastersthesis{937250,
  author = {Ratnasamy, Sylvia Paul},
  school = {University of California, Berkeley},
  title = {A scalable content-addressable network},
  year = {2002},
  note = {Chair-Shenker, Scott and Chair-Stoica, Ion},
  type = {phd},
  keywords = {CAN, distributed hash table},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {www.icir.org/sylvia/thesis.ps}
}

[Castro02scribe:a] SCRIBE: A large-scale and decentralized application-level multicast infrastructure

Castro, Miguel, Druschel, Peter, Kermarrec, Anne-Marie, and Rowstron, Antony

IEEE Journal on Selected Areas in Communications (JSAC 2002

Website abstract Bib

This paper presents Scribe, a scalable application-level multicast infrastructure. Scribe supports large numbers of groups, with a potentially large number of members per group. Scribe is built on top of Pastry, a generic peer-to-peer object location and routing substrate overlayed on the Internet, and leverages Pastry’s reliability, self-organization, and locality properties. Pastry is used to create and manage groups and to build efficient multicast trees for the dissemination of messages to each group. Scribe provides best-effort reliability guarantees, but we outline how an application can extend Scribe to provide stronger reliability. Simulation results, based on a realistic network topology model, show that Scribe scales across a wide range of groups and group sizes. Also, it balances the load on the nodes while achieving acceptable delay and link stress when compared to IP multicast
@article{Castro02scribe:a, author = {Castro, Miguel and Druschel, Peter and Kermarrec, Anne-Marie and Rowstron, Antony}, journal = {IEEE Journal on Selected Areas in Communications (JSAC}, title = {SCRIBE: A large-scale and decentralized application-level multicast infrastructure}, year = {2002}, pages = {2002}, volume = {20}, keywords = {distributed hash table, multicast, Scribe}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.20.299\&rep=rep1\&type=pdf} }
[Douceur:2002:SDS:784592.784803] A Secure Directory Service based on Exclusive Encryption

Douceur, John R., Adya, Atul, Benaloh, Josh, Bolosky, William J., and Yuval, Gideon

12/2003 2002

DOI Website abstract Bib

We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows’ baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.
@conference{Douceur:2002:SDS:784592.784803, author = {Douceur, John R. and Adya, Atul and Benaloh, Josh and Bolosky, William J. and Yuval, Gideon}, booktitle = {ACSAC{\textquoteright}02 - Proceedings of the 18th Annual Computer Security Applications Conference}, title = {A Secure Directory Service based on Exclusive Encryption}, year = {2002}, address = {San Diego, CA, USA}, month = {12/2003}, organization = {IEEE Computer Society}, pages = {172{\textendash}}, publisher = {IEEE Computer Society}, series = {ACSAC {\textquoteright}02}, doi = {http://dx.doi.org/10.1109/CSAC.2002.1176289}, isbn = {0-7695-1828-1}, keywords = {directory service, encryption, exclusive encryption, Windows}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=784592.784803} }
[844156] Secure routing for structured peer-to-peer overlay networks

Castro, Miguel, Druschel, Peter, Ganesh, Ayalvadi, Rowstron, Antony, and Wallach, Dan S.

SIGOPS Oper. Syst. Rev. 2002

DOI Website abstract Bib

Structured peer-to-peer overlay networks provide a substrate for the construction of large-scale, decentralized applications, including distributed storage, group communication, and content distribution. These overlays are highly resilient; they can route messages correctly even when a large fraction of the nodes crash or the network partitions. But current overlays are not secure; even a small fraction of malicious nodes can prevent correct message delivery throughout the overlay. This problem is particularly serious in open peer-to-peer systems, where many diverse, autonomous parties without preexisting trust relationships wish to pool their resources. This paper studies attacks aimed at preventing correct message delivery in structured peer-to-peer overlays and presents defenses to these attacks. We describe and evaluate techniques that allow nodes to join the overlay, to maintain routing state, and to forward messages securely in the presence of malicious nodes.
@article{844156, author = {Castro, Miguel and Druschel, Peter and Ganesh, Ayalvadi and Rowstron, Antony and Wallach, Dan S.}, journal = {SIGOPS Oper. Syst. Rev.}, title = {Secure routing for structured peer-to-peer overlay networks}, year = {2002}, issn = {0163-5980}, number = {SI}, pages = {299{\textendash}314}, volume = {36}, address = {New York, NY, USA}, doi = {10.1145/844128.844156}, keywords = {P2P, resilient overlay network}, owner = {tom}, publisher = {ACM}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=844156$\#$} }
[Karlof02securerouting] Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Karlof, Chris, and Wagner, David

2002

Website abstract Bib

We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks — sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks.
@conference{Karlof02securerouting, author = {Karlof, Chris and Wagner, David}, booktitle = {In First IEEE International Workshop on Sensor Network Protocols and Applications}, title = {Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures}, year = {2002}, pages = {113{\textendash}127}, keywords = {ad-hoc networks, P2P, sensor networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.4672} }
[687810] Security Considerations for Peer-to-Peer Distributed Hash Tables

Sit, Emil, and Morris, Robert

2002

Website abstract Bib

Recent peer-to-peer research has focused on providing efficient hash lookup systems that can be used to build more complex systems. These systems have good properties when their algorithms are executed correctly but have not generally considered how to handle misbehaving nodes. This paper looks at what sorts of security problems are inherent in large peer-to-peer systems based on distributed hash lookup systems. We examine the types of problems that such systems might face, drawing examples from existing systems, and propose some design principles for detecting and preventing these problems.
@conference{687810, author = {Sit, Emil and Morris, Robert}, booktitle = {IPTPS {\textquoteright}01: Revised Papers from the First International Workshop on Peer-to-Peer Systems}, title = {Security Considerations for Peer-to-Peer Distributed Hash Tables}, year = {2002}, address = {London, UK}, organization = {Springer-Verlag}, pages = {261{\textendash}269}, publisher = {Springer-Verlag}, isbn = {3-540-44179-4}, keywords = {distributed hash table, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=687810$\#$} }
[camenisch2002ssep] A Signature Scheme with Efficient Protocols

Camenisch, Jan, and Lysyanskaya, Anna

2002

DOI Website abstract Bib

Digital signature schemes are a fundamental cryptographic primitive, of use both in its own right, and as a building block in cryptographic protocol design. In this paper, we propose a practical and provably secure signature scheme and show protocols (1) for issuing a signature on a committed value (so the signer has no information about the signed value), and (2) for proving knowledge of a signature on a committed value. This signature scheme and corresponding protocols are a building block for the design of anonymity-enhancing cryptographic systems, such as electronic cash, group signatures, and anonymous credential systems. The security of our signature scheme and protocols relies on the Strong RSA assumption. These results are a generalization of the anonymous credential system of Camenisch and Lysyanskaya.
@conference{camenisch2002ssep, author = {Camenisch, Jan and Lysyanskaya, Anna}, booktitle = {Proceedings of SCN {\textquoteright}02, Third Conference on Security in Communication Networks}, title = {A Signature Scheme with Efficient Protocols}, year = {2002}, organization = {Springer Verlag, LNCS 2576}, pages = {268{\textendash}289}, publisher = {Springer Verlag, LNCS 2576}, doi = {10.1007/3-540-36413-7}, isbn = {978-3-540-00420-2}, keywords = {anonymity, anonymous credential system, digital signature}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/r66ywt172y06g5qr/} }
[Byers02simpleload] Simple Load Balancing for Distributed Hash Tables

Byers, John W., Considine, Jeffrey, and Mitzenmacher, Michael

2002

DOI Website abstract Bib

Distributed hash tables have recently become a useful building block for a variety of distributed applications. However, current schemes based upon consistent hashing require both considerable implementation complexity and substantial storage overhead to achieve desired load balancing goals. We argue in this paper that these goals can be achieved more simply and more cost-effectively. First, we suggest the direct application of the power of two choices paradigm, whereby an item is stored at the less loaded of two (or more) random alternatives. We then consider how associating a small constant number of hash values with a key can naturally be extended to support other load balancing strategies, including load-stealing or load-shedding, as well as providing natural fault-tolerance mechanisms.
@conference{Byers02simpleload, author = {Byers, John W. and Considine, Jeffrey and Mitzenmacher, Michael}, title = {Simple Load Balancing for Distributed Hash Tables}, year = {2002}, pages = {80{\textendash}87}, doi = {10.1007/b11823}, keywords = {distributed hash table, load balancing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/r9r4qcqxc2bmfqmr/} }
[Capkun02smallworlds] Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph

Capkun, Srdan, Buttyán, Levente, and Hubaux, Jean-Pierre

2002

DOI Website abstract Bib

We propose a new approach to securing self-organized mobile ad hoc networks. In this approach, security is achieved in a fully self-organized manner; by this we mean that the security system does not require any kind of certification authority or centralized server, even for the initialization phase. In our work, we were inspired by PGP [15] because its operation relies solely on the acquaintances between users. We show that the small-world phenomenon naturally emerges in the PGP system as a consequence of the self-organization of users. We show this by studying the PGP certificate graph properties and by quantifying its small-world characteristics. We argue that the certificate graphs of self-organized security systems will exhibit a similar small-world phenomenon, and we provide a way to model self-organized certificate graphs. The results of the PGP certificate graph analysis and graph modelling can be used to build new self-organized security systems and to test the performance of the existing proposals. In this work, we refer to such an example.
@conference{Capkun02smallworlds, author = {Capkun, Srdan and Butty{\'a}n, Levente and Hubaux, Jean-Pierre}, booktitle = {In Proceedings of The ACM New Security Paradigms Workshop}, title = {Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph}, year = {2002}, organization = {ACM Press}, pages = {28{\textendash}35}, publisher = {ACM Press}, doi = {10.1145/844102.844108}, isbn = {1-58113-598-X}, keywords = {PGP, public key management, self-organization, small-world}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=844102.844108} }
[567178] A State-of-the-Art Survey on Software Merging

Mens, Tom

IEEE Trans. Softw. Eng. 2002

DOI Website abstract Bib

Software merging is an essential aspect of the maintenance and evolution of large-scale software systems. This paper provides a comprehensive survey and analysis of available merge approaches. Over the years, a wide variety of different merge techniques has been proposed. While initial techniques were purely based on textual merging, more powerful approaches also take the syntax and semantics of the software into account. There is a tendency towards operation-based merging because of its increased expressiveness. Another tendency is to try to define merge techniques that are as general, accurate, scalable, and customizable as possible, so that they can be used in any phase in the software life-cycle and detect as many conflicts as possible. After comparing the possible merge techniques, we suggest a number of important open problems and future research directions.
@article{567178, author = {Mens, Tom}, journal = {IEEE Trans. Softw. Eng.}, title = {A State-of-the-Art Survey on Software Merging}, year = {2002}, issn = {0098-5589}, number = {5}, pages = {449{\textendash}462}, volume = {28}, address = {Piscataway, NJ, USA}, doi = {10.1109/TSE.2002.1000449}, keywords = {conflict detection, large-scale software development, merge conflicts, software merging}, owner = {tom}, publisher = {IEEE Press}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=567178$\#$} }
[TrafHTTP] Statistical Identification of Encrypted Web Browsing Traffic

Sun, Qixiang, Simon, Daniel R., Wang, Yi-Min, Russell, Wilf, Padmanabhan, Venkata N., and Qiu, Lili

May 2002

Website abstract Bib

Encryption is often proposed as a tool for protecting the privacy of World Wide Web browsing.However, encryption–particularly astypically implemented in, or in concert with popular Webbrowsers–does not hide all information about the encryptedplaintext.Specifically, HTTP object count and sizes are oftenrevealed (or at least incompletely concealed). We investigate theidentifiability of World Wide Web traffic based on this unconcealedinformation in a large sample of Web pages, and show that it sufficesto identify a significant fraction of them quite reliably.We also suggest some possible countermeasures against the exposure of this kind of information and experimentally evaluate their effectiveness.
@conference{TrafHTTP, author = {Sun, Qixiang and Simon, Daniel R. and Wang, Yi-Min and Russell, Wilf and Padmanabhan, Venkata N. and Qiu, Lili}, booktitle = {Proceedings of the 2002 IEEE Symposium on Security and Privacy}, title = {Statistical Identification of Encrypted Web Browsing Traffic}, year = {2002}, address = {Berkeley, California}, month = may, organization = {IEEE Computer Society Washington, DC, USA}, publisher = {IEEE Computer Society Washington, DC, USA}, isbn = {0-7695-1543-6}, keywords = {encryption, privacy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=830535} }
[Montenegro02statisticallyunique] Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses

Montenegro, Gabriel

2002

Website abstract Bib

This paper addresses the identifier ownership problem. It does so by using characteristics of Statistic Uniqueness and Cryptographic Verifiability (SUCV) of certain entities which this document calls SUCV Identifiers and Addresses. Their characteristics allow them to severely limit certain classes of denial of service attacks and hijacking attacks. SUCV addresses are particularly applicable to solve the address ownership problem that hinders mechanisms like Binding Updates in Mobile IPv6.
@booklet{Montenegro02statisticallyunique, title = {Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses}, author = {Montenegro, Gabriel}, year = {2002}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.16.1456} }
[wallach02p2psecurity] A Survey of Peer-to-Peer Security Issues

Wallach, Dan S.

2002

Website abstract Bib

Peer-to-peer (p2p) networking technologies have gained popularity as a mechanism for users to share files without the need for centralized servers. A p2p network provides a scalable and fault-tolerant mechanism to locate nodes anywhere on a network without maintaining a large amount of routing state. This allows for a variety of applications beyond simple file sharing. Examples include multicast systems, anonymous communications systems, and web caches. We survey security issues that occur in the underlying p2p routing protocols, as well as fairness and trust issues that occur in file sharing and other p2p applications. We discuss how techniques, ranging from cryptography, to random network probing, to economic incentives, can be used to address these problems.
@conference{wallach02p2psecurity, author = {Wallach, Dan S.}, booktitle = {ISSS}, title = {A Survey of Peer-to-Peer Security Issues}, year = {2002}, pages = {42{\textendash}57}, keywords = {cryptography, P2P, routing, security policy}, owner = {tom}, timestamp = {2021-01-27}, url = {http://springerlink.metapress.com/openurl.asp?genre=article\&issn=0302-9743\&volume=2609\&spage=42} }
[568525] A survey of rollback-recovery protocols in message-passing systems

Elnozahy, Mootaz, Alvisi, Lorenzo, Wang, Yi-Min, and Johnson, David B.

ACM Comput. Surv. 2002

DOI Website abstract Bib

This survey covers rollback-recovery techniques that do not require special language constructs. In the first part of the survey we classify rollback-recovery protocols into checkpoint-based and log-based. Checkpoint-based protocols rely solely on checkpointing for system state restoration. Checkpointing can be coordinated, uncoordinated, or communication-induced. Log-based protocols combine checkpointing with logging of nondeterministic events, encoded in tuples called determinants. Depending on how determinants are logged, log-based protocols can be pessimistic, optimistic, or causal. Throughout the survey, we highlight the research issues that are at the core of rollback-recovery and present the solutions that currently address them. We also compare the performance of different rollback-recovery protocols with respect to a series of desirable properties and discuss the issues that arise in the practical implementations of these protocols.
@article{568525, author = {Elnozahy, Mootaz and Alvisi, Lorenzo and Wang, Yi-Min and Johnson, David B.}, journal = {ACM Comput. Surv.}, title = {A survey of rollback-recovery protocols in message-passing systems}, year = {2002}, issn = {0360-0300}, number = {3}, pages = {375{\textendash}408}, volume = {34}, address = {New York, NY, USA}, doi = {10.1145/568522.568525}, keywords = {message logging, rollback-recovery}, owner = {tom}, publisher = {ACM}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=568522.568525$\#$} }

[Douceur:2002:SA:646334.687813] The Sybil Attack

Douceur, John R.

03/2002 2002

Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these "Sybil attacks" is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.

@conference{Douceur:2002:SA:646334.687813,
  author = {Douceur, John R.},
  booktitle = {IPTPS{\textquoteright}01 - Revised Papers from the First International Workshop on Peer-to-Peer Systems},
  title = {The Sybil Attack},
  year = {2002},
  address = {Cambridge, MA},
  month = {03/2002},
  organization = {Springer-Verlag London},
  pages = {251{\textendash}260},
  publisher = {Springer-Verlag London},
  series = {Revised Papers from the First International Workshop on Peer-to-Peer Systems},
  isbn = {3-540-44179-4},
  keywords = {attack, peer-to-peer networking, security threat, Sybil attack},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=646334.687813}
}

[tarzan:ccs02] Tarzan: A Peer-to-Peer Anonymizing Network Layer

Freedman, Michael J., and Morris, Robert

Nov 2002

DOI Website abstract Bib

Tarzan is a peer-to-peer anonymous IP network overlay. Because it provides IP service, Tarzan is general-purpose and transparent to applications. Organized as a decentralized peer-to-peer overlay, Tarzan is fault-tolerant, highly scalable, and easy to manage.Tarzan achieves its anonymity with layered encryption and multi-hop routing, much like a Chaumian mix. A message initiator chooses a path of peers pseudo-randomly through a restricted topology in a way that adversaries cannot easily influence. Cover traffic prevents a global observer from using traffic analysis to identify an initiator. Protocols toward unbiased peer-selection offer new directions for distributing trust among untrusted entities.Tarzan provides anonymity to either clients or servers, without requiring that both participate. In both cases, Tarzan uses a network address translator (NAT) to bridge between Tarzan hosts and oblivious Internet hosts.Measurements show that Tarzan imposes minimal overhead over a corresponding non-anonymous overlay route.
@conference{tarzan:ccs02, author = {Freedman, Michael J. and Morris, Robert}, booktitle = {Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002)}, title = {Tarzan: A Peer-to-Peer Anonymizing Network Layer}, year = {2002}, address = {Washington, DC}, month = nov, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/586110.586137}, isbn = {1-58113-612-9}, keywords = {fault-tolerance, overhead, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=586137} }
[Clifton:2002:TPP:772862.772867] Tools for privacy preserving distributed data mining

Clifton, Chris, Kantarcioglu, Murat, Vaidya, Jaideep, Lin, Xiaodong, and Zhu, Michael Y.

SIGKDD Explorations Newsletter 12/2002 2002

DOI Website abstract Bib

Privacy preserving mining of distributed data has numerous applications. Each application poses different constraints: What is meant by privacy, what are the desired results, how is the data distributed, what are the constraints on collaboration and cooperative computing, etc. We suggest that the solution to this is a toolkit of components that can be combined for specific privacy-preserving data mining applications. This paper presents some components of such a toolkit, and shows how they can be used to solve several privacy-preserving data mining problems.
@article{Clifton:2002:TPP:772862.772867, author = {Clifton, Chris and Kantarcioglu, Murat and Vaidya, Jaideep and Lin, Xiaodong and Zhu, Michael Y.}, journal = {SIGKDD Explorations Newsletter}, title = {Tools for privacy preserving distributed data mining}, year = {2002}, issn = {1931-0145}, month = {12/2002}, number = {2}, pages = {28{\textendash}34}, volume = {4}, address = {New York, NY, USA}, doi = {10.1145/772862.772867}, keywords = {PIR, privacy, security}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/772862.772867} }
[Serjantov02towardsan] Towards an Information Theoretic Metric for Anonymity

Serjantov, Andrei, and Danezis, George

2002

Website abstract Bib

In this paper we look closely at the popular metric of anonymity, the anonymity set, and point out a number of problems associated with it. We then propose an alternative information theoretic measure of anonymity which takes into account the probabilities of users sending and receiving the messages and show how to calculate it for a message in a standard mix-based anonymity system. We also use our metric to compare a pool mix to a traditional threshold mix, which was impossible using anonymity sets. We also show how the maximum route length restriction which exists in some fielded anonymity systems can lead to the attacker performing more powerful traffic analysis. Finally, we discuss open problems and future work on anonymity measurements.
@booklet{Serjantov02towardsan, title = {Towards an Information Theoretic Metric for Anonymity}, author = {Serjantov, Andrei and Danezis, George}, year = {2002}, isbn = {978-3-540-00565-0}, journal = {Lecture Notes in Computer Science}, owner = {tom}, pages = {41{\textendash}53}, publisher = {Springer-Verlag}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.12.5992\&rep=rep1\&type=url\&i=0}, volume = {Volume 2482/2003} }
[Serj02] Towards an Information Theoretic Metric for Anonymity

Serjantov, Andrei, and Danezis, George

04/2003 2002

DOI Website abstract Bib

In this paper we look closely at the popular metric of anonymity, the anonymity set, and point out a number of problems associated with it. We then propose an alternative information theoretic measure of anonymity which takes into account the probabilities of users sending and receiving the messages and show how to calculate it for a message in a standard mix-based anonymity system. We also use our metric to compare a pool mix to a traditional threshold mix, which was impossible using anonymity sets. We also show how the maximum route length restriction which exists in some fielded anonymity systems can lead to the attacker performing more powerful traffic analysis. Finally, we discuss open problems and future work on anonymity measurements.
@conference{Serj02, author = {Serjantov, Andrei and Danezis, George}, booktitle = {Proceedings of Privacy Enhancing Technologies Workshop (PET 2002)}, title = {Towards an Information Theoretic Metric for Anonymity}, year = {2002}, editor = {Dingledine, Roger and Syverson, Paul}, month = {04/2003}, organization = {Springer-Verlag, LNCS 2482}, publisher = {Springer-Verlag, LNCS 2482}, doi = {10.1007/3-540-36467-6}, isbn = {978-3-540-00565-0}, keywords = {anonymity measurement, traffic analysis}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.springerlink.com/content/wwe2c7g3hmwn0klf/} }
[Diaz02towardsmeasuring] Towards Measuring Anonymity

Diaz, Claudia, Seys, Stefaan, Claessens, Joris, and Preneel, Bart

2002

Website abstract Bib

This paper introduces an information theoretic model that allows to quantify the degree of anonymity provided by schemes for anonymous connections. It considers attackers that obtain probabilistic information about users. The degree is based on the probabilities an attacker, after observing the system, assigns to the dierent users of the system as being the originators of a message. As a proof of concept, the model is applied to some existing systems. The model is shown to be very useful for evaluating the level of privacy a system provides under various attack scenarios, for measuring the amount of information an attacker gets with a particular attack and for comparing dierent systems amongst each other.
@booklet{Diaz02towardsmeasuring, title = {Towards Measuring Anonymity}, author = {Diaz, Claudia and Seys, Stefaan and Claessens, Joris and Preneel, Bart}, year = {2002}, owner = {tom}, publisher = {Springer-Verlag}, timestamp = {2017-10-10}, url = {http://www.cosic.esat.kuleuven.be/publications/article-89.pdf} }
[Diaz02] Towards measuring anonymity

Diaz, Claudia, Seys, Stefaan, Claessens, Joris, and Preneel, Bart

04/2003 2002

DOI Website abstract Bib

This paper introduces an information theoretic model that allows to quantify the degree of anonymity provided by schemes for anonymous connections. It considers attackers that obtain probabilistic information about users. The degree is based on the probabilities an attacker, after observing the system, assigns to the different users of the system as being the originators of a message. As a proof of concept, the model is applied to some existing systems. The model is shown to be very useful for evaluating the level of privacy a system provides under various attack scenarios, for measuring the amount of information an attacker gets with a particular attack and for comparing different systems amongst each other.
@conference{Diaz02, author = {Diaz, Claudia and Seys, Stefaan and Claessens, Joris and Preneel, Bart}, booktitle = {Proceedings of Privacy Enhancing Technologies Workshop (PET 2002)}, title = {Towards measuring anonymity}, year = {2002}, editor = {Dingledine, Roger and Syverson, Paul}, month = {04/2003}, organization = {Springer-Verlag, LNCS 2482}, publisher = {Springer-Verlag, LNCS 2482}, doi = {10.1007/3-540-36467-6}, isbn = {978-3-540-00565-0}, keywords = {anonymity, attack, privacy}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.springerlink.com/content/3qb837jkpgukc6b5/} }
[633027] Understanding BGP misconfiguration

Mahajan, Ratul, Wetherall, David, and Anderson, Thomas

2002

DOI Website abstract Bib

It is well-known that simple, accidental BGP configuration errors can disrupt Internet connectivity. Yet little is known about the frequency of misconfiguration or its causes, except for the few spectacular incidents of widespread outages. In this paper, we present the first quantitative study of BGP misconfiguration. Over a three week period, we analyzed routing table advertisements from 23 vantage points across the Internet backbone to detect incidents of misconfiguration. For each incident we polled the ISP operators involved to verify whether it was a misconfiguration, and to learn the cause of the incident. We also actively probed the Internet to determine the impact of misconfiguration on connectivity.Surprisingly, we find that configuration errors are pervasive, with 200-1200 prefixes (0.2-1.0% of the BGP table size) suffering from misconfiguration each day. Close to 3 in 4 of all new prefix advertisements were results of misconfiguration. Fortunately, the connectivity seen by end users is surprisingly robust to misconfigurations. While misconfigurations can substantially increase the update load on routers, only one in twenty five affects connectivity. While the causes of misconfiguration are diverse, we argue that most could be prevented through better router design.
@conference{633027, author = {Mahajan, Ratul and Wetherall, David and Anderson, Thomas}, booktitle = {SIGCOMM {\textquoteright}02: Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications}, title = {Understanding BGP misconfiguration}, year = {2002}, address = {New York, NY, USA}, organization = {ACM}, pages = {3{\textendash}16}, publisher = {ACM}, doi = {10.1145/633025.633027}, isbn = {1-58113-570-X}, keywords = {border gateway protocol}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=633027$\#$} }
[kesdogan:pet2002] Unobservable Surfing on the World Wide Web: Is Private Information Retrieval an alternative to the MIX based Approach?

Kesdogan, Dogan, Borning, Mark, and Schmeink, Michael

Apr 2002

Website abstract Bib

The technique Private Information Retrieval (PIR) perfectly protects a user’s access pattern to a database. An attacker cannot observe (or determine) which data element is requested by a user and so cannot deduce the interest of the user. We discuss the application of PIR on the World Wide Web and compare it to the MIX approach. We demonstrate particularly that in this context the method does not provide perfect security, and we give a mathematical model for the amount of information an attacker could obtain. We provide an extension of the method under which perfect security can still be achieved.
@conference{kesdogan:pet2002, author = {Kesdogan, Dogan and Borning, Mark and Schmeink, Michael}, booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2002)}, title = {Unobservable Surfing on the World Wide Web: Is Private Information Retrieval an alternative to the MIX based Approach?}, year = {2002}, editor = {Dingledine, Roger and Syverson, Paul}, month = apr, organization = {Springer-Verlag, LNCS 2482}, publisher = {Springer-Verlag, LNCS 2482}, keywords = {private information retrieval}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.80.7678} }
[651321] Venti: A New Approach to Archival Storage

Quinlan, Sean, and Dorward, Sean

2002

Website abstract Bib

This paper describes a network storage system, called Venti, intended for archival data. In this system, a unique hash of a block’s contents acts as the block identifier for read and write operations. This approach enforces a write-once policy, preventing accidental or malicious destruction of data. In addition, duplicate copies of a block can be coalesced, reducing the consumption of storage and simplifying the implementation of clients. Venti is a building block for constructing a variety of storage applications such as logical backup, physical backup, and snapshot file systems.
@conference{651321, author = {Quinlan, Sean and Dorward, Sean}, booktitle = {FAST {\textquoteright}02: Proceedings of the Conference on File and Storage Technologies}, title = {Venti: A New Approach to Archival Storage}, year = {2002}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {89{\textendash}101}, publisher = {USENIX Association}, isbn = {1-880446-03-0}, keywords = {backup, file systems, network storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=651321$\#$} }
[571857] Viceroy: a scalable and dynamic emulation of the butterfly

Malkhi, Dahlia, Naor, Moni, and Ratajczak, David

2002

DOI Website abstract Bib

We propose a family of constant-degree routing networks of logarithmic diameter, with the additional property that the addition or removal of a node to the network requires no global coordination, only a constant number of linkage changes in expectation, and a logarithmic number with high probability. Our randomized construction improves upon existing solutions, such as balanced search trees, by ensuring that the congestion of the network is always within a logarithmic factor of the optimum with high probability. Our construction derives from recent advances in the study of peer-to-peer lookup networks, where rapid changes require efficient and distributed maintenance, and where the lookup efficiency is impacted both by the lengths of paths to requested data and the presence or elimination of bottlenecks in the network.
@conference{571857, author = {Malkhi, Dahlia and Naor, Moni and Ratajczak, David}, booktitle = {PODC {\textquoteright}02: Proceedings of the twenty-first annual symposium on Principles of distributed computing}, title = {Viceroy: a scalable and dynamic emulation of the butterfly}, year = {2002}, address = {New York, NY, USA}, organization = {ACM}, pages = {183{\textendash}192}, publisher = {ACM}, doi = {10.1145/571825.571857}, isbn = {1-58113-485-1}, keywords = {P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=571857$\#$} }
[Hall01onalgorithms] On Algorithms for Efficient Data Migration

Hall, Joseph, Hartline, Jason D., Karlin, Anna R., Saia, Jared, and Wilkes, John

2001

Website abstract Bib

The data migration problem is the problem of computing an efficient plan for moving data stored on devices in a network from one configuration to another. Load balancing or changing usage patterns could necessitate such a rearrangement of data. In this paper, we consider the case where the objects are fixed-size and the network is complete. The direct migration problem is closely related to edge-coloring. However, because there are space constraints on the devices, the problem is more complex. Our main results are polynomial time algorithms for finding a near-optimal migration plan in the presence of space constraints when a certain number of additional nodes is available as temporary storage, and a 3/2-approximation for the case where data must be migrated directly to its destination.
@booklet{Hall01onalgorithms, title = {On Algorithms for Efficient Data Migration}, author = {Hall, Joseph and Hartline, Jason D. and Karlin, Anna R. and Saia, Jared and Wilkes, John}, year = {2001}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.26.1365\&rep=rep1\&type=pdf} }
[747491] Application-Level Multicast Using Content-Addressable Networks

Ratnasamy, Sylvia Paul, Handley, Mark, Karp, Richard, and Shenker, S

2001

DOI Website abstract Bib

Most currently proposed solutions to application-level multicast organise the group members into an application-level mesh over which a Distance-Vector routingp rotocol, or a similar algorithm, is used to construct source-rooted distribution trees. The use of a global routing protocol limits the scalability of these systems. Other proposed solutions that scale to larger numbers of receivers do so by restricting the multicast service model to be single-sourced. In this paper, we propose an application-level multicast scheme capable of scaling to large group sizes without restrictingthe service model to a single source. Our scheme builds on recent work on Content-Addressable Networks (CANs). Extendingthe CAN framework to support multicast comes at trivial additional cost and, because of the structured nature of CAN topologies, obviates the need for a multicast routingalg orithm. Given the deployment of a distributed infrastructure such as a CAN, we believe our CAN-based multicast scheme offers the dual advantages of simplicity and scalability.
@conference{747491, author = {Ratnasamy, Sylvia Paul and Handley, Mark and Karp, Richard and Shenker, S}, booktitle = {NGC {\textquoteright}01: Proceedings of the Third International COST264 Workshop on Networked Group Communication}, title = {Application-Level Multicast Using Content-Addressable Networks}, year = {2001}, address = {London, UK}, organization = {Springer-Verlag}, pages = {14{\textendash}29}, publisher = {Springer-Verlag}, doi = {10.1007/3-540-45546-9}, isbn = {3-540-42824-0}, keywords = {CAN, mesh networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/ahdgfj8yj9exqe03/} }
[gup] Authentic Attributes with Fine-Grained Anonymity Protection

Stubblebine, Stuart, and Syverson, Paul

2001

DOI Website abstract Bib

Collecting accurate profile information and protecting an individual’s privacy are ordinarily viewed as being at odds. This paper presents mechanisms that protect individual privacy while presenting accurate-indeed authenticated-profile information to servers and merchants. In particular, we give a pseudonym registration scheme and system that enforces unique user registration while separating trust required of registrars, issuers, and validators. This scheme enables the issuance of global unique pseudonyms (GUPs) and attributes enabling practical applications such as authentication of accurate attributes and enforcement of “one-to-a-customer” properties. We also present a scheme resilient to even pseudonymous profiling yet preserving the ability of merchants to authenticate the accuracy of information. It is the first mechanism of which the authors are aware to guarantee recent validity for group signatures, and more generally multi-group signatures, thus effectively enabling revocation of all or some of the multi-group certificates held by a principal.
@conference{gup, author = {Stubblebine, Stuart and Syverson, Paul}, booktitle = {Proceedings of Financial Cryptography (FC 2000)}, title = {Authentic Attributes with Fine-Grained Anonymity Protection}, year = {2001}, editor = {Frankel, Yair}, organization = {Springer-Verlag, LNCS 1962}, pages = {276{\textendash}294}, publisher = {Springer-Verlag, LNCS 1962}, doi = {10.1007/3-540-45472-1}, isbn = {978-3-540-42700-1}, keywords = {privacy, pseudonym}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=728483} }
[Jennings2001] Automated Negotiation: Prospects, Methods and Challenges

Jennings, Nicholas R, Faratin, Peyman, Lomuscio, Alessio R., Parsons, Simon, Sierra, Carles, and Wooldridge, Michael

Group Decision and Negociation 03/2001 2001

DOI abstract Bib

This paper is to examine the space of negotiation opportunities for autonomous agents, to identify and evaluate some of the key techniques, and to highlight some of the major challenges for future automated negotiation research. This paper is not meant as a survey of the field of automated negotiation. Rather, the descriptions and assessments of the various approaches are generally undertaken with particular reference to work in which the authors have been involved. However, the specific issues raised should be viewed as being broadly applicable.
@article{Jennings2001, author = {Jennings, Nicholas R and Faratin, Peyman and Lomuscio, Alessio R. and Parsons, Simon and Sierra, Carles and Wooldridge, Michael}, journal = {Group Decision and Negociation}, title = {Automated Negotiation: Prospects, Methods and Challenges}, year = {2001}, month = {03/2001}, pages = {199-215}, volume = {10}, doi = {10.1023}, keywords = {automated negociation autonomous agent, negociation}, owner = {tom}, timestamp = {2017-10-10} }
[378347] Bayeux: an architecture for scalable and fault-tolerant wide-area data dissemination

Zhuang, Shelley, Zhao, Ben Y., Joseph, Anthony D., Katz, Randy H., and Kubiatowicz, John

2001

DOI Website abstract Bib

The demand for streaming multimedia applications is growing at an incr edible rate. In this paper, we propose Bayeux, an efficient application-level multicast system that scales to arbitrarily large receiver groups while tolerating failures in routers and network links. Bayeux also includes specific mechanisms for load-balancing across replicate root nodes and more efficient bandwidth consumption. Our simulation results indicate that Bayeux maintains these properties while keeping transmission overhead low. To achieve these properties, Bayeux leverages the architecture of Tapestry, a fault-tolerant, wide-area overlay routing and location network.
@conference{378347, author = {Zhuang, Shelley and Zhao, Ben Y. and Joseph, Anthony D. and Katz, Randy H. and Kubiatowicz, John}, booktitle = {NOSSDAV {\textquoteright}01: Proceedings of the 11th international workshop on Network and operating systems support for digital audio and video}, title = {Bayeux: an architecture for scalable and fault-tolerant wide-area data dissemination}, year = {2001}, address = {New York, NY, USA}, organization = {ACM}, pages = {11{\textendash}20}, publisher = {ACM}, doi = {10.1145/378344.378347}, isbn = {1-58113-370-7}, keywords = {fault-tolerance, load balancing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=378347$\#$} }
[Stoica01chord:a] Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications

Stoica, Ion, Morris, Robert, Karger, David, Kaashoek, Frans M., and Balakrishnan, Hari

2001 2001

abstract Bib

Efficiently determining the node that stores a data item in a distributed network is an important and challenging problem. This paper describes the motivation and design of the Chord system, a decentralized lookup service that stores key/value pairs for such networks. The Chord protocol takes as input an m-bit identifier (derived by hashing a higher-level application specific key), and returns the node that stores the value corresponding to that key. Each Chord node is identified by an m-bit identifier and each node stores the key identifiers in the system closest to the node’s identifier. Each node maintains an m-entry routing table that allows it to look up keys efficiently. Results from theoretical analysis, simulations, and experiments show that Chord is incrementally scalable, with insertion and lookup costs scaling logarithmically with the number of Chord nodes.
@conference{Stoica01chord:a, author = {Stoica, Ion and Morris, Robert and Karger, David and Kaashoek, Frans M. and Balakrishnan, Hari}, booktitle = {Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications}, title = {Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications}, year = {2001}, address = {San Diego, California, United States}, month = {2001}, organization = {ACM New York, NY, USA}, pages = {149{\textendash}160}, publisher = {ACM New York, NY, USA}, isbn = {1-58113-411-8}, keywords = {Chord, distributed hash table}, owner = {tom}, timestamp = {2017-10-10} }
[Sirer_cliquenet:a] CliqueNet: A Self-Organizing, Scalable, Peer-to-Peer Anonymous Communication Substrate

