In this supplemental document we provide detailed analysis and investigation of ReDS. In particul... more In this supplemental document we provide detailed analysis and investigation of ReDS. In particular, we include the following contributions: • Section 2 provides a detailed description of A-Boost,
In this supplemental document we provide detailed analysis and investigation of ReDS. In particul... more In this supplemental document we provide detailed analysis and investigation of ReDS. In particular, we include the following contributions: • Section 2 provides a detailed description of A-Boost, the local mode of Halo-ReDS that we compare the collaborative mode against in our simulation experiments. • Section 3 briefly analyzes the effect of collaborative mode on path length in Halo-ReDS. • Section 4 provides a detailed description of the KadReDS algorithm. • Section 5 shows the evolution of failure rate for Halo over time, illustrating how the failure rate achieves a steady-state value. • Section 6 shows results specific to Kad-ReDS, including routing table pollution and parameter selection. • Section 7 describes a novel mechanism for computing shared reputation scores in the ReDS setting and our analysis of this scheme. • Section 8 is our complete security analysis, including a detailed investigation of oscillation attacks and analysis of an attack on shared reputation in the Re...
As smartphones become more pervasive, they are increasingly targeted by malware. At the same time... more As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of ‘sensor malware’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘listen’ for spoken credit card numbers through the microphone, or ‘feel’ keystroke vibrations using the accelerometer. Yet the possibilities of what malware can ‘see’ through a camera have been understudied. This paper introduces a novel ‘visual malware’ called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call “virtual theft.” Through completely opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical space, study the environment caref...
Abstract—Distributed Hash Tables (DHTs), such as Chord and Kademlia, offer an efficient means to ... more Abstract—Distributed Hash Tables (DHTs), such as Chord and Kademlia, offer an efficient means to locate resources in peer-to-peer networks. Unfortunately, malicious nodes on a lookup path can easily subvert such queries. Several systems, including Halo (based on Chord) and Kad (based on Kademlia), mitigate such attacks by using redundant lookup queries. Much greater assurance can be provided; we present Reputation for Directory Services (ReDS), a framework for enhancing lookups in redundant DHTs by tracking how well other nodes service lookup requests. We describe how the ReDS technique can be applied to virtually any redundant DHT including Halo and Kad. We also study the collaborative identification and removal of bad lookup paths in a way that does not rely on the sharing of reputation scores, and we show that such sharing is vulnerable to attacks that make it unsuitable for most applications of ReDS. Through extensive simulations, we demonstrate that ReDS improves lookup success...
As smartphones become more pervasive, they are increasingly targeted by malware. At the
same tim... more As smartphones become more pervasive, they are increasingly targeted by malware. At the
same time, each new generation of smartphone features increasingly powerful onboard sensor
suites. A new strain of ‘sensor malware’ has been developing that leverages these sensors to steal
information from the physical environment — e.g., researchers have recently demonstrated how
malware can ‘listen’ for spoken credit card numbers through the microphone, or ‘feel’ keystroke
vibrations using the accelerometer. Yet the possibilities of what malware can ‘see’ through a
camera have been understudied.
This paper introduces a novel ‘visual malware’ called PlaceRaider, which allows remote at-
tackers to engage in remote reconnaissance and what we call “virtual theft.” Through completely
opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three
dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical
space, study the environment carefully, and steal virtual objects from the environment (such
as financial documents, information on computer monitors, and personally identifiable informa-
tion). Through two human subject studies we demonstrate the effectiveness of using mobile
devices as powerful urveillance and virtual theft platforms, and we suggest several possible
defenses against visual malware.
IEEE Transaction in Parallel and Distributed Systems
Distributed Hash Tables (DHTs) such as Chord and Kademlia offer an efficient solution for locat-
... more Distributed Hash Tables (DHTs) such as Chord and Kademlia offer an efficient solution for locat-
ing resources in peer-to-peer networks. Unfortunately, malicious nodes along a lookup path can easily
subvert such queries. Several systems, including Halo (based on Chord) and Kad (based on Kademlia),
mitigate such attacks by using a combination of redundancy and diversity in the paths taken by redun-
dant lookup queries. Much greater assurance can be provided, however. We describe Reputation for
Directory Services (ReDS), a framework for enhancing lookups in redundant DHTs by tracking how
well other nodes service lookup requests. We describe how the ReDS technique can be applied to vir-
tually any redundant DHT including Halo and Kad. We also study the collaborative identification and
removal of bad lookup paths in a way that does not rely on the sharing of reputation scores — we show
that such sharing is vulnerable to attacks that make it unsuitable for most applications of ReDS. Through
extensive simulations we demonstrate that ReDS improves lookup success rates for Halo and Kad by
80% or more over a wide range of conditions, even against strategic attackers attempting to game their
reputation scores and in the presence of node churn.
