Marco Valerio Barbera

To offload or not to offload? The bandwidth and energy costs of mobile cloud computing

The cloud seems to be an excellent companion of mobile systems, to alleviate battery consumption on smartphones and to backup users data on-the-fly. Indeed, many recent works focus on frameworks that enable mobile computation offloading to software clones of smartphones on the cloud and on designing cloud-based backup systems for the data stored in our devices. Both mobile computation offloading and data backup involve communication between the real devices and the cloud. This communication does certainly not come for free. It costs in terms of bandwidth (the traffic overhead to communicate with the cloud) and in terms of energy (computation and use of network interfaces on the device). In this work we study the fmobile software/data backupseasibility of both mobile computation offloading and mobile software/data backups in real-life scenarios. In our study we assume an architecture where each real device is associated to a software clone on the cloud. We consider two types of clones: The off-clone, whose purpose is to support computation offloading, and the back-clone, which comes to use when a restore of users data and apps is needed. We give a precise evaluation of the feasibility and costs of both off-clones and back-clones in terms of bandwidth and energy consumption on the real device. We achieve this through measurements done on a real testbed of 11 Android smartphones and an equal number of software clones running on the Amazon EC2 public cloud. The smartphones have been used as the primary mobile by the participants for the whole experiment duration.

VIP delegation: Enabling VIPs to offload data in wireless social mobile networks

We propose the use of opportunistic delegation as a data traffic offload solution to the recent boost up of mobile data consumption in metropolitan areas, by investigating two main questions: (i) “How to gain insights into social mobile networking scenarios?” and (ii) “How to utilize such insights to design solutions to alleviate overloaded 3G networks?”. The purpose of our solution is to leverage usage of mobile applications requiring large data transfers by channeling the traffic to a few, socially selected important users in the network called VIP delegates. The proposed VIP selection strategies are based on social network properties and are compared to the optimal solution (that covers 100% of users with minimum number of VIPs). Our extensive experiments with real and synthetic traces show the effectiveness of VIP delegation both in terms of coverage and required number of VIPs — down to 7% in average of VIPs are needed in campuslike scenarios to offload about 90% of the traffic.

Mobile offloading in the wild: Findings and lessons learned through a real-life experiment with a new cloud-aware system

Mobile-cloud offloading mechanisms delegate heavy mobile computation to the cloud. In real life use, the energy tradeoff of computing the task locally or sending the input data and the code of the task to the cloud is often negative, especially with popular communication intensive jobs like social-networking, gaming, and emailing. We design and build a working implementation of CDroid, a system that tightly couples the device OS to its cloud counterpart. The cloud-side handles data traffic through the device efficiently and, at the same time, caches code and data optimally for possible future offloading. In our system, when offloading decision takes place, input and code are likely to be already on the cloud. CDroid makes mobile cloud offloading more practical enabling offloading of lightweight jobs and communication intensive apps. Our experiments with real users in everyday life show excellent results in terms of energy savings and user experience.

Data offloading in social mobile networks through VIP delegation

Abstract The recent boost up of mobile data consumption is straining cellular networks in metropolitan areas and is the main reason for the ending of unlimited data plans by many providers. To address this problem, we propose the use of series opportunistic delegation as a data traffic offload solution by investigating two main questions: (i) “Can we characterize a given social mobile scenario by observing only a small portion of it?”. (ii) “How to exploit this characterization so to design solutions that alleviate overloaded cellular networks?”. In our solution we build a social-graph of the given scenario by observing it for a period as short as 1-week, and then leverage a few, socially important users in the social-graph—the VIPs—to offload the network. The proposed VIP selection strategies are based on social network properties and are compared to the optimal (offline) solution. Through extensive evaluations with real and synthetic traces we show the effectiveness of VIP delegation both in terms of coverage and required number of VIPs – down to 7% in average of VIPs are needed in campus-like scenarios to offload about 90% of the traffic.