Sirer, Emin Gün, Polte, Milo, and Robson, Mark

2001

Website abstract Bib

Anonymity is critical for many networked applications. Yet current Internet protocols provide no support for masking the identity of communication endpoints. This paper outlines a design for a peer-to-peer, scalable, tamper-resilient communication protocol that provides strong anonymity and privacy. Called CliqueNet, our protocol provides an information-theoretic guarantee: an omnipotent adversary that can wiretap at any location in the network cannot determine the sender of a packet beyond a clique, that is, a set of k hosts, where k is an anonymizing factor chosen by the participants. CliqueNet is resilient to jamming by malicious hosts and can scale with the number of participants. This paper motivates the need for an anonymous communication layer and describes the self-organizing, novel divide-and-conquer approach that enables CliqueNet to scale while offering a strong anonymity guarantee. CliqueNet is widely applicable as a communication substrate for peer-to-peer applications that require anonymity, privacy and anti-censorship guarantees.
@article{Sirer_cliquenet:a, author = {Sirer, Emin G{\"u}n and Polte, Milo and Robson, Mark}, title = {CliqueNet: A Self-Organizing, Scalable, Peer-to-Peer Anonymous Communication Substrate}, year = {2001}, issn = {TR2001}, address = {Ithaca}, institution = {Cornell}, keywords = {anonymity, CliqueNet, DC-network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.22.4785\&rep=rep1\&type=url\&i=0} }
[Douceur01competitivehill-climbing] Competitive Hill-Climbing Strategies for Replica Placement in a Distributed File System

Douceur, John R., and Wattenhofer, Roger

2001

Website abstract Bib

The Farsite distributed file system stores multiple replicas of files on multiple machines, to provide file access even when some machines are unavailable. Farsite assigns file replicas to machines so as to maximally exploit the different degrees of availability of different machines, given an allowable replication factor R. We use competitive analysis and simulation to study the performance of three candidate hillclimbing replica placement strategies, MinMax, MinRand, and RandRand, each of which successively exchanges the locations of two file replicas. We show that the MinRand and RandRand strategies are perfectly competitive for R = 2 and 2/3-competitive for R = 3. For general R, MinRand is at least 1/2-competitive and RandRand is at least 10/17-competitive. The MinMax strategy is not competitive. Simulation results show better performance than the theoretic worst-case bounds.
@conference{Douceur01competitivehill-climbing, author = {Douceur, John R. and Wattenhofer, Roger}, booktitle = {In DISC}, title = {Competitive Hill-Climbing Strategies for Replica Placement in a Distributed File System}, year = {2001}, pages = {48{\textendash}62}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.22.6802\&rep=rep1\&type=pdf} }
[Michiardi01core:a] CORE: A Collaborative Reputation Mechanism to enforce node cooperation in Mobile Ad hoc Networks

Michiardi, Pietro, and Molva, Refik

2001

Website abstract Bib

Countermeasures for node misbehavior and selfishness are mandatory requirements in MANET. Selfishness that causes lack of node activity cannot be solved by classical security means that aim at verifying the correctness and integrity of an operation. We suggest a generic mechanism based on reputation to enforce cooperation among the nodes of a MANET to prevent selfish behavior. Each network entity keeps track of other entities’ collaboration using a technique called reputation. The reputation is calculated based on various types of information on each entity’s rate of collaboration. Since there is no incentive for a node to maliciously spread negative information about other nodes, simple denial of service attacks using the collaboration technique itself are prevented. The generic mechanism can be smoothly extended to basic network functions with little impact on existing protocols.
@conference{Michiardi01core:a, author = {Michiardi, Pietro and Molva, Refik}, title = {CORE: A Collaborative Reputation Mechanism to enforce node cooperation in Mobile Ad hoc Networks}, year = {2001}, pages = {107{\textendash}121}, keywords = {ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.58.4100} }
[Cattaneo:2001:DIT:647054.715628] The Design and Implementation of a Transparent Cryptographic File System for UNIX

Cattaneo, Giuseppe, Catuogno, Luigi, Sorbo, Aniello Del, and Persiano, Pino

06/2001 2001

Website abstract Bib

Recent advances in hardware and communication technologies have made possible and cost e ective to share a file system among several machines over a local (but possibly also a wide) area network. One of the most successful and widely used such applications is Sun’s Network File System (NFS). NFS is very simple in structure but assumes a very strong trust model: the user trusts the remote le system server (which might be running on a machine in di erent country) and a network with his/her data. It is easy to see that neither assumption is a very realistic one. The server (or anybody with superuser privileges) might very well read the data on its local lesytem and it is well known that the Internet or any local area network (e.g, Ethernet) is very easy to tap (see for example, Berkeley’s tcpdump 7, 5] application program). Impersoni cation of users is also another security drawback of NFS. In fact, most of the permission checking over NFS are performed in the kernel of the client. In such a context a pirate can temporarely assign to his own workstation the Internet address of victim. Without secure RPC 9] no further authentication procedure is requested. From here on, the pirate can issue NFS requests presenting himself with any (false) uid and therefore accessing for reading and writing any private data on the server, even protected data. Given the above, a user seeking a certain level of security should take some measures. Possible solutions are to use either user-level cryptography or application level cryptography. A discussion of the drawbacks of these approaches is found in 4]. A better approach is to push encryption services into the operating system as done by M. Blaze in the design of his CFS 4]. In this paper, we propose a new cryptographic le system, which we call TCFS , as a suitable solution to the problem of privacy for distributed le system (see section 2.1). Our work improves on CFS by providing a deeper integration between the encryption service and the le system which results in a complete transparency of use to the user applications.
@conference{Cattaneo:2001:DIT:647054.715628, author = {Cattaneo, Giuseppe and Catuogno, Luigi and Sorbo, Aniello Del and Persiano, Pino}, booktitle = {Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference}, title = {The Design and Implementation of a Transparent Cryptographic File System for UNIX}, year = {2001}, address = {Boston, Massachusetts, USA}, month = {06/2001}, organization = {USENIX Association}, pages = {199{\textendash}212}, publisher = {USENIX Association}, isbn = {1-880446-10-3}, keywords = {crytographic file system, UNIX}, owner = {tom}, timestamp = {2021-01-27}, url = {http://dl.acm.org/citation.cfm?id=647054.715628} }

[2001a] DVD COPY CONTROL ASSOCIATION vs. ANDREW BUNNER

2001

Bib

[Luby01efficienterasure] Efficient erasure correcting codes

Luby, Michael, Mitzenmacher, Michael, Shokrollahi, M. Amin, and Spielman, Daniel A.

IEEE Transactions on Information Theory 2001

abstract Bib

We introduce a simple erasure recovery algorithm for codes derived from cascades of sparse bipartite graphs and analyze the algorithm by analyzing a corresponding discrete-time random process. As a result, we obtain a simple criterion involving the fractions of nodes of different degrees on both sides of the graph which is necessary and sufficient for the decoding process to finish successfully with high probability. By carefully designing these graphs we can construct for any given rate R and any given real number ε a family of linear codes of rate R which can be encoded in time proportional to ln(1/ε) times their block length n. Furthermore, a codeword can be recovered with high probability from a portion of its entries of length (1+ε)Rn or more. The recovery algorithm also runs in time proportional to n ln(1/ε). Our algorithms have been implemented and work well in practice; various implementation issues are discussed
@article{Luby01efficienterasure, author = {Luby, Michael and Mitzenmacher, Michael and Shokrollahi, M. Amin and Spielman, Daniel A.}, journal = {IEEE Transactions on Information Theory}, title = {Efficient erasure correcting codes}, year = {2001}, pages = {569{\textendash}584}, volume = {47}, keywords = {coding theory, recovery algorithm}, owner = {tom}, timestamp = {2017-10-10} }
[PShuffle] An Efficient Scheme for Proving a Shuffle

Furukawa, Jun, and Sako, Kazue

2001

DOI Website abstract Bib

In this paper, we propose a novel and efficient protocol for proving the correctness of a shuffle, without leaking how the shuffle was performed. Using this protocol, we can prove the correctness of a shuffle of n data with roughly 18n exponentiations, where as the protocol of Sako-Kilian[SK95] required 642n and that of Abe[Ab99] required 22n log n. The length of proof will be only 211 n bits in our protocol, opposed to 218 n bits and 214 n log n bits required by Sako-Kilian and Abe, respectively. The proposed protocol will be a building block of an efficient, universally verifiable mix-net, whose application to voting system is prominent.
@conference{PShuffle, author = {Furukawa, Jun and Sako, Kazue}, booktitle = {Proceedings of {CRYPTO} 2001}, title = {An Efficient Scheme for Proving a Shuffle}, year = {2001}, editor = {Kilian, Joe}, organization = {Springer-Verlag, LNCS 2139}, publisher = {Springer-Verlag, LNCS 2139}, doi = {10.1007/3-540-44647-8}, isbn = {978-3-540-42456-7}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=704279} }
[cl01a] An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation

Camenisch, Jan, and Lysyanskaya, Anna

2001

Website abstract Bib

A credential system is a system in which users can obtain credentials from organizations and demonstrate possession of these credentials. Such a system is anonymous when transactions carried out by the same user cannot be linked. An anonymous credential system is of significant practical relevance because it is the best means of providing privacy for users. In this paper we propose a practical anonymous credential system that is based on the strong RSA assumption and the decisional Diffie-Hellman assumption modulo a safe prime product and is considerably superior to existing ones: 1 We give the first practical solution that allows a user to unlinkably demonstrate possession of a credential as many times as necessary without involving the issuing organization. 2 To prevent misuse of anonymity, our scheme is the first to offer optional anonymity revocation for particular transactions. 3 Our scheme offers separability: all organizations can choose their cryptographic keys independently of each other. Moreover, we suggest more effective means of preventing users from sharing their credentials, by introducing all-or-nothing sharing: a user who allows a friend to use one of her credentials once, gives him the ability to use all of her credentials, i.e., taking over her identity. This is implemented by a new primitive, called circular encryption, which is of independent interest, and can be realized from any semantically secure cryptosystem in the random oracle model.
@conference{cl01a, author = {Camenisch, Jan and Lysyanskaya, Anna}, booktitle = {Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT {\textquoteright}01)}, title = {An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation}, year = {2001}, address = {London, UK}, organization = {Springer-Verlag}, pages = {93{\textendash}118}, publisher = {Springer-Verlag}, isbn = {3-540-42070-3}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.63.9429} }
[747489] Extremum Feedback for Very Large Multicast Groups

Widmer, Jörg, and Fuhrmann, Thomas

2001

Website abstract Bib

In multicast communication, it is often required that feedback is received from a potentially very large group of responders while at the same time a feedback implosion needs to be pre- vented. To this end, a number of feedback control mechanisms have been proposed, which rely either on tree-based feedback aggregation or timer-based feedback suppression. Usually, these mechanisms assume that it is not necessary to discriminate be- tween feedback from different receivers. However, for many applications this is not the case and feedback from receivers with certain response values is preferred (e.g., highest loss or largest delay).
@conference{747489, author = {Widmer, J{\"o}rg and Fuhrmann, Thomas}, booktitle = {NGC {\textquoteright}01: Proceedings of the Third International COST264 Workshop on Networked Group Communication}, title = {Extremum Feedback for Very Large Multicast Groups}, year = {2001}, address = {London, UK}, organization = {Springer-Verlag}, pages = {56{\textendash}75}, publisher = {Springer-Verlag}, isbn = {3-540-42824-0}, keywords = {multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=648089.747489$\#$} }
[freedom21-security] Freedom Systems 2.1 Security Issues and Analysis

Back, Adam, Goldberg, Ian, and Shostack, Adam

May 2001

abstract Bib

We describe attacks to which Freedom, or Freedom users, may be vulnerable. These attacks are those that reduce the privacy of a Freedom user, through exploiting cryptographic, design or implementation issues. We include issues which may not be Freedom security issues which arise when the system is not properly used. This disclosure includes all known design or implementation flaws, as well as places where various trade-offs made while creating the system have privacy implications. We also discuss cryptographic points that are needed for a complete understanding of how Freedom works, including ones we don’t believe can be used to reduce anyone’s privacy.
@booklet{freedom21-security, title = {Freedom Systems 2.1 Security Issues and Analysis}, author = {Back, Adam and Goldberg, Ian and Shostack, Adam}, month = may, year = {2001}, keywords = {Freedom, privacy}, owner = {tom}, publisher = {Zero Knowledge Systems, {Inc.}}, timestamp = {2017-10-10}, type = {White Paper} }
[Damgard2001] A Generalisation, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System

Damg\aard, Ivan, and Jurik, Mats

2001

Website abstract Bib

We propose a generalisation of Paillier’s probabilistic public key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without loosing the homomorphic property. We show that the generalisation is as secure as Paillier’s original system. We construct a threshold variant of the generalised scheme as well as zero-knowledge protocols to show that a given ciphertext encrypts one of a set of given plaintexts, and protocols to verify multiplicative relations on plaintexts. We then show how these building blocks can be used for applying the scheme to efficient electronic voting.This reduces dramatically the work needed to compute the final result of an election, compared to the previously best known schemes.W e show how the basic scheme for a yes/no vote can be easily adapted to casting a vote for up to t out of L candidates. The same basic building blocks can also be adapted to provide receipt-free elections, under appropriate physical assumptions. The scheme for 1 out of L elections can be optimised such that for a certain range of parameter values, a ballot has size only O(log L) bits.
@conference{Damgard2001, author = {Damg\aard, Ivan and Jurik, Mats}, booktitle = {Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography}, title = {A Generalisation, a Simplification and Some Applications of Paillier{\textquoteright}s Probabilistic Public-Key System}, year = {2001}, address = {London, UK, UK}, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, isbn = {3-540-41658-7}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=648118.746742} }

[9999] The Gnutella Protocol Specification v0.4

2001

@article{9999,
  title = {The Gnutella Protocol Specification v0.4},
  year = {2001},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://www9.limewire.com/developer/gnutella_protocol_0.4.pdf}
}

[Cabrera01herald:achieving] Herald: Achieving a Global Event Notification Service

Cabrera, Luis Felipe, Jones, Michael B., and Theimer, Marvin

2001

Website abstract Bib

This paper presents the design philosophy and initial design decisions of Herald: a highly scalable global event notification system that is being designed and built at Microsoft Research. Herald is a distributed system designed to transparently scale in all respects, including numbers of subscribers and publishers, numbers of event subscription points, and event delivery rates. Event delivery can occur within a single machine, within a local network or Intranet, and throughout the Internet.
@conference{Cabrera01herald:achieving, author = {Cabrera, Luis Felipe and Jones, Michael B. and Theimer, Marvin}, booktitle = {In HotOS VIII}, title = {Herald: Achieving a Global Event Notification Service}, year = {2001}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.20.672\&rep=rep1\&type=pdf} }
[Luby01improvedlow-density] Improved low-density parity-check codes using irregular graphs

Luby, Michael, Mitzenmacher, Michael, Shokrollahi, M. Amin, and Spielman, Daniel A.

IEEE Trans. Inform. Theory 2001

DOI Website abstract Bib

We construct new families of error-correcting codes based on Gallager’s low-density parity-check codes. We improve on Gallager’s results by introducing irregular parity-check matrices and a new rigorous analysis of hard-decision decoding of these codes. We also provide efficient methods for finding good irregular structures for such decoding algorithms. Our rigorous analysis based on martingales, our methodology for constructing good irregular codes, and the demonstration that irregular structure improves performance constitute key points of our contribution. We also consider irregular codes under belief propagation. We report the results of experiments testing the efficacy of irregular codes on both binary-symmetric and Gaussian channels. For example, using belief propagation, for rate I R codes on 16 000 bits over a binary-symmetric channel, previous low-density parity-check codes can correct up to approximately 16 % errors, while our codes correct over 17%. In some cases our results come very close to reported results for turbo codes, suggesting that variations of irregular low density parity-check codes may be able to match or beat turbo code performance. Index Terms—Belief propagation, concentration theorem, Gallager codes, irregular codes, low-density parity-check codes.
@article{Luby01improvedlow-density, author = {Luby, Michael and Mitzenmacher, Michael and Shokrollahi, M. Amin and Spielman, Daniel A.}, journal = {IEEE Trans. Inform. Theory}, title = {Improved low-density parity-check codes using irregular graphs}, year = {2001}, issn = {0018-9448}, pages = {585{\textendash}598}, volume = {47}, doi = {10.1109/18.910576}, keywords = {coding theory, low-density parity-check}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.137.6057} }
[Golle01incentivesfor] Incentives for Sharing in Peer-to-Peer Networks

Golle, Philippe, Leyton-Brown, Kevin, Mironov, Ilya, and Lillibridge, Mark

2001

abstract Bib

We consider the free-rider problem in peer-to-peer file sharing networks such as Napster: that individual users are provided with no incentive for adding value to the network. We examine the design implications of the assumption that users will selfishly act to maximize their own rewards, by constructing a formal game theoretic model of the system and analyzing equilibria of user strategies under several novel payment mechanisms. We support and extend this work with results from experiments with a multi-agent reinforcement learning model.
@conference{Golle01incentivesfor, author = {Golle, Philippe and Leyton-Brown, Kevin and Mironov, Ilya and Lillibridge, Mark}, booktitle = {EC{\textquoteright}01: Proceedings of the Second International Workshop on Electronic Commerce}, title = {Incentives for Sharing in Peer-to-Peer Networks}, year = {2001}, address = {London, UK}, organization = {Springer-Verlag}, pages = {75-87}, publisher = {Springer-Verlag}, isbn = {3-540-42878-X}, keywords = {free-riding, incentives}, owner = {tom}, timestamp = {2017-10-10} }
[beimel01informationtheoretic] Information-Theoretic Private Information Retrieval: A Unified Construction

Beimel, Amos, and Ishai, Yuval

Lecture Notes in Computer Science 2001

DOI Website abstract Bib

A Private Information Retrieval (PIR) protocol enables a user to retrieve a data item from a database while hiding the identity of the item being retrieved. In a t-private, k-server PIR protocol the database is replicated among k servers, and the user’s privacy is protected from any collusion of up to t servers. The main cost-measure of such protocols is the communication complexity of retrieving a single bit of data. This work addresses the information-theoretic setting for PIR, in which the user’s privacy should be unconditionally protected from collusions of servers. We present a unified general construction, whose abstract components can be instantiated to yield both old and new families of PIR protocols. A main ingredient in the new protocols is a generalization of a solution by Babai, Kimmel, and Lokam to a communication complexity problem in the so-called simultaneous messages model. Our construction strictly improves upon previous constructions and resolves some previous anomalies. In particular, we obtain: (1) t-private k-server PIR protocols with O(n 1/⌊ (2k-1)/tc⌋) communication bits, where n is the database size. For t > 1, this is a substantial asymptotic improvement over the previous state of the art; (2) a constant-factor improvement in the communication complexity of 1-private PIR, providing the first improvement to the 2-server case since PIR protocols were introduced; (3) efficient PIR protocols with logarithmic query length. The latter protocols have applications to the construction of efficient families of locally decodable codes over large alphabets and to PIR protocols with reduced work by the servers.
@article{beimel01informationtheoretic, author = {Beimel, Amos and Ishai, Yuval}, journal = {Lecture Notes in Computer Science}, title = {Information-Theoretic Private Information Retrieval: A Unified Construction}, year = {2001}, issn = {0302-9743}, pages = {89{\textendash}98}, volume = {2076}, doi = {10.1007/3-540-48224-5}, isbn = {978-3-540-42287-7}, keywords = {communication complexity, privacy, private information retrieval}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.5.2796} }

[Department01instrumentingthe] Instrumenting The World With Wireless Sensor Networks

Estrin, Deborah, Pottie, Gregory J., Girod, L., and Srivastava, Mani

2001

Pervasive micro-sensing and actuation may revolutionize the way in which we understand and manage complex physical systems: from airplane wings to complex ecosystems. The capabilities for detailed physical monitoring and manipulation offer enormous opportunities for almost every scientific discipline, and it will alter the feasible granularity of engineering.

@conference{Department01instrumentingthe,
  author = {Estrin, Deborah and Pottie, Gregory J. and Girod, L. and Srivastava, Mani},
  booktitle = {In International Conference on Acoustics, Speech, and Signal Processing (ICASSP 2001},
  title = {Instrumenting The World With Wireless Sensor Networks},
  year = {2001},
  pages = {2033{\textendash}2036},
  keywords = {wireless sensor network},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.3.3027}
}

[Feeney2001] Investigating the energy consumption of a wireless network interface in an ad hoc networking environment

Feeney, Laura Marie, and Nilsson, Martin

04/2001 2001

DOI Website abstract Bib

Energy-aware design and evaluation of network protocols requires knowledge of the energy consumption behavior of actual wireless interfaces. But little practical information is available about the energy consumption behavior of well-known wireless network interfaces and device specifications do not provide information in a form that is helpful to protocol developers. This paper describes a series of experiments which obtained detailed measurements of the energy consumption of an IEEE 802.11 wireless network interface operating in an ad hoc networking environment. The data is presented as a collection of linear equations for calculating the energy consumed in sending, receiving and discarding broadcast and point-to-point data packets of various sizes. Some implications for protocol design and evaluation in ad hoc networks are discussed
@conference{Feeney2001, author = {Feeney, Laura Marie and Nilsson, Martin}, booktitle = {INFOCOM 2001. Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE}, title = {Investigating the energy consumption of a wireless network interface in an ad hoc networking environment}, year = {2001}, address = {Anchorage, AK , USA}, month = {04/2001}, doi = {10.1109/INFCOM.2001.916651}, isbn = {0-7803-7016-3}, keywords = {ad-hoc networks, energy consumption, IEEE 802.11}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=916651} }
[502052] A low-bandwidth network file system

Muthitacharoen, Athicha, Chen, Benjie, and Mazières, David

2001

DOI Website abstract Bib

Users rarely consider running network file systems over slow or wide-area networks, as the performance would be unacceptable and the bandwidth consumption too high. Nonetheless, efficient remote file access would often be desirable over such networks—particularly when high latency makes remote login sessions unresponsive. Rather than run interactive programs such as editors remotely, users could run the programs locally and manipulate remote files through the file system. To do so, however, would require a network file system that consumes less bandwidth than most current file systems.This paper presents LBFS, a network file system designed for low-bandwidth networks. LBFS exploits similarities between files or versions of the same file to save bandwidth. It avoids sending data over the network when the same data can already be found in the server’s file system or the client’s cache. Using this technique in conjunction with conventional compression and caching, LBFS consumes over an order of magnitude less bandwidth than traditional network file systems on common workloads.
@conference{502052, author = {Muthitacharoen, Athicha and Chen, Benjie and Mazi{\`e}res, David}, booktitle = {SOSP {\textquoteright}01: Proceedings of the eighteenth ACM symposium on Operating systems principles}, title = {A low-bandwidth network file system}, year = {2001}, address = {New York, NY, USA}, organization = {ACM}, pages = {174{\textendash}187}, publisher = {ACM}, doi = {10.1145/502034.502052}, isbn = {1-58113-389-8}, keywords = {file systems, workload characterization}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=502052$\#$} }
[Cramer2001] Multiparty Computation from Threshold Homomorphic Encryption

Cramer, Ronald, Damgárd, Ivan, and Nielsen, JesperB.

2001

DOI Website abstract Bib

We introduce a new approach to multiparty computation (MPC) basing it on homomorphic threshold crypto-systems. We show that given keys for any sufficiently efficient system of this type,general MPC protocols for n parties can be devised which are secure against an active adversary that corrupts any minority of the parties. The total number of bits broadcast is O(nk|C|),where k is the security parameter and |C| is the size of a (Boolean) circuit computing the function to be securely evaluated. An earlier proposal by Franklin and Haber with the same complexity was only secure for passive adversaries,while all earlier protocols with active security had complexity at least quadratic in n. We give two examples of threshold cryptosystems that can support our construction and lead to the claimed complexities.
@inbook{Cramer2001, author = {Cramer, Ronald and Damg{\'a}rd, Ivan and Nielsen, JesperB.}, editor = {Pfitzmann, Birgit}, pages = {280-300}, publisher = {Springer Berlin Heidelberg}, title = {Multiparty Computation from Threshold Homomorphic Encryption}, year = {2001}, isbn = {978-3-540-42070-5}, series = {Lecture Notes in Computer Science}, volume = {2045}, booktitle = {Advances in Cryptology {\textemdash} EUROCRYPT 2001}, doi = {10.1007/3-540-44987-6_18}, organization = {Springer Berlin Heidelberg}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1007/3-540-44987-6_18} }
[jakobsson-optimally] An Optimally Robust Hybrid Mix Network (Extended Abstract)

Jakobsson, Markus, and Juels, Ari

2001

Website abstract Bib

We present a mix network that achieves efficient integration of public-key and symmetric-key operations. This hybrid mix network is capable of natural processing of arbitrarily long input elements, and is fast in both practical and asymptotic senses. While the overhead in the size of input elements is linear in the number of mix servers, it is quite small in practice. In contrast to previous hybrid constructions, ours has optimal robustness, that is, robustness against any minority coalition of malicious servers.
@conference{jakobsson-optimally, author = {Jakobsson, Markus and Juels, Ari}, booktitle = {Proceedings of Principles of Distributed Computing - {PODC} {\textquoteright}01}, title = {An Optimally Robust Hybrid Mix Network (Extended Abstract)}, year = {2001}, organization = {ACM Press}, publisher = {ACM Press}, isbn = {1-58113-383-9}, keywords = {mix, public key cryptography, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=383962.384046} }
[Druschel01past:a] PAST: A large-scale, persistent peer-to-peer storage utility

Druschel, Peter, and Rowstron, Antony

2001

Website abstract Bib

This paper sketches the design of PAST, a large-scale, Internet-based, global storage utility that provides scalability, high availability, persistence and security. PAST is a peer-to-peer Internet application and is entirely selforganizing. PAST nodes serve as access points for clients, participate in the routing of client requests, and contribute storage to the system. Nodes are not trusted, they may join the system at any time and may silently leave the system without warning. Yet, the system is able to provide strong assurances, efficient storage access, load balancing and scalability.
@conference{Druschel01past:a, author = {Druschel, Peter and Rowstron, Antony}, booktitle = {In HotOS VIII}, title = {PAST: A large-scale, persistent peer-to-peer storage utility}, year = {2001}, pages = {75{\textendash}80}, keywords = {peer-to-peer storage}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1.1674} }
[697650] Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems

Rowstron, Antony, and Druschel, Peter

2001

Website abstract Bib

This paper presents the design and evaluation of Pastry, a scalable, distributed object location and routing substrate for wide-area peer-to-peer applications.Pastry performs application-level routing and object location in a potentially very large overlay network of nodes connected via the Internet. It can be used to support a variety of peer-to-peer applications, including global data storage, data sharing, group communication and naming. Each node in the Pastry network has a unique identifier (nodeId). When presented with a message and a key, a Pastry node efficiently routes the message to the node with a nodeId that is numerically closest to the key, among all currently live Pastry nodes. Each Pastry node keeps track of its immediate neighbors in the nodeId space, and notifies applications of new node arrivals, node failures and recoveries. Pastry takes into account network locality; it seeks to minimize the distance messages travel, according to a to scalar proximity metric like the number of IP routing hops. Pastry is completely decentralized, scalable, and self-organizing; it automatically adapts to the arrival, departure and failure of nodes. Experimental results obtained with a prototype implementation on an emulated network of up to 100,000 nodes confirm Pastry’s scalability and efficiency, its ability to self-organize and adapt to node failures, and its good network locality properties.
@conference{697650, author = {Rowstron, Antony and Druschel, Peter}, booktitle = {Middleware {\textquoteright}01: Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg}, title = {Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems}, year = {2001}, address = {London, UK}, organization = {Springer-Verlag}, pages = {329{\textendash}350}, publisher = {Springer-Verlag}, isbn = {3-540-42800-3}, keywords = {overlay networks, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=697650$\#$} }
[558412] Peer-to-Peer: Harnessing the Power of Disruptive Technologies

2001

Website abstract Bib

Upstart software projects Napster, Gnutella, and Freenet have dominated newspaper headlines, challenging traditional approaches to content distribution with their revolutionary use of peer-to-peer file-sharing technologies. Reporters try to sort out the ramifications of seemingly ungoverned peer-to-peer networks. Lawyers, business leaders, and social commentators debate the virtues and evils of these bold new distributed systems. But what’s really behind such disruptive technologies – the breakthrough innovations that have rocked the music and media worlds? And what lies ahead? In this book, key peer-to-peer pioneers take us beyond the headlines and hype and show how the technology is changing the way we communicate and exchange information. Those working to advance peer-to-peer as a technology, a business opportunity, and an investment offer their insights into how the technology has evolved and where it’s going. They explore the problems they’ve faced, the solutions they’ve discovered, the lessons they’ve learned, and their goals for the future of computer networking. Until now, Internet communities have been limited by the flat interactive qualities of email and network newsgroups, where people can exchange recommendations and ideas but have great difficulty commenting on one another’s postings, structuring information, performing searches, and creating summaries. Peer-to-peer challenges the traditional authority of the client/server model, allowing shared information to reside instead with producers and users. Peer-to-peer networks empower users to collaborate on producing and consuming information, adding to it, commenting on it, and building communities around it. This compilation represents the collected wisdom of today’s peer-to-peer luminaries. It includes contributions from Gnutella’s Gene Kan, Freenet’s Brandon Wiley, Jabber’s Jeremie Miller, and many others – plus serious discussions of topics ranging from accountability and trust to security and performance. Fraught with questions and promise, peer-to-peer is sure to remain on the computer industry’s center stage for years to come.
@book{558412, editor = {oram, Andy}, publisher = {O{\textquoteright}Reilly \& Associates, Inc.}, title = {Peer-to-Peer: Harnessing the Power of Disruptive Technologies}, year = {2001}, address = {Sebastopol, CA, USA}, isbn = {059600110X}, organization = {O{\textquoteright}Reilly \& Associates, Inc.}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=558412$\#$} }
[Dingledine2001] Peer-To-Peer: Harnessing the Power of Disruptive Technologies – Chapter 12: Free Haven

Dingledine, Roger, Freedman, Michael J., and Molnar, David

2001

abstract Bib

Description of the problems that arise when one tries to combine anonymity and accountability. Note that the Free Haven design described here charges for storing data in the network (downloads are free), whereas in GNUnet adding data is free and only the downloads are considered as utilization.
@inbook{Dingledine2001, author = {Dingledine, Roger and Freedman, Michael J. and Molnar, David}, editor = {oram, Andy}, publisher = {O{\textquoteright}Reilly Media}, title = {Peer-To-Peer: Harnessing the Power of Disruptive Technologies -- Chapter 12: Free Haven}, year = {2001}, organization = {O{\textquoteright}Reilly Media}, owner = {tom}, timestamp = {2021-01-27} }

[Chen01poblano:a] Poblano: A distributed trust model for peer-to-peer networks

Chen, Rita, and Yeager, William

2001

@booklet{Chen01poblano:a,
  title = {Poblano: A distributed trust model for peer-to-peer networks},
  author = {Chen, Rita and Yeager, William},
  year = {2001},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.106.7489\&rep=rep1\&type=pdf}
}

[Batten01pstore:a] pStore: A Secure Peer-to-Peer Backup System

Batten, Christopher, Barr, Kenneth, Saraf, Arvind, and Trepetin, Stanley

2001

Website abstract Bib

In an effort to combine research in peer-to-peer systems with techniques for incremental backup systems, we propose pStore: a secure distributed backup system based on an adaptive peer-to-peer network. pStore exploits unused personal hard drive space attached to the Internet to provide the distributed redundancy needed for reliable and effective data backup. Experiments on a 30 node network show that 95% of the files in a 13 MB dataset can be retrieved even when 7 of the nodes have failed. On top of this reliability, pStore includes support for file encryption, versioning, and secure sharing. Its custom versioning system permits arbitrary version retrieval similar to CVS. pStore provides this functionality at less than 10% of the network bandwidth and requires 85% less storage capacity than simpler local tape backup schemes for a representative workload.
@booklet{Batten01pstore:a, title = {pStore: A Secure Peer-to-Peer Backup System}, author = {Batten, Christopher and Barr, Kenneth and Saraf, Arvind and Trepetin, Stanley}, year = {2001}, keywords = {P2P, robustness}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.12.3444} }

[Hubaux01thequest] The Quest for Security in Mobile Ad Hoc Networks

Hubaux, Jean-Pierre, Buttyán, Levente, and Capkun, Srdan

2001

@booklet{Hubaux01thequest,
  title = {The Quest for Security in Mobile Ad Hoc Networks},
  author = {Hubaux, Jean-Pierre and Butty{\'a}n, Levente and Capkun, Srdan},
  year = {2001},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.130.6088\&rep=rep1\&type=pdf}
}

[501437] The quest for security in mobile ad hoc networks

Hubaux, Jean-Pierre, Buttyán, Levente, and Capkun, Srdan

2001

So far, research on mobile ad hoc networks has been forcused primarily on routing issues. Security, on the other hand, has been given a lower priority. This paper provides an overview of security problems for mobile ad hoc networks, distinguishing the threats on basic mechanisms and on security mechanisms. It then describes our solution to protect the security mechanisms. The original features of this solution include that (i) it is fully decentralized and (ii) all nodes are assigned equivalent roles.

@conference{501437,
  author = {Hubaux, Jean-Pierre and Butty{\'a}n, Levente and Capkun, Srdan},
  booktitle = {MobiHoc {\textquoteright}01: Proceedings of the 2nd ACM international symposium on Mobile ad hoc networking \& computing},
  title = {The quest for security in mobile ad hoc networks},
  year = {2001},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {146{\textendash}155},
  publisher = {ACM},
  doi = {10.1145/501436.501437},
  isbn = {1-58113-428-2},
  keywords = {ad-hoc networks, routing},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=501437$\#$}
}

[patterns-failure] Real World Patterns of Failure in Anonymity Systems

Clayton, Richard, Danezis, George, and Kuhn, Markus G.

Apr 2001

Website abstract Bib

We present attacks on the anonymity and pseudonymity provided by a "lonely hearts" dating service and by the HushMail encrypted email system. We move on to discuss some generic attacks upon anonymous systems based on the engineering reality of these systems rather than the theoretical foundations on which they are based. However, for less sophisticated users it is social engineering attacks, owing nothing to computer science, that pose the biggest day-to-day danger. This practical experience then permits a start to be made on developing a security policy model for pseudonymous communications.
@conference{patterns-failure, author = {Clayton, Richard and Danezis, George and Kuhn, Markus G.}, booktitle = {Proceedings of Information Hiding Workshop (IH 2001)}, title = {Real World Patterns of Failure in Anonymity Systems}, year = {2001}, editor = {Moskowitz, Ira S.}, month = apr, organization = {Springer-Verlag, LNCS 2137}, pages = {230{\textendash}244}, publisher = {Springer-Verlag, LNCS 2137}, isbn = {3-540-42733-3}, keywords = {pseudonym, security policy}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=731864} }
[Dingledine01areputation] A Reputation System to Increase MIX-net Reliability

Dingledine, Roger, Freedman, Michael J., Hopwood, David, and Molnar, David

2001

Website abstract Bib

We describe a design for a reputation system that increases the reliability and thus efficiency of remailer services. Our reputation system uses a MIX-net in which MIXes give receipts for intermediate messages. Together with a set of witnesses, these receipts allow senders to verify the correctness of each MIX and prove misbehavior to the witnesses.
@booklet{Dingledine01areputation, title = {A Reputation System to Increase MIX-net Reliability}, author = {Dingledine, Roger and Freedman, Michael J. and Hopwood, David and Molnar, David}, year = {2001}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.7912\&rep=rep1\&type=pdf} }

[mix-acc] A Reputation System to Increase MIX-net Reliability

Dingledine, Roger, Freedman, Michael J., Hopwood, David, and Molnar, David

Apr 2001

We describe a design for a reputation system that increases the reliability and thus efficiency of remailer services. Our reputation system uses a MIX-net in which MIXes give receipts for intermediate messages. Together with a set of witnesses, these receipts allow senders to verify the correctness of each MIX and prove misbehavior to the witnesses.