In this supplemental document we provide detailed analysis and investigation of ReDS. In particul... more In this supplemental document we provide detailed analysis and investigation of ReDS. In particular, we include the following contributions: • Section 2 provides a detailed description of A-Boost,
In this supplemental document we provide detailed analysis and investigation of ReDS. In particul... more In this supplemental document we provide detailed analysis and investigation of ReDS. In particular, we include the following contributions: • Section 2 provides a detailed description of A-Boost, the local mode of Halo-ReDS that we compare the collaborative mode against in our simulation experiments. • Section 3 briefly analyzes the effect of collaborative mode on path length in Halo-ReDS. • Section 4 provides a detailed description of the KadReDS algorithm. • Section 5 shows the evolution of failure rate for Halo over time, illustrating how the failure rate achieves a steady-state value. • Section 6 shows results specific to Kad-ReDS, including routing table pollution and parameter selection. • Section 7 describes a novel mechanism for computing shared reputation scores in the ReDS setting and our analysis of this scheme. • Section 8 is our complete security analysis, including a detailed investigation of oscillation attacks and analysis of an attack on shared reputation in the Re...
As smartphones become more pervasive, they are increasingly targeted by malware. At the same time... more As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of ‘sensor malware’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘listen’ for spoken credit card numbers through the microphone, or ‘feel’ keystroke vibrations using the accelerometer. Yet the possibilities of what malware can ‘see’ through a camera have been understudied. This paper introduces a novel ‘visual malware’ called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call “virtual theft.” Through completely opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical space, study the environment caref...
Abstract—Distributed Hash Tables (DHTs), such as Chord and Kademlia, offer an efficient means to ... more Abstract—Distributed Hash Tables (DHTs), such as Chord and Kademlia, offer an efficient means to locate resources in peer-to-peer networks. Unfortunately, malicious nodes on a lookup path can easily subvert such queries. Several systems, including Halo (based on Chord) and Kad (based on Kademlia), mitigate such attacks by using redundant lookup queries. Much greater assurance can be provided; we present Reputation for Directory Services (ReDS), a framework for enhancing lookups in redundant DHTs by tracking how well other nodes service lookup requests. We describe how the ReDS technique can be applied to virtually any redundant DHT including Halo and Kad. We also study the collaborative identification and removal of bad lookup paths in a way that does not rely on the sharing of reputation scores, and we show that such sharing is vulnerable to attacks that make it unsuitable for most applications of ReDS. Through extensive simulations, we demonstrate that ReDS improves lookup success...
As smartphones become more pervasive, they are increasingly targeted by malware. At the
same tim... more As smartphones become more pervasive, they are increasingly targeted by malware. At the
same time, each new generation of smartphone features increasingly powerful onboard sensor
suites. A new strain of ‘sensor malware’ has been developing that leverages these sensors to steal
information from the physical environment — e.g., researchers have recently demonstrated how
malware can ‘listen’ for spoken credit card numbers through the microphone, or ‘feel’ keystroke
vibrations using the accelerometer. Yet the possibilities of what malware can ‘see’ through a
camera have been understudied.
This paper introduces a novel ‘visual malware’ called PlaceRaider, which allows remote at-
tackers to engage in remote reconnaissance and what we call “virtual theft.” Through completely
opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three
dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical
space, study the environment carefully, and steal virtual objects from the environment (such
as financial documents, information on computer monitors, and personally identifiable informa-
tion). Through two human subject studies we demonstrate the effectiveness of using mobile
devices as powerful urveillance and virtual theft platforms, and we suggest several possible
defenses against visual malware.