On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records

We investigate the feasibility of mounting a de-anonymization attack against Tor and similar low-latency anonymous communication systems by using NetFlow records. Previous research has shown that adversaries with the ability to eavesdrop in real time at a few internet exchange points can effectively monitor a significant part of the network paths from Tor nodes to destination servers. However, the capacity of current networks makes packet-level monitoring at such a scale quite challenging. We hypothesize that adversaries could use less accurate but readily available monitoring facilities, such as Ciscos NetFlow, to mount large-scale traffic analysis attacks. In this paper, we assess the feasibility and effectiveness of traffic analysis attacks against Tor using NetFlow data. We present an active traffic analysis technique based on perturbing the characteristics of user traffic at the server side, and observing a similar perturbation at the client side through statistical correlation. We evaluate the accuracy of our method using both in-lab testing and data gathered from a public Tor relay serving hundreds of users. Our method revealed the actual sources of anonymous traffic with 100% accuracy for the in-lab tests, and achieved an overall accuracy of 81.6% for the real-world experiments with a false positive rate of 5.5%.

CloudShield: Efficient anti-malware smartphone patching with a P2P network on the cloud

The battery limits of today smartphones require a solution. In the scientific community it is believed that a promising way of prolonging battery life is to offload mobile computation to the cloud. State of the art offloading architectures consists of virtual copies of real smartphones (the clones) that run on the cloud, are synchronized with the corresponding devices, and help alleviate the computational burden on the real smartphones. Recently, it has been proposed to organize the clones in a peer-to-peer network in order to facilitate content sharing among the mobile smartphones. We believe that P2P network of clones, aside from content sharing, can be a useful tool to solve critical security problems on the mobile network of smartphones. In particular, we consider the problem of computing an efficient patching strategy to stop worm spreading between smartphones. The peer-to-peer network of clones is used to compute the best strategy to patch the smartphones in such a way that the number of devices to patch is low (to reduce the load on the cellular infrastructure) and that the worm is stopped quickly. We consider two well defined worms, one spreading between the devices and one attacking the cloud before moving to the real smartphones; we describe CloudShield, a suite of protocols running on the peer-to-peer network of clones; and we show by experiments that CloudShield outperforms state-of-theart worm-containment mechanisms for mobile wireless networks.

CellFlood: Attacking Tor Onion Routers on the Cheap

In this paper, we introduce a new Denial-of-Service attack against Tor Onion Routers and we study its feasibility and implications. In particular, we exploit a design flaw in the way Tor software builds virtual circuits and demonstrate that an attacker needs only a fraction of the resources required by a network DoS attack for achieving similar damage. We evaluate the effects of our attack on real Tor routers and we propose an estimation methodology for assessing the resources needed to attack any publicly accessible Tor node. Finally, we present the design and implementation of an effective solution to the problem that relies on cryptographic client puzzles, and we present results from its performance and effectiveness evaluation.

CDroid: towards a cloud-integrated mobile operating system

Current offloading mechanisms for mobile energyhungry apps consider the cloud as a separate remote support to the mobile devices. We take a different approach: We present CDroid, a system residing partially on the device and partially on a cloud software clone coupled with the device, and uses the cloud-side as just-another-resource of the real device. It enhances the user-experience by improving web navigation, compressing and caching web-pages, blocking unwanted ads, and protects user data by virus scanning apps on the cloud-side prior installation on the real-device. CDroid puts the first steps towards a hybrid cloud-integrated mobile system of the future.

A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN Clients

Abstract Commercial Virtual Private Network (VPN) services have become a popular and convenient technology for users seeking privacy and anonymity. They have been applied to a wide range of use cases, with commercial providers often making bold claims regarding their ability to fulfil each of these needs, e.g., censorship circumvention, anonymity and protection from monitoring and tracking. However, as of yet, the claims made by these providers have not received a sufficiently detailed scrutiny. This paper thus investigates the claims of privacy and anonymity in commercial VPN services. We analyse 14 of the most popular ones, inspecting their internals and their infrastructures. Despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage. The work is extended by developing more sophisticated DNS hijacking attacks that allow all traffic to be transparently captured.We conclude discussing a range of best practices and countermeasures that can address these vulnerabilities

Exploiting Delay Patterns for User IPs Identification in Cellular Networks

A surprisingly high number of mobile carriers worldwide do not block unsolicited traffic from reaching their mobile devices from the open Internet or from within the cellular network. This exposes mobile users to a class of low-resource attacks that could compromise their privacy and security. In this work we describe a methodology that allows an adversary to identify a victim device in the cellular network by just sending messages to its user through one or more messaging apps available today on the mobile market. By leveraging network delays produced by mobile devices in different radio states and the timeliness of push notifications, we experimentally show how our methodology is able to quickly identify the target device within 20 messages in the worst case through measurements on a large mobile network.