@conference{mix-acc,
  author = {Dingledine, Roger and Freedman, Michael J. and Hopwood, David and Molnar, David},
  booktitle = {Proceedings of Information Hiding Workshop (IH 2001)},
  title = {A Reputation System to Increase MIX-net Reliability},
  year = {2001},
  editor = {Moskowitz, Ira S.},
  month = apr,
  organization = {Springer-Verlag, LNCS 2137},
  pages = {126{\textendash}141},
  publisher = {Springer-Verlag, LNCS 2137},
  doi = {10.1007/3-540-45496-9},
  isbn = {978-3-540-42733-9},
  keywords = {remailer},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/ej8qv86wdkeukjc5/}
}

[502048] Resilient overlay networks

Andersen, David, Balakrishnan, Hari, Kaashoek, Frans M., and Morris, Robert

SIGOPS Oper. Syst. Rev. 2001

DOI Website abstract Bib

A Resilient Overlay Network (RON) is an architecture that allows distributed Internet applications to detect and recover from path outages and periods of degraded performance within several seconds, improving over today’s wide-area routing protocols that take at least several minutes to recover. A RON is an application-layer overlay on top of the existing Internet routing substrate. The RON nodes monitor the functioning and quality of the Internet paths among themselves, and use this information to decide whether to route packets directly over the Internet or by way of other RON nodes, optimizing application-specific routing metrics.Results from two sets of measurements of a working RON deployed at sites scattered across the Internet demonstrate the benefits of our architecture. For instance, over a 64-hour sampling period in March 2001 across a twelve-node RON, there were 32 significant outages, each lasting over thirty minutes, over the 132 measured paths. RON’s routing mechanism was able to detect, recover, and route around all of them, in less than twenty seconds on average, showing that its methods for fault detection and recovery work well at discovering alternate paths in the Internet. Furthermore, RON was able to improve the loss rate, latency, or throughput perceived by data transfers; for example, about 5% of the transfers doubled their TCP throughput and 5% of our transfers saw their loss probability reduced by 0.05. We found that forwarding packets via at most one intermediate RON node is sufficient to overcome faults and improve performance in most cases. These improvements, particularly in the area of fault detection and recovery, demonstrate the benefits of moving some of the control over routing into the hands of end-systems.
@article{502048, author = {Andersen, David and Balakrishnan, Hari and Kaashoek, Frans M. and Morris, Robert}, journal = {SIGOPS Oper. Syst. Rev.}, title = {Resilient overlay networks}, year = {2001}, issn = {0163-5980}, number = {5}, pages = {131{\textendash}145}, volume = {35}, address = {New York, NY, USA}, doi = {10.1145/502059.502048}, keywords = {resilient overlay network}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=502059.502048$\#$} }
[Scarlata01responderanonymity] Responder Anonymity and Anonymous Peer-to-Peer File Sharing

Scarlata, Vincent, Levine, Brian Neil, and Shields, Clay

11-14 nov. 2001 2001

Website abstract Bib

Data transfer over TCP/IP provides no privacy for network users. Previous research in anonymity has focused on the provision of initiator anonymity. We explore methods of adapting existing initiator-anonymous protocols to provide responder anonymity and mutual anonymity. We present Anonymous Peer-to-peer File Sharing (APFS) protocols, which provide mutual anonymity for peer-topeer le sharing. APFS addresses the problem of longlived Internet services that may outlive the degradation present in current anonymous protocols. One variant of APFS makes use of unicast communication, but requires a central coordinator to bootstrap the protocol. A second variant takes advantage of multicast routing to remove the need for any central coordination point. We compare the TCP performance of APFS protocol to existing overt le sharing systems such as Napster. In providing anonymity, APFS can double transfer times and requires that additional trac be carried by peers, but this overhead is constant with the size of the session. 1
@conference{Scarlata01responderanonymity, author = {Scarlata, Vincent and Levine, Brian Neil and Shields, Clay}, booktitle = {Network Protocols, 2001. Ninth International Conference on}, title = {Responder Anonymity and Anonymous Peer-to-Peer File Sharing}, year = {2001}, month = {11-14 Nov. 2001}, isbn = {0-7695-1429-4}, keywords = {anonymity, APFS, multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.20.7821\&rep=rep1\&type=url\&i=0} }

[383072] A scalable content-addressable network

Ratnasamy, Sylvia Paul, Francis, Paul, Handley, Mark, Karp, Richard, and Shenker, S

2001

Hash tables - which map "keys" onto "values" - are an essential building block in modern software systems. We believe a similar functionality would be equally valuable to large distributed systems. In this paper, we introduce the concept of a Content-Addressable Network (CAN) as a distributed infrastructure that provides hash table-like functionality on Internet-like scales. The CAN is scalable, fault-tolerant and completely self-organizing, and we demonstrate its scalability, robustness and low-latency properties through simulation.

@conference{383072,
  author = {Ratnasamy, Sylvia Paul and Francis, Paul and Handley, Mark and Karp, Richard and Shenker, S},
  booktitle = {SIGCOMM {\textquoteright}01: Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications},
  title = {A scalable content-addressable network},
  year = {2001},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {161{\textendash}172},
  publisher = {ACM},
  doi = {10.1145/383059.383072},
  isbn = {1-58113-411-8},
  keywords = {CAN, fault-tolerance, robustness},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=383072$\#$}
}

[10.1109/P2P.2001.990421] Search in JXTA and Other Distributed Networks

Botros, Sherif, and Waterhouse, Steve

Peer-to-Peer Computing, IEEE International Conference on 2001

@article{10.1109/P2P.2001.990421,
  author = {Botros, Sherif and Waterhouse, Steve},
  journal = {Peer-to-Peer Computing, IEEE International Conference on},
  title = {Search in JXTA and Other Distributed Networks},
  year = {2001},
  pages = {0030},
  address = {Los Alamitos, CA, USA},
  doi = {http://doi.ieeecomputersociety.org/10.1109/P2P.2001.990421},
  isbn = {0-7695-1503-7},
  owner = {tom},
  publisher = {IEEE Computer Society},
  timestamp = {2017-10-10}
}

[cheap-pseudonyms] The social cost of cheap pseudonyms

Friedman, Eric, and Resnick, Paul

Journal of Economics and Management Strategy 2001

DOI Website abstract Bib

We consider the problems of societal norms for cooperation and reputation when it is possible to obtain cheap pseudonyms, something that is becoming quite common in a wide variety of interactions on the Internet. This introduces opportunities to misbehave without paying reputational consequences. A large degree of cooperation can still emerge, through a convention in which newcomers "pay their dues" by accepting poor treatment from players who have established positive reputations. One might hope for an open society where newcomers are treated well, but there is an inherent social cost in making the spread of reputations optional. We prove that no equilibrium can sustain significantly more cooperation than the dues-paying equilibrium in a repeated random matching game with a large number of players in which players have finite lives and the ability to change their identities, and there is a small but nonvanishing probability of mistakes. Although one could remove the inefficiency of mistreating newcomers by disallowing anonymity, this is not practical or desirable in a wide variety of transactions. We discuss the use of entry fees, which permits newcomers to be trusted but excludes some players with low payoffs, thus introducing a different inefficiency. We also discuss the use of free but unreplaceable pseudonyms, and describe a mechanism that implements them using standard encryption techniques, which could be practically implemented in electronic transactions.
@article{cheap-pseudonyms, author = {Friedman, Eric and Resnick, Paul}, journal = {Journal of Economics and Management Strategy}, title = {The social cost of cheap pseudonyms}, year = {2001}, number = {2}, pages = {173{\textendash}199}, volume = {10}, doi = {10.1111/j.1430-9134.2001.00173.x}, keywords = {pseudonym}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www3.interscience.wiley.com/journal/119023370/abstract?CRETRY=1\&SRETRY=0} }
[strong-eternity] The Strong Eternity Service

Benes, Tonda

Apr 2001

DOI Website abstract Bib

Strong Eternity Service is a safe and very reliable storage for data of high importance. We show how to establish persistent pseudonyms in a totally anonymous environment and how to create a unique fully distributed name-space allowing both computer-efficient and human-acceptable access. We also present a way how to retrieve information from such data storage. We adapt the notion of the mix-network so that it can provide symmetric anonymity to both the client and the server. Finally we propose a system of after-the-act payments that can support operation of the Service without compromising anonymity.
@conference{strong-eternity, author = {Benes, Tonda}, booktitle = {Proceedings of Information Hiding Workshop (IH 2001)}, title = {The Strong Eternity Service}, year = {2001}, editor = {Moskowitz, Ira S.}, month = apr, organization = {Springer-Verlag, LNCS 2137}, publisher = {Springer-Verlag, LNCS 2137}, doi = {10.1007/3-540-45496-9}, isbn = {978-3-540-42733-9}, keywords = {anonymity service, distributed name-space, pseudonym}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=731726} }

[Waldman01tangler:a] Tangler: A Censorship-Resistant Publishing System Based On Document Entanglements

Waldman, Marc, and Mazières, David

2001

The basic idea is to protect documents by making it impossible to remove one document from the system without loosing others. The underlying assumption that the adversary cares about collateral damage of this kind is a bit far fetched. Also, the entanglement doubles the amount of data that needs to be moved to retrieve a document.

@conference{Waldman01tangler:a,
  author = {Waldman, Marc and Mazi{\`e}res, David},
  booktitle = {In Proceedings of the 8th ACM Conference on Computer and Communications Security},
  title = {Tangler: A Censorship-Resistant Publishing System Based On Document Entanglements},
  year = {2001},
  pages = {126{\textendash}135},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.24.3781\&rep=rep1\&type=pdf}
}

[Zhao01tapestry:an] Tapestry: An Infrastructure for Fault-tolerant Wide-area Location and Routing

Zhao, Ben Y., Zhao, Ben Y., Kubiatowicz, John, Kubiatowicz, John, Joseph, Anthony D., and Joseph, Anthony D.

2001

Website abstract Bib

In today’s chaotic network, data and services are mobile and replicated widely for availability, durability, and locality. Components’ within this infrastructure interact in rich and complex ways, greatly stressing traditional approaches to name service and routing. This paper explores an alternative to traditional approaches called Tapestry. Tapestry is an overlay location and routing infrastructure that provides location-independent routing of messages directly to the closest copy of an object or service using only point-to-point links and without centralized resources. The routing and directory information within this’ infrastructure is purely soft state and easily repaired. Tapestry is self-administering, fault-tolerant, and resilient under load. This paper presents’ the architecture and algorithms of Tapestry and explores their advantages through a number of experiments.
@booklet{Zhao01tapestry:an, title = {Tapestry: An Infrastructure for Fault-tolerant Wide-area Location and Routing}, author = {Zhao, Ben Y. and Zhao, Ben Y. and Kubiatowicz, John and Kubiatowicz, John and Joseph, Anthony D. and Joseph, Anthony D.}, year = {2001}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=894116$\#$} }
[Laffont2001] The Theory of Incentives: The Principal-Agent Model

Laffont, Jean-Jacques, and Martimort, David

2001

Website abstract Bib

Economics has much to do with incentives–not least, incentives to work hard, to produce quality products, to study, to invest, and to save. Although Adam Smith amply confirmed this more than two hundred years ago in his analysis of sharecropping contracts, only in recent decades has a theory begun to emerge to place the topic at the heart of economic thinking. In this book, Jean-Jacques Laffont and David Martimort present the most thorough yet accessible introduction to incentives theory to date. Central to this theory is a simple question as pivotal to modern-day management as it is to economics research: What makes people act in a particular way in an economic or business situation? In seeking an answer, the authors provide the methodological tools to design institutions that can ensure good incentives for economic agents. This book focuses on the principal-agent model, the "simple" situation where a principal, or company, delegates a task to a single agent through a contract–the essence of management and contract theory. How does the owner or manager of a firm align the objectives of its various members to maximize profits? Following a brief historical overview showing how the problem of incentives has come to the fore in the past two centuries, the authors devote the bulk of their work to exploring principal-agent models and various extensions thereof in light of three types of information problems: adverse selection, moral hazard, and non-verifiability. Offering an unprecedented look at a subject vital to industrial organization, labor economics, and behavioral economics, this book is set to become the definitive resource for students, researchers, and others who might find themselves pondering what contracts, and the incentives they embody, are really all about.
@book{Laffont2001, author = {Laffont, Jean-Jacques and Martimort, David}, publisher = {Princeton University Press}, title = {The Theory of Incentives: The Principal-Agent Model}, year = {2001}, address = {Princeton, New Jersey, USA}, isbn = {9780691091846}, keywords = {economics, principal-agent model}, organization = {Princeton University Press}, owner = {tom}, pages = {360}, timestamp = {2017-10-10}, url = {http://press.princeton.edu/chapters/i7311.html} }
[back01] Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems

Back, Adam, Möller, Ulf, and Stiglic, Anton

Apr 2001

DOI Website abstract Bib

We discuss problems and trade-offs with systems providing anonymity for web browsing (or more generally any communication system that requires low latency interaction). We focus on two main systems: the Freedom network [12] and PipeNet [8]. Although Freedom is efficient and reasonably secure against denial of service attacks, it is vulnerable to some generic traffic analysis attacks, which we describe. On the other hand, we look at PipeNet, a simple theoretical model which protects against the traffic analysis attacks we point out, but is vulnerable to denial of services attacks and has efficiency problems. In light of these observations, we discuss the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity.
@conference{back01, author = {Back, Adam and M{\"o}ller, Ulf and Stiglic, Anton}, booktitle = {Proceedings of Information Hiding Workshop (IH 2001)}, title = {Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems}, year = {2001}, editor = {Moskowitz, Ira S.}, month = apr, organization = {Springer-Verlag, LNCS 2137}, pages = {245{\textendash}257}, publisher = {Springer-Verlag, LNCS 2137}, doi = {10.1007/3-540-45496-9}, isbn = {978-3-540-42733-9}, keywords = {anonymity, Freedom, latency, Pipenet}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/4gpwtejkkvadcdcm/} }
[shuffle:ccs01] A Verifiable Secret Shuffle and its Application to E-Voting

Neff, Andrew C.

Nov 2001

DOI Website abstract Bib

We present a mathematical construct which provides a cryptographic protocol to verifiably shuffle a sequence of k modular integers, and discuss its application to secure, universally verifiable, multi-authority election schemes. The output of the shuffle operation is another sequence of k modular integers, each of which is the same secret power of a corresponding input element, but the order of elements in the output is kept secret. Though it is a trivial matter for the "shuffler" (who chooses the permutation of the elements to be applied) to compute the output from the input, the construction is important because it provides a linear size proof of correctness for the output sequence (i.e. a proof that it is of the form claimed) that can be checked by an arbitrary verifiers. The complexity of the protocol improves on that of Furukawa-Sako[16] both measured by number of exponentiations and by overall size.The protocol is shown to be honest-verifier zeroknowledge in a special case, and is computational zeroknowledge in general. On the way to the final result, we also construct a generalization of the well known Chaum-Pedersen protocol for knowledge of discrete logarithm equality [10], [7]. In fact, the generalization specializes exactly to the Chaum-Pedersen protocol in the case k = 2. This result may be of interest on its own.An application to electronic voting is given that matches the features of the best current protocols with significant efficiency improvements. An alternative application to electronic voting is also given that introduces an entirely new paradigm for achieving Universally Verifiable elections.
@conference{shuffle:ccs01, author = {Neff, Andrew C.}, booktitle = {{Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS 2001)}}, title = {A Verifiable Secret Shuffle and its Application to E-Voting}, year = {2001}, editor = {Samarati, Pierangela}, month = nov, organization = {ACM Press}, pages = {116{\textendash}125}, publisher = {ACM Press}, doi = {10.1145/501983.502000}, isbn = {1-58113-385-5}, keywords = {discrete logarithm, multi-authority}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=502000} }
[Heydon01thevesta] The Vesta Approach to Software Configuration Management

Heydon, Allan, Levin, Roy, Mann, Timothy, and Yu, Yuan

2001

Website abstract Bib

Vesta is a system for software configuration management. It stores collections of source files, keeps track of which versions of which files go together, and automates the process of building a complete software artifact from its component pieces. Vesta’s novel approach gives it three important properties. First, every build is repeatable, because its component sources and build tools are stored immutably and immortally, and its configuration description completely specifies what components and tools are used and how they are put together. Second, every build is incremental, because results of previous builds are cached and reused. Third, every build is consistent, because all build dependencies are automatically captured and recorded, so that a cached result from a previous build is reused only when doing so is certain to be correct. In addition, Vesta’s flexible language for writing configuration descriptions makes it easy to describe large software configurations in a modular fashion and to create variant configurations by customizing build parameters. This paper gives a brief overview of Vesta, outlining Vesta’s advantages over traditional tools, how those benefits are achieved, and the system’s overall performance.
@booklet{Heydon01thevesta, title = {The Vesta Approach to Software Configuration Management}, author = {Heydon, Allan and Levin, Roy and Mann, Timothy and Yu, Yuan}, year = {2001}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.23.7370} }
[502054] Wide-area cooperative storage with CFS

Dabek, Frank, Kaashoek, Frans M., Karger, David, Morris, Robert, and Stoica, Ion

2001

DOI Website abstract Bib

The Cooperative File System (CFS) is a new peer-to-peer read-only storage system that provides provable guarantees for the efficiency, robustness, and load-balance of file storage and retrieval. CFS does this with a completely decentralized architecture that can scale to large systems. CFS servers provide a distributed hash table (DHash) for block storage. CFS clients interpret DHash blocks as a file system. DHash distributes and caches blocks at a fine granularity to achieve load balance, uses replication for robustness, and decreases latency with server selection. DHash finds blocks using the Chord location protocol, which operates in time logarithmic in the number of servers.CFS is implemented using the SFS file system toolkit and runs on Linux, OpenBSD, and FreeBSD. Experience on a globally deployed prototype shows that CFS delivers data to clients as fast as FTP. Controlled tests show that CFS is scalable: with 4,096 servers, looking up a block of data involves contacting only seven servers. The tests also demonstrate nearly perfect robustness and unimpaired performance even when as many as half the servers fail.
@conference{502054, author = {Dabek, Frank and Kaashoek, Frans M. and Karger, David and Morris, Robert and Stoica, Ion}, booktitle = {SOSP {\textquoteright}01: Proceedings of the eighteenth ACM symposium on Operating systems principles}, title = {Wide-area cooperative storage with CFS}, year = {2001}, address = {New York, NY, USA}, organization = {ACM}, pages = {202{\textendash}215}, publisher = {ACM}, doi = {10.1145/502034.502054}, isbn = {1-58113-389-8}, keywords = {P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=502054$\#$} }
[Heimbigner00adaptingpublish/subscribe] Adapting Publish/Subscribe Middleware to Achieve Gnutella-like Functionality

Heimbigner, Dennis

2000

Website abstract Bib

Gnutella represents a new wave of peer-to-peer applications providing distributed discovery and sharing of resources across the Internet. Gnutella is distinguished by its support for anonymity and by its decentralized architecture. The current Gnutella architecture and protocol have numerous flaws with respect to efficiency, anonymity, and vulnerability to malicious actions. An alternative design is described that provides Gnutella-like functionality but removes or mitigates many of Gnutella’s flaws. This design, referred to as Query/Advertise (Q/A) is based upon a scalable publish/subscribe middleware system called Sienab. A prototype implementation of Q/A is described. The relative benefits of this approach are discussed, and a number of open research problems are identified with respect to Q/A systems.
@conference{Heimbigner00adaptingpublish/subscribe, author = {Heimbigner, Dennis}, booktitle = {In Proc. of SAC}, title = {Adapting Publish/Subscribe Middleware to Achieve Gnutella-like Functionality}, year = {2000}, pages = {176{\textendash}181}, owner = {tom}, timestamp = {2017-10-10}, url = {http://serl.cs.colorado.edu/~serl/papers/CU-CS-909-00.pdf} }
[terminology] Anonymity, Unobservability, and Pseudonymity: A Consolidated Proposal for Terminology

Pfitzmann, Andreas, and Hansen, Marit

Jul 2000

Website abstract Bib

Based on the nomenclature of the early papers in the field, we propose a terminology which is both expressive and precise. More particularly, we define anonymity, unlinkability, unobservability, pseudonymity (pseudonyms and digital pseudonyms, and their attributes), and identity management. In addition, we describe the relationships between these terms, give a rational why we define them as we do, and sketch the main mechanisms to provide for the properties defined.
@booklet{terminology, title = {Anonymity, Unobservability, and Pseudonymity: A Consolidated Proposal for Terminology}, author = {Pfitzmann, Andreas and Hansen, Marit}, month = jul, year = {2000}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dud.inf.tu-dresden.de/Anon_Terminology.shtml} }

[DBLP:conf/diau/PfitzmannK00] Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology

Pfitzmann, Andreas, and Köhntopp, Marit

2000

Bib

@conference{DBLP:conf/diau/PfitzmannK00,
  author = {Pfitzmann, Andreas and K{\"o}hntopp, Marit},
  booktitle = {Workshop on Design Issues in Anonymity and Unobservability},
  title = {Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology},
  year = {2000},
  pages = {1-9},
  owner = {tom},
  timestamp = {2017-10-10}
}

[mitkuro] Attack for Flash MIX

Mitomo, Masashi, and Kurosawa, Kaoru

2000

DOI Website abstract Bib

AMIX net takes a list of ciphertexts (c 1,... , c N) and outputs a permuted list of the plaintexts (m 1,... ,m N) without revealing the relationship between (c 1,... , c N) and (m 1,... ,m N). This paper shows that the Jakobsson’s flash MIX of PODC’99, which was believed to be the most efficient robust MIX net, is broken. The first MIX server can prevent computing the correct output with probability 1 in our attack. We also present a countermeasure for our attack.
@conference{mitkuro, author = {Mitomo, Masashi and Kurosawa, Kaoru}, booktitle = {Proceedings of ASIACRYPT 2000}, title = {Attack for Flash MIX}, year = {2000}, organization = {Springer-Verlag, LNCS 1976}, publisher = {Springer-Verlag, LNCS 1976}, doi = {10.1007/3-540-44448-3_15}, isbn = {3-540-41404-5}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.20.6972} }
[rao-pseudonymity] Can Pseudonymity Really Guarantee Privacy?

Rao, Josyula R., and Rohatgi, Pankaj

Aug 2000

Website abstract Bib

One of the core challenges facing the Internet today is the problem of ensuring privacy for its users. It is believed that mechanisms such as anonymity and pseudonymity are essential building blocks in formulating solutions to address these challenges and considerable effort has been devoted towards realizing these primitives in practice. The focus of this effort, however, has mostly been on hiding explicit identify information (such as source addresses) by employing a combination of anonymizing proxies, cryptographic techniques to distribute trust among them and traffic shaping techniques to defeat traffic analysis. We claim that such approaches ignore a significant amount of identifying information about the source that leaks from the contents of web traffic itself. In this paper, we demonstrate the significance and value of such information by showing how techniques from linguistics and stylometry can use this information to compromise pseudonymity in several important settings. We discuss the severity of this problem and suggest possible countermeasures.
@conference{rao-pseudonymity, author = {Rao, Josyula R. and Rohatgi, Pankaj}, booktitle = {Proceedings of the 9th USENIX Security Symposium}, title = {Can Pseudonymity Really Guarantee Privacy?}, year = {2000}, month = aug, organization = {USENIX}, pages = {85{\textendash}96}, publisher = {USENIX}, keywords = {anonymity, pseudonym}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251313} }
[339337] A case for end system multicast (keynote address)

Chu, Yang-hua, Rao, Sanjay G., and Zhang, Hui

06/2000 2000

DOI Website abstract Bib

The conventional wisdom has been that IP is the natural protocol layer for implementing multicast related functionality. However, ten years after its initial proposal, IP Multicast is still plagued with concerns pertaining to scalability, network management, deployment and support for higher layer functionality such as error, flow and congestion control. In this paper, we explore an alternative architecture for small and sparse groups, where end systems implement all multicast related functionality including membership management and packet replication. We call such a scheme End System Multicast. This shifting of multicast support from routers to end systems has the potential to address most problems associated with IP Multicast. However, the key concern is the performance penalty associated with such a model. In particular, End System Multicast introduces duplicate packets on physical links and incurs larger end-to-end delay than IP Multicast. In this paper, we study this question in the context of the Narada protocol. In Narada, end systems self-organize into an overlay structure using a fully distributed protocol. In addition, Narada attempts to optimize the efficiency of the overlay based on end-to-end measurements. We present details of Narada and evaluate it using both simulation and Internet experiments. Preliminary results are encouraging. In most simulations and Internet experiments, the delay and bandwidth penalty are low. We believe the potential benefits of repartitioning multicast functionality between end systems and routers significantly outweigh the performance penalty incurred.
@conference{339337, author = {Chu, Yang-hua and Rao, Sanjay G. and Zhang, Hui}, booktitle = {SIGMETRICS {\textquoteright}00: Proceedings of the 2000 ACM SIGMETRICS international conference on Measurement and modeling of computer systems}, title = {A case for end system multicast (keynote address)}, year = {2000}, address = {Santa Clara, CA}, month = {06/2000}, organization = {ACM}, pages = {1{\textendash}12}, publisher = {ACM}, doi = {10.1145/339331.339337}, isbn = {1-58113-194-1}, keywords = {multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=339337$\#$} }
[disad-free-routes] The disadvantages of free MIX routes and how to overcome them

Berthold, Oliver, Pfitzmann, Andreas, and Standtke, Ronny

Jul 2000

Website abstract Bib

There are different methods to build an anonymity service using MIXes. A substantial decision for doing so is the method of choosing the MIX route. In this paper we compare two special configurations: a fixed MIX route used by all participants and a network of freely usable MIXes where each participant chooses his own route. The advantages and disadvantages in respect to the freedom of choice are presented and examined. We’ll show that some additional attacks are possible in networks with freely chosen MIX routes. After describing these attacks, we estimate their impact on the achievable degree of anonymity. Finally, we evaluate the relevance of the described attacks with respect to existing systems like e.g. Mixmaster, Crowds, and Freedom.
@conference{disad-free-routes, author = {Berthold, Oliver and Pfitzmann, Andreas and Standtke, Ronny}, booktitle = {Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability}, title = {The disadvantages of free MIX routes and how to overcome them}, year = {2000}, month = jul, organization = {Springer-Verlag, LNCS 2009}, pages = {30{\textendash}45}, publisher = {Springer-Verlag, LNCS 2009}, isbn = {3-540-41724-9}, keywords = {anonymity, attack}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=371975} }
[820485] Energy-Efficient Communication Protocol for Wireless Microsensor Networks

Heinzelman, Wendi Rabiner, Chandrakasan, Anantha, and Balakrishnan, Hari

2000

Website abstract Bib

Wireless distributed micro-sensor systems will enable the reliable monitoring of a variety of environments for both civil and military applications. In this paper, we look at communication protocols, which can have significant impact on the overall energy dissipation of these networks.Based on our findings that the conventional protocols of direct transmission, minimum-transmission-energy, multihop routing, and static clustering may not be optimal for sensor networks, we propose LEACH (Low-Energy Adaptive Clustering Hierarchy), a clustering-based protocol that utilizes randomized rotation of local cluster base stations (cluster-heads) to evenly distribute the energy load among the sensors in the network. LEACH uses localized coordination to enable scalability and robustness for dynamic net-works, and incorporates data fusion into the routing protocol to reduce the amount of information that must be transmitted to the base station. Simulations show that LEACH can achieve as much as a factor of 8 reduction in energy dissipation compared with conventional routing protocols. In addition, LEACH is able to distribute energy dissipation evenly throughout the sensors, doubling the useful system lifetime for the networks we simulated.
@conference{820485, author = {Heinzelman, Wendi Rabiner and Chandrakasan, Anantha and Balakrishnan, Hari}, booktitle = {HICSS {\textquoteright}00: Proceedings of the 33rd Hawaii International Conference on System Sciences-Volume 8}, title = {Energy-Efficient Communication Protocol for Wireless Microsensor Networks}, year = {2000}, address = {Washington, DC, USA}, organization = {IEEE Computer Society}, pages = {8020}, publisher = {IEEE Computer Society}, isbn = {0-7695-0493-0}, keywords = {Low-Energy Adaptive Clustering Hierarchy, mobile Ad-hoc networks, routing, wireless sensor network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=820485$\#$} }

[514164] Enforcing service availability in mobile ad-hoc WANs

Buttyán, Levente, and Hubaux, Jean-Pierre

2000

In this paper, we address the problem of service availability in mobile ad-hoc WANs. We present a secure mechanism to stimulate end users to keep their devices turned on, to refrain from overloading the network, and to thwart tampering aimed at converting the device into a "selfish" one. Our solution is based on the application of a tamper resistant security module in each device and cryptographic protection of messages.

@conference{514164,
  author = {Butty{\'a}n, Levente and Hubaux, Jean-Pierre},
  booktitle = {MobiHoc {\textquoteright}00: Proceedings of the 1st ACM international symposium on Mobile ad hoc networking \& computing},
  title = {Enforcing service availability in mobile ad-hoc WANs},
  year = {2000},
  address = {Piscataway, NJ, USA},
  organization = {IEEE Press},
  pages = {87{\textendash}96},
  publisher = {IEEE Press},
  isbn = {0-7803-6534-8},
  keywords = {ad-hoc networks, cryptography},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://portal.acm.org/citation.cfm?id=514164}
}

[339345] Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs

Bolosky, William J., Douceur, John R., Ely, David, and Theimer, Marvin

SIGMETRICS Performance Evaluation Review 2000

DOI Website abstract Bib

We consider an architecture for a serverless distributed file system that does not assume mutual trust among the client computers. The system provides security, availability, and reliability by distributing multiple encrypted replicas of each file among the client machines. To assess the feasibility of deploying this system on an existing desktop infrastructure, we measure and analyze a large set of client machines in a commercial environment. In particular, we measure and report results on disk usage and content; file activity; and machine uptimes, lifetimes, and loads. We conclude that the measured desktop infrastructure would passably support our proposed system, providing availability on the order of one unfilled file request per user per thousand days.
@article{339345, author = {Bolosky, William J. and Douceur, John R. and Ely, David and Theimer, Marvin}, journal = {SIGMETRICS Performance Evaluation Review}, title = {Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs}, year = {2000}, issn = {0163-5999}, number = {1}, pages = {34{\textendash}43}, volume = {28}, address = {New York, NY, USA}, doi = {10.1145/345063.339345}, keywords = {analytical modeling, availability, feasibility analysis, personal computer usage data, reliability, serverless distributed file system architecture, trust, workload characterization}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=345063.339345$\#$} }
[Pei00fisheyestate] Fisheye State Routing in Mobile Ad Hoc Networks

Pei, Guangyu, Gerla, Mario, and Chen, Tsu-Wei

2000

Website abstract Bib

In this paper, we present a novel routing protocol for wireless ad hoc networks – Fisheye State Routing (FSR). FSR introduces the notion of multi-level fisheye scope to reduce routing update overhead in large networks. Nodes exchange link state entries with their neighbors with a frequency which depends on distance to destination. From link state entries, nodes construct the topology map of the entire network and compute optimal routes. Simulation experiments show that FSR is simple, efficient and scalable routing solution in a mobile, ad hoc environment. 1 Introduction As the wireless and embedded computing technologies continue to advance, increasing numbers of small size and high performance computing and communication devices will be capable of tetherless communications and ad hoc wireless networking. An ad hoc wireless network is a selforganizing and self-configuring network with the capability of rapid deployment in response to application needs.
@conference{Pei00fisheyestate, author = {Pei, Guangyu and Gerla, Mario and Chen, Tsu-Wei}, booktitle = {In ICDCS Workshop on Wireless Networks and Mobile Computing}, title = {Fisheye State Routing in Mobile Ad Hoc Networks}, year = {2000}, pages = {71{\textendash}78}, keywords = {mobile Ad-hoc networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.43.6730} }
[freehaven-berk] The Free Haven Project: Distributed Anonymous Storage Service

Dingledine, Roger, Freedman, Michael J., and Molnar, David

Jul 2000

DOI Website abstract Bib

We present a design for a system of anonymous storage which resists the attempts of powerful adversaries to find or destroy any stored data. We enumerate distinct notions of anonymity for each party in the system, and suggest a way to classify anonymous systems based on the kinds of anonymity provided. Our design ensures the availability of each document for a publisher-specified lifetime. A reputation system provides server accountability by limiting the damage caused from misbehaving servers. We identify attacks and defenses against anonymous storage services, and close with a list of problems which are currently unsolved.
@conference{freehaven-berk, author = {Dingledine, Roger and Freedman, Michael J. and Molnar, David}, booktitle = {Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability}, title = {The Free Haven Project: Distributed Anonymous Storage Service}, year = {2000}, month = jul, organization = {Springer-Verlag, LNCS 2009}, publisher = {Springer-Verlag, LNCS 2009}, doi = {10.1007/3-540-44702-4}, isbn = {978-3-540-41724-8}, keywords = {accountability, anonymity, anonymous publishing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/uh3mbw5m6u6xt24v/} }
[freedom2-arch] Freedom Systems 2.0 Architecture

Boucher, Philippe, Shostack, Adam, and Goldberg, Ian

Dec 2000

abstract Bib

This white paper, targeted at the technically savvy reader, offers a detailed look at the Freedom 2.0 System architecture. It is intended to give the reader a good understanding of the components that make up this system and the relationships between them, as well as to encourage analysis of the system.
@booklet{freedom2-arch, title = {Freedom Systems 2.0 Architecture}, author = {Boucher, Philippe and Shostack, Adam and Goldberg, Ian}, month = dec, year = {2000}, owner = {tom}, publisher = {Zero Knowledge Systems, {Inc.}}, timestamp = {2017-10-10}, type = {White Paper} }
[Clarke2000] Freenet: A Distributed Anonymous Information Storage and Retrieval System

Clarke, Ian, Sandberg, Oskar, Wiley, Brandon, and Hong, Theodore W.

Jul 2000

Website abstract Bib

We describe Freenet, an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Freenet operates as a network of identical nodes that collectively pool their storage space to store data files and cooperate to route requests to the most likely physical location of data. No broadcast search or centralized location index is employed. Files are referred to in a location-independent manner, and are dynamically replicated in locations near requestors and deleted from locations where there is no interest. It is infeasible to discover the true origin or destination of a file passing through the network, and di#cult for a node operator to determine or be held responsible for the actual physical contents of her own node.
@conference{Clarke2000, author = {Clarke, Ian and Sandberg, Oskar and Wiley, Brandon and Hong, Theodore W.}, booktitle = {Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, ,, Proceedings 2001}, title = {Freenet: A Distributed Anonymous Information Storage and Retrieval System}, year = {2000}, address = {Berkeley, CA, USA}, month = jul, pages = {46{\textendash}66}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.ecse.rpi.edu/Homepages/shivkuma/teaching/sp2001/readings/freenet.pdf} }
[desmedt] How To Break a Practical MIX and Design a New One

Desmedt, Yvo, and Kurosawa, Kaoru

2000

DOI Website abstract Bib

A MIX net takes a list of ciphertexts (c 1, ..., c N) and outputs a permuted list of the plaintexts (m 1, ..., m N) without revealing the relationship between (c 1,..., c N) and (m 1, ...,m N). This paper first shows that the Jakobsson’s MIX net of Eurocrypt’98, which was believed to be resilient and very efficient, is broken. We next propose an efficient t-resilient MIX net with O(t 2) servers in which the cost of each MIX server is O(N). Two new concepts are introduced, existential-honesty and limited-open-verification. They will be useful for distributed computation in general. A part of this research was done while the author visited the Tokyo Institute of Technology, March 4–19, 1999. He was then at the University of Wisconsin — Milwaukee.
@conference{desmedt, author = {Desmedt, Yvo and Kurosawa, Kaoru}, booktitle = {Proceedings of EUROCRYPT 2000}, title = {How To Break a Practical MIX and Design a New One}, year = {2000}, organization = {Springer-Verlag, LNCS 1803}, publisher = {Springer-Verlag, LNCS 1803}, doi = {10.1007/3-540-45539-6}, isbn = {978-3-540-67517-4}, keywords = {existential-honesty, limited-open-verification, mix}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.29.1814} }
[hybrid-mix] A Length-Invariant Hybrid MIX

Ohkubo, Miyako, and Abe, Masayuki

2000

DOI Website abstract Bib

This paper presents a secure and flexible Mix-net that has the following properties; it efficiently handles long plaintexts that exceed the modulus size of underlying public-key encryption as well as very short ones (length-flexible), input ciphertext length is not impacted by the number of mix-servers (length-invariant), and its security in terms of anonymity is proven in a formal way (provably secure). One can also add robustness i.e. it outputs correct results in the presence of corrupt servers. The security is proved in the random oracle model by showing a reduction from breaking the anonymity of our Mix-net to breaking a sort of indistinguishability of the underlying symmetric encryption scheme or solving the Decision Diffie-Hellman problem.
@conference{hybrid-mix, author = {Ohkubo, Miyako and Abe, Masayuki}, booktitle = {Proceedings of ASIACRYPT 2000}, title = {A Length-Invariant Hybrid MIX}, year = {2000}, organization = {Springer-Verlag, LNCS 1976}, publisher = {Springer-Verlag, LNCS 1976}, doi = {10.1007/3-540-44448-3_14}, isbn = {3-540-41404-5}, keywords = {hybrid encryption, mix}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=647096.716874} }
[379239] OceanStore: an architecture for global-scale persistent storage

Kubiatowicz, John, Bindel, David, Chen, Yan, Czerwinski, Steven, Eaton, Patrick, Geels, Dennis, Gummadi, Ramakrishna, Rhea, Sean C., Weatherspoon, Hakim, Wells, Chris, and Zhao, Ben Y.