IEEE Transaction in Parallel and Distributed Systems
Distributed Hash Tables (DHTs) such as Chord and Kademlia offer an efficient solution for locat-
... more Distributed Hash Tables (DHTs) such as Chord and Kademlia offer an efficient solution for locat-
ing resources in peer-to-peer networks. Unfortunately, malicious nodes along a lookup path can easily
subvert such queries. Several systems, including Halo (based on Chord) and Kad (based on Kademlia),
mitigate such attacks by using a combination of redundancy and diversity in the paths taken by redun-
dant lookup queries. Much greater assurance can be provided, however. We describe Reputation for
Directory Services (ReDS), a framework for enhancing lookups in redundant DHTs by tracking how
well other nodes service lookup requests. We describe how the ReDS technique can be applied to vir-
tually any redundant DHT including Halo and Kad. We also study the collaborative identification and
removal of bad lookup paths in a way that does not rely on the sharing of reputation scores — we show
that such sharing is vulnerable to attacks that make it unsuitable for most applications of ReDS. Through
extensive simulations we demonstrate that ReDS improves lookup success rates for Halo and Kad by
80% or more over a wide range of conditions, even against strategic attackers attempting to game their
reputation scores and in the presence of node churn.
Uploads
Papers by Zahid Rahman
same time, each new generation of smartphone features increasingly powerful onboard sensor
suites. A new strain of ‘sensor malware’ has been developing that leverages these sensors to steal
information from the physical environment — e.g., researchers have recently demonstrated how
malware can ‘listen’ for spoken credit card numbers through the microphone, or ‘feel’ keystroke
vibrations using the accelerometer. Yet the possibilities of what malware can ‘see’ through a
camera have been understudied.
This paper introduces a novel ‘visual malware’ called PlaceRaider, which allows remote at-
tackers to engage in remote reconnaissance and what we call “virtual theft.” Through completely
opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three
dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical
space, study the environment carefully, and steal virtual objects from the environment (such
as financial documents, information on computer monitors, and personally identifiable informa-
tion). Through two human subject studies we demonstrate the effectiveness of using mobile
devices as powerful urveillance and virtual theft platforms, and we suggest several possible
defenses against visual malware.
ing resources in peer-to-peer networks. Unfortunately, malicious nodes along a lookup path can easily
subvert such queries. Several systems, including Halo (based on Chord) and Kad (based on Kademlia),
mitigate such attacks by using a combination of redundancy and diversity in the paths taken by redun-
dant lookup queries. Much greater assurance can be provided, however. We describe Reputation for
Directory Services (ReDS), a framework for enhancing lookups in redundant DHTs by tracking how
well other nodes service lookup requests. We describe how the ReDS technique can be applied to vir-
tually any redundant DHT including Halo and Kad. We also study the collaborative identification and
removal of bad lookup paths in a way that does not rely on the sharing of reputation scores — we show
that such sharing is vulnerable to attacks that make it unsuitable for most applications of ReDS. Through
extensive simulations we demonstrate that ReDS improves lookup success rates for Halo and Kad by
80% or more over a wide range of conditions, even against strategic attackers attempting to game their
reputation scores and in the presence of node churn.
same time, each new generation of smartphone features increasingly powerful onboard sensor
suites. A new strain of ‘sensor malware’ has been developing that leverages these sensors to steal
information from the physical environment — e.g., researchers have recently demonstrated how
malware can ‘listen’ for spoken credit card numbers through the microphone, or ‘feel’ keystroke
vibrations using the accelerometer. Yet the possibilities of what malware can ‘see’ through a
camera have been understudied.
This paper introduces a novel ‘visual malware’ called PlaceRaider, which allows remote at-
tackers to engage in remote reconnaissance and what we call “virtual theft.” Through completely
opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three
dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical
space, study the environment carefully, and steal virtual objects from the environment (such
as financial documents, information on computer monitors, and personally identifiable informa-
tion). Through two human subject studies we demonstrate the effectiveness of using mobile
devices as powerful urveillance and virtual theft platforms, and we suggest several possible
defenses against visual malware.
ing resources in peer-to-peer networks. Unfortunately, malicious nodes along a lookup path can easily
subvert such queries. Several systems, including Halo (based on Chord) and Kad (based on Kademlia),
mitigate such attacks by using a combination of redundancy and diversity in the paths taken by redun-
dant lookup queries. Much greater assurance can be provided, however. We describe Reputation for
Directory Services (ReDS), a framework for enhancing lookups in redundant DHTs by tracking how
well other nodes service lookup requests. We describe how the ReDS technique can be applied to vir-
tually any redundant DHT including Halo and Kad. We also study the collaborative identification and
removal of bad lookup paths in a way that does not rely on the sharing of reputation scores — we show
that such sharing is vulnerable to attacks that make it unsuitable for most applications of ReDS. Through
extensive simulations we demonstrate that ReDS improves lookup success rates for Halo and Kad by
80% or more over a wide range of conditions, even against strategic attackers attempting to game their
reputation scores and in the presence of node churn.