2000

DOI Website abstract Bib

OceanStore is a utility infrastructure designed to span the globe and provide continuous access to persistent information. Since this infrastructure is comprised of untrusted servers, data is protected through redundancy and cryptographic techniques. To improve performance, data is allowed to be cached anywhere, anytime. Additionally, monitoring of usage patterns allows adaptation to regional outages and denial of service attacks; monitoring also enhances performance through pro-active movement of data. A prototype implementation is currently under development.
@conference{379239, author = {Kubiatowicz, John and Bindel, David and Chen, Yan and Czerwinski, Steven and Eaton, Patrick and Geels, Dennis and Gummadi, Ramakrishna and Rhea, Sean C. and Weatherspoon, Hakim and Wells, Chris and Zhao, Ben Y.}, booktitle = {ASPLOS-IX: Proceedings of the ninth international conference on Architectural support for programming languages and operating systems}, title = {OceanStore: an architecture for global-scale persistent storage}, year = {2000}, address = {New York, NY, USA}, organization = {ACM}, pages = {190{\textendash}201}, publisher = {ACM}, doi = {10.1145/378993.379239}, isbn = {1-58113-317-0}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/378993.379239} }
[onion-discex00] Onion Routing Access Configurations

Syverson, Paul, Reed, Michael, and Goldschlag, David

2000

Website abstract Bib

Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Thus it hides not only the data being sent, but who is talking to whom. Onion Routing’s anonymous connections are bidirectional and near real-time, and can be used anywhere a socket connection can be used. Proxy aware applications, such as web browsing and e-mail, require no modification to use Onion Routing, and do so through a series of proxies. Other applications, such as remote login, can also use the system without modification. Access to an onion routing network can be configured in a variety of ways depending on the needs, policies, and facilities of those connecting. This paper describes some of these access configurations and also provides a basic overview of Onion Routing and comparisons with related work.
@conference{onion-discex00, author = {Syverson, Paul and Reed, Michael and Goldschlag, David}, booktitle = {Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX 2000)}, title = {Onion Routing Access Configurations}, year = {2000}, organization = {IEEE CS Press}, pages = {34{\textendash}40}, publisher = {IEEE CS Press}, volume = {1}, keywords = {anonymity, privacy, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.34.4633} }
[Jannotti:2000:ORM:1251229.1251243] Overcast: reliable multicasting with on overlay network

Jannotti, John, Gifford, David K., Johnson, Kirk L., Kaashoek, Frans M., and O’Toole Jr., James W.

10/2000 2000

Website abstract Bib

Overcast is an application-level multicasting system that can be incrementally deployed using today’s Internet infrastructure. These properties stem from Overcast’s implementation as an overlay network. An overlay network consists of a collection of nodes placed at strategic locations in an existing network fabric. These nodes implement a network abstraction on top of the network provided by the underlying substrate network. Overcast provides scalable and reliable single-source multicast using a simple protocol for building efficient data distribution trees that adapt to changing network conditions. To support fast joins, Overcast implements a new protocol for efficiently tracking the global status of a changing distribution tree. Results based on simulations confirm that Overcast provides its added functionality while performing competitively with IP Multicast. Simulations indicate that Overcast quickly builds bandwidth-efficient distribution trees that, compared to IP Multicast, provide 70%-100% of the total bandwidth possible, at a cost of somewhat less than twice the network load. In addition, Overcast adapts quickly to changes caused by the addition of new nodes or the failure of existing nodes without causing undue load on the multicast source.
@conference{Jannotti:2000:ORM:1251229.1251243, author = {Jannotti, John and Gifford, David K. and Johnson, Kirk L. and Kaashoek, Frans M. and O{\textquoteright}Toole Jr., James W.}, booktitle = {OSDI{\textquoteright}00. Proceedings of the 4th conference on Symposium on Operating System Design \& Implementation}, title = {Overcast: reliable multicasting with on overlay network}, year = {2000}, address = {San Diego, California, USA}, month = {10/2000}, organization = {USENIX Association}, pages = {14{\textendash}14}, publisher = {USENIX Association}, series = {OSDI{\textquoteright}00}, keywords = {overcast, overlay network}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1251229.1251243} }
[Song00practicaltechniques] Practical Techniques for Searches on Encrypted Data

Song, Dawn Xiaodong, Wagner, David, and Perrig, Adrian

2000 2000

abstract Bib

It is desirable to store data on data storage servers such as mail servers and file servers in encrypted form to reduce security and privacy risks. But this usually implies that one has to sacrifice functionality for security. For example, if a client wishes to retrieve only documents containing certain words, it was not previously known how to let the data storage server perform the search and answer the query without loss of data confidentiality.
@conference{Song00practicaltechniques, author = {Song, Dawn Xiaodong and Wagner, David and Perrig, Adrian}, booktitle = {Security and Privacy, 2000. S\&P 2000. Proceedings. 2000 IEEE Symposium on}, title = {Practical Techniques for Searches on Encrypted Data}, year = {2000}, address = {Berkeley, CA, USA}, month = {2000}, isbn = {0-7695-0665-8}, owner = {tom}, timestamp = {2017-10-10} }
[Shields00aprotocol] A Protocol for Anonymous Communication Over the Internet

Shields, Clay, and Levine, Brian Neil

2000

Website abstract Bib

This paper presents a new protocol for initiator anonymity called Hordes, which uses forwarding mechanisms similar to those used in previous protocols for sending data, but is the first protocol to make use of the anonymity inherent in multicast routing to receive data. We show this results in shorter transmission latencies and requires less work of the protocol participants, in terms of the messages processed. We also present a comparison of the security and anonymity of Hordes with previous protocols, using the first quantitative definition of anonymity and unlinkability. Our analysis shows that Hordes provides anonymity in a degree similar to that of Crowds and Onion Routing, but also that Hordes has numerous performance advantages.
@conference{Shields00aprotocol, author = {Shields, Clay and Levine, Brian Neil}, booktitle = {In ACM Conference on Computer and Communications Security}, title = {A Protocol for Anonymous Communication Over the Internet}, year = {2000}, organization = {ACM Press}, pages = {33{\textendash}42}, publisher = {ACM Press}, keywords = {Hordes, multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.37.3890\&rep=rep1\&type=url\&i=0} }
[ian-thesis] A Pseudonymous Communications Infrastructure for the Internet

Goldberg, Ian

Dec 2000

Website abstract Bib

A Pseudonymous Communications Infrastructure for the Internet by Ian Avrum Goldberg Doctor of Philosophy in Computer Science University of California at Berkeley Professor Eric Brewer, Chair As more and more of people’s everyday activities are being conducted online, there is an ever-increasing threat to personal privacy. Every communicative or commercial transaction you perform online reveals bits of information about you that can be compiled into large dossiers, often without your permission, or even your knowledge.
@mastersthesis{ian-thesis, author = {Goldberg, Ian}, school = {UC Berkeley}, title = {A Pseudonymous Communications Infrastructure for the Internet}, year = {2000}, month = dec, type = {phd}, isbn = {0-493-10500-X}, keywords = {pseudonym}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=933285} }
[publius] Publius: A robust, tamper-evident, censorship-resistant and source-anonymous web publishing system

Waldman, Marc, Rubin, Aviel D., and Cranor, Lorrie

Aug 2000

Website abstract Bib

We describe a system that we have designed and implemented for publishing content on the web. Our publishing scheme has the property that it is very difficult for any adversary to censor or modify the content. In addition, the identity of the publisher is protected once the content is posted. Our system differs from others in that we provide tools for updating or deleting the published content, and users can browse the content in the normal point and click manner using a standard web browser and a client-side proxy that we provide. All of our code is freely available.
@conference{publius, author = {Waldman, Marc and Rubin, Aviel D. and Cranor, Lorrie}, booktitle = {Proceedings of the 9th USENIX Security Symposium}, title = {Publius: A robust, tamper-evident, censorship-resistant and source-anonymous web publishing system}, year = {2000}, month = aug, pages = {59{\textendash}72}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1251311} }

[Resnick:2000:RS:355112.355122] Reputation systems

Resnick, Paul, Kuwabara, Ko, Zeckhauser, Richard, and Friedman, Eric

Communications of the ACM 12/2000 2000

@article{Resnick:2000:RS:355112.355122,
  author = {Resnick, Paul and Kuwabara, Ko and Zeckhauser, Richard and Friedman, Eric},
  journal = {Communications of the ACM},
  title = {Reputation systems},
  year = {2000},
  issn = {0001-0782},
  month = {12/2000},
  pages = {45{\textendash}48},
  volume = {43},
  address = {New York, NY, USA},
  doi = {http://doi.acm.org/10.1145/355112.355122},
  keywords = {reputation systems},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/355112.355122}
}

[896561] On the Scaling of Feedback Algorithms for Very Large Multicast Groups

Fuhrmann, Thomas

2000

Website abstract Bib

Feedback from multicast group members is vital for many multicast protocols. In order to avoid feedback implosion in very large groups feedback algorithms with well behaved scaling-properties must be chosen. In this paper we analyse the performance of three typical feedback algorithms described in the literature. Apart from the basic trade-off between feedback latency and response duplicates we especially focus on the algorithms’’ sensitivity to the quality of the group size estimation. Based on this analysis we give recommendations for the choice of well behaved feedback algorithms that are suitable for very large groups.
@booklet{896561, title = {On the Scaling of Feedback Algorithms for Very Large Multicast Groups}, author = {Fuhrmann, Thomas}, year = {2000}, owner = {tom}, publisher = {University of Mannheim}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=896561$\#$} }

[Minsky00setreconciliation] Set Reconciliation with Nearly Optimal Communication Complexity

Minsky, Yaron, Trachtenberg, Ari, and Zippel, Richard

2000

Bib

@conference{Minsky00setreconciliation,
  author = {Minsky, Yaron and Trachtenberg, Ari and Zippel, Richard},
  booktitle = {International Symposium on Information Theory},
  title = {Set Reconciliation with Nearly Optimal Communication Complexity},
  year = {2000},
  pages = {232},
  keywords = {set reconciliation},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Papadopouli00sevendegrees] Seven Degrees of Separation in Mobile Ad Hoc Networks

Papadopouli, Maria, and Schulzrinne, Henning G.

2000

Website abstract Bib

We present an architecture that enables the sharing of information among mobile, wireless, collaborating hosts that experience intermittent connectivity to the Internet. Participants in the system obtain data objects from Internet-connected servers, cache them and exchange them with others who are interested in them. The system exploits the fact that there is a high locality of information access within a geographic area. It aims to increase the data availability to participants with lost connectivity to the Internet. We discuss the main components of the system and possible applications. Finally, we present simulation results that show that the ad hoc networks can be very e#ective in distributing popular information. 1 Introduction In a few years, a large percentage of the population in metropolitan areas will be equipped with PDAs, laptops or cell phones with built-in web browsers. Thus, access to information and entertainment will become as important as voice communications...
@conference{Papadopouli00sevendegrees, author = {Papadopouli, Maria and Schulzrinne, Henning G.}, booktitle = {In IEEE GLOBECOM}, title = {Seven Degrees of Separation in Mobile Ad Hoc Networks}, year = {2000}, pages = {1707{\textendash}1711}, keywords = {802.11, file-sharing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.36.5640} }
[335325] The small-world phenomenon: an algorithm perspective

Kleinberg, Jon

2000

DOI Website abstract Bib

Long a matter of folklore, the “small-world phenomenon ” — the principle that we are all linked by short chains of acquaintances — was inaugurated as an area of experimental study in the social sciences through the pioneering work of Stanley Milgram in the 1960’s. This work was among the first to make the phenomenon quantitative, allowing people to speak of the “six degrees of separation ” between any two people in the United States. Since then, a number of network models have been proposed as frameworks in which to study the problem analytically. One of the most refined of these models was formulated in recent work of Watts and Strogatz; their framework provided compelling evidence that the small-world phenomenon is pervasive in a range of networks arising in nature and technology, and a fundamental ingredient in the evolution of the World Wide Web. But existing models are insufficient to explain the striking algorithmic component of Milgram’s original findings: that individuals using local information are collectively very effective at actually constructing short paths between two points in a social network. Although recently proposed network models are rich in short paths, we prove that no decentralized algorithm, operating with local information only, can construct short paths in these networks with non-negligible probability. We then define an infinite family of network models that naturally generalizes the Watts-Strogatz model, and show that for one of these models, there is a decentralized algorithm capable of finding short paths with high probability. More generally, we provide a strong characterization of this family of network models, showing that there is in fact a unique model within the family for which decentralized algorithms are effective.
@conference{335325, author = {Kleinberg, Jon}, booktitle = {STOC {\textquoteright}00: Proceedings of the thirty-second annual ACM symposium on Theory of computing}, title = {The small-world phenomenon: an algorithm perspective}, year = {2000}, address = {New York, NY, USA}, organization = {ACM}, pages = {163{\textendash}170}, publisher = {ACM}, doi = {10.1145/335305.335325}, isbn = {1-58113-184-4}, keywords = {small-world}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=335325$\#$} }

[onion-routing:pet2000] Towards an Analysis of Onion Routing Security

Syverson, Paul, Tsudik, Gene, Reed, Michael, and Landwehr, Carl

Jul 2000

@conference{onion-routing:pet2000,
  author = {Syverson, Paul and Tsudik, Gene and Reed, Michael and Landwehr, Carl},
  booktitle = {Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability},
  title = {Towards an Analysis of Onion Routing Security},
  year = {2000},
  month = jul,
  organization = {Springer-Verlag, LNCS 2009},
  pages = {96{\textendash}114},
  publisher = {Springer-Verlag, LNCS 2009},
  doi = {10.1007/3-540-44702-4},
  isbn = {978-3-540-41724-8},
  keywords = {anonymity, privacy, traffic analysis},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=371981}
}

[raymond00] Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems

Raymond, Jean-François

Jul 2000

We present the trafic analysis problem and expose the most important protocols, attacks and design issues. Afterwards, we propose directions for further research. As we are mostly interested in efficient and practical Internet based protocols, most of the emphasis is placed on mix based constructions. The presentation is informal in that no complex definitions and proofs are presented, the aim being more to give a thorough introduction than to present deep new insights.

@conference{raymond00,
  author = {Raymond, Jean-Fran{\c c}ois},
  booktitle = {Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability},
  title = {Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems},
  year = {2000},
  month = jul,
  organization = {Springer-Verlag, LNCS 2009},
  pages = {10{\textendash}29},
  publisher = {Springer-Verlag, LNCS 2009},
  doi = {10.1007/3-540-44702-4},
  isbn = {3-540-41724-9},
  keywords = {traffic analysis},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=371972}
}

[Rivest00trusteconomies] Trust Economies in The Free Haven Project

Rivest, Ron, Smith, Arthur C., and Sniffen, Brian T.

2000

Website abstract Bib

The Free Haven Project aims to deploy a system for distributed data storage which is robust against attempts by powerful adversaries to find and destroy stored data. Free Haven uses a secure mixnet for communication, and it emphasizes distributed, reliable, and anonymous storage over e#cient retrieval. We provide a system for building trust between pseudonymous entities, based entirely on records of observed behavior. Modelling these observed behaviors as an economy allows us to draw heavily on previous economic theory, as well as on existing data havens which base their accountability on financial loss. This trust system provides a means of enforcing accountability without sacrificing anonymity
@booklet{Rivest00trusteconomies, title = {Trust Economies in The Free Haven Project}, author = {Rivest, Ron and Smith, Arthur C. and Sniffen, Brian T.}, year = {2000}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.27.1639\&rep=rep1\&type=pdf} }

[2000] Trust-region methods

Conn, Andrew R., Gould, Nicholas I. M., and Toint, Philippe L.

2000

@book{2000,
  author = {Conn, Andrew R. and Gould, Nicholas I. M. and Toint, Philippe L.},
  publisher = {Society for Industrial and Applied Mathematics and Mathematical Programming Society},
  title = {Trust-region methods},
  year = {2000},
  address = {Philadelphia, PA},
  isbn = {0898714605},
  series = {MPS-SIAM Series on Optimization},
  issn = {978-0898714609},
  organization = {Society for Industrial and Applied Mathematics and Mathematical Programming Society},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://books.google.com/books?hl=es\&lr=\&id=5kNC4fqssYQC\&oi=fnd\&pg=PR15\&dq=trust-region+methods\&ots=j1JMMQ3QJY\&sig=ncLlD3mqZ4KEQ1Z9V2qId4rNffo$\#$v=onepage\&q\&f=false}
}

[web-mix:pet2000] Web MIXes: A system for anonymous and unobservable Internet access

Berthold, Oliver, Federrath, Hannes, and Köpsell, Stefan

Jul 2000

We present the architecture, design issues and functions of a MIX-based system for anonymous and unobservable real-time Internet access. This system prevents traffic analysis as well as flooding attacks. The core technologies include an adaptive, anonymous, time/volumesliced channel mechanism and a ticket-based authentication mechanism. The system also provides an interface to inform anonymous users about their level of anonymity and unobservability.

@conference{web-mix:pet2000,
  author = {Berthold, Oliver and Federrath, Hannes and K{\"o}psell, Stefan},
  booktitle = {Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability},
  title = {Web MIXes: A system for anonymous and unobservable Internet access},
  year = {2000},
  month = jul,
  organization = {Springer-Verlag, LNCS 2009},
  pages = {115{\textendash}129},
  publisher = {Springer-Verlag, LNCS 2009},
  doi = {10.1007/3-540-44702-4},
  isbn = {978-3-540-41724-8},
  keywords = {anonymity, traffic analysis},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=371983}
}

[335405] XMill: an efficient compressor for XML data

Liefke, Hartmut, and Suciu, Dan

SIGMOD Rec. 2000

DOI Website abstract Bib

We describe a tool for compressing XML data, with applications in data exchange and archiving, which usually achieves about twice the compression ratio of gzip at roughly the same speed. The compressor, called XMill, incorporates and combines existing compressors in order to apply them to heterogeneous XML data: it uses zlib, the library function for gzip, a collection of datatype specific compressors for simple data types, and, possibly, user defined compressors for application specific data types.
@article{335405, author = {Liefke, Hartmut and Suciu, Dan}, journal = {SIGMOD Rec.}, title = {XMill: an efficient compressor for XML data}, year = {2000}, issn = {0163-5808}, number = {2}, pages = {153{\textendash}164}, volume = {29}, address = {New York, NY, USA}, doi = {10.1145/335191.335405}, keywords = {compression}, owner = {tom}, publisher = {ACM}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=335405$\#$} }

[xor-trees] Xor-trees for efficient anonymous multicast and reception

Dolev, Shlomi, and Ostrovsky, Rafail

ACM Trans. Inf. Syst. Secur 2000

In this work we examine the problem of efficient anonymous broadcast and reception in general communication networks. We show an algorithm which achieves anonymous communication with O(1) amortized communication complexity on each link and low computational complexity. In contrast, all previous solutions require polynomial (in the size of the network and security parameter) amortized communication complexity.

@article{xor-trees,
  author = {Dolev, Shlomi and Ostrovsky, Rafail},
  journal = {ACM Trans. Inf. Syst. Secur},
  title = {Xor-trees for efficient anonymous multicast and reception},
  year = {2000},
  issn = {1094-9224},
  number = {2},
  pages = {63{\textendash}84},
  volume = {3},
  address = {New York, NY, USA},
  doi = {10.1145/354876.354877},
  isbn = {978-3-540-63384-6},
  keywords = {anonymity, anonymous multicast, communication complexity},
  owner = {tom},
  publisher = {ACM Press},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=354876.354877}
}

[Nisan:1999:AMD:301250.301287] Algorithmic Mechanism Design

Nisan, Noam, and Ronen, Amir

05/1999 1999

DOI Website abstract Bib

We consider algorithmic problems in a distributed setting where the participants cannot be assumed to follow the algorithm but rather their own self-interest. As such participants, termed agents, are capable of manipulating the algorithm, the algorithm designer should ensure in advance that the agents ’ interests are best served by behaving correctly. Following notions from the field of mechanism design, we suggest a framework for studying such algorithms. Our main technical contribution concerns the study of a representative task scheduling problem for which the standard mechanism design tools do not suffice.
@conference{Nisan:1999:AMD:301250.301287, author = {Nisan, Noam and Ronen, Amir}, booktitle = {STOC{\textquoteright}99. Proceedings of the thirty-first Annual ACM Symposium On Theory of Computing}, title = {Algorithmic Mechanism Design}, year = {1999}, address = {Atlanta, Georgia, USA}, month = {05/1999}, organization = {ACM}, pages = {129{\textendash}140}, publisher = {ACM}, series = {STOC {\textquoteright}99}, doi = {http://doi.acm.org/10.1145/301250.301287}, isbn = {1-58113-067-8}, keywords = {algorithms, mechanis design}, owner = {tom}, timestamp = {2021-01-27}, url = {http://doi.acm.org/10.1145/301250.301287} }
[Nisan:1999:ASA:1764891.1764893] Algorithms for Selfish Agents

Nisan, Noam

03/1999 1999

Website abstract Bib

This paper considers algorithmic problems in a distributed setting where the participants cannot be assumed to follow the algorithm but rather their own self-interest. Such scenarios arise, in particular, when computers or users aim to cooperate or trade over the Internet. As such participants, termed agents, are capable of manipulating the algorithm, the algorithm designer should ensure in advance that the agents’ interests are best served by behaving correctly. This exposition presents a model to formally study such algorithms. This model, based on the field of mechanism design, is taken from the author’s joint work with Amir Ronen, and is similar to approaches taken in the distributed AI community in recent years. Using this model, we demonstrate how some of the techniques of mechanism design can be applied towards distributed computation problems. We then exhibit some issues that arise in distributed computation which require going beyond the existing theory of mechanism design.
@conference{Nisan:1999:ASA:1764891.1764893, author = {Nisan, Noam}, booktitle = {STAC{\textquoteright}99. Symposium on Theoretical Aspects of Computer Science}, title = {Algorithms for Selfish Agents}, year = {1999}, address = {Trier, Germany}, month = {03/1999}, organization = {Springer-Verlag}, pages = {1{\textendash}15}, publisher = {Springer-Verlag}, series = {STACS{\textquoteright}99}, isbn = {3-540-65691-X}, keywords = {algorithms, mechanism design, selfish agent}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1764891.1764893} }
[338955] Ant algorithms for discrete optimization

Dorigo, Marco, Di Caro, Gianni, and Gambardella, Luca M.

Artif. Life 1999

DOI Website abstract Bib

This article presents an overview of recent work on ant algorithms, that is, algorithms for discrete optimization that took inspiration from the observation of ant colonies’ foraging behavior, and introduces the ant colony optimization (ACO) metaheuristic. In the first part of the article the basic biological findings on real ants are reviewed and their artificial counterparts as well as the ACO metaheuristic are defined. In the second part of the article a number of applications of ACO algorithms to combinatorial optimization and routing in communications networks are described. We conclude with a discussion of related work and of some of the most important aspects of the ACO metaheuristic.
@article{338955, author = {Dorigo, Marco and Di Caro, Gianni and Gambardella, Luca M.}, journal = {Artif. Life}, title = {Ant algorithms for discrete optimization}, year = {1999}, issn = {1064-5462}, number = {2}, pages = {137{\textendash}172}, volume = {5}, address = {Cambridge, MA, USA}, doi = {10.1162/106454699568728}, keywords = {ant colony optimization, metaheuristics, natural computation, swarm intelligence}, owner = {tom}, publisher = {MIT Press}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=338955$\#$} }
[1039861] Burt: The Backup and Recovery Tool

Melski, Eric

1999

Website abstract Bib

Burt is a freely distributed parallel network backup system written at the University of Wisconsin, Madison. It is designed to backup large heterogeneous networks. It uses the Tcl scripting language and standard backup programs like dump(1) and GNUTar to enable backups of a wide variety of data sources, including UNIX and Windows NT workstations, AFS based storage, and others. It also uses Tcl for the creation of the user interface, giving the system administrator great flexibility in customizing the system. Burt supports parallel backups to ensure high backup speeds, and checksums to ensure data integrity. The principal contribution of Burt is that it provides a powerful I/O engine within the context of a flexible scripting language; this combination enables graceful solutions to many problems associated with backups of large installations. At our site, we use Burt to backup data from 350 workstations and from our AFS servers, a total of approximately 900 GB every two weeks.
@conference{1039861, author = {Melski, Eric}, booktitle = {LISA {\textquoteright}99: Proceedings of the 13th USENIX conference on System administration}, title = {Burt: The Backup and Recovery Tool}, year = {1999}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {207{\textendash}218}, publisher = {USENIX Association}, keywords = {backup}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1039861$\#$} }
[319159] Deciding when to forget in the Elephant file system

Santry, Douglas S., Feeley, Michael J., Hutchinson, Norman C., Veitch, Alistair C., Carton, Ross W., and Ofir, Jacob

SIGOPS Oper. Syst. Rev. 1999

DOI Website abstract Bib

Modern file systems associate the deletion of a file with the immediate release of storage, and file writes with the irrevocable change of file contents. We argue that this behavior is a relic of the past, when disk storage was a scarce resource. Today, large cheap disks make it possible for the file system to protect valuable data from accidental delete or overwrite. This paper describes the design, implementation, and performance of the Elephant file system, which automatically retains all important versions of user files. Users name previous file versions by combining a traditional pathname with a time when the desired version of a file or directory existed. Storage in Elephant is managed by the system using filegrain user-specified retention policies. This approach contrasts with checkpointing file systems such as Plan-9, AFS, and WAFL that periodically generate efficient checkpoints of entire file systems and thus restrict retention to be guided by a single policy for all files within that file system. Elephant is implemented as a new Virtual File System in the FreeBSD kernel.
@article{319159, author = {Santry, Douglas S. and Feeley, Michael J. and Hutchinson, Norman C. and Veitch, Alistair C. and Carton, Ross W. and Ofir, Jacob}, journal = {SIGOPS Oper. Syst. Rev.}, title = {Deciding when to forget in the Elephant file system}, year = {1999}, issn = {0163-5980}, number = {5}, pages = {110{\textendash}123}, volume = {33}, address = {New York, NY, USA}, doi = {10.1145/319344.319159}, keywords = {file systems, storage}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=319159$\#$} }
[Clarke1999] A Distributed Decentralized Information Storage and Retrieval System

Clarke, Ian

1999

Website abstract Bib

This report describes an algorithm which if executed by a group of interconnected nodes will provide a robust key-indexed information storage and retrieval system with no element of central control or administration. It allows information to be made available to a large group of people in a similar manner to the "World Wide Web". Improvements over this existing system include: - No central control or administration required - Anonymous information publication and retrieval - Dynamic duplication of popular information - Transfer of information location depending upon demand There is also potential for this system to be used in a modified form as an information publication system within a large organisation which may wish to utilise unused storage space which is distributed across the organisation. The system’s reliability is not guaranteed, nor is its efficiency, however the intention is that the efficiency and reliability will be sufficient to make the system useful, and demonstrate that...
@mastersthesis{Clarke1999, author = {Clarke, Ian}, school = {University of Edinburgh}, title = {A Distributed Decentralized Information Storage and Retrieval System}, year = {1999}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.32.3665\&rep=rep1\&type=pdf}, volume = {PhD} }

[301333] Flash mixing

Jakobsson, Markus

1999

@conference{301333,
  author = {Jakobsson, Markus},
  booktitle = {PODC {\textquoteright}99: Proceedings of the eighteenth annual ACM symposium on Principles of distributed computing},
  title = {Flash mixing},
  year = {1999},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {83{\textendash}89},
  publisher = {ACM},
  doi = {http://doi.acm.org/10.1145/301308.301333},
  isbn = {1-58113-099-6},
  owner = {tom},
  timestamp = {2017-10-10}
}

[syverson99] Group Principals and the Formalization of Anonymity

Syverson, Paul, and Stubblebine, Stuart

1999 1999

DOI Website abstract Bib

We introduce the concept of a group principal and present a number of different classes of group principals, including threshold-group-principals. These appear to naturally useful concepts for looking at security. We provide an associated epistemic language and logic and use it to reason about anonymity protocols and anonymity services, where protection properties are formulated from the intruder’s knowledge of group principals. Using our language, we give an epistemic characterization of anonymity properties. We also present a specification of a simple anonymizing system using our theory.
@conference{syverson99, author = {Syverson, Paul and Stubblebine, Stuart}, booktitle = {Proceedings of the World Congress on Formal Methods (1)}, title = {Group Principals and the Formalization of Anonymity}, year = {1999}, month = {1999}, pages = {814{\textendash}833}, doi = {10.1007/3-540-48119-2}, isbn = {3-540-66587-0}, keywords = {anonymity service}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=730472} }

[758535] New Sequences of Linear Time Erasure Codes Approaching the Channel Capacity

Shokrollahi, M. Amin

1999

We will introduce a new class of erasure codes built from irregular bipartite graphs that have linear time encoding and decoding algorithms and can transmit over an erasure channel at rates arbitrarily close to the channel capacity. We also show that these codes are close to optimal with respect to the trade-off between the proximity to the channel capacity and the running time of the recovery algorithm.

@conference{758535,
  author = {Shokrollahi, M. Amin},
  booktitle = {AAECC-13: Proceedings of the 13th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes},
  title = {New Sequences of Linear Time Erasure Codes Approaching the Channel Capacity},
  year = {1999},
  address = {London, UK},
  organization = {Springer-Verlag},
  pages = {65{\textendash}76},
  publisher = {Springer-Verlag},
  isbn = {3-540-66723-7},
  keywords = {coding theory, irregular bipartite graphs, recovery algorithm},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=758535\&dl=GUIDE\&coll=GUIDE\&CFID=102355791\&CFTOKEN=32605420$\#$}
}

[313556] Next century challenges: scalable coordination in sensor networks

Estrin, Deborah, Govindan, Ramesh, Heidemann, John, and Kumar, Satish

1999

DOI Website abstract Bib

Networked sensors – those that coordinate amongst themselves to achieve a larger sensing task – will revolutionize information gathering and processing both in urban environments and in inhospitable terrain. The sheer numbers of these sensors and the expected dynamics in these environments present unique challenges in the design of unattended autonomous sensor networks. These challenges lead us to hypothesize that sensor network coordination applications may need to be structured differently from traditional network applications. In particular, we believe that localized algorithms (in which simple local node behavior achieves a desired global objective) may be necessary for sensor network coordination. In this paper, we describe localized algorithms, and then discuss directed diffusion, a simple communication model for describing localized algorithms.
@conference{313556, author = {Estrin, Deborah and Govindan, Ramesh and Heidemann, John and Kumar, Satish}, booktitle = {MobiCom {\textquoteright}99: Proceedings of the 5th annual ACM/IEEE international conference on Mobile computing and networking}, title = {Next century challenges: scalable coordination in sensor networks}, year = {1999}, address = {New York, NY, USA}, organization = {ACM}, pages = {263{\textendash}270}, publisher = {ACM}, doi = {10.1145/313451.313556}, isbn = {1-58113-142-9}, keywords = {sensor networks}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=313451.313556$\#$} }
[Goldschlag99onionrouting] Onion Routing for Anonymous and Private Internet Connections

Goldschlag, David, Reed, Michael, and Syverson, Paul

Communications of the ACM 1999

Website abstract Bib

this article’s publication, the prototype network is processing more than 1 million Web connections per month from more than six thousand IP addresses in twenty countries and in all six main top level domains. [7] Onion Routing operates by dynamically building anonymous connections within a network of real-time Chaum Mixes [3]. A Mix is a store and forward device that accepts a number of fixed-length messages from numerous sources, performs cryptographic transformations on the messages, and then forwards the messages to the next destination in a random order. A single Mix makes tracking of a particular message either by specific bit-pattern, size, or ordering with respect to other messages difficult. By routing through numerous Mixes in the network, determining who is talking to whom becomes even more difficult. Onion Routing’s network of core onion-routers (Mixes) is distributed, faulttolerant, and under the control of multiple administrative domains, so no single onion-router can bring down the network or compromise a user’s privacy, and cooperation between compromised onion-routers is thereby confounded.
@article{Goldschlag99onionrouting, author = {Goldschlag, David and Reed, Michael and Syverson, Paul}, journal = {Communications of the ACM}, title = {Onion Routing for Anonymous and Private Internet Connections}, year = {1999}, pages = {39{\textendash}41}, volume = {42}, owner = {tom}, timestamp = {2021-01-27}, url = {http://www.onion-router.net/Publications/CACM-1999} }
[1268712] Operation-based update propagation in a mobile file system

Lee, Yui-Wah, Leung, Kwong-Sak, and Satyanarayanan, Mahadev

1999

Website abstract Bib

In this paper we describe a technique called operation-based update propagation for efficiently transmitting updates to large files that have been modified on a weakly connected client of a distributed file system. In this technique, modifications are captured above the file-system layer at the client, shipped to a surrogate client that is strongly connected to a server, re-executed at the surrogate, and the resulting files transmitted from the surrogate to the server. If re-execution fails to produce a file identical to the original, the system falls back to shipping the file from the client over the slow network. We have implemented a prototype of this mechanism in the Coda File System on Linux, and demonstrated performance improvements ranging from 40 percents to nearly three orders of magnitude in reduced network traffic and elapsed time. We also found a novel use of forward error correction in this context.
@conference{1268712, author = {Lee, Yui-Wah and Leung, Kwong-Sak and Satyanarayanan, Mahadev}, booktitle = {ATEC {\textquoteright}99: Proceedings of the annual conference on USENIX Annual Technical Conference}, title = {Operation-based update propagation in a mobile file system}, year = {1999}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {4{\textendash}4}, publisher = {USENIX Association}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=1268712$\#$} }
[Paillier1999] Public-key Cryptosystems Based on Composite Degree Residuosity Classes

Paillier, Pascal

1999

Website abstract Bib

This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to public-key cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes : a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model.
@conference{Paillier1999, author = {Paillier, Pascal}, booktitle = {Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques}, title = {Public-key Cryptosystems Based on Composite Degree Residuosity Classes}, year = {1999}, address = {Berlin, Heidelberg}, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, isbn = {3-540-65889-0}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dl.acm.org/citation.cfm?id=1756123.1756146} }
[RePEc:bla:restud:v:66:y:1999:i:1:p:3-21] The Theory of Moral Hazard and Unobservable Behaviour: Part I

Mirrlees, James A.

Review of Economic Studies 01/1999 1999

Website abstract Bib

This article presents information on principal-agent models in which outcomes conditional on the agent’s action are uncertain, and the agent’s behavior therefore unobservable. For a model with bounded agent’s utility, conditions are given under which the first-best equilibrium can be approximated arbitrarily closely by contracts relating payment to observable outcomes. For general models, it is shown that the solution may not always be obtained by using the agent’s first-order conditions as constraint. General conditions of Lagrangean type are given for problems in which contracts are finite-dimensional.
@article{RePEc:bla:restud:v:66:y:1999:i:1:p:3-21, author = {Mirrlees, James A.}, journal = {Review of Economic Studies}, title = {The Theory of Moral Hazard and Unobservable Behaviour: Part I}, year = {1999}, month = {01/1999}, number = {1}, pages = {3-21}, volume = {66}, keywords = {contracts, Lagrangean conditions, unobservability}, owner = {tom}, timestamp = {2017-10-10}, url = {http://econpapers.repec.org/RePEc:bla:restud:v:66:y:1999:i:1:p:3-21} }
[314722] Analysis of random processes via And-Or tree evaluation

Luby, Michael, Mitzenmacher, Michael, and Shokrollahi, M. Amin

1998

Website abstract Bib

We introduce a new set of probabilistic analysis tools based on the analysis of And-Or trees with random inputs. These tools provide a unifying, intuitive, and powerful framework for carrying out the analysis of several previously studied random processes of interest, including random loss-resilient codes, solving random k-SAT formula using the pure literal rule, and the greedy algorithm for matchings in random graphs. In addition, these tools allow generalizations of these problems not previously analyzed to be analyzed in a straightforward manner. We illustrate our methodology on the three problems listed above. 1 Introduction We introduce a new set of probabilistic analysis tools related to the amplification method introduced by [12] and further developed and used in [13, 5]. These tools provide a unifying, intuitive, and powerful framework for carrying out the analysis of several previously studied random processes of interest, including the random loss-resilient codes introduced ...
@conference{314722, author = {Luby, Michael and Mitzenmacher, Michael and Shokrollahi, M. Amin}, booktitle = {SODA {\textquoteright}98: Proceedings of the ninth annual ACM-SIAM symposium on Discrete algorithms}, title = {Analysis of random processes via And-Or tree evaluation}, year = {1998}, address = {Philadelphia, PA, USA}, organization = {Society for Industrial and Applied Mathematics}, pages = {364{\textendash}373}, publisher = {Society for Industrial and Applied Mathematics}, isbn = {0-89871-410-9}, keywords = {And-Or trees, coding theory}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=314722\&dl=GUIDE\&coll=GUIDE\&CFID=102355791\&CFTOKEN=32605420$\#$} }
[Reed98anonymousconnections] Anonymous Connections and Onion Routing

Reed, Michael, Syverson, Paul, and Goldschlag, David

IEEE Journal on Selected Areas in Communications 1998

Website abstract Bib

Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. Onion routing’s anonymous connections are bidirectional and near realtime, and can be used anywhere a socket connection can be used. Any identifying information must be in the data stream carried over an anonymous connection. An onion is a data structure that is treated as the destination address by onion routers; thus, it is used to establish an anonymous connection. Onions themselves appear differently to each onion router as well as to network observers. The same goes for data carried over the connections they establish. Proxy aware applications, such as web browsing and e-mail, require no modification to use onion routing, and do so through a series of proxies. A prototype onion routing network is running between our lab and other sites. This paper describes anonymous connections and their imple...
@article{Reed98anonymousconnections, author = {Reed, Michael and Syverson, Paul and Goldschlag, David}, journal = {IEEE Journal on Selected Areas in Communications}, title = {Anonymous Connections and Onion Routing}, year = {1998}, pages = {482{\textendash}494}, volume = {16}, keywords = {anonymity, onion routing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.35.2362} }
[Reiter98crowds:anonymity] Crowds: Anonymity for web transactions

Reiter, Michael K., and Rubin, Aviel D.

ACM Transactions on Information and System Security 1998

Website abstract Bib

Crowds is a system that allows anonymous web-surfing. For each host, a random static path through the crowd is formed that then acts as a sequence of proxies, indirecting replies and responses. Vulnerable when facing adversaries that can perform traffic analysis at the local node and without responder anonymity. But highly scalable and efficient.
@article{Reiter98crowds:anonymity, author = {Reiter, Michael K. and Rubin, Aviel D.}, journal = {ACM Transactions on Information and System Security}, title = {Crowds: Anonymity for web transactions}, year = {1998}, pages = {66{\textendash}92}, volume = {1}, keywords = {anonymous web browsing, Crowds}, owner = {tom}, timestamp = {2017-10-10}, url = {http://avirubin.com/crowds.pdf} }
[nym-alias-net] The Design, Implementation and Operation of an Email Pseudonym Server

Mazières, David, and Kaashoek, Frans M.

Nov 1998

DOI Website abstract Bib

Attacks on servers that provide anonymity generally fall into two categories: attempts to expose anonymous users and attempts to silence them. Much existing work concentrates on withstanding the former, but the threat of the latter is equally real. One particularly e#ective attack against anonymous servers is to abuse them and stir up enough trouble that they must shut down. This paper describes the design, implementation, and operation of nym.alias.net, a server providing untraceable email aliases. We enumerate many kinds of abuse the system has weathered during two years of operation, and explain the measures we enacted in response. From our experiences, we distill several principles by which one can protect anonymous servers from similar attacks.
@conference{nym-alias-net, author = {Mazi{\`e}res, David and Kaashoek, Frans M.}, booktitle = {Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS 1998)}, title = {The Design, Implementation and Operation of an Email Pseudonym Server}, year = {1998}, month = nov, organization = {ACM Press}, publisher = {ACM Press}, doi = {10.1145/288090.288098}, isbn = {1-58113-007-4}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=288098} }
[285258] A digital fountain approach to reliable distribution of bulk data

Byers, John W., Luby, Michael, Mitzenmacher, Michael, and Rege, Ashutosh

09/1998 1998

DOI Website abstract Bib

The proliferation of applications that must reliably distribute bulk data to a large number of autonomous clients motivates the design of new multicast and broadcast protocols. We describe an ideal, fully scalable protocol for these applications that we call a digital fountain. A digital fountain allows any number of heterogeneous clients to acquire bulk data with optimal efficiency at times of their choosing. Moreover, no feedback channels are needed to ensure reliable delivery, even in the face of high loss rates.We develop a protocol that closely approximates a digital fountain using a new class of erasure codes that for large block sizes are orders of magnitude faster than standard erasure codes. We provide performance measurements that demonstrate the feasibility of our approach and discuss the design, implementation and performance of an experimental system.
@conference{285258, author = {Byers, John W. and Luby, Michael and Mitzenmacher, Michael and Rege, Ashutosh}, booktitle = {SIGCOMM{\textquoteright}98: Proceedings of SIGCOMM{\textquoteright}98 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication}, title = {A digital fountain approach to reliable distribution of bulk data}, year = {1998}, address = {Vancouver, Canada}, month = {09/1998}, organization = {ACM}, pages = {56{\textendash}67}, publisher = {ACM}, doi = {10.1145/285237.285258}, isbn = {1-58113-003-1}, keywords = {coding theory, multicast}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=285258\&dl=GUIDE\&coll=GUIDE\&CFID=102355791\&CFTOKEN=32605420$\#$} }
[Xu98lowdensity] Low Density MDS Codes and Factors of Complete Graphs

Xu, Lihao, Bohossian, Vasken, Bruck, Jehoshua, and Wagner, David

IEEE Trans. on Information Theory 1998

Website abstract Bib

We reveal an equivalence relation between the construction of a new class of low density MDS array codes, that we call B-Code, and a combinatorial problem known as perfect onefactorization of complete graphs. We use known perfect one-factors of complete graphs to create constructions and decoding algorithms for both B-Code and its dual code. B-Code and its dual are optimal in the sense that (i) they are MDS, (ii) they have an optimal encoding property, i.e., the number of the parity bits that are affected by change of a single information bit is minimal and (iii) they have optimal length. The existence of perfect one-factorizations for every complete graph with an even number of nodes is a 35 years long conjecture in graph theory. The construction of B-codes of arbitrary odd length will provide an affirmative answer to the conjecture
@article{Xu98lowdensity, author = {Xu, Lihao and Bohossian, Vasken and Bruck, Jehoshua and Wagner, David}, journal = {IEEE Trans. on Information Theory}, title = {Low Density MDS Codes and Factors of Complete Graphs}, year = {1998}, pages = {1817{\textendash}1826}, volume = {45}, keywords = {array codes, low density, MDS Codes, update complexity}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.42.8899} }

[581193] Modelling with Generalized Stochastic Petri Nets

Marsan, Marco Ajmone, Balbo, Gianfranco, Conte, Gianni, Donatelli, Susanna, and Franceschinis, Giuliana

SIGMETRICS Perform. Eval. Rev. 1998

@article{581193,
  author = {Marsan, Marco Ajmone and Balbo, Gianfranco and Conte, Gianni and Donatelli, Susanna and Franceschinis, Giuliana},
  journal = {SIGMETRICS Perform. Eval. Rev.},
  title = {Modelling with Generalized Stochastic Petri Nets},
  year = {1998},
  issn = {0163-5999},
  number = {2},
  pages = {2},
  volume = {26},
  address = {New York, NY, USA},
  doi = {10.1145/288197.581193},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=581193$\#$}
}

[pipenet10] PipeNet 1.0

Dai, Wei

Jan 1998

[citeulike:2549551] PipeNet 1.1

Dai, Wei

1998

[tau-indy] A Random Server Model for Private Information Retrieval or How to Achieve Information Theoretic PIR Avoiding Database Replication

Gertner, Yael, Goldwasser, Shafi, and Malkin, Tal

1998

Website abstract Bib

Private information retrieval (PIR) schemes provide a user with information from a database while keeping his query secret from the database manager. We propose a new model for PIR, utilizing auxiliary random servers providing privacy services for database access. The principal database initially engages in a preprocessing setup computation with the random servers, followed by the on-line stage with the users. Using this model we achieve the first PIR information theoretic solutions in which the database does not need to give away its data to be replicated, and with minimal on-line computation cost for the database. This solves privacy and efficiency problems inherent to all previous solutions. Specifically, in all previously existing PIR schemes the database on-line computation for one query is at least linear in the size of the data, and all previous information theoretic schemes require multiple replications of the database which are not allowed to communicate with each other.This poses a privacy problem for the database manager, who is required to hand his data to multiple foreign entities, and to the user, who is supposed to trust the multiple copies of the database not to communicate. In contrast, in our solutions no replication is needed, and the database manager only needs to perform O(1) amount of computation to answer questions of users, while all the extra computations required on line for privacy are done by the auxiliary random servers, who contain no information about the data.
@conference{tau-indy, author = {Gertner, Yael and Goldwasser, Shafi and Malkin, Tal}, booktitle = {Proceedings of the Second International Workshop on Randomization and Approximation Techniques in Computer Science (RANDOM {\textquoteright}98)}, title = {A Random Server Model for Private Information Retrieval or How to Achieve Information Theoretic PIR Avoiding Database Replication}, year = {1998}, address = {London, UK}, organization = {Springer-Verlag}, pages = {200{\textendash}217}, publisher = {Springer-Verlag}, isbn = {3-540-65142-X}, keywords = {anonymity, privacy, private information retrieval}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.18.6742} }
[realtime-mix] Real-Time MIXes: A Bandwidth-Efficient Anonymity Protocol

Jerichow, Anja, Müller, Jan, Pfitzmann, Andreas, Pfitzmann, Birgit, and Waidner, Michael

IEEE Journal on Selected Areas in Communications 1998

DOI Website abstract Bib

We present techniques for efficient anonymous communication with real-time constraints as necessary for services like telephony, where a continuous data stream has to be transmitted. For concreteness, we present the detailed protocols for the narrow-band ISDN (integrated services digital network), although the heart of our techniques-anonymous channels-can also be applied to other networks. For ISDN, we achieve the same data rate as without anonymity, using the same subscriber lines and without any significant modifications to the long-distance network. A precise performance analysis is given. Our techniques are based on mixes, a method for anonymous communication for e-mail-like services introduced by D. Chaum (1981)
@article{realtime-mix, author = {Jerichow, Anja and M{\"u}ller, Jan and Pfitzmann, Andreas and Pfitzmann, Birgit and Waidner, Michael}, journal = {IEEE Journal on Selected Areas in Communications}, title = {{Real-Time MIXes: A Bandwidth-Efficient Anonymity Protocol}}, year = {1998}, issn = {0733-8716}, number = {4}, pages = {495 - 509}, volume = {16}, doi = {10.1109/49.668973}, keywords = {anonymity, performance analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/Xplore/login.jsp?url=http\%3A\%2F\%2Fieeexplore.ieee.org\%2Fiel4\%2F49\%2F14639\%2F00668973.pdf\%3Farnumber\%3D668973\&authDecision=-203} }

[Goldreich98securemulti-party] Secure Multi-Party Computation

Goldreich, Oded

1998

@inbook{Goldreich98securemulti-party,
  author = {Goldreich, Oded},
  publisher = {Cambridge University Press},
  title = {Secure Multi-Party Computation},
  year = {1998},
  volume = {2},
  booktitle = {The Foundations of Cryptography},
  organization = {Cambridge University Press},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.11.2201\&rep=rep1\&type=pdf}
}

[stop-and-go] Stop-and-Go MIXes: Providing Probabilistic Anonymity in an Open System

Kesdogan, Dogan, Egner, Jan, and Büschkes, Roland

1998

DOI Website abstract Bib

Currently known basic anonymity techniques depend on identity verification. If verification of user identities is not possible due to the related management overhead or a general lack of information (e.g. on the Internet), an adversary can participate several times in a communication relationship and observe the honest users. In this paper we focus on the problem of providing anonymity without identity verification. The notion of probabilistic anonymity is introduced. Probabilistic anonymity is based on a publicly known security parameter, which determines the security of the protocol. For probabilistic anonymity the insecurity, expressed as the probability of having only one honest participant, approaches 0 at an exponential rate as the security parameter is changed linearly. Based on our security model we propose a new MIX variant called “Stop-and-Go-MIX” (SG-MIX) which provides anonymity without identity verification, and prove that it is probabilistically secure.
@conference{stop-and-go, author = {Kesdogan, Dogan and Egner, Jan and B{\"u}schkes, Roland}, booktitle = {Proceedings of Information Hiding Workshop (IH 1998)}, title = {Stop-and-Go MIXes: Providing Probabilistic Anonymity in an Open System}, year = {1998}, organization = {Springer-Verlag, LNCS 1525}, publisher = {Springer-Verlag, LNCS 1525}, doi = {10.1007/3-540-49380-8_7}, isbn = {978-3-540-65386-8}, keywords = {anonymity, identity verification, security parameter}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/hmfv2mgy1xqbn852/} }

[abe] Universally Verifiable mix-net With Verification Work Independent of The Number of mix Servers

Abe, Masayuki

1998

In this paper we construct a universally verifiable Mix-net where the amount of work done by a verifier is independent of the number of mix-servers. Furthermore, the computational task of each mix-server is constant against the number of mix-servers except for some negligible tasks like addition. The scheme is robust, too.

@conference{abe,
  author = {Abe, Masayuki},
  booktitle = {Proceedings of EUROCRYPT 1998},
  title = {Universally Verifiable mix-net With Verification Work Independent of The Number of mix Servers},
  year = {1998},
  organization = {Springer-Verlag, LNCS 1403},
  publisher = {Springer-Verlag, LNCS 1403},
  doi = {10.1007/BFb0054144},
  isbn = {978-3-540-64518-4},
  keywords = {electronic voting, mix, universal verifiability},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.springerlink.com/content/hl8838u4l9354544/}
}

[CPIR] Computationally private information retrieval (extended abstract)

Chor, Benny, and Gilboa, Niv

1997

DOI Website abstract Bib

Private information retrieval (PIR) schemes enable a user to access k replicated copies of a database (k 2), and privately retrieve one of the n bits of data stored in the databases. This means that the queries give each individual database no partial information (in the information theoretic sense) on the identity of the item retrieved by the user. Today, the best two database scheme (k = 2) has communication complexity O(n 1=3 ), while for any constant number, k, the best k database scheme has communication complexity O(n 1=(2k\Gamma1) ). The motivation for the present work is the question whether this complexity can be reduced if one is willing to achieve computational privacy, rather than information theoretic privacy. (This means that privacy is guaranteed only with respect to databases that are restricted to polynomial time computations.) We answer this question affirmatively, and Computer Science Dept., Technion, Haifa, Israel.
@conference{CPIR, author = {Chor, Benny and Gilboa, Niv}, booktitle = {Proceedings of the twenty-ninth annual ACM symposium on Theory of Computing (STOC {\textquoteright}97)}, title = {Computationally private information retrieval (extended abstract)}, year = {1997}, address = {El Paso, TX, United States}, organization = {ACM Press}, pages = {304{\textendash}313}, publisher = {ACM Press}, doi = {http://doi.acm.org/10.1145/258533.258609}, isbn = {0-89791-888-6}, keywords = {communication complexity, private information retrieval}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=258533.258609} }

[Ogata97faulttolerant] Fault Tolerant Anonymous Channel

Ogata, Wakaha, Kurosawa, Kaoru, Sako, Kazue, and Takatani, Kazunori

1997

@inbook{Ogata97faulttolerant,
  author = {Ogata, Wakaha and Kurosawa, Kaoru and Sako, Kazue and Takatani, Kazunori},
  pages = {440-444},
  publisher = {Springer Berlin / Heidelberg},
  title = {Fault Tolerant Anonymous Channel},
  year = {1997},
  series = {Lecture Notes in Computer Science},
  volume = {1334/1997},
  booktitle = {Information and Communications Security},
  organization = {Springer Berlin / Heidelberg},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.357\&rep=rep1\&type=url\&i=0}
}

[Luby:1997:PLC:258533.258573] Practical Loss-Resilient Codes

Luby, Michael, Mitzenmacher, Michael, Shokrollahi, M. Amin, Spielman, Daniel A., and Stemann, Volker

05/1997 1997

DOI Website abstract Bib

We present a randomized construction of linear-time encodable and decodable codes that can transmit over lossy channels at rates extremely close to capacity. The encoding and decoding algorithms for these codes have fast and simple software implementations. Partial implementations of our algorithms are faster by orders of magnitude than the best software implementations of any previous algorithm for this problem. We expect these codes will be extremely useful for applications such as real-time audio and video transmission over the Internet, where lossy channels are common and fast decoding is a requirement. Despite the simplicity of the algorithms, their design and analysis are mathematically intricate. The design requires the careful choice of a random irregular bipartite graph, where the structure of the irregular graph is extremely important. We model the progress of the decoding algorithm by a set of differential equations. The solution to these equations can then be expressed as polynomials in one variable with coefficients determined by the graph structure. Based on these polynomials, we design a graph structure that guarantees successful decoding with high probability.
@conference{Luby:1997:PLC:258533.258573, author = {Luby, Michael and Mitzenmacher, Michael and Shokrollahi, M. Amin and Spielman, Daniel A. and Stemann, Volker}, booktitle = {STOC 1997 - Proceedings of the 29th annual ACM symposium on Theory of computing}, title = {Practical Loss-Resilient Codes}, year = {1997}, address = {El Paso, Texas, USA}, month = {05/1997}, organization = {ACM}, pages = {150{\textendash}159}, publisher = {ACM}, series = {STOC {\textquoteright}97}, doi = {http://doi.acm.org/10.1145/258533.258573}, isbn = {0-89791-888-6}, keywords = {loss-resilient code}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/258533.258573} }

[Goldberg1997] Privacy-enhancing Technologies for the Internet

Goldberg, Ian, Wagner, David, and Brewer, Eric

02/1997 1997

@conference{Goldberg1997,
  author = {Goldberg, Ian and Wagner, David and Brewer, Eric},
  booktitle = {Compcon {\textquoteright}97. Proceedings, IEEE},
  title = {Privacy-enhancing Technologies for the Internet},
  year = {1997},
  address = {San Jose, CA, United States},
  month = {02/1997},
  organization = {IEEE Computer Society},
  publisher = {IEEE Computer Society},
  isbn = {0818678046},
  keywords = {Internet, privacy, privacy-enhancing technology},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.cs.berkeley.edu/~daw/papers/privacy-compcon97-www/privacy-html.html}
}

[Floyd1997] A Reliable Multicast Framework for Light-weight Sessions and Application Level Framing

Floyd, Sally, Jacobson, Van, Liu, Ching-Gung, McCanne, Steven, and Zhang, Lixia

IEEE/ACM Trans. Netw. 1997

DOI Website abstract Bib

This paper describes SRM (Scalable Reliable Multicast), a reliable multicast framework for light-weight sessions and application level framing. The algorithms of this framework are efficient, robust, and scale well to both very large networks and very large sessions. The SRM framework has been prototyped in wb, a distributed whiteboard application, which has been used on a global scale with sessions ranging from a few to a few hundred participants. The paper describes the principles that have guided the SRM design, including the IP multicast group delivery model, an end-to-end, receiver-based model of reliability, and the application level framing protocol model. As with unicast communications, the performance of a reliable multicast delivery algorithm depends on the underlying topology and operational environment. We investigate that dependence via analysis and simulation, and demonstrate an adaptive algorithm that uses the results of previous loss recovery events to adapt the control parameters used for future loss recovery. With the adaptive algorithm, our reliable multicast delivery algorithm provides good performance over a wide range of underlying topologies.
@article{Floyd1997, author = {Floyd, Sally and Jacobson, Van and Liu, Ching-Gung and McCanne, Steven and Zhang, Lixia}, journal = {IEEE/ACM Trans. Netw.}, title = {A Reliable Multicast Framework for Light-weight Sessions and Application Level Framing}, year = {1997}, issn = {1063-6692}, pages = {784{\textendash}803}, volume = {5}, doi = {10.1109/90.650139}, keywords = {computer network performance, computer networks, Internetworking}, owner = {tom}, timestamp = {2017-10-10}, url = {http://dx.doi.org/10.1109/90.650139} }
[rewebber] TAZ servers and the rewebber network: Enabling anonymous publishing on the world wide web

Goldberg, Ian, and Wagner, David

First Monday Aug 1997

DOI Website abstract Bib

The World Wide Web has recently matured enough to provide everyday users with an extremely cheap publishing mechanism. However, the current WWW architecture makes it fundamentally difficult to provide content without identifying yourself. We examine the problem of anonymous publication on the WWW, propose a design suitable for practical deployment, and describe our implementation. Some key features of our design include universal accessibility by pre-existing clients, short persistent names, security against social, legal, and political pressure, protection against abuse, and good performance.
@article{rewebber, author = {Goldberg, Ian and Wagner, David}, journal = {First Monday}, title = {TAZ servers and the rewebber network: Enabling anonymous publishing on the world wide web}, year = {1997}, month = aug, number = {4}, volume = {3}, doi = {10.1.1.41.4031}, keywords = {anonymous publishing}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.41.4031} }
[Hunt1996] An Empirical Study of Delta Algorithms

Hunt, James J., Vo, Kiem-Phong, and Tichy, Walter F.

1996

DOI Website abstract Bib

Delta algorithms compress data by encoding one file in terms of another. This type of compression is useful in a number of situations: storing multiple versions of data, distributing updates, storing backups, transmitting video sequences, and others. This paper studies the performance parameters of several delta algorithms, using a benchmark of over 1300 pairs of files taken from two successive releases of GNU software. Results indicate that modern delta compression algorithms based on Ziv-Lempel techniques significantly outperform diff, a popular but older delta compressor, in terms of compression ratio. The modern compressors also correlate better with the actual difference between files; one of them is even faster than diff in both compression and decompression speed.
@conference{Hunt1996, author = {Hunt, James J. and Vo, Kiem-Phong and Tichy, Walter F.}, booktitle = {ICSE {\textquoteright}96: Proceedings of the SCM-6 Workshop on System Configuration Management}, title = {An Empirical Study of Delta Algorithms}, year = {1996}, address = {London, UK}, organization = {Springer-Verlag}, pages = {49{\textendash}66}, publisher = {Springer-Verlag}, doi = {10.1007/BFb0023076}, isbn = {3-540-61964-X}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/584k258285p18x4g/} }
[1267576] Establishing identity without certification authorities

Ellison, Carl M.

1996

Website abstract Bib

this paper is that a traditional identity certificate is neither necessary nor sufficient for this purpose. It is especially useless if the two parties concerned did not have the foresight to obtain such certificates before desiring to open a secure channel. There are many methods for establishing identity without using certificates from trusted certification authorities. The relationship between verifier and subject guides the choice of method. Many of these relationships have easy, straight-forward methods for binding a public key to an identity, using a broadcast channel or 1:1 meetings, but one relationship makes it especially difficult. That relationship is one with an old friend with whom you had lost touch but who appears now to be available on the net. You make contact and share a few exchanges which suggest to you that this is, indeed, your old friend. Then you want to form a secure channel in order to carry on a more extensive conversation in private. This case is subject to the man-in-themiddle attack. For this case, a protocol is presented which binds a pair of identities to a pair of public keys without using any certificates issued by a trusted CA. The apparent direct conflict between conventional wisdom and the thesis of this paper lies in the definition of the word "identity" – a word which is commonly left undefined in discussions of certification.
@conference{1267576, author = {Ellison, Carl M.}, booktitle = {SSYM{\textquoteright}96: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography}, title = {Establishing identity without certification authorities}, year = {1996}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {7{\textendash}7}, publisher = {USENIX Association}, keywords = {certificate revocation, public key cryptography}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1267576$\#$} }
[Anderson96theeternity] The Eternity Service

Anderson, Ross

09/1996 1996

Website abstract Bib

The Internet was designed to provide a communications channel that is as resistant to denial of service attacks as human ingenuity can make it. In this note, we propose the construction of a storage medium with similar properties. The basic idea is to use redundancy and scattering techniques to replicate data across a large set of machines (such as the Internet), and add anonymity mechanisms to drive up the cost of selective service denial attacks. The detailed design of this service is an interesting scientific problem, and is not merely academic: the service may be vital in safeguarding individual rights against new threats posed by the spread of electronic publishing
@conference{Anderson96theeternity, author = {Anderson, Ross}, booktitle = {Pragocrypt{\textquoteright}96 - Proceedings of the 1st International Conference on the Theory and Applications of Crytology}, title = {The Eternity Service}, year = {1996}, address = {Prague, CZ}, month = {09/1996}, pages = {242{\textendash}252}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.16.1952\&rep=rep1\&type=pdf} }
[onion-routing:ih96] Hiding Routing Information

Goldschlag, David, Reed, Michael, and Syverson, Paul

May 1996

Website abstract Bib

Abstract. This paper describes an architecture, Onion Routing, that limits a network’s vulnerability to trac analysis. The architecture provides anonymous socket connections by means of proxy servers. It provides real-time, bi-directional, nonymous communication for any protocol that can be adapted to use a proxy service. Specically, the architecture provides for bi-directional communication even though no-one but the initiator’s proxy server knows anything but previous and next hops in the communication chain. This implies that neither the respondent nor his proxy server nor any external observer need know the identity of the initiator or his proxy server. A prototype of Onion Routing has been implemented. This prototype works with HTTP (World Wide Web) proxies. In addition, an analogous proxy for TELNET has been implemented. Proxies for FTP and SMTP are under development
@conference{onion-routing:ih96, author = {Goldschlag, David and Reed, Michael and Syverson, Paul}, booktitle = {Proceedings of Information Hiding: First International Workshop}, title = {Hiding Routing Information}, year = {1996}, editor = {Anderson, Ross}, month = may, organization = {Springer-Verlag, LNCS 1174}, pages = {137{\textendash}150}, publisher = {Springer-Verlag, LNCS 1174}, isbn = {3-540-61996-8}, keywords = {communication chain, onion routing, traffic analysis}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=731526} }

[Fargier:1996:MCS:1892875.1892901] Mixed constraint satisfaction: a framework for decision problems under incomplete knowledge

Fargier, Hélène, Lang, Jérôme, and Schiex, Thomas

08/1996 1996

Constraint satisfaction is a powerful tool for representing and solving decision problems with complete knowledge about the world. We extend the CSP framework so as to represent decision problems under incomplete knowledge. The basis of the extension consists in a distinction between controllable and uncontrollable variables – hence the terminology "mixed CSP" – and a "solution" gives actually a conditional decision. We study the complexity of deciding the consistency of a mixed CSP. As the problem is generally intractable, we propose an algorithm for finding an approximate solution.

@conference{Fargier:1996:MCS:1892875.1892901,
  author = {Fargier, H{\'e}l{\`e}ne and Lang, J{\'e}r{\^o}me and Schiex, Thomas},
  booktitle = {AAAI{\textquoteright}96 - Proceedings of the 13th National Conference on Artificial Intelligence},
  title = {Mixed constraint satisfaction: a framework for decision problems under incomplete knowledge},
  year = {1996},
  address = {Portland, OR, United States},
  month = {08/1996},
  organization = {AAAI Press},
  pages = {175{\textendash}180},
  publisher = {AAAI Press},
  series = {AAAI{\textquoteright}96},
  isbn = {0-262-51091-X},
  keywords = {algorithms, constraint satisfaction, decision problem, framework, imcomplete knowledge, mixed CSP},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=1892875.1892901}
}

[Gulcu96mixingemail] Mixing email with babel

Gulcu, Ceki, and Tsudik, Gene

1996

Website abstract Bib

Increasingly large numbers of people communicate today via electronic means such as email or news forums. One of the basic properties of the current electronic communication means is the identification of the end-points. However, at times it is desirable or even critical to hide the identity and/or whereabouts of the end-points (e.g., human users) involved. This paper discusses the goals and desired properties of anonymous email in general and introduces the design and salient features of Babel anonymous remailer. Babel allows email users to converse electronically while remaining anonymous with respect to each other and to other– even hostile–parties. A range of attacks and corresponding countermeasures is considered. An attempt is made to formalize and quantify certain dimensions of anonymity and untraceable communication.
@conference{Gulcu96mixingemail, author = {Gulcu, Ceki and Tsudik, Gene}, booktitle = {Symposium on Network and Distributed System Security}, title = {Mixing email with babel}, year = {1996}, pages = {2{\textendash}16}, owner = {tom}, timestamp = {2017-10-10}, url = {http://eprints.kfupm.edu.sa/50994/1/50994.pdf} }
[remailer-history] Prospects for Remailers

Parekh, Sameer

First Monday Aug 1996

Website abstract Bib

Remailers have permitted Internet users to take advantage of the medium as a means to communicate with others globally on sensitive issues while maintaining a high degree of privacy. Recent events have clearly indicated that privacy is increasingly at risk on the global networks. Individual efforts have, so far, worked well in maintaining for most Internet users a modicum of anonymity. With the growth of increasingly sophisticated techniques to defeat anonymity, there will be a need for both standards and policies to continue to make privacy on the Internet a priority.
@article{remailer-history, author = {Parekh, Sameer}, journal = {First Monday}, title = {Prospects for Remailers}, year = {1996}, month = aug, number = {2}, volume = {1}, owner = {tom}, timestamp = {2017-10-10}, url = {http://131.193.153.231/www/issues/issue2/remailers/index.html} }
[Stemm96reducingpower] Reducing Power Consumption of Network Interfaces in Hand-Held Devices (Extended Abstract)

Stemm, Mark, Gauthier, Paul, Harada, Daishi, and Katz, Randy H.

1996

Website abstract Bib

An important issue to be addressed for the next generation of wirelessly-connected hand-held devices is battery longevity. In this paper we examine this issue from the point of view of the Network Interface (NI). In particular, we measure the power usage of two PDAs, the Apple Newton Messagepad and Sony Magic Link, and four NIs, the Metricom Ricochet Wireless Modem, the AT&T Wavelan operating at 915 MHz and 2.4 GHz, and the IBM Infrared Wireless LAN Adapter. These measurements clearly indicate that the power drained by the network interface constitutes a large fraction of the total power used by the PDA. We also conduct trace-driven simulation experiments and show that by using applicationspecific policies it is possible to ...
@booklet{Stemm96reducingpower, title = {Reducing Power Consumption of Network Interfaces in Hand-Held Devices (Extended Abstract)}, author = {Stemm, Mark and Gauthier, Paul and Harada, Daishi and Katz, Randy H.}, year = {1996}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.39.8384} }
[672869] Balanced Distributed Search Trees Do Not Exist

Kröll, Brigitte, and Widmayer, Peter

1995

Website abstract Bib

This paper is a first step towards an understanding of the inherent limitations of distributed data structures. We propose a model of distributed search trees that is based on few natural assumptions. We prove that any class of trees within our model satisfies a lower bound of ΩΓp m) on the worst case height of distributed search trees for m keys. That is, unlike in the single site case, balance in the sense that the tree height satisfies a logarithmic upper bound cannot be achieved. This is true although each node is allowed to have arbitrary degree (note that in this case, the height of a single site search tree is trivially bounded by one). By proposing a method that generates trees of height O( p m), we show the bound to be tight. 1 Introduction Distributed data structures have attracted considerable attention in the past few years. From a practical viewpoint, this is due to the increasing availability of networks of workstations.
@conference{672869, author = {Kr{\"o}ll, Brigitte and Widmayer, Peter}, booktitle = {WADS {\textquoteright}95: Proceedings of the 4th International Workshop on Algorithms and Data Structures}, title = {Balanced Distributed Search Trees Do Not Exist}, year = {1995}, address = {London, UK}, organization = {Springer-Verlag}, pages = {50{\textendash}61}, publisher = {Springer-Verlag}, isbn = {3-540-60220-8}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.34.4081} }

[224068] Exploiting weak connectivity for mobile file access

Mummert, Lily B., Ebling, Maria, and Satyanarayanan, Mahadev

SIGOPS Oper. Syst. Rev. 1995

@article{224068,
  author = {Mummert, Lily B. and Ebling, Maria and Satyanarayanan, Mahadev},
  journal = {SIGOPS Oper. Syst. Rev.},
  title = {Exploiting weak connectivity for mobile file access},
  year = {1995},
  issn = {0163-5980},
  number = {5},
  pages = {143{\textendash}155},
  volume = {29},
  address = {New York, NY, USA},
  doi = {10.1145/224057.224068},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=224068$\#$}
}

[Ramanathan95thefinal] The final frontier: Embedding networked sensors in the soil

Ramanathan, Nithya, Schoellhammer, Tom, Estrin, Deborah, Hansen, Mark, Harmon, Tom, Kohler, Eddie, and Srivastava, Mani

1995

Website abstract Bib

This paper presents the first systematic design of a robust sensing system suited for the challenges presented by soil environments. We describe three soil deployments we have undertaken: in Bangladesh, and in California at the James Reserve and in the San Joaquin River basin. We discuss our experiences and lessons learned in deploying soil sensors. We present data from each deployment and evaluate our techniques for improving the information yield from these systems. Our most notable results include the following: in-situ calibration techniques to postpone labor-intensive and soil disruptive calibration events developed at the James Reserve; achieving a 91 % network yield from a Mica2 wireless sensing system without end-to-end reliability in Bangladesh; and the javelin, a new platform that facilitates the deployment, replacement and in-situ calibration of soil sensors, deployed in the San Joaquin River basin. Our techniques to increase information yield have already led to scientifically promising results, including previously unexpected diurnal cycles in various soil chemistry parameters across several deployments.
@booklet{Ramanathan95thefinal, title = {The final frontier: Embedding networked sensors in the soil}, author = {Ramanathan, Nithya and Schoellhammer, Tom and Estrin, Deborah and Hansen, Mark and Harmon, Tom and Kohler, Eddie and Srivastava, Mani}, year = {1995}, keywords = {sensor networks, wireless sensor network}, owner = {tom}, publisher = {Lecture Notes in Computer Science}, timestamp = {2021-01-27}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.120.7766} }
[cooper] Preserving Privacy in a Network of Mobile Computers

Cooper, David A., and Birman, Kenneth P.

05/1995 1995

Website abstract Bib

Even as wireless networks create the potential for access to information from mobile platforms, they pose a problem for privacy. In order to retrieve messages, users must periodically poll the network. The information that the user must give to the network could potentially be used to track that user. However, the movements of the user can also be used to hide the user’s location if the protocols for sending and retrieving messages are carefully designed. We have developed a replicated memory service which allows users to read from memory without revealing which memory locations they are reading. Unlike previous protocols, our protocol is efficient in its use of computation and bandwidth. We show how this protocol can be used in conjunction with existing privacy preserving protocols to allow a user of a mobile computer to maintain privacy despite active attacks.
@conference{cooper, author = {Cooper, David A. and Birman, Kenneth P.}, booktitle = {Proceedings of the 1995 IEEE Symposium on Security and Privacy}, title = {Preserving Privacy in a Network of Mobile Computers}, year = {1995}, month = {05/1995}, organization = {IEEE Computer Society}, publisher = {IEEE Computer Society}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=882491.884247} }
[pir] Private Information Retrieval

Chor, Benny, Goldreich, Oded, Kushilevitz, Eyal, and Sudan, Madhu

1995

DOI Website abstract Bib

Publicly accessible databases are an indispensable resource for retrieving up-to-date information. But they also pose a significant risk to the privacy of the user, since a curious database operator can follow the user’s queries and infer what the user is after. Indeed, in cases where the users’ intentions are to be kept secret, users are often cautious about accessing the database. It can be shown that when accessing a single database, to completely guarantee the privacy of the user, the whole database should be down-loaded; namely n bits should be communicated (where n is the number of bits in the database).In this work, we investigate whether by replicating the database, more efficient solutions to the private retrieval problem can be obtained. We describe schemes that enable a user to access k replicated copies of a database (k>=2) and privately retrieve information stored in the database. This means that each individual server (holding a replicated copy of the database) gets no information on the identity of the item retrieved by the user. Our schemes use the replication to gain substantial saving. In particular, we present a two-server scheme with communication complexity O(n1/3).
@conference{pir, author = {Chor, Benny and Goldreich, Oded and Kushilevitz, Eyal and Sudan, Madhu}, booktitle = {Proceedings of the IEEE Symposium on Foundations of Computer Science}, title = {Private Information Retrieval}, year = {1995}, organization = {ACM New York, NY, USA}, pages = {41{\textendash}50}, publisher = {ACM New York, NY, USA}, doi = {http://doi.acm.org/10.1145/293347.293350}, owner = {tom}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=293347.293350} }
[SK] Receipt-Free MIX-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth

Kilian, Joe, and Sako, Kazue

1995

DOI Website abstract Bib

We present a receipt-free voting scheme based on a mix- type anonymous channel [Cha81, PIK93]. The receipt-freeness property [BT94] enables voters to hide how they have voted even from a powerful adversary who is trying to coerce him. The work of [BT94] gave the first solution using a voting booth, which is a hardware assumption not unlike that in current physical elections. In our proposed scheme, we reduce the physical assumptions required to obtain receipt-freeness. Our sole physical assumption is the existence of a private channel through which the center can send the voter a message without fear of eavesdropping.
@conference{SK, author = {Kilian, Joe and Sako, Kazue}, booktitle = {Proceedings of EUROCRYPT 1995}, title = {Receipt-Free MIX-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth}, year = {1995}, organization = {Springer-Verlag}, publisher = {Springer-Verlag}, doi = {10.1007/3-540-49264-X}, isbn = {978-3-540-59409-3}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.springerlink.com/content/jhf7ccxn2fj2gfum/} }
[Demers94thebayou] The Bayou Architecture: Support for Data Sharing among Mobile Users

Demers, Alan, Petersen, Karin, Spreitzer, Mike, Terry, Douglas, Theimer, Marvin, and Welch, Brent

1994

DOI Website abstract Bib

The Bayou System is a platform of replicated, highly-available, variable-consistency, mobile databases on which to build collaborative applications. This paper presents the preliminary system architecture along with the design goals that influenced it. We take a fresh, bottom-up and critical look at the requirements of mobile computing applications and carefully pull together both new and existing techniques into an overall architecture that meets these requirements. Our emphasis is on supporting application-specific conflict detection and resolution and on providing application controlled inconsistency.
@booklet{Demers94thebayou, title = {The Bayou Architecture: Support for Data Sharing among Mobile Users}, author = {Demers, Alan and Petersen, Karin and Spreitzer, Mike and Terry, Douglas and Theimer, Marvin and Welch, Brent}, year = {1994}, doi = {10.1109/WMCSA.1994.37}, keywords = {reliability, reputation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1440028} }
[1267093] File system design for an NFS file server appliance

Hitz, Dave, Lau, James, and Malcolm, Michael

1994

Website abstract Bib

Network Appliance Corporation recently began shipping a new kind of network server called an NFS file server appliance, which is a dedicated server whose sole function is to provide NFS file service. The file system requirements for an NFS appliance are different from those for a general-purpose UNIX system, both because an NFS appliance must be optimized for network file access and because an appliance must be easy to use. This paper describes WAFL (Write Anywhere File Layout), which is a file system designed specifically to work in an NFS appliance. The primary focus is on the algorithms and data structures that WAFL uses to implement Snapshotst, which are read-only clones of the active file system. WAFL uses a copy-on-write technique to minimize the disk space that Snapshots consume. This paper also describes how WAFL uses Snapshots to eliminate the need for file system consistency checking after an unclean shutdown.
@conference{1267093, author = {Hitz, Dave and Lau, James and Malcolm, Michael}, booktitle = {WTEC{\textquoteright}94: Proceedings of the USENIX Winter 1994 Technical Conference on USENIX Winter 1994 Technical Conference}, title = {File system design for an NFS file server appliance}, year = {1994}, address = {Berkeley, CA, USA}, organization = {USENIX Association}, pages = {19{\textendash}19}, publisher = {USENIX Association}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=1267093$\#$} }
[Manber94findingsimilar] Finding Similar Files in a Large File System

Manber, Udi

1994

Website abstract Bib

We present a tool, called sif, for finding all similar files in a large file system. Files are considered similar if they have significant number of common pieces, even if they are very different otherwise. For example, one file may be contained, possibly with some changes, in another file, or a file may be a reorganization of another file. The running time for finding all groups of similar files, even for as little as 25% similarity, is on the order of 500MB to 1GB an hour. The amount of similarity and several other customized parameters can be determined by the user at a post-processing stage, which is very fast. Sif can also be used to very quickly identify all similar files to a query file using a preprocessed index. Application of sif can be found in file management, information collecting (to remove duplicates), program reuse, file synchronization, data compression, and maybe even plagiarism detection. 1. Introduction Our goal is to identify files that came from the same source
@conference{Manber94findingsimilar, author = {Manber, Udi}, booktitle = {USENIX WINTER 1994 TECHNICAL CONFERENCE}, title = {Finding Similar Files in a Large File System}, year = {1994}, pages = {1{\textendash}10}, owner = {tom}, timestamp = {2021-01-27}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.12.3222} }
[898770] Libckpt: Transparent Checkpointing under Unix

Plank, James S., Beck, Micah, Kingsley, Gerry, and Li, Kai

1994

Website abstract Bib

Checkpointing is a simple technique for rollback recovery: the state of an executing program is periodically saved to a disk file from which it can be recovered after a failure. While recent research has developed a collection of powerful techniques for minimizing the overhead of writing checkpoint files, checkpointing remains unavailable to most application developers. In this paper we describe libckpt, a portable checkpointing tool for Unix that implements all applicable performance optimizations which are reported in the literature. While libckpt can be used in a mode which is almost totally transparent to the programmer, it also supports the incorporation of user directives into the creation of checkpoints. This user-directed checkpointing is an innovation which is unique to our work. 1 Introduction Consider a programmer who has developed an application which will take a long time to execute, say five days. Two days into the computation, the processor on which the application is...
@booklet{898770, title = {Libckpt: Transparent Checkpointing under Unix}, address = {Knoxville, TN, USA}, author = {Plank, James S. and Beck, Micah and Kingsley, Gerry and Li, Kai}, year = {1994}, keywords = {checkpointing, performance analysis}, owner = {tom}, publisher = {University of Tennessee}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=898770$\#$} }
[Gode1993] Allocative Efficiency of Markets with Zero-Intelligence Traders: Market as a Partial Substitute for Individual Rationality

Gode, Dhananjay K., and Sunder, Shyam

Journal of Political Economy 02/1993 1993

Website abstract Bib

We report market experiments in which human traders are replaced by "zero-intelligence" programs that submit random bids and offers. Imposing a budget constraint (i.e., not permitting traders to sell below their costs or buy above their values) is sufficient to raise the allocative efficiency of these auctions close to 100 percent. Allocative efficiency of a double auction derives largely from its structure, independent of traders’ motivation, intelligence, or learning. Adam Smith’s invisible hand may be more powerful than some may have thought; it can generate aggregate rationality not only from individual rationality but also from individual irrationality.
@article{Gode1993, author = {Gode, Dhananjay K. and Sunder, Shyam}, journal = {Journal of Political Economy}, title = {Allocative Efficiency of Markets with Zero-Intelligence Traders: Market as a Partial Substitute for Individual Rationality}, year = {1993}, month = {02/1993}, pages = {119-137}, volume = {101}, keywords = {allocative efficiency, double auction, market, zero-intelligence trader}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.jstor.org/stable/2138676} }

[rackoff93cryptographic] Cryptographic Defense Against Traffic Analysis

Rackoff, Charles, and Simon, Daniel R.

1993

@conference{rackoff93cryptographic,
  author = {Rackoff, Charles and Simon, Daniel R.},
  booktitle = {Proceedings of ACM Symposium on Theory of Computing},
  title = {Cryptographic Defense Against Traffic Analysis},
  year = {1993},
  address = {San Diego, California, United States},
  organization = {ACM New York, NY, USA},
  pages = {672{\textendash}681},
  publisher = {ACM New York, NY, USA},
  doi = {http://doi.acm.org/10.1145/167088.167260},
  isbn = {0-89791-591-7},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=167088.167260}
}

[PIK] Efficient anonymous channel and all/nothing election scheme

Park, Choonsik, Itoh, Kazutomo, and Kurosawa, Kaoru

1993

Website abstract Bib

The contribution of this paper are twofold. First, we present an efficient computationally secure anonymous channel which has no problme of ciphertext length expansion. The length is irrelevant to the number of MIXes(control centers). It improves the efficiency of Chaums’s election scheme based on the MIX net automatically. Second, we show an election scheme which satisfies fairness. That is, if some vote is disrupted, no one obtains any infromation about all the other votes. Each voter sends O(nk) bits so that the probability of the fairness is 1-2^-k, where n is the bit length of the ciphertext.
@conference{PIK, author = {Park, Choonsik and Itoh, Kazutomo and Kurosawa, Kaoru}, booktitle = {Proceedings of EUROCRYPT 1993}, title = {Efficient anonymous channel and all/nothing election scheme}, year = {1993}, address = {Lofthus, Norway}, organization = {Springer-Verlag, LNCS 765}, pages = {248{\textendash}259}, publisher = {Springer-Verlag, LNCS 765}, isbn = {3-540-57600-2}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=188307.188351} }
[Menezes1993] Elliptic Curve Public Key Cryptosystems

Menezes, Alfred J.

1993

Website abstract Bib

Elliptic curves have been intensively studied in algebraic geometry and number theory. In recent years they have been used in devising efficient algorithms for factoring integers and primality proving, and in the construction of public key cryptosystems. Elliptic Curve Public Key Cryptosystems provides an up-to-date and self-contained treatment of elliptic curve-based public key cryptology. Elliptic curve cryptosystems potentially provide equivalent security to the existing public key schemes, but with shorter key lengths. Having short key lengths means smaller bandwidth and memory requirements and can be a crucial factor in some applications, for example the design of smart card systems. The book examines various issues which arise in the secure and efficient implementation of elliptic curve systems. Elliptic Curve Public Key Cryptosystems is a valuable reference resource for researchers in academia, government and industry who are concerned with issues of data security. Because of the comprehensive treatment, the book is also suitable for use as a text for advanced courses on the subject.
@book{Menezes1993, author = {Menezes, Alfred J.}, publisher = {Springer}, title = {Elliptic Curve Public Key Cryptosystems}, year = {1993}, isbn = {978-0-7923-9368-9}, series = {The Springer International Series in Engineering and Computer Science}, volume = {234}, keywords = {algebraic geometry, elliptic curve cryptography, number theory, public key cryptosystem}, organization = {Springer}, owner = {tom}, pages = {144}, timestamp = {2017-10-10}, url = {http://books.google.com/books/about/Elliptic_curve_public_key_cryptosystems.html?id=bIb54ShKS68C} }
[Liedtke93apersistent] A Persistent System in Real Use - Experiences of the First 13 Years

Liedtke, Jochen

1993

Website abstract Bib

Eumel and its advanced successor L3 are operating systems built by GMD which have been used, for 13 years and 4 years respectively, as production systems in business and education. More than 2000 Eumel systems and 500 L3 systems have been shipped since 1979 and 1988. Both systems rely heavily on the paradigm of persistence (including fault-surviving persistence). Both data and processes, in principle all objects are persistent, files are implemented by means of persistent objects (not vice versa) etc. In addition to the principles and mechanisms of Eumel /L3, general and specific experiences are described: these relate to the design, implementation and maintenance of the systems over the last 13 years. For general purpose timesharing systems the idea is powerful and elegant, it can be efficiently implemented, but making a system really usable is hard work.
@booklet{Liedtke93apersistent, title = {A Persistent System in Real Use - Experiences of the First 13 Years}, author = {Liedtke, Jochen}, year = {1993}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.53.7112} }
[1993] SURF-2: A program for dependability evaluation of complex hardware and software systems

1993

DOI Website abstract Bib

SURF-2, a software tool for evaluating system dependability, is described. It is especially designed for an evaluation-based system design approach in which multiple design solutions need to be compared from the dependability viewpoint. System behavior may be modeled either by Markov chains or by generalized stochastic Petri nets. The tool supports the evaluation of different measures of dependability, including pointwise measures, asymptotic measures, mean sojourn times and, by superposing a reward structure on the behavior model, reward measures such as expected performance or cost
@conference{1993, title = {SURF-2: A program for dependability evaluation of complex hardware and software systems}, year = {1993}, doi = {10.1109/FTCS.1993.627372}, isbn = {0-8186-3680-7}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.pubzone.org/dblp/conf/ftcs/BeoumesKALAMBS93} }

[DBLP:conf/eurocrypt/ChaumP92] Transferred Cash Grows in Size

Chaum, David, and Pedersen, Torben P.

05/1992 1992

All known methods for transferring electronic money have the disadvantages that the number of bits needed to represent the money after each payment increases, and that a payer can recognize his money if he sees it later in the chain of payments (forward traceability). This paper shows that it is impossible to construct an electronic money system providing transferability without the property that the money grows when transferred. Furthermore it is argued that an unlimited powerful user can always recognize his money later. Finally, the lower bounds on the size of transferred electronic money are discussed in terms of secret sharing schemes.

@conference{DBLP:conf/eurocrypt/ChaumP92,
  author = {Chaum, David and Pedersen, Torben P.},
  booktitle = {EUROCRYPT{\textquoteright}92 Workshop on the Theory and Application of of Cryptographic Techniques},
  title = {Transferred Cash Grows in Size},
  year = {1992},
  address = {Balatonf{\"u}red, Hungary},
  month = {05/1992},
  organization = {Springer},
  pages = {390-407},
  publisher = {Springer},
  series = {Lecture Notes in Computer Science},
  volume = {658},
  doi = {10.1007/3-540-47555-9_32},
  isbn = {3-540-56413-6},
  keywords = {electronic money, forward traceability, secret shraing, transfer},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {10.1007/3-540-47555-9_32}
}

[Yokoo91distributedconstraint] Distributed Constraint Optimization as a Formal Model of Partially Adversarial Cooperation

Yokoo, Makoto, and Durfee, Edmund H.

1991

abstract Bib

In this paper, we argue that partially adversarial and partially cooperative (PARC) problems in distributed articial intelligence can be mapped into a formalism called distributed constraint optimization problems (DCOPs), which generalize distributed constraint satisfaction problems [Yokoo, et al. 90] by introducing weak constraints (preferences). We discuss several solution criteria for DCOP and clarify the relation between these criteria and dierent levels of agent rationality [Rosenschein and Genesereth 85], and show the algorithms for solving DCOPs in which agents incrementally exchange only necessary information to converge on a mutually satisable bsolution.
@article{Yokoo91distributedconstraint, author = {Yokoo, Makoto and Durfee, Edmund H.}, title = {Distributed Constraint Optimization as a Formal Model of Partially Adversarial Cooperation}, year = {1991}, number = {CSE-TR-101-9}, address = {Ann Arbor, MI, United States}, institution = {University of Michigan}, keywords = {artificial intelligence, DCOP, PARC, partially adversial cooperation}, owner = {tom}, timestamp = {2021-01-27}, type = {Tech report} }
[Deswarte91intrusiontolerance] Intrusion Tolerance in Distributed Computing Systems

Deswarte, Yves, Blain, Laurent, and Fabre, Jean-charles

1991

Website abstract Bib

An intrusion-tolerant distributed system is a system which is designed so that any intrusion into apart of the system will not endanger confidentiality, integrity and availability. This approach is suitable for distributed systems, because distribution enables isolation of elements so that an intrusion gives physical access to only a part of the system. By intrusion, we mean not only computer break-ins by non-registered people, but also attempts by registered users to exceed or to abuse their privileges. In particular, possible malice of security administrators is taken into account. This paper describes how some functions of distributed systems can be designed to tolerate intrusions, in particular security functions such as user authentication and authorization, and application functions such as file management.
@conference{Deswarte91intrusiontolerance, author = {Deswarte, Yves and Blain, Laurent and Fabre, Jean-charles}, booktitle = {In Proceedings of the IEEE Symposium on Research in Security and Privacy}, title = {Intrusion Tolerance in Distributed Computing Systems}, year = {1991}, pages = {110{\textendash}121}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.56.9968} }
[ISDN-mixes] ISDN-mixes: Untraceable communication with very small bandwidth overhead

Pfitzmann, Andreas, Pfitzmann, Birgit, and Waidner, Michael

02/1991 1991

Website abstract Bib

Untraceable communication for services like telephony is often considered infeasible in the near future because of bandwidth limitations. We present a technique, called ISDN-MIXes, which shows that this is not the case. As little changes as possible are made to the narrowband-ISDN planned by the PTTs. In particular, we assume the same subscriber lines with the same bit rate, and the same long-distance network between local exchanges, and we offer the same services. ISDN-MIXes are a combination of a new variant of CHAUM’s MIXes, dummy traffic on the subscriber lines (where this needs no additional bandwidth), and broadcast of incoming-call messages in the subscriber-area.
@conference{ISDN-mixes, author = {Pfitzmann, Andreas and Pfitzmann, Birgit and Waidner, Michael}, booktitle = {Proceedings of the GI/ITG Conference on Communication in Distributed Systems}, title = {ISDN-mixes: Untraceable communication with very small bandwidth overhead}, year = {1991}, month = {02/1991}, organization = {Springer-Verlag London, UK}, pages = {451{\textendash}463}, publisher = {Springer-Verlag London, UK}, isbn = {3-540-53721-X}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=645662.664536} }
[Waidner:1990:DCD:111563.111630] The dining cryptographers in the disco: unconditional sender and recipient untraceability with computationally secure serviceability

Waidner, Michael, and Pfitzmann, Birgit

04/1989 1990

Website abstract Bib

In Journal of Cryptology 1/1 (1988) 65-75 (= [Chau_88]), David Chaum describes a beautiful technique, the DC-net, which should allow participants to send and receive messages anonymously in an arbitrary network. The untraceability of the senders is proved to be unconditional, but that of the recipients implicitly assumes a reliable broadcast network. This assumption is unrealistic in some networks, but it can be removed completely by using the fail-stop key generation schemes by Waidner (these proceedings, =[Waid_89]). In both cases, however, each participant can untraceably and permanently disrupt the entireDC-net. We present a protocol which guarantees unconditional untraceability, the original goal of the DC-net, onthe inseparability assumption (i.e. the attacker must be unable to prevent honest participants fromcommunicating, which is considerably less than reliable broadcast), and computationally secureserviceability: Computationally restricted disrupters can be identified and removed from the DC-net. On the one hand, our solution is based on the lovely idea by David Chaum [Chau_88 \textsection 2.5] of setting traps for disrupters. He suggests a scheme to guarantee unconditional untraceability and computationally secure serviceability, too, but on the reliable broadcast assumption. The same scheme seems to be used by Bos and den Boer (these proceedings, = [BoBo_89]). We show that this scheme needs some changes and refinements before being secure, even on the reliable broadcast assumption. On the other hand, our solution is based on the idea of digital signatures whose forgery by an unexpectedly powerful attacker is provable, which might be of independent interest. We propose such a (one-time) signature scheme based on claw-free permutation pairs; the forgery of signatures is equivalent to finding claws, thus in a special case to the factoring problem. In particular, with such signatures we can, for the first time, realize fail-stop Byzantine Agreement, and also adaptive Byzantine Agreement, i.e. Byzantine Agreement which can only be disrupted by an attacker who controls at least a third of all participants and who can forge signatures. We also sketch applications of these signatures to a payment system, solving disputes about shared secrets, and signatures which cannot be shown round.
@conference{Waidner:1990:DCD:111563.111630, author = {Waidner, Michael and Pfitzmann, Birgit}, booktitle = {EUROCRYPT{\textquoteright}89 - Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology}, title = {The dining cryptographers in the disco: unconditional sender and recipient untraceability with computationally secure serviceability}, year = {1990}, address = {Houthalen, Belgium}, month = {04/1989}, organization = {Springer-Verlag New York, Inc.}, pages = {690{\textendash}}, publisher = {Springer-Verlag New York, Inc.}, series = {EUROCRYPT {\textquoteright}89}, isbn = {3-540-53433-4}, keywords = {anonymity, arbitrary network, cryptology, DC-net}, owner = {tom}, timestamp = {2021-01-27}, url = {http://dl.acm.org/citation.cfm?id=111563.111630} }

[78977] Skip lists: a probabilistic alternative to balanced trees

Pugh, William

Commun. ACM 1990

@article{78977,
  author = {Pugh, William},
  journal = {Commun. ACM},
  title = {Skip lists: a probabilistic alternative to balanced trees},
  year = {1990},
  issn = {0001-0782},
  number = {6},
  pages = {668{\textendash}676},
  volume = {33},
  address = {New York, NY, USA},
  doi = {10.1145/78973.78977},
  keywords = {data structures, search},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=78977$\#$}
}

[Ben-Or1988] Completeness Theorems for Non-cryptographic Fault-tolerant Distributed Computation

Ben-Or, Michael, Goldwasser, Shafi, and Wigderson, Avi

1988

Every function of n inputs can be efficiently computed by a complete network of n processors in such a way that: If no faults occur, no set of size t < n/2 of players gets any additional information (other than the function value), Even if Byzantine faults are allowed, no set of size t < n/3 can either disrupt the computation or get additional information. Furthermore, the above bounds on t are tight!

@conference{Ben-Or1988,
  author = {Ben-Or, Michael and Goldwasser, Shafi and Wigderson, Avi},
  booktitle = {Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing},
  title = {Completeness Theorems for Non-cryptographic Fault-tolerant Distributed Computation},
  year = {1988},
  address = {New York, NY, USA},
  organization = {ACM},
  publisher = {ACM},
  doi = {10.1145/62212.62213},
  isbn = {0-89791-264-0},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/62212.62213}
}

[chaum-dc] The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability

Chaum, David

Journal of Cryptology 1988

Website abstract Bib

Keeping confidential who sends which messages, in a world where any physical transmission can be traced to its origin, seems impossible. The solution presented here is unconditionally or cryptographically secure, depending on whether it is based on one-time-use keys or on public keys, respectively. It can be adapted to address efficiently a wide variety of practical considerations.
@article{chaum-dc, author = {Chaum, David}, journal = {Journal of Cryptology}, title = {The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability}, year = {1988}, issn = {0933-2790}, pages = {65{\textendash}75}, volume = {1}, keywords = {pseudonym, unconditional security, untraceability}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=54239} }
[Kilian1988] Founding Crytpography on Oblivious Transfer

Kilian, Joe

1988

DOI Website abstract Bib

Suppose your netmail is being erratically censored by Captain Yossarian. Whenever you send a message, he censors each bit of the message with probability 1/2, replacing each censored bit by some reserved character. Well versed in such concepts as redundancy, this is no real problem to you. The question is, can it actually be turned around and used to your advantage? We answer this question strongly in the affirmative. We show that this protocol, more commonly known as oblivious transfer, can be used to simulate a more sophisticated protocol, known as oblivious circuit evaluation([Y]). We also show that with such a communication channel, one can have completely noninteractive zero-knowledge proofs of statements in NP. These results do not use any complexity-theoretic assumptions. We can show that they have applications to a variety of models in which oblivious transfer can be done.
@conference{Kilian1988, author = {Kilian, Joe}, booktitle = {Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing}, title = {Founding Crytpography on Oblivious Transfer}, year = {1988}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/62212.62215}, isbn = {0-89791-264-0}, keywords = {oblivious circuits}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/62212.62215} }
[1987] How to Play ANY Mental Game or A Completeness Theorem for Protocols with Honest Majority

Goldreich, O., Micali, S., and Wigderson, A.

1987

DOI Website abstract Bib

We present a polynomial-time algorithm that, given as a input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no partial information, provided the majority of the players is honest. Our algorithm automatically solves all the multi-party protocol problems addressed in complexity-based cryptography during the last 10 years. It actually is a completeness theorem for the class of distributed protocols with honest majority. Such completeness theorem is optimal in the sense that, if the majority of the players is not honest, some protocol problems have no efficient solution [C].
@conference{1987, author = {Goldreich, O. and Micali, S. and Wigderson, A.}, booktitle = {Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing}, title = {How to Play ANY Mental Game or A Completeness Theorem for Protocols with Honest Majority}, year = {1987}, address = {New York, NY, USA}, organization = {ACM}, publisher = {ACM}, doi = {10.1145/28395.28420}, isbn = {0-89791-221-7}, owner = {tom}, timestamp = {2017-10-10}, url = {http://doi.acm.org/10.1145/28395.28420} }
[37517] A simple and efficient implementation of a small database

Birrell, Andrew D., Jones, Michael B., and Wobber, Edward P.

SIGOPS Oper. Syst. Rev. 1987

DOI Website abstract Bib

This paper describes a technique for implementing the sort of small databases that frequently occur in the design of operating systems and distributed systems. We take advantage of the existence of very large virtual memories, and quite large real memories, to make the technique feasible. We maintain the database as a strongly typed data structure in virtual memory, record updates incrementally on disk in a log and occasionally make a checkpoint of the entire database. We recover from crashes by restoring the database from an old checkpoint then replaying the log. We use existing packages to convert between strongly typed data objects and their disk representations, and to communicate strongly typed data across the network (using remote procedure calls). Our memory is managed entirely by a general purpose allocator and garbage collector. This scheme has been used to implement a name server for a distributed system. The resulting implementation has the desirable property of being simultaneously simple, efficient and reliable.
@article{37517, author = {Birrell, Andrew D. and Jones, Michael B. and Wobber, Edward P.}, journal = {SIGOPS Oper. Syst. Rev.}, title = {A simple and efficient implementation of a small database}, year = {1987}, issn = {0163-5980}, number = {5}, pages = {149{\textendash}154}, volume = {21}, address = {New York, NY, USA}, doi = {10.1145/37499.37517}, owner = {tom}, publisher = {ACM}, timestamp = {2021-01-27}, url = {http://portal.acm.org/citation.cfm?id=37499.37517$\#$} }

[Stumm:1987:SDR:55482.55508] Strategies for decentralized resource management

Stumm, Michael

08/1987 1987

Decentralized resource management in distributed systems has become more practical with the availability of communication facilities that support multicasting. In this paper we present several example solutions for managing resources in a decentralized fashion, using multicasting facilities. We review the properties of these solutions in terms of scalability, fault tolerance and efficiency. We conclude that decentralized solutions compare favorably to centralized solutions with respect to all three criteria.

@conference{Stumm:1987:SDR:55482.55508,
  author = {Stumm, Michael},
  booktitle = {SIGCOMM{\textquoteright}87. Proceedings of the ACM Workshop on Frontiers in Computer Communications Technology},
  title = {Strategies for decentralized resource management},
  year = {1987},
  address = {Stowe, VT, USA},
  month = {08/1987},
  organization = {ACM},
  pages = {245{\textendash}253},
  publisher = {ACM},
  series = {SIGCOMM {\textquoteright}87},
  doi = {http://doi.acm.org/10.1145/55482.55508},
  isbn = {0-89791-245-4},
  keywords = {decentralized, distributed systems, multicasting},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/55482.55508}
}

[1986] Networks Without User Observability — Design Options

Pfitzmann, Andreas, and Waidner, Michael

1986

In usual communication networks, the network operator or an intruder could easily observe when, how much and with whom the users communicate (traffic analysis), even if the users employ end-to-end encryption. When ISDNs are used for almost everything, this becomes a severe threat. Therefore, we summarize basic concepts to keep the recipient and sender or at least their relationship unobservable, consider some possible implementations and necessary hierarchical extensions, and propose some suitable performance and reliability enhancements.

@inbook{1986,
  author = {Pfitzmann, Andreas and Waidner, Michael},
  editor = {Pichler, Franz},
  pages = {245-253},
  publisher = {Springer Berlin Heidelberg},
  title = {Networks Without User Observability {\textemdash} Design Options},
  year = {1986},
  isbn = {978-3-540-16468-5},
  series = {Lecture Notes in Computer Science},
  volume = {219},
  booktitle = {Advances in Cryptology {\textemdash} EUROCRYPT{\textquoteright} 85},
  doi = {10.1007/3-540-39805-8_29},
  organization = {Springer Berlin Heidelberg},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1007/3-540-39805-8_29}
}

[15043] Revised report on the algorithmic language scheme

Rees, Jonathan, Clinger, William, and Kelsey, Richard

SIGPLAN Not. 1986

DOI Website abstract Bib

The report gives a defining description of the programming language Scheme. Scheme is a statically scoped and properly tail-recursive dialect of the Lisp programming language invented by Guy Lewis Steele Jr. and Gerald Jay Sussman. It was designed to have an exceptionally clear and simple semantics and few different ways to form expressions. A wide variety of programming paradigms, including imperative, functional, and message passing styles, find convenient expression in Scheme. The introduction offers a brief history of the language and of the report. The first three chapters present the fundamental ideas of the language and describe the notational conventions used for describing the language and for writing programs in the language.
@article{15043, author = {Rees, Jonathan and Clinger, William and Kelsey, Richard}, journal = {SIGPLAN Not.}, title = {Revised report on the algorithmic language scheme}, year = {1986}, issn = {0362-1340}, number = {12}, pages = {37{\textendash}79}, volume = {21}, address = {New York, NY, USA}, doi = {10.1145/15042.15043}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://en.scientificcommons.org/42347723} }
[Tanenbaum86usingsparse] Using Sparse Capabilities in a Distributed Operating System

Tanenbaum, Andrew, Mullender, Sape J., and Renesse, Robbert Van

1986

Website abstract Bib

this paper we discuss a system, Amoeba, that uses capabilities for naming and protecting objects. In contrast to traditional, centralized operating systems, in which capabilities are managed by the operating system kernel, in Amoeba all the capabilities are managed directly by user code. To prevent tampering, the capabilities are protected cryptographically. The paper describes a variety of the issues involved, and gives four different ways of dealing with the access rights.
@conference{Tanenbaum86usingsparse, author = {Tanenbaum, Andrew and Mullender, Sape J. and Renesse, Robbert Van}, title = {Using Sparse Capabilities in a Distributed Operating System}, year = {1986}, pages = {558{\textendash}563}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.49.7998} }
[214121] Impossibility of distributed consensus with one faulty process

Fischer, Michael J., Lynch, Nancy A., and Paterson, Michael S.

J. ACM 1985

DOI Website abstract Bib

The consensus problem involves an asynchronous system of processes, some of which may be unreliable. The problem is for the reliable processes to agree on a binary value. In this paper, it is shown that every protocol for this problem has the possibility of nontermination, even with only one faulty process. By way of contrast, solutions are known for the synchronous case, the “Byzantine Generals” problem.
@article{214121, author = {Fischer, Michael J. and Lynch, Nancy A. and Paterson, Michael S.}, journal = {J. ACM}, title = {Impossibility of distributed consensus with one faulty process}, year = {1985}, issn = {0004-5411}, number = {2}, pages = {374{\textendash}382}, volume = {32}, address = {New York, NY, USA}, doi = {10.1145/3149.214121}, owner = {tom}, publisher = {ACM}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=214121$\#$} }

[pfitzmann85] Networks Without User Observability – Design Options

Pfitzmann, Andreas, and Waidner, Michael

04/1985 1985

In present-day communication networks, the network operator or an intruder could easily observe when, how much and with whom the users communicate (traffic analysis), even if the users employ end-to-end encryption. With the increasing use of ISDNs, this becomes a severe threat. Therefore, we summarize basic concepts to keep the recipient and sender or at least their relationship unobservable, consider some possible implementations and necessary hierarchical extensions, and propose some suitable performance and reliability enhancements.

@conference{pfitzmann85,
  author = {Pfitzmann, Andreas and Waidner, Michael},
  booktitle = {Proceedings of EUROCRYPT 1985},
  title = {Networks Without User Observability {\textendash} Design Options},
  year = {1985},
  address = {Linz, Austria},
  month = {04/1985},
  organization = {Springer-Verlag New York, Inc.},
  publisher = {Springer-Verlag New York, Inc.},
  isbn = {0-387-16468-5},
  keywords = {anonymity, dining cryptographers, fault-tolerance, ISDN, mix, ring network, traffic analysis, user observability},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://www.semper.org/sirene/publ/PfWa_86anonyNetze.html}
}

[ElGamal:1985:PKC:19478.19480] A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms

El Gamal, Taher

1985 1985

@conference{ElGamal:1985:PKC:19478.19480,
  author = {El Gamal, Taher},
  booktitle = {Proceedings of CRYPTO 84 on Advances in cryptology},
  title = {A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms},
  year = {1985},
  address = {Santa Barbara, California},
  month = {1985},
  organization = {Springer-Verlag New York, Inc.},
  pages = {10{\textendash}18},
  publisher = {Springer-Verlag New York, Inc.},
  isbn = {0-387-15658-5},
  keywords = {cryptosystem, discrete logarithms, public key, signature scheme},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dl.acm.org/citation.cfm?id=19478.19480s}
}

[4202] RCS–-a system for version control

Tichy, Walter F.

Softw. Pract. Exper. 1985

DOI Website abstract Bib

An important problem in program development and maintenance is version control, i.e., the task of keeping a software system consisting of many versions and configurations well organized. The Revision Control System (RCS) is a software tool that assists with that task. RCS manages revisions of text documents, in particular source programs, documentation, and test data. It automates the storing, retrieval, logging and identification of revisions, and it provides selection mechanisms for composing configurations. This paper introduces basic version control concepts and discusses the practice of version control using RCS. For conserving space, RCS stores deltas, i.e., differences between successive revisions. Several delta storage methods are discussed. Usage statistics show that RCS’s delta storage method is space and time efficient. The paper concludes with a detailed survey of version control tools.
@article{4202, author = {Tichy, Walter F.}, journal = {Softw. Pract. Exper.}, title = {RCS{\textendash}-a system for version control}, year = {1985}, issn = {0038-0644}, number = {7}, pages = {637{\textendash}654}, volume = {15}, address = {New York, NY, USA}, doi = {10.1002/spe.4380150703}, keywords = {version control}, owner = {tom}, publisher = {John Wiley \& Sons, Inc.}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=4202$\#$} }

[chaum85] Security without Identification: Transaction Systems to Make Big Brother Obsolete

Chaum, David

Communications of the ACM 10/1985 1985

@article{chaum85,
  author = {Chaum, David},
  journal = {Communications of the ACM},
  title = {Security without Identification: Transaction Systems to Make Big Brother Obsolete},
  year = {1985},
  issn = {0001-0782},
  month = {10/1985},
  number = {10},
  pages = {1030 - 1044},
  volume = {28},
  doi = {http://doi.acm.org/10.1145/4372.4373},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=4373}
}

[538134] Capability-Based Computer Systems

Levy, Henry M.

1984

@book{538134,
  author = {Levy, Henry M.},
  publisher = {Butterworth-Heinemann},
  title = {Capability-Based Computer Systems},
  year = {1984},
  address = {Newton, MA, USA},
  isbn = {0932376223},
  organization = {Butterworth-Heinemann},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=538134$\#$}
}

[357176] The Byzantine Generals Problem

Lamport, Leslie, Shostak, Robert, and Pease, Marshall

ACM Trans. Program. Lang. Syst. 1982

@article{357176,
  author = {Lamport, Leslie and Shostak, Robert and Pease, Marshall},
  journal = {ACM Trans. Program. Lang. Syst.},
  title = {The Byzantine Generals Problem},
  year = {1982},
  issn = {0164-0925},
  number = {3},
  pages = {382{\textendash}401},
  volume = {4},
  address = {New York, NY, USA},
  doi = {10.1145/357172.357176},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=357176$\#$}
}

[1982] Protocols for Secure Computations

Yao, Andrew C.

1982

@conference{1982,
  author = {Yao, Andrew C.},
  booktitle = {Proceedings of the 23rd Annual Symposium on Foundations of Computer Science},
  title = {Protocols for Secure Computations},
  year = {1982},
  address = {Washington, DC, USA},
  organization = {IEEE Computer Society},
  publisher = {IEEE Computer Society},
  doi = {10.1109/SFCS.1982.88},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://dx.doi.org/10.1109/SFCS.1982.88}
}

[chaum-mix] Untraceable electronic mail, return addresses, and digital pseudonyms

Chaum, David

Communications of the ACM 02/1981 1981

DOI abstract Bib

A technique based on public key cryptography is presented that allows an electronic mail system to hide who a participant communicates with as well as the content of the communication - in spite of an unsecured underlying telecommunication system. The technique does not require a universally trusted authority. One correspondent can remain anonymous to a second, while allowing the second to respond via an untraceable return address. The technique can also be used to form rosters of untraceable digital pseudonyms from selected applications. Applicants retain the exclusive ability to form digital signatures corresponding to their pseudonyms. Elections in which any interested party can verify that the ballots have been properly counted are possible if anonymously mailed ballots are signed with pseudonyms from a roster of registered voters. Another use allows an individual to correspond with a record-keeping organization under a unique pseudonym which appears in a roster of acceptable clients.
@article{chaum-mix, author = {Chaum, David}, journal = {Communications of the ACM}, title = {Untraceable electronic mail, return addresses, and digital pseudonyms}, year = {1981}, issn = {0001-0782}, month = {02/1981}, number = {2}, pages = {84 - 90}, volume = {24}, doi = {http://doi.acm.org/10.1145/358549.358563}, keywords = {digital signature, electronic mail, privacy, pseudonym, public key cryptography, traffic analysis}, owner = {tom}, timestamp = {2017-10-10} }

[10.1109/SP.1980.10006] Protocols for Public Key Cryptosystems

Merkle, Ralph C.

Security and Privacy, IEEE Symposium on 1980

@article{10.1109/SP.1980.10006,
  author = {Merkle, Ralph C.},
  journal = {Security and Privacy, IEEE Symposium on},
  title = {Protocols for Public Key Cryptosystems},
  year = {1980},
  issn = {1540-7993},
  pages = {122},
  address = {Los Alamitos, CA, USA},
  doi = {10.1109/SP.1980.10006},
  owner = {tom},
  publisher = {IEEE Computer Society},
  timestamp = {2021-01-27},
  url = {http://www.computer.org/portal/web/csdl/doi/10.1109/SP.1980.10006}
}

[1979] Compact Encodings of List Structure

Bobrow, Daniel G., and Clark, Douglas W.

1979

DOI Website abstract Bib

List structures provide a general mechanism for representing easily changed structured data, but can introduce inefficiencies in the use of space when fields of uniform size are used to contain pointers to data and to link the structure. Empirically determined regularity can be exploited to provide more space-efficient encodings without losing the flexibility inherent in list structures. The basic scheme is to provide compact pointer fields big enough to accommodate most values that occur in them and to provide “escape” mechanisms for exceptional cases. Several examples of encoding designs are presented and evaluated, including two designs currently used in Lisp machines. Alternative escape mechanisms are described, and various questions of cost and implementation are discussed. In order to extrapolate our results to larger systems than those measured, we propose a model for the generation of list pointers and we test the model against data from two programs. We show that according to our model, list structures with compact cdr fields will, as address space grows, continue to be compacted well with a fixed-width small field. Our conclusion is that with a microcodable processor, about a factor of two gain in space efficiency for list structure can be had for little or no cost in processing time.
@conference{1979, author = {Bobrow, Daniel G. and Clark, Douglas W.}, title = {Compact Encodings of List Structure}, year = {1979}, organization = {ACM New York, NY, USA}, publisher = {ACM New York, NY, USA}, doi = {10.1145/357073.357081}, owner = {tom}, timestamp = {2017-10-10}, url = {http://portal.acm.org/citation.cfm?id=357081$\#$collab} }

[padlipky78] Limitations of End-to-End Encryption in Secure Computer Networks

Padlipsky, Michael A., Snow, David W., and Karger, Paul A.

08/1978 1978

@article{padlipky78,
  author = {Padlipsky, Michael A. and Snow, David W. and Karger, Paul A.},
  title = {Limitations of End-to-End Encryption in Secure Computer Networks},
  year = {1978},
  month = {08/1978},
  number = {ESD-TR-78-158},
  address = {Hanscom AFB, MA},
  institution = {The MITRE Corporation: Bedford MA, HQ Electronic Systems Division},
  keywords = {traffic analysis},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://stinet.dtic.mil/cgi-bin/GetTRDoc?AD=3DA059221\&Location=3DU2\&doc=3D+=GetTRDoc.pdf}
}

[karger77] Non-Discretionary Access Control for Decentralized Computing Systems

Karger, Paul A.

May 1977

abstract Bib

This thesis examines the issues relating to non-discretionary access controls for decentralized computing systems. Decentralization changes the basic character of a computing system from a set of processes referencing a data base to a set of processes sending and receiving messages. Because messages must be acknowledged, operations that were read-only in a centralized system become read-write operations. As a result, the lattice model of non-discretionary access control, which mediates operations based on read versus read-write considerations, does not allow direct transfer of algorithms from centralized systems to decentralized systems. This thesis develops new mechanisms that comply with the lattice model and provide the necessary functions for effective decentralized computation. Secure protocols at several different levels are presented in the thesis. At the lowest level, a host or host protocol is shown that allows communication between hosts with effective internal security controls. Above this level, a host independent naming scheme is presented that allows generic naming of services in a manner consistent with the lattice model. The use of decentralized processing to aid in the downgrading of information is shown in the design of a secure intelligent terminal. Schemes are presented to deal with the decentralized administration of the lattice model, and with the proliferation of access classes as the user community of a decentralized system become more diverse. Limitations in the use of end-to-end encryption when used with the lattice model are identified, and a scheme is presented to relax these limitations for broadcast networks. Finally, a scheme is presented for forwarding authentication information between hosts on a network, without transmitting passwords (or their equivalent) over a network.
@mastersthesis{karger77, author = {Karger, Paul A.}, school = {Laboratory for Computer Science, Massachusetts Institute of Technology}, title = {Non-Discretionary Access Control for Decentralized Computing Systems}, year = {1977}, address = {Cambridge, MA}, month = may, type = {S. M. \& E. E. thesis}, number = {MIT/LCS/TR-179}, owner = {tom}, timestamp = {2017-10-10} }

[1977] Towards a methodology for statistical disclosure control

Dalenius, T.

Statistik Tidskrift 1977

Bib

@article{1977,
  author = {Dalenius, T.},
  journal = {Statistik Tidskrift},
  title = {{Towards a methodology for statistical disclosure control}},
  year = {1977},
  pages = {2{\textendash}1},
  volume = {15},
  keywords = {database_privacy differential_privacy stat},
  owner = {tom},
  timestamp = {2017-10-10}
}

[1076] New directions in cryptography

Diffie, Whitfield, and Hellman, Martin E.

IEEE Transactions on Information Theory 11/1976 1976

DOI abstract Bib

Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
@article{1076, author = {Diffie, Whitfield and Hellman, Martin E.}, journal = {IEEE Transactions on Information Theory}, title = {New directions in cryptography}, year = {1976}, issn = {0018-9448}, month = {11/1976}, pages = {644-654}, volume = {22}, doi = {10.1109/TIT.1976.1055638}, keywords = {cryptographic systems, cryptography}, owner = {tom}, timestamp = {2021-01-27} }
[1971] The Evolution of Reciprocal Altruism

Trivers, Robert L.

The Quarterly Review of Biology 03/1971 1971

Website abstract Bib

A model is presented to account for the natural selection of what is termed reciprocally altruistic behavior. The model shows how selection can operate against the cheater (non-reciprocator) in the system. Three instances of altruistic behavior are discussed, the evolution of which the model can explain: (1) behavior involved in cleaning symbioses; (2) warning cries in birds; and (3) human reciprocal altruism. Regarding human reciprocal altruism, it is shown that the details of the psychological system that regulates this altruism can be explained by the model. Specifically, friendship, dislike, moralistic aggression, gratitude, sympathy, trust, suspicion, trustworthiness, aspects of guilt, and some forms of dishonesty and hypocrisy can be explained as important adaptations to regulate the altruistic system. Each individual human is seen as possessing altruistic and cheating tendencies, the expression of which is sensitive to developmental variables that were selected to set the tendencies at a balance appropriate to the local social and ecological environment.
@article{1971, author = {Trivers, Robert L.}, journal = {The Quarterly Review of Biology}, title = {The Evolution of Reciprocal Altruism}, year = {1971}, month = {03/1971}, pages = {35-57}, volume = {46}, keywords = {behavior, evolution, reciprocal altruism}, owner = {tom}, timestamp = {2017-10-10}, url = {http://www.jstor.org/pss/2822435} }
[Kernighan1970] An Efficient Heuristic Procedure for Partitioning Graphs

Kernighan, Brian W., and Lin, S.

The Bell System Technical Journal 1970 1970

abstract Bib

We consider the problem of partitioning the nodes of a graph with costs on its edges into subsets of given sizes so as to minimize the sum of the costs on all edges cut. This problem arises in several physical situations- for example, in assigning the components of electronic circuits to circuit boards to minimize the number of connections between boards. This paper presents a heuristic method for partitioning arbitrary graphs which is both effective in finding optimal partitions, and fast enough to be practical in solving large problems.
@article{Kernighan1970, author = {Kernighan, Brian W. and Lin, S.}, journal = {The Bell System Technical Journal}, title = {An Efficient Heuristic Procedure for Partitioning Graphs}, year = {1970}, month = {1970}, pages = {291-307}, volume = {49}, keywords = {heuristic method, partitioning graphs}, owner = {tom}, timestamp = {2017-10-10} }

[Akerlof1970] The market for "lemons": Quality uncertainty and the market mechanism

Akerlof, George A.

The Quarterly Journal of Economics 08/1970 1970

@article{Akerlof1970,
  author = {Akerlof, George A.},
  journal = {The Quarterly Journal of Economics},
  title = {The market for "lemons": Quality uncertainty and the market mechanism},
  year = {1970},
  month = {08/1970},
  pages = {488-500},
  volume = {84},
  owner = {tom},
  timestamp = {2021-01-27},
  url = {http://www.jstor.org/stable/1879431}
}

[Bloom70space/timetrade-offs] Space/Time Trade-offs in Hash Coding with Allowable Errors

Bloom, Burton H.

Communications of the ACM 1970

Website abstract Bib

this paper trade-offs among certain computational factors in hash coding are analyzed. The paradigm problem considered is that of testing a series of messages one-by-one for membership in a given set of messages. Two new hash- coding methods are examined and compared with a particular conventional hash-coding method. The computational factors considered are the size of the hash area (space), the time required to identify a message as a nonmember of the given set (reject time), and an allowable error frequency
@article{Bloom70space/timetrade-offs, author = {Bloom, Burton H.}, journal = {Communications of the ACM}, title = {Space/Time Trade-offs in Hash Coding with Allowable Errors}, year = {1970}, pages = {422{\textendash}426}, volume = {13}, keywords = {Bloom filter, compression}, owner = {tom}, timestamp = {2017-10-10}, url = {http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.20.2080\&rep=rep1\&type=pdf} }

[1968] The Tragedy of the Commons

Hardin, Garrett

Science 1968

Bib

@article{1968,
  author = {Hardin, Garrett},
  journal = {Science},
  title = {The Tragedy of the Commons},
  year = {1968},
  pages = {1243-1248},
  volume = {162},
  owner = {tom},
  timestamp = {2017-10-10}
}

[1962] Low-density parity-check codes

Gallager, Robert G.

Information Theory, IRE Transactions on 1962

DOI Website abstract Bib

A low-density parity-check code is a code specified by a parity-check matrix with the following properties: each column contains a small fixed numberj geq 3of l’s and each row contains a small fixed numberk > jof l’s. The typical minimum distance of these codes increases linearly with block length for a fixed rate and fixedj. When used with maximum likelihood decoding on a sufficiently quiet binary-input symmetric channel, the typical probability of decoding error decreases exponentially with block length for a fixed rate and fixedj. A simple but nonoptimum decoding scheme operating directly from the channel a posteriori probabilities is described. Both the equipment complexity and the data-handling capacity in bits per second of this decoder increase approximately linearly with block length. Forj > 3and a sufficiently low rate, the probability of error using this decoder on a binary symmetric channel is shown to decrease at least exponentially with a root of the block length. Some experimental results show that the actual probability of decoding error is much smaller than this theoretical bound.
@article{1962, author = {Gallager, Robert G.}, journal = {Information Theory, IRE Transactions on}, title = {Low-density parity-check codes}, year = {1962}, issn = {0096-1000}, pages = {21 - 28}, volume = {8}, chapter = {21}, doi = {10.1109/TIT.1962.1057683}, keywords = {coding theory, low-density parity-check}, owner = {tom}, timestamp = {2017-10-10}, url = {http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1057683} }

[reed60polynomial] Polynomial codes over certain finite fields

Reed, Irving, and Solomon, Golomb

Journal of the Society of Industrial and Applied Mathematics 06/1960 1960

@article{reed60polynomial,
  author = {Reed, Irving and Solomon, Golomb},
  journal = {Journal of the Society of Industrial and Applied Mathematics},
  title = {Polynomial codes over certain finite fields},
  year = {1960},
  month = {06/1960},
  number = {2},
  pages = {300{\textendash}304},
  volume = {8},
  keywords = {filing-erasure-coding},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.jstor.org/pss/2098968}
}

[1959] On Random Graphs I.

Erdős, Paul, and Rényi, Alfréd

Publicationes Mathematicae (Debrecen) 1959 1959

Bib

@article{1959,
  author = {Erd{\H o}s, Paul and R{\'e}nyi, Alfr{\'e}d},
  journal = {Publicationes Mathematicae (Debrecen)},
  title = {On Random Graphs I.},
  year = {1959},
  month = {1959},
  pages = {290-297},
  volume = {6},
  keywords = {graphs, random, random graphs},
  owner = {tom},
  timestamp = {2017-10-10}
}

[368907] On programming of arithmetic operations

Ershov, Andrey Petrovych

Commun. ACM 1958

@article{368907,
  author = {Ershov, Andrey Petrovych},
  journal = {Commun. ACM},
  title = {On programming of arithmetic operations},
  year = {1958},
  issn = {0001-0782},
  number = {8},
  pages = {3{\textendash}6},
  volume = {1},
  address = {New York, NY, USA},
  doi = {10.1145/368892.368907},
  owner = {tom},
  publisher = {ACM},
  timestamp = {2017-10-10},
  url = {http://portal.acm.org/citation.cfm?id=368907$\#$}
}

[1950] Equilibrium points in n-person games

Jr., John F. Nash

PNAS. Proceedings of the National Academy of Sciences of the USA 01/1950 1950

DOI abstract Bib

One may define a concept of an n-person game in which each player has a finite set of pure strategies and in which a definite set of payments to the n players corresponds to each n-tuple of pure strategies, one strategy being taken for each player. For mixed strategies, which are probability distributions over the pure strategies, the pay-off functions are the expectations of the players, thus becoming polylinear forms.
@article{1950, author = {Jr., John F. Nash}, journal = {PNAS. Proceedings of the National Academy of Sciences of the USA}, title = {Equilibrium points in n-person games}, year = {1950}, month = {01/1950}, pages = {48-49}, volume = {36}, doi = {10.1073/pnas.36.1.48}, keywords = {n-persona game, strategy}, owner = {tom}, timestamp = {2017-10-10} }
[1944] The Theory of Games and Economic Behavior

Neumann, John, and Morgenstern, Oskar

1944

Website abstract Bib

The nature of the problems investigated and the techniques employed in this book necessitate a procedure which in many instances is thoroughly mathematical. The mathematical devices used are elementary in the sense that no advanced algebra, or calculus, etc., occurs. (With two, rather unimportant, exceptions: Part of the discussion of an example in 19.7. et sequ. and a remark in A.3.3. make use of some simple integrals.) Concepts originating in set theory, linear geometry and group theory play an important role, but they are invariably taken from the early chapters of those disciplines and are moreover analyzed and explained in special expository sections. Nevertheless the book is not truly elementary because the mathematical deductions are frequently intricate and the logical possibilities are extensively exploited. Thus no specific knowledge of any particular body of advanced mathematics is required. However, the reader who wants to acquaint himself more thoroughly with the subject expounded here, will have to familiarize himself with the mathematical way of reasoning definitely beyond its routine, primitive phases. The character of the procedures will be mostly that of mathematical logics, set theory and functional analysis. We have attempted to present the subject in such a form that a reader who is moderately versed in mathematics can acquire the necessary practice in the course of this study. We hope that we have not entirely failed in this endeavour. In accordance with this, the presentation is not what it would be in a strictly mathematical treatise. All definitions and deductions are considerably broader than they would be there. Besides, purely verbal discussions and analyses take up a considerable amount of space. We have in particular tried to give, whenever possible, a parallel verbal exposition for every major mathematical deduction. It is hoped that this procedure will elucidate in unmathematical language what the mathematical technique signifies-and will also show where it achieves more than can be done without it. ! In this, as well as in our methodological stand, we are trying to follow the best examples of theoretical physics. The reader who is not specifically interested in mathematics should at first omit those sections of the book which in his judgment are too mathematical. We prefer not to give a definite list of them, since this judgment must necessarily be subjective. However, those sections marked with an asterisk in the table of contents are most likely to occur to the average reader inthis connection. At any rate he will find that these omissions will little interfere with the comprehension of the early parts, although the logical chain may in the rigorous sense have suffered an interruption. As he proceeds the omissions will gradually assume a more serious character and the lacunae in the deduction will become more and more significant. The reader is then advised to start again from the beginning since the greater familiarity acquired is likely to facilitate a better understanding.
@book{1944, author = {von Neumann, John and Morgenstern, Oskar}, publisher = {Princeton University Press}, title = {The Theory of Games and Economic Behavior}, year = {1944}, address = {Princeton, New Jersey, USA}, edition = {60th}, isbn = {978-0-691-13061-3}, keywords = {economic behavior, games, theory}, organization = {Princeton University Press}, owner = {tom}, pages = {776}, timestamp = {2017-10-10}, url = {http://www.archive.org/details/theoryofgamesand030098mbp} }
[Teich2017] Implementing Privacy Preserving Auction Protocols

Teich, Markus

02/2017 2017

abstract Bib

In this thesis we translate Brandt’s privacy preserving sealed-bid online auction protocol from RSA to elliptic curve arithmetic and analyze the theoretical and practical benefits. With Brandt’s protocol, the auction outcome is completely resolved by the bidders and the seller without the need for a trusted third party. Loosing bids are not revealed to anyone. We present libbrandt, our implementation of four algorithms with different outcome and pricing properties, and describe how they can be incorporated in a real-world online auction system. Our performance measurements show a reduction of computation time and prospective bandwidth cost of over 90% compared to an implementation of the RSA version of the same algorithms. We also evaluate how libbrandt scales in different dimensions and conclude that the system we have presented is promising with respect to an adoption in the real world.
@mastersthesis{Teich2017, author = {Teich, Markus}, school = {TUM}, title = {Implementing Privacy Preserving Auction Protocols}, year = {2017}, address = {Munich}, month = {02/2017}, editor = {Totakura, Sree Harsha and Grothoff, Christian and Brandt, Felix}, keywords = {auctions, GNUnet, secure multi-party computation}, owner = {tom}, pages = {100}, timestamp = {2017-10-10}, volume = {Master of Science} }
[Ulrich2017] Improving Voice over GNUnet

Ulrich, Christian

07/2017 2017

abstract Bib

In contrast to ubiquitous cloud-based solutions the telephony application GNUnet conversation provides fully-decentralized, secure voice communication and thus impedes mass surveillance. The aim of this thesis is to investigate why GNUnet conversation currently provides poor Quality of Experience under typical wide area network conditions and to propose optimization measures. After network shaping and the initialization of two isolated GNUnet peers had been automated, delay measurements were done. With emulated network characteristics net- work delay, cryptography delays and audio codec delays were measured and transmitted speech was recorded. An analysis of the measurement results and a subjective assessment of the speech recordings revealed that extreme outliers occur in most scenarios and impair QoE. More- over it was shown that GNUnet conversation introduces a large delay that confines the environment in which good QoE is possible. In the measurement environment at least 23 ms always ocurred of which large parts are were caused by cryptography. It was shown that optimization in the cryptography part and other components are possible. Finally the conditions for currently reaching good QoE were determined and ideas for further investigations were presented.
@mastersthesis{Ulrich2017, author = {Ulrich, Christian}, school = {TU Berlin}, title = {Improving Voice over GNUnet}, year = {2017}, address = {Berlin}, month = {07/2017}, type = {B.S.}, keywords = {CADET, GNUnet, measurement, performance}, owner = {tom}, pages = {48}, timestamp = {2021-01-27}, volume = {Bachelor} }
[Burdges2016] Enabling Secure Web Payments with GNU Taler

Burdges, Jeffrey, Dold, Florian, Grothoff, Christian, and Stanisci, Marcello

12/2016 2016

abstract Bib

GNU Taler is a new electronic online payment system which provides privacy for customers and accountability for merchants. It uses an exchange service to issue digital coins using blind signatures, and is thus not subject to the performance issues that plague Byzantine fault-tolerant consensus-based solutions. The focus of this paper is addressing the challenges payment systems face in the context of the Web. We discuss how to address Web-specific challenges, such as handling bookmarks and sharing of links, as well as supporting users that have disabled JavaScript. Web payment systems must also navigate various constraints imposed by modern Web browser security architecture, such as same-origin policies and the separation between browser extensions and Web pages. While our analysis focuses on how Taler operates within the security infrastructure provided by the modern Web, the results partially generalize to other payment systems. We also include the perspective of merchants, as existing systems have often struggled with securing payment information at the merchant’s side. Here, challenges include avoiding database transactions for customers that do not actually go through with the purchase, as well as cleanly separating security-critical functions of the payment system from the rest of the Web service.
@conference{Burdges2016, author = {Burdges, Jeffrey and Dold, Florian and Grothoff, Christian and Stanisci, Marcello}, booktitle = {6th International Conference on Security, Privacy and Applied Cryptographic Engineering}, title = {Enabling Secure Web Payments with GNU Taler}, year = {2016}, address = {Hyderabad}, month = {12/2016}, organization = {Springer}, publisher = {Springer}, keywords = {blind signatures, GNUnet, incentives, payments, Taler, web}, owner = {tom}, timestamp = {2017-10-10} }
[Kuehne2016] GNUnet und Informationsmacht: Analyse einer P2P-Technologie und ihrer sozialen Wirkung

Kühne, Christian Ricardo

04/2016 2016

abstract Bib

This thesis studies the GNUnet project comprising its history, ideas and the P2P network technology. It specifically investigates the question of emancipatory potentials with regard to forms of information power due to a widely deployed new Internet technology and tries to identify essential suspensions of power within the scope of an impact assessment. Moreover, we will see by contrasting the GNUnet project with the critical data protection project, founded on social theory, that both are heavily concerned about the problem of illegitimate and unrestrained information power, giving us additional insights for the assessment. Last but least I’ll try to present a scheme of how both approaches may interact to realize their goals.
@mastersthesis{Kuehne2016, author = {K{\"u}hne, Christian Ricardo}, school = {Humboldt-Universitaet zu Berlin}, title = {GNUnet und Informationsmacht: Analyse einer P2P-Technologie und ihrer sozialen Wirkung}, year = {2016}, address = {Berlin}, month = {04/2016}, type = {Diplomarbeit}, keywords = {GNUnet, peer-to-peer}, owner = {tom}, pages = {103}, timestamp = {2021-01-27}, volume = {Diplominformatiker} }
[Schanzenbach2016] Managing and Presenting User Attributes over a Decentralized Secure Name System

Schanzenbach, Martin, and Banse, Christian

09/2016 2016

abstract Bib

Today, user attributes are managed at centralized identity providers. However, two centralized identity providers dominate digital identity and access management on the web. This is increasingly becoming a privacy problem in times of mass surveillance and data mining for targeted advertisement. Existing systems for attribute sharing or credential presentation either rely on a trusted third party service or require the presentation to be online and synchronous. In this paper we propose a concept that allows the user to manage and share his attributes asynchronously with a requesting party using a secure, decentralized name system.
@conference{Schanzenbach2016, author = {Schanzenbach, Martin and Banse, Christian}, booktitle = {Data Privacy Management and Security Assurance - 11th International Workshop, {DPM} 2016 and 5th International Workshop, {QASA} 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings}, title = {Managing and Presenting User Attributes over a Decentralized Secure Name System}, year = {2016}, address = {Crete, Greece}, month = {09/2016}, organization = {Springer}, publisher = {Springer}, keywords = {Decentralisation, GNUnet, Identity and Access Management, User Attributes}, owner = {tom}, timestamp = {2017-10-10} }
[Garcia-Recuero2016] Privacy-Preserving Abuse Detection in Future Decentralised Online Social Networks

Garcı́a-Recuero, , Burdges, Jeffrey, and Grothoff, Christian

09/2016 2016

abstract Bib

Future online social networks need to not only protect sensitive data of their users, but also protect them from abusive behavior coming from malicious participants in the network. We investigate the use of supervised learning techniques to detect abusive behavior and describe privacy-preserving protocols to compute the feature set required by abuse classification algorithms in a secure and privacy-preserving way. While our method is not yet fully resilient against a strong adaptive adversary, our evaluation suggests that it will be useful to detect abusive behavior with a minimal impact on privacy.
@conference{Garcia-Recuero2016, author = {{\'A}lvaro Garc{\'\i}a-Recuero and Burdges, Jeffrey and Grothoff, Christian}, booktitle = {Data Privacy Management (DPM)}, title = {Privacy-Preserving Abuse Detection in Future Decentralised Online Social Networks}, year = {2016}, address = {Heraklion, Greece}, month = {09/2016}, organization = {Springer}, publisher = {Springer}, keywords = {abuse, GNUnet, Privacy preserving, reputation, Social networking}, owner = {tom}, timestamp = {2017-10-10} }

[Kuehne2016a] Zur Idee herrschaftsfreier kooperativer Internetdienste

Kühne, Christian Ricardo

FIfF-Kommunikation 2016

Bib

@article{Kuehne2016a,
  author = {K{\"u}hne, Christian Ricardo},
  journal = {FIfF-Kommunikation},
  title = {Zur Idee herrschaftsfreier kooperativer Internetdienste},
  year = {2016},
  chapter = {46},
  keywords = {Architecture, GNUnet, Internet},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Dold2015] Byzantine Fault Tolerant Set Consensus with Efficient Set Reconciliation

Dold, Florian

12/2015 2015

abstract Bib

Byzantine consensus is a fundamental and well-studied problem in the area of distributed system. It requires a group of peers to reach agreement on some value, even if a fraction of the peers is controlled by an adversary. This thesis proposes set union consensus, an efficient generalization of Byzantine consensus from single elements to sets. This is practically motivated by Secure Multiparty Computation protocols such as electronic voting, where a large set of elements must be collected and agreed upon. Existing practical implementations of Byzantine consensus are typically based on state machine replication and not well-suited for agreement on sets, since they must process individual agreements on all set elements in sequence. We describe and evaluate our implementation of set union consensus in GNUnet, which is based on a composition of Eppstein set reconciliation protocol with the simple gradecast consensus prococol described by Ben-Or.
@mastersthesis{Dold2015, author = {Dold, Florian}, school = {Technische Universitaet Muenchen}, title = {Byzantine Fault Tolerant Set Consensus with Efficient Set Reconciliation}, year = {2015}, address = {Muenchen}, month = {12/2015}, type = {Master{\textquoteright}s}, keywords = {byzantine consensus, GNUnet, secure multiparty computation, set reconciliation, voting}, owner = {tom}, pages = {69}, timestamp = {2017-10-10}, volume = {M.S.} }

[Wachs2015] A Secure and Resilient Communication Infrastructure for Decentralized Networking Applications

Wachs, Matthias

02/2015 2015

This thesis provides the design and implementation of a secure and resilient communication infrastructure for decentralized peer-to-peer networks. The proposed communication infrastructure tries to overcome limitations to unrestricted communication on today’s Internet and has the goal of re-establishing unhindered communication between users. With the GNU name system, we present a fully decentralized, resilient, and privacy-preserving alternative to DNS and existing security infrastructures.

@mastersthesis{Wachs2015,
  author = {Wachs, Matthias},
  school = {Technische Universit{\"a}t M{\"u}nchen},
  title = {A Secure and Resilient Communication Infrastructure for Decentralized Networking Applications},
  year = {2015},
  address = {M{\"u}nchen},
  month = {02/2015},
  type = {PhD},
  doi = {10.2313/NET-2015-02-1},
  isbn = {3-937201-45-9},
  keywords = {Communication, GNU Name System, GNUnet, P2P, resilience},
  owner = {tom},
  pages = {250},
  timestamp = {2021-01-27},
  url = {http://nbn-resolving.de/urn/resolver.pl?urn:bvb:91-diss-20150225-1231854-0-7},
  volume = {PhD}
}

[Benevs2014] An Approach for Home Routers to Securely Erase Sensitive Data

Beneš, Nicolas

10/2014 2014

abstract Bib

Home routers are always-on low power embedded systems and part of the Internet infrastructure. In addition to the basic router functionality, they can be used to operate sensitive personal services, such as for private web and email servers, secure peer-to-peer networking services like GNUnet and Tor, and encrypted network file system services. These services naturally involve cryptographic operations with the cleartext keys being stored in RAM. This makes router devices possible targets to physical attacks by home intruders. Attacks include interception of unprotected data on bus wires, alteration of firmware through exposed JTAG headers, or recovery of cryptographic keys through the cold boot attack. This thesis presents Panic!, a combination of open hardware design and free software to detect physical integrity attacks and to react by securely erasing cryptographic keys and other sensitive data from memory. To improve auditability and to allow cheap reproduction, the components of Panic! are kept simple in terms of conceptual design and lines of code. First, the motivation to use home routers for services besides routing and the need to protect their physical integrity is discussed. Second, the idea and functionality of the Panic! system is introduced and the high-level interactions between its components explained. Third, the software components to be run on the router are described. Fourth, the requirements of the measurement circuit are declared and a prototype is presented. Fifth, some characteristics of pressurized environments are discussed and the difficulties for finding adequate containments are explained. Finally, an outlook to tasks left for the future is given.
@mastersthesis{Benevs2014, author = {Bene{\v s}, Nicolas}, school = {Technische Universit{\"a}t M{\"u}nchen}, title = {An Approach for Home Routers to Securely Erase Sensitive Data}, year = {2014}, address = {Munich}, month = {10/2014}, type = {Bachelor Thesis}, keywords = {GNUnet, home router, intrusion detection, memory erasure, Panic, physical access}, owner = {tom}, pages = {64}, timestamp = {2017-10-10}, volume = {Bachelor} }
[Wachs2014] Automatic Transport Selection and Resource Allocation for Resilient Communication in Decentralised Networks

Wachs, Matthias, Oehlmann, Fabian, and Grothoff, Christian

10/2014 2014

abstract Bib

Making communication more resilient is a main focus for modern decentralised networks. A current development to increase connectivity between participants and to be resilient against service degradation attempts is to support different communication protocols, and to switch between these protocols in case degradation or censorship are detected. Supporting multiple protocols with different properties and having to share resources for communication with multiple partners creates new challenges with respect to protocol selection and resource allocation to optimally satisfy the applications’ requirements for communication. This paper presents a novel approach for automatic transport selection and resource allocation with a focus on decentralised networks. Our goal is to evaluate the communication mechanisms available for each communication partner and then allocate resources in line with the requirements of the applications. We begin by detailing the overall requirements for an algorithm for transport selection and resource allocation, and then compare three different solutions using (1) a heuristic, (2) linear optimisation, and (3) machine learning. To show the suitability and the specific benefits of each approach, we evaluate their performance with respect to usability, scalability and quality of the solution found in relation to application requirements.
@conference{Wachs2014, author = {Wachs, Matthias and Oehlmann, Fabian and Grothoff, Christian}, booktitle = {14-th IEEE International Conference on Peer-to-Peer Computing}, title = {Automatic Transport Selection and Resource Allocation for Resilient Communication in Decentralised Networks}, year = {2014}, address = {London. England}, month = {10/2014}, keywords = {GNUnet, resource allocation}, owner = {tom}, timestamp = {2017-10-10} }
[Polot2014] CADET: Confidential Ad-hoc Decentralized End-to-End Transport

Polot, Bartlomiej, and Grothoff, Christian

2014 2014

abstract Bib

This paper describes CADET, a new transport protocol for confidential and authenticated data transfer in decentralized networks. This transport protocol is designed to operate in restricted-route scenarios such as friend-to-friend or ad-hoc wireless networks. We have implemented CADET and evaluated its performance in various network scenarios, compared it to the well-known TCP/IP stack and tested its response to rapidly changing network topologies. While our current implementation is still significantly slower in high-speed low-latency networks, for typical Internet-usage our system provides much better connectivity and security with comparable performance to TCP/IP.
@conference{Polot2014, author = {Polot, Bartlomiej and Grothoff, Christian}, booktitle = {Med-Hoc-Net 2014}, title = {CADET: Confidential Ad-hoc Decentralized End-to-End Transport}, year = {2014}, month = {2014}, keywords = {CADET, encryption, GNUnet, routing}, owner = {tom}, timestamp = {2017-10-10} }
[Wachs2014a] A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System

Wachs, Matthias, Schanzenbach, Martin, and Grothoff, Christian

2014

abstract Bib

The Domain Name System (DNS) is vital for access to information on the Internet. This makes it a target for attackers whose aim is to suppress free access to information. This paper introduces the design and implementation of the GNU Name System (GNS), a fully decentralized and censorship-resistant name system. GNS provides a privacy-enhancing alternative to DNS which preserves the desirable property of memorable names. Due to its design, it can also double as a partial replacement of public key infrastructures, such as X.509. The design of GNS incorporates the capability to integrate and coexist with DNS. GNS is based on the principle of a petname system and builds on ideas from the Simple Distributed Security Infrastructure (SDSI), addressing a central issue with the decentralized mapping of secure identifiers to memorable names: namely the impossibility of providing a global, secure and memorable mapping without a trusted authority. GNS uses the transitivity in the SDSI design to replace the trusted root with secure delegation of authority, thus making petnames useful to other users while operating under a very strong adversary model. In addition to describing the GNS design, we also discuss some of the mechanisms that are needed to smoothly integrate GNS with existing processes and procedures in Web browsers. Specifically, we show how GNS is able to transparently support many assumptions that the existing HTTP(S) infrastructure makes about globally unique names.
@conference{Wachs2014a, author = {Wachs, Matthias and Schanzenbach, Martin and Grothoff, Christian}, booktitle = {International Conference on Cryptology and Network Security (CANS)}, title = {A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System}, year = {2014}, organization = {Springer Verlag}, publisher = {Springer Verlag}, keywords = {DNS, GNU Name System, GNUnet, PKI}, owner = {tom}, timestamp = {2021-01-27} }
[Scheibner2014] Control Flow Analysis for Event-Driven Programs

Scheibner, Florian

07/2014 2014

abstract Bib

Static analysis is often used to automatically check for common bugs in programs. Compilers already check for some common programming errors and issue warnings; however, they do not do a very deep analysis because this would slow the compilation of the program down. Specialized tools like Coverity or Clang Static Analyzer look at possible runs of a program and track the state of variables in respect to function calls. This information helps to identify possible bugs. In event driven programs like GNUnet callbacks are registered for later execution. Normal static analysis cannot track these function calls. This thesis is an attempt to extend different static analysis tools so that they can handle this case as well. Different solutions were thought of and executed with Coverity and Clang. This thesis describes the theoretical background of model checking and static analysis, the practical usage of wide spread static analysis tools, and how these tools can be extended in order to improve their usefulness.
@mastersthesis{Scheibner2014, author = {Scheibner, Florian}, school = {Technical University of Munich}, title = {Control Flow Analysis for Event-Driven Programs}, year = {2014}, address = {Munich}, month = {07/2014}, type = {Bachelors}, keywords = {event-driven, flow control, GNUnet, static analysis}, owner = {tom}, pages = {71}, timestamp = {2017-10-10}, volume = {B.Sc} }
[Morales2014] Cryogenic: Enabling Power-Aware Applications on Linux

Morales, Alejandra

02/2014 2014

abstract Bib

As a means of reducing power consumption, hardware devices are capable to enter into sleep-states that have low power consumption. Waking up from those states in order to return to work is typically a rather energy-intensive activity. Some existing applications have non-urgent tasks that currently force hardware to wake up needlessly or prevent it from going to sleep. It would be better if such non-urgent activities could be scheduled to execute when the respective devices are active to maximize the duration of sleep-states. This requires cooperation between applications and the kernel in order to determine when the execution of a task will not be expensive in terms of power consumption. This work presents the design and implementation of Cryogenic, a POSIX-compatible API that enables clustering tasks based on the hardware activity state. Specifically, Cryogenic’s API allows applications to defer their execution until other tasks use the device they want to use. As a result, two actions that contribute to reduce the device energy consumption are achieved: reduce the number of hardware wake-ups and maximize the idle periods. The energy measurements enacted at the end of this thesis demonstrate that, for the specific setup and conditions present during our experimentation, Cryogenic is capable to achieve savings between 1% and 10% for a USB WiFi device. Although we ideally target mobile platforms, Cryogenic has been developed by means a new Linux module that integrates with the existing POSIX event loop system calls. This allows to use Cryogenic on many different platforms as long as they use a GNU/Linux distribution as the main operating system. An evidence of this can be found in this thesis, where we demonstrate the power savings on a single-board computer.
@mastersthesis{Morales2014, author = {Morales, Alejandra}, school = {Technische Universitaet Muenchen}, title = {Cryogenic: Enabling Power-Aware Applications on Linux}, year = {2014}, address = {Garching bei Muenchen}, month = {02/2014}, type = {Masters}, keywords = {cooperative, cryogenic, GNUnet, Linux, POSIX, power}, owner = {tom}, pages = {106}, timestamp = {2021-01-27}, volume = {M. Sc.} }
[Dold2014] Cryptographically Secure, Distributed Electronic Voting

Dold, Florian

08/2014 2014

abstract Bib

Elections are a vital tool for decision-making in democratic societies. The past decade has witnessed a handful of attempts to apply modern technology to the election process in order to make it faster and more cost-effective. Most of the practical efforts in this area have focused on replacing traditional voting booths with electronic terminals, but did not attempt to apply cryptographic techniques able to guarantee critical properties of elections such as secrecy of ballot and verifiability. While such techniques were extensively researched in the past 30 years, practical implementation of cryptographically secure remote electronic voting schemes are not readily available. All existing implementation we are aware of either exhibit critical security flaws, are proprietary black-box systems or require additional physical assumptions such as a preparatory key ceremony executed by the election officials. The latter makes such systems unusable for purely digital communities. This thesis describes the design and implementation of an electronic voting system in GNUnet, a framework for secure and decentralized networking. We provide a short survey of voting schemes and existing implementations. The voting scheme we implemented makes use of threshold cryptography, a technique which requires agreement among a large subset of the election officials to execute certain cryptographic operations. Since such protocols have applications outside of electronic voting, we describe their design and implementation in GNUnet separately.
@mastersthesis{Dold2014, author = {Dold, Florian}, school = {Technische Universitaet Muenchen}, title = {Cryptographically Secure, Distributed Electronic Voting}, year = {2014}, address = {Muenchen}, month = {08/2014}, type = {Bachelor{\textquoteright}s}, keywords = {GNUnet, secure multiparty computation, voting}, owner = {tom}, pages = {49}, timestamp = {2021-01-27}, volume = {B.S.} }
[Tarabai2014] A Decentralized and Autonomous Anomaly Detection Infrastructure for Decentralized Peer-to-Peer Networks

Tarabai, Omar

10/2014 2014

abstract Bib

In decentralized networks, collecting and analysing information from the network is useful for developers and operators to monitor the behaviour and detect anomalies such as attacks or failures in both the overlay and underlay networks. But realizing such an infrastructure is hard to achieve due to the decentralized nature of the network especially if the anomaly occurs on systems not operated by developers or participants get separated from the collection points. In this thesis a decentralized monitoring infrastructure using a decentralized peer-to-peer network is developed to collect information and detect anomalies in a collaborative way without coordination by and in absence of a centralized infrastructure and report detected incidents to a monitoring infrastructure. We start by introducing background information about peer-to-peer networks, anomalies and anomaly detection techniques in literature. Then we present some of the related work regarding monitoring decentralized networks, anomaly detection and data aggregation in decentralized networks. Then we perform an analysis of the system objectives, target environment and the desired properties of the system. Then we design the system in terms of the overall structure and its individual components. We follow with details about the system implementation. Lastly, we evaluate the final system implementation against our desired objectives.
@mastersthesis{Tarabai2014, author = {Tarabai, Omar}, title = {A Decentralized and Autonomous Anomaly Detection Infrastructure for Decentralized Peer-to-Peer Networks}, year = {2014}, month = {10/2014}, type = {Master}, keywords = {anomaly, censorship, detection, GNUnet}, owner = {tom}, pages = {63}, timestamp = {2017-10-10}, volume = {Master} }
[Singh2014] Experimental comparison of Byzantine fault tolerant distributed hash tables

Singh, Supriti

09/2014 2014

abstract Bib

Distributed Hash Tables (DHTs) are a key data structure for construction of a peer to peer systems. They provide an efficient way to distribute the storage and retrieval of key-data pairs among the participating peers. DHTs should be scalable, robust against churn and resilient to attacks. X-Vine is a DHT protocol which offers security against Sybil attacks. All communication among peers is performed over social network links, with the presumption that a friend can be trusted. This trust can be extended to a friend of a friend. It uses the tested Chord Ring topology as an overlay, which has been proven to be scalable and robust. The aim of the thesis is to experimentally compare two DHTs, R5 N and X-Vine. GNUnet is a free software secure peer to peer framework, which uses R 5N . In this thesis, we have presented the implementation of X-Vine on GNUnet, and compared the performance of R5 N and X-Vine.
@mastersthesis{Singh2014, author = {Singh, Supriti}, school = {Saarland University}, title = {Experimental comparison of Byzantine fault tolerant distributed hash tables}, year = {2014}, address = {Saarbruecken}, month = {09/2014}, type = {Masters}, keywords = {DHT, GNUnet, performance analysis, testbed, X-vine}, owner = {tom}, pages = {42}, timestamp = {2021-01-27}, volume = {M.S.} }
[Kirsch2014] Improved Kernel-Based Port-Knocking in Linux

Kirsch, Julian

08/2014 2014

abstract Bib

Port scanning is used to discover vulnerable services and launch attacks against network infrastructure. Port knocking is a well-known technique to hide TCP servers from port scanners. This thesis presents the design of TCP Stealth, a socket option to realize new port knocking variant with improved security and usability compared to previous designs. TCP Stealth replaces the traditional random TCP SQN number with a token that authenticates the client and (optionally) the first bytes of the TCP payload. Clients and servers can enable TCP Stealth by explicitly setting a socket option or linking against a library that wraps existing network system calls. This thesis also describes Knock, a free software implementation of TCP Stealth for the Linux kernel and \tt libknockify, a shared library that wraps network system calls to activate Knock on GNU/Linux systems, allowing administrators to deploy Knock without recompilation. Finally, we present experimental results demonstrating that TCP Stealth is compatible with most existing middleboxes on the Internet.
@mastersthesis{Kirsch2014, author = {Kirsch, Julian}, title = {Improved Kernel-Based Port-Knocking in Linux}, year = {2014}, month = {08/2014}, type = {Master{\textquoteright}s}, keywords = {GNUnet, Hacienda, Knock, TCP Stealth}, owner = {tom}, timestamp = {2017-10-10}, volume = {M.S.} }

[Grothoff2014] The Internet is Broken: Idealistic Ideas for Building a GNU Network

Grothoff, Christian, Polot, Bartlomiej, and Loesch, Carlo

Feb 2014

Bib

@conference{Grothoff2014,
  author = {Grothoff, Christian and Polot, Bartlomiej and von Loesch, Carlo},
  booktitle = {W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)},
  title = {The Internet is Broken: Idealistic Ideas for Building a GNU Network},
  year = {2014},
  address = {London, UK},
  month = feb,
  organization = {W3C/IAB},
  publisher = {W3C/IAB},
  keywords = {GNU Name System, GNUnet, KBR, PKI},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Oehlmann2014] Machine Learning for Bandwidth Management in Decentralized Networks

Oehlmann, Fabian

02/2014 2014

abstract Bib

The successful operation of a peer-to-peer network depends on the resilience of its peer’s communications. On the Internet, direct connections between peers are often limited by restrictions like NATs and traffic filtering. Addressing such problems is particularly pressing for peer-to-peer networks that do not wish to rely on any trusted infrastructure, which might otherwise help the participants establish communication channels. Modern peer-to-peer networks employ various techniques to address the problem of restricted connectivity on the Internet. One interesting development is that various overlay networks now support multiple communication protocols to improve resilience and counteract service degradation. The support of multiple protocols causes a number of new challenges. A peer should evaluate which protocols fulfill the communication requirements best. Furthermore, limited resources, such as bandwidth, should be distributed among peers and protocols to match application requirements. Existing approaches to this problem of transport selection and resource allocation are rigid: they calculate the solution only from the current state of the environment, and do not adapt their strategy based on failures or successes of previous allocations. This thesis explores the feasibility of using machine learning to improve the quality of the transport selection and resource allocation over current approaches. The goal is to improve the solution process by learning selection and allocation strategies from the experience gathered in the course of many iterations of the algorithm. We compare the different approaches in the field of machine learning with respect to their properties and suitability for the problem. Based on this evaluation and an in-depth analysis of the requirements of the underlying problem, the thesis presents a design how reinforcement learning can be used and adapted to the given problem domain. The design is evaluated with the help of simulation and a realistic implementation in the GNUnet Peer-to-Peer framework. Our experimental results highlight some of the implications of the multitude of implementation choices, key challenges, and possible directions for the use of reinforcement learning in this domain.
@mastersthesis{Oehlmann2014, author = {Oehlmann, Fabian}, school = {Technische Universitaet Muenchen}, title = {Machine Learning for Bandwidth Management in Decentralized Networks}, year = {2014}, address = {Garching bei Muenchen}, month = {02/2014}, type = {Masters}, keywords = {bandwidth allocation, GNUnet, machine learning}, owner = {tom}, pages = {91}, timestamp = {2017-10-10}, volume = {M. Sc.} }
[Arias2014] Numerical Stability and Scalability of Secure Private Linear Programming

Arias, Raphael

02/2014 2014

abstract Bib

Linear programming (LP) has numerous applications in different fields. In some scenarios, e.g. supply chain master planning (SCMP), the goal is solving linear programs involving multiple parties reluctant to sharing their private information. In this case, methods from the area of secure multi-party computation (SMC) can be used. Secure multi-party versions of LP solvers have been known to be impractical due to high communication complexity. To overcome this, solutions based on problem transformation have been put forward. In this thesis, one such algorithm, proposed by Dreier and Kerschbaum, is discussed, implemented, and evaluated with respect to numerical stability and scalability. Results obtained with different parameter sets and different test cases are presented and some problems are exposed. It was found that the algorithm has some unforeseen limitations, particularly when implemented within the bounds of normal primitive data types. Random numbers generated during the protocol have to be extremely small so as to not cause problems with overflows after a series of multiplications. The number of peers participating additionally limits the size of numbers. A positive finding was that results produced when none of the aforementioned problems occur are generally quite accurate. We discuss a few possibilities to overcome some of the problems with an implementation using arbitrary precision numbers.
@mastersthesis{Arias2014, author = {Arias, Raphael}, school = {Technische Universitaet Muenchen}, title = {Numerical Stability and Scalability of Secure Private Linear Programming}, year = {2014}, address = {Garching bei Muenchen}, month = {02/2014}, type = {Bachelor{\textquoteright}s}, keywords = {GNUnet, linear programming, secure multi-party computation}, owner = {tom}, pages = {65}, timestamp = {2021-01-27}, volume = {B. Sc.} }
[Toth2013] Design of a Social Messaging System Using Stateful Multicast

Toth, Gabor X

2013

abstract Bib

This work presents the design of a social messaging service for the GNUnet peer-to-peer framework that offers scalability, extensibility, and end-to-end encrypted communication. The scalability property is achieved through multicast message delivery, while extensibility is made possible by using PSYC (Protocol for SYnchronous Communication), which provides an extensible RPC (Remote Procedure Call) syntax that can evolve over time without having to upgrade the software on all nodes in the network. Another key feature provided by the PSYC layer are stateful multicast channels, which are used to store e.g. user profiles. End-to-end encrypted communication is provided by the mesh service of GNUnet, upon which the multicast channels are built. Pseudonymous users and social places in the system have cryptographical identities — identified by their public key — these are mapped to human memorable names using GNS (GNU Name System), where each pseudonym has a zone pointing to its places.
@mastersthesis{Toth2013, author = {Toth, Gabor X}, school = {University of Amsterdam}, title = {Design of a Social Messaging System Using Stateful Multicast}, year = {2013}, address = {Amsterdam}, type = {Master{\textquoteright}s}, keywords = {GNS, GNUnet, PSYC, social networks}, owner = {tom}, pages = {76}, timestamp = {2021-01-27}, volume = {M.Sc.} }
[Wachs2013] On the Feasibility of a Censorship Resistant Decentralized Name System

Wachs, Matthias, Schanzenbach, Martin, and Grothoff, Christian

10/2013 2013

abstract Bib PDF

A central problem on the Internet today is that key infrastructure for security is concentrated in a few places. This is particularly true in the areas of naming and public key infrastructure. Secret services and other government organizations can use this fact to block access to information or monitor communications. One of the most popular and easy to perform techniques is to make information on the Web inaccessible by censoring or manipulating the Domain Name System (DNS). With the introduction of DNSSEC, the DNS is furthermore posed to become an alternative PKI to the failing X.509 CA system, further cementing the power of those in charge of operating DNS. This paper maps the design space and gives design requirements for censorship resistant name systems. We survey the existing range of ideas for the realization of such a system and discuss the challenges these systems have to overcome in practice. Finally, we present the results from a survey on browser usage, which supports the idea that delegation should be a key ingredient in any censorship resistant name system.
@conference{Wachs2013, author = {Wachs, Matthias and Schanzenbach, Martin and Grothoff, Christian}, booktitle = {6th International Symposium on Foundations \& Practice of Security (FPS 2013)}, title = {On the Feasibility of a Censorship Resistant Decentralized Name System}, year = {2013}, address = {La Rochelle, France}, month = {10/2013}, organization = {Springer Verlag}, publisher = {Springer Verlag}, keywords = {DNS, GNS, GNU Name System, GNUnet, PKI, SDSI, Zooko{\textquoteright}s Triangle}, owner = {tom}, timestamp = {2021-01-27} }
[Totakura2013] Large Scale Distributed Evaluation of Peer-to-Peer Protocols

Totakura, Sree Harsha

06/2013 2013

abstract Bib

Evaluations of P2P protocols during the system’s design and implementation phases are commonly done through simulation and emulation respectively. While the current state-of-the-art simulation allows evaluations with many millions of peers through the use of abstractions, emulation still lags behind as it involves executing the real implementation at some parts of the system. This difference in scales can make it hard to relate the evaluations made created with simulation and emulation during the design and implementation phases and can results in a limited evaluation of the implementation, which may cause severe problems after deployment. In this thesis, we build upon an existing emulator for P2P applications to push the scales offered by emulation towards the limits set by simulation. Our approach distributes and co-ordinates the emulation across many hosts. Large deployments are possible by deploying hundreds or thousands of peers on each host. To address the varying needs of an experimenter and the range of available hardware, we make our approach scalable such that it can easily be adapted to run evaluations on a single machine or a large group of hosts. Specifically, the system automatically adjusts the number of overlapping operations to the available resources efficiently using a feedback mechanism, thus relieving the experimenter from the hassles of manual tuning. We specifically target HPC systems like compute clusters and supercomputers and demonstrate how such systems can be used for large scale emulations by evaluating two P2P applications with deployment sizes up to 90k peers on a supercomputer.
@mastersthesis{Totakura2013, author = {Totakura, Sree Harsha}, school = {Technische Universitaet Muenchen}, title = {Large Scale Distributed Evaluation of Peer-to-Peer Protocols}, year = {2013}, address = {Garching bei Muenchen}, month = {06/2013}, type = {Masters}, keywords = {emulation, GNUnet, large scale testing, protocol evaluation, testbed}, owner = {tom}, pages = {76}, timestamp = {2017-10-10}, volume = {Master of Science} }
[Teich2013] Monkey - Generating Useful Bug Reports Automatically

Teich, Markus

07/2013 2013

abstract Bib

Automatic crash handlers support software developers in finding bugs and fixing the problems in their code. Most of them behave similarly in providing the developer with a (symbolic) stack trace and a memory dump of the crashed application. This introduces some problems that we try to fix with our proposed automatic bug reporting system called "Monkey". In this paper we describe the problems that occur when debugging widely distributed systems and how Monkey handles them. First, we describe our Motivation for develop- ing the Monkey system. Afterwards we present the most common existing automatic crash handlers and how they work. Thirdly you will get an overview of the Monkey system and its components. In the fourth chapter we will analyze one report gener- ated by Monkey, evaluate an online experiment we conducted and present some of our finding during the development of the clustering algorithm used to categorize crash reports. Last, we discuss some of Monkeys features and compare them to the existing approaches. Also some ideas for the future development of the Monkey system are presented before we conclude that Monkey’s approach is promising, but some work is still left to establish Monkey in the open source community.
@mastersthesis{Teich2013, author = {Teich, Markus}, school = {Technische Universit{\"a}t M{\"u}nchen}, title = {Monkey - Generating Useful Bug Reports Automatically}, year = {2013}, address = {Munich}, month = {07/2013}, type = {Bachelor Thesis}, keywords = {automatic, clustering, debugging, GDB, GNUnet, report, Tor}, owner = {tom}, pages = {50}, timestamp = {2017-10-10}, volume = {Bachelor} }
[Szengel2012] Decentralized Evaluation of Regular Expressions for Capability Discovery in Peer-to-Peer Networks

Szengel, Maximilian

11/2012 2012

abstract Bib

This thesis presents a novel approach for decentralized evaluation of regular expressions for capability discovery in DHT-based overlays. The system provides support for announcing capabilities expressed as regular expressions and discovering participants offering adequate capabilities. The idea behind our approach is to convert regular expressions into finite automatons and store the corresponding states and transitions in a DHT. We show how locally constructed DFA are merged in the DHT into an NFA without the knowledge of any NFA already present in the DHT and without the need for any central authority. Furthermore we present options of optimizing the DFA. There exist several possible applications for this general approach of decentralized regular expression evaluation. However, in this thesis we focus on the application of discovering users that are willing to provide network access using a specified protocol to a particular destination. We have implemented the system for our proposed approach and conducted a simulation. Moreover we present the results of an emulation of the implemented system in a cluster.
@mastersthesis{Szengel2012, author = {Szengel, Maximilian}, school = {Technische Universitaet Muenchen}, title = {Decentralized Evaluation of Regular Expressions for Capability Discovery in Peer-to-Peer Networks}, year = {2012}, address = {Garching bei Muenchen}, month = {11/2012}, type = {Masters}, keywords = {DFA, distributed hash table, GNUnet, NFA, regular expressions, search}, owner = {tom}, pages = {100}, timestamp = {2021-01-27}, volume = {M.S.} }
[Schanzenbach2012] Design and Implementation of a Censorship Resistant and Fully Decentralized Name System

Schanzenbach, Martin

09/2012 2012

abstract Bib PDF

This thesis presents the design and implementation of the GNU Alternative Domain System (GADS), a decentralized, secure name system providing memorable names for the Internet as an alternative to the Domain Name System (DNS). The system builds on ideas from Rivest’s Simple Distributed Security Infrastructure (SDSI) to address a central issue with providing a decentralized mapping of secure identifiers to memorable names: providing a global, secure and memorable mapping is impossible without a trusted authority. SDSI offers an alternative by linking local name spaces; GADS uses the transitivity provided by the SDSI design to build a decentralized and censorship resistant name system without a trusted root based on secure delegation of authority. Additional details need to be considered in order to enable GADS to integrate smoothly with the World Wide Web. While following links on the Web matches following delegations in GADS, the existing HTTP-based infrastructure makes many assumptions about globally unique names; however, proxies can be used to enable legacy applications to function with GADS. This work presents the fundamental goals and ideas behind GADS, provides technical details on how GADS has been implemented and discusses deployment issues for using GADS with existing systems. We discuss how GADS and legacy DNS can interoperate during a transition period and what additional security advantages GADS offers over DNS with Security Extensions (DNSSEC). Finally, we present the results of a survey into surfing behavior, which suggests that the manual introduction of new direct links in GADS will be infrequent.
@mastersthesis{Schanzenbach2012, author = {Schanzenbach, Martin}, school = {TU Munich}, title = {Design and Implementation of a Censorship Resistant and Fully Decentralized Name System}, year = {2012}, address = {Garching bei Muenchen}, month = {09/2012}, type = {Master{\textquoteright}s}, keywords = {censorship resistance, decentralized, DNS, GNU Name System, GNUnet}, owner = {tom}, pages = {116}, timestamp = {2017-10-10}, volume = {M.Sc.} }
[Evans2012] Efficient and Secure Decentralized Network Size Estimation

Evans, Nathan S, Polot, Bartlomiej, and Grothoff, Christian

05/2012 2012

abstract Bib

The size of a Peer-to-Peer (P2P) network is an important parameter for performance tuning of P2P routing algorithms. This paper introduces and evaluates a new efficient method for participants in an unstructured P2P network to establish the size of the overall network. The presented method is highly efficient, propagating information about the current size of the network to all participants using O(|E|) operations where |E| is the number of edges in the network. Afterwards, all nodes have the same network size estimate, which can be made arbitrarily accurate by averaging results from multiple rounds of the protocol. Security measures are included which make it prohibitively expensive for a typical active participating adversary to significantly manipulate the estimates. This paper includes experimental results that demonstrate the viability, efficiency and accuracy of the protocol.
@article{Evans2012, author = {Evans, Nathan S and Polot, Bartlomiej and Grothoff, Christian}, title = {Efficient and Secure Decentralized Network Size Estimation}, year = {2012}, month = {05/2012}, address = {Garching bei Muenchen}, institution = {Technische Universitaet Muenchen}, keywords = {GNUnet, network security, network size estimation, peer-to-peer networking}, owner = {tom}, timestamp = {2021-01-27} }
[Evans2012a] Efficient and Secure Decentralized Network Size Estimation

Evans, Nathan S, Polot, Bartlomiej, and Grothoff, Christian

05/2012 2012

Website abstract Bib

The size of a Peer-to-Peer (P2P) network is an important parameter for performance tuning of P2P routing algorithms. This paper introduces and evaluates a new efficient method for participants in an unstructured P2P network to establish the size of the overall network. The presented method is highly efficient, propagating information about the current size of the network to all participants using O(|E|) operations where |E| is the number of edges in the network. Afterwards, all nodes have the same network size estimate, which can be made arbitrarily accurate by averaging results from multiple rounds of the protocol. Security measures are included which make it prohibitively expensive for a typical active participating adversary to significantly manipulate the estimates. This paper includes experimental results that demonstrate the viability, efficiency and accuracy of the protocol.
@conference{Evans2012a, author = {Evans, Nathan S and Polot, Bartlomiej and Grothoff, Christian}, booktitle = {IFIP International Conferences on Networking (Networking 2012)}, title = {Efficient and Secure Decentralized Network Size Estimation}, year = {2012}, address = {Prague, CZ}, month = {05/2012}, organization = {Springer Verlag}, pages = {304--317}, publisher = {Springer Verlag}, keywords = {byzantine fault tolerance, GNUnet, network size estimation, proof of work}, owner = {tom}, timestamp = {2021-01-27}, url = {http://grothoff.org/christian/rrsize2012.pdf} }
[Evans2011d] Beyond Simulation: Large-Scale Distributed Emulation of P2P Protocols

Evans, Nathan S, and Grothoff, Christian

2011

abstract Bib

This paper presents details on the design and implementation of a scalable framework for evaluating peer-to-peer protocols. Unlike systems based on simulation, emulation-based systems enable the experimenter to obtain data that reflects directly on the concrete implementation in much greater detail. This paper argues that emulation is a better model for experiments with peer-to-peer protocols since it can provide scalability and high flexibility while eliminating the cost of moving from experimentation to deployment. We discuss our unique experience with large-scale emulation using the GNUnet peer-to-peer framework and provide experimental results to support these claims.
@conference{Evans2011d, author = {Evans, Nathan S and Grothoff, Christian}, booktitle = {4th Workshop on Cyber Security Experimentation and Test (CSET 2011)}, title = {Beyond Simulation: Large-Scale Distributed Emulation of P2P Protocols}, year = {2011}, address = {San Francisco, California}, organization = {USENIX Association}, publisher = {USENIX Association}, keywords = {distributed hash table, emulation, GNUnet, scalability, security analysis}, owner = {tom}, timestamp = {2021-01-27} }
[Grothoff2011] The Free Secure Network Systems Group: Secure Peer-to-Peer Networking and Beyond

Grothoff, Christian

2011

abstract Bib

This paper introduces the current research and future plans of the Free Secure Network Systems Group at the Technische Universität München. In particular, we provide some insight into the development process and architecture of the GNUnet P2P framework and the challenges we are currently working on.
@conference{Grothoff2011, author = {Grothoff, Christian}, booktitle = {SysSec 2011}, title = {The Free Secure Network Systems Group: Secure Peer-to-Peer Networking and Beyond}, year = {2011}, address = {Amsterdam, Netherlands}, keywords = {anonymity, GNUnet, routing}, owner = {tom}, timestamp = {2021-01-27} }

[Bernstein2011] High-speed high-security signatures

Bernstein, Daniel J., Duif, Niels, Lange, Tanja, Schwabe, Peter, and Hang, Bo-Yin

Journal of Cryptographic Engineering 09/2011 2011

@article{Bernstein2011,
  author = {Bernstein, Daniel J. and Duif, Niels and Lange, Tanja and Schwabe, Peter and Hang, Bo-Yin},
  journal = {Journal of Cryptographic Engineering},
  title = {High-speed high-security signatures},
  year = {2011},
  month = {09/2011},
  pages = {77--89},
  volume = {2},
  chapter = {77},
  keywords = {ECC, Ed25519, EdDSA, GNUnet},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://ed25519.cr.yp.to/papers.html}
}

[Evans2011] Methods for Secure Decentralized Routing in Open Networks

Evans, Nathan S

08/2011 2011

abstract Bib

The contribution of this thesis is the study and improvement of secure, decentralized, robust routing algorithms for open networks including ad-hoc networks and peer-to-peer (P2P) overlay networks. The main goals for our secure routing algorithm are openness, efficiency, scalability and resilience to various types of attacks. Common P2P routing algorithms trade-off decentralization for security; for instance by choosing whether or not to require a centralized authority to allow peers to join the network. Other algorithms trade scalability for security, for example employing random search or flooding to prevent certain types of attacks. Our design attempts to meet our security goals in an open system, while limiting the performance penalties incurred. The first step we took towards designing our routing algorithm was an analysis of the routing algorithm in Freenet. This algorithm is relevant because it achieves efficient (order O(log n)) routing in realistic network topologies in a fully decentralized open network. However, we demonstrate why their algorithm is not secure, as malicious participants are able to severely disrupt the operation of the network. The main difficulty with the Freenet routing algorithm is that for performance it relies on information received from untrusted peers. We also detail a range of proposed solutions, none of which we found to fully fix the problem. A related problem for efficient routing in sparsely connected networks is the difficulty in sufficiently populating routing tables. One way to improve connectivity in P2P overlay networks is by utilizing modern NAT traversal techniques. We employ a number of standard NAT traversal techniques in our approach, and also developed and experimented with a novel method for NAT traversal based on ICMP and UDP hole punching. Unlike other NAT traversal techniques ours does not require a trusted third party. Another technique we use in our implementation to help address the connectivity problem in sparse networks is the use of distance vector routing in a small local neighborhood. The distance vector variant used in our system employs onion routing to secure the resulting indirect connections. Materially to this design, we discovered a serious vulnerability in the Tor protocol which allowed us to use a DoS attack to reduce the anonymity of the users of this extant anonymizing P2P network. This vulnerability is based on allowing paths of unrestricted length for onion routes through the network. Analyzing Tor and implementing this attack gave us valuable knowledge which helped when designing the distance vector routing protocol for our system. Finally, we present the design of our new secure randomized routing algorithm that does not suffer from the various problems we discovered in previous designs. Goals for the algorithm include providing efficiency and robustness in the presence of malicious participants for an open, fully decentralized network without trusted authorities. We provide a mathematical analysis of the algorithm itself and have created and deployed an implementation of this algorithm in GNUnet. In this thesis we also provide a detailed overview of a distributed emulation framework capable of running a large number of nodes using our full code base as well as some of the challenges encountered in creating and using such a testing framework. We present extensive experimental results showing that our routing algorithm outperforms the dominant DHT design in target topologies, and performs comparably in other scenarios.
@mastersthesis{Evans2011, author = {Evans, Nathan S}, school = {Technische Universit{\"a}t M{\"u}nchen}, title = {Methods for Secure Decentralized Routing in Open Networks}, year = {2011}, address = {Garching bei M{\"u}nchen}, month = {08/2011}, isbn = {3-937201-26-2}, issn = {1868-2642}, keywords = {distributed hash table, Freenet, GNUnet, NAT, R5N, Tor}, owner = {tom}, pages = {234}, timestamp = {2021-01-27}, volume = {Dr. rer. nat.} }

[Polot2011] Performance Regression Monitoring with Gauger

Polot, Bartlomiej, and Grothoff, Christian

LinuxJournal Sep 2011

@article{Polot2011,
  author = {Polot, Bartlomiej and Grothoff, Christian},
  journal = {LinuxJournal},
  title = {Performance Regression Monitoring with Gauger},
  year = {2011},
  month = sep,
  number = {209},
  chapter = {68},
  keywords = {Gauger, GNUnet},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.linuxjournaldigital.com/linuxjournal/201109$\#$pg68}
}

[Evans2011a] R5N : Randomized Recursive Routing for Restricted-Route Networks

Evans, Nathan S, and Grothoff, Christian

09/2011 2011

abstract Bib

This paper describes a new secure DHT routing algorithm for open, decentralized P2P networks operating in a restricted-route environment with malicious participants. We have implemented our routing algorithm and have evaluated its performance under various topologies and in the presence of malicious peers. For small-world topologies, our algorithm provides significantly better performance when compared to existing methods. In more densely connected topologies, our performance is better than or on par with other designs.
@conference{Evans2011a, author = {Evans, Nathan S and Grothoff, Christian}, booktitle = {5th International Conference on Network and System Security (NSS 2011)}, title = {R5N : Randomized Recursive Routing for Restricted-Route Networks}, year = {2011}, address = {Milan, Italy}, month = {09/2011}, organization = {IEEE}, publisher = {IEEE}, keywords = {distributed hash table, GNUnet, R5N, routing}, owner = {tom}, timestamp = {2021-01-27} }
[Loesch2011] Scalability & Paranoia in a Decentralized Social Network

Loesch, Carlo, Toth, Gabor X, and Baumann, Mathias

06/2011 2011

Website abstract Bib

There’s a lot of buzz out there about "replacing" Facebook with a privacy-enhanced, decentralized, ideally open source something. In this talk we’ll focus on how much privacy we should plan for (specifically about how we cannot entrust our privacy to modern virtual machine technology) and the often underestimated problem of getting such a monster network to function properly. These issues can be considered together or separately: Even if you’re not as concerned about privacy as we are, the scalability problem still persists.
@conference{Loesch2011, author = {v. Loesch, Carlo and Toth, Gabor X and Baumann, Mathias}, booktitle = {Federated Social Web}, title = {Scalability \& Paranoia in a Decentralized Social Network}, year = {2011}, address = {Berlin, Germany}, month = {06/2011}, keywords = {GNUnet, privacy, social networks}, owner = {tom}, timestamp = {2021-01-27}, url = {http://secushare.org/2011-FSW-Scalability-Paranoia} }

[Eppstein2011] What’s the difference?: efficient set reconciliation without prior context

Eppstein, David, Goodrich, Michael T., Uyeda, Frank, and Varghese, George

2011

@conference{Eppstein2011,
  author = {Eppstein, David and Goodrich, Michael T. and Uyeda, Frank and Varghese, George},
  booktitle = {Proceedings of the ACM SIGCOMM 2011 conference},
  title = {What{\textquoteright}s the difference?: efficient set reconciliation without prior context},
  year = {2011},
  address = {New York, NY, USA},
  organization = {ACM},
  pages = {218{\textendash}229},
  publisher = {ACM},
  series = {SIGCOMM {\textquoteright}11},
  doi = {10.1145/2018436.2018462},
  isbn = {978-1-4503-0797-0},
  keywords = {difference digest, GNUnet, invertible bloom filter, set difference},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://doi.acm.org/10.1145/2018436.2018462}
}

[Polot2010] Adapting Blackhat Approaches to Increase the Resilience of Whitehat Application Scenarios

Polot, Bartlomiej

2010

Bib

@mastersthesis{Polot2010,
  author = {Polot, Bartlomiej},
  school = {Technische Universit{\"a}t M{\"u}nchen},
  title = {Adapting Blackhat Approaches to Increase the Resilience of Whitehat Application Scenarios},
  year = {2010},
  address = {M{\"u}nchen},
  type = {masters},
  keywords = {Botnet, distributed hash table, GNUnet},
  owner = {tom},
  timestamp = {2017-10-10},
  volume = {M.S.}
}

[Mueller2010] Autonomous NAT Traversal

Müller, Andreas, Evans, Nathan S, Grothoff, Christian, and Kamkar, Samy

2010

Website abstract Bib

Traditional NAT traversal methods require the help of a third party for signalling. This paper investigates a new autonomous method for establishing connections to peers behind NAT. The proposed method for Autonomous NAT traversal uses fake ICMP messages to initially contact the NATed peer. This paper presents how the method is supposed to work in theory, discusses some possible variations, introduces various concrete implementations of the proposed approach and evaluates empirical results of a measurement study designed to evaluate the efficacy of the idea in practice.
@conference{Mueller2010, author = {M{\"u}ller, Andreas and Evans, Nathan S and Grothoff, Christian and Kamkar, Samy}, booktitle = {10th IEEE International Conference on Peer-to-Peer Computing (IEEE P2P{\textquoteright}10)}, title = {Autonomous NAT Traversal}, year = {2010}, address = {Delft, The Netherlands}, organization = {IEEE}, publisher = {IEEE}, keywords = {GNUnet, ICMP, NAT, P2P}, owner = {tom}, timestamp = {2017-10-10}, url = {http://grothoff.org/christian/pwnat.pdf} }
[Krawczyk2010] Cryptographic Extraction and Key Derivation: The HKDF Scheme

Krawczyk, Hugo

2010

Website abstract Bib

In spite of the central role of key derivation functions (KDF) in applied cryptography, there has been little formal work addressing the design and analysis of general multi-purpose KDFs. In practice, most KDFs (including those widely standardized) follow ad-hoc approaches that treat cryptographic hash functions as perfectly random functions. In this paper we close some gaps between theory and practice by contributing to the study and engineering of KDFs in several ways. We provide detailed rationale for the design of KDFs based on the extract-then-expand approach; we present the first general and rigorous definition of KDFs and their security which we base on the notion of computational extractors; we specify a concrete fully practical KDF based on the HMAC construction; and we provide an analysis of this construction based on the extraction and pseudorandom properties of HMAC. The resultant KDF design can support a large variety of KDF applications under suitable assumptions on the underlying hash function; particular attention and effort is devoted to minimizing these assumptions as much as possible for each usage scenario. Beyond the theoretical interest in modeling KDFs, this work is intended to address two important and timely needs of cryptographic applications: (i) providing a single hash-based KDF design that can be standardized for use in multiple and diverse applications, and (ii) providing a conservative, yet efficient, design that exercises much care in the way it utilizes a cryptographic hash function. (The HMAC-based scheme presented here, named HKDF, is being standardized by the IETF.)
@booklet{Krawczyk2010, title = {Cryptographic Extraction and Key Derivation: The HKDF Scheme}, author = {Krawczyk, Hugo}, note = {\url{http://eprint.iacr.org/}}, year = {2010}, keywords = {GNUnet, HKDF, HMAC, key derivation}, owner = {tom}, timestamp = {2017-10-10}, url = {http://eprint.iacr.org/2010/264} }

[Ma1992] Designing a universal name service

Ma, Chaoying

1992

Bib PDF

@techreport{Ma1992,
  author = {Ma, Chaoying},
  institution = {University of Cambridge, Computer Laboratory},
  title = {Designing a universal name service},
  year = {1992},
  file = {Ma1992.pdf:Ma1992.pdf:PDF},
  keywords = {DNS},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Joung2007] Keyword search in dht-based peer-to-peer networks

Joung, Yuh-Jzer, Yang, Li-Wei, and Fang, Chien-Tse

IEEE Journal on Selected Areas in Communications 2007

Bib PDF

@article{Joung2007,
  author = {Joung, Yuh-Jzer and Yang, Li-Wei and Fang, Chien-Tse},
  journal = {IEEE Journal on Selected Areas in Communications},
  title = {Keyword search in dht-based peer-to-peer networks},
  year = {2007},
  number = {1},
  volume = {25},
  keywords = {dht},
  owner = {tom},
  publisher = {IEEE},
  timestamp = {2017-10-10}
}

[Haeberlen2005] Glacier: Highly durable, decentralized storage despite massive correlated failures

Haeberlen, Andreas, Mislove, Alan, and Druschel, Peter

In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation-Volume 2 2005

Bib PDF

@inproceedings{Haeberlen2005,
  author = {Haeberlen, Andreas and Mislove, Alan and Druschel, Peter},
  booktitle = {Proceedings of the 2nd conference on Symposium on Networked Systems Design \& Implementation-Volume 2},
  title = {Glacier: Highly durable, decentralized storage despite massive correlated failures},
  year = {2005},
  organization = {USENIX Association},
  pages = {143--158},
  keywords = {apps, filesystem},
  owner = {tom},
  timestamp = {2017-10-10}
}

[Mislove2003] POST: a secure, resilient, cooperative messaging system

Mislove, Alan

Notes 2003

Website Bib PDF

@article{Mislove2003,
  author = {Mislove, Alan},
  journal = {Notes},
  title = {POST: a secure, resilient, cooperative messaging system},
  year = {2003},
  pages = {22},
  volume = {20},
  file = {Mislove2003.pdf:Mislove2003.pdf:PDF},
  groups = {[tom:]},
  keywords = {apps},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.epostmail.org/}
}

[Mislove2004] POST: A decentralized platform for reliable collaborative applications

Mislove, Alan

Master of Science Thesis 2004

Website Bib PDF

@article{Mislove2004,
  author = {Mislove, Alan},
  journal = {Master of Science Thesis},
  title = {POST: A decentralized platform for reliable collaborative applications},
  year = {2004},
  file = {Mislove2004.pdf:Mislove2004.pdf:PDF},
  groups = {tom:6},
  keywords = {apps},
  owner = {tom},
  timestamp = {2017-10-10},
  url = {http://www.epostmail.org/}
}

[A.Neumann2008] Better Approach To Mobile Ad-hoc Networking (B.A.T.M.A.N.)

A. Neumann, M. Lindner, and Wunderlich, S.

2008

@misc{A.Neumann2008,
  author = {A. Neumann, C. Aichele, M. Lindner and Wunderlich, S.},
  title = {Better Approach To Mobile Ad-hoc Networking (B.A.T.M.A.N.)},
  year = {2008},
  keywords = {wireless},
  owner = {tom},
  timestamp = {2017-10-26},
  url = {https://tools.ietf.org/html/draft-wunderlich-openmesh-manet-routing-00}
}

[A.Lindgren2012] Probabilistic Routing Protocol for Intermittently Connected Networks

A. Lindgren, E. Davies, and Grasic, S.

2012

Bib

@misc{A.Lindgren2012,
  author = {A. Lindgren, A. Doria, E. Davies and Grasic, S.},
  title = {Probabilistic Routing Protocol for Intermittently Connected Networks},
  year = {2012},
  keywords = {dtn},
  owner = {tom},
  timestamp = {2017-10-26}
}

[C.Perkins2003] Ad hoc On-Demand Distance Vector (AODV) Routing

C. Perkins, E. Belding-Royer, and Das, S.

2003