Michael Sirivianos

Loud and Clear: Human-Verifiable Authentication Based on Audio

Secure pairing of electronic devices that lack any previous association is a challenging problem which has been considered in many contexts and in various flavors. In this paper, we investigate the use of audio for human-assisted authentication of previously un-associated devices. We develop and evaluate a system we call Loud-and-Clear (L&C) which places very little demand on the human user. L&C involves the use of a text-to-speech (TTS) engine for vocalizing a robust-sounding and syntactically-correct (English-like) sentence derived from the hash of a device’s public key. By coupling vocalization on one device with the display of the same information on another device, we demonstrate that L&C is suitable for secure device pairing (e.g., key exchange) and similar tasks. We also describe several common use cases, provide some performance data for our prototype implementation and discuss the security properties of L&C.

Inter-datacenter bulk transfers with netstitcher

Large datacenter operators with sites at multiple locations dimension their key resources according to the peak demand of the geographic area that each site covers. The demand of specific areas follows strong diurnal patterns with high peak to valley ratios that result in poor average utilization across a day. In this paper, we show how to rescue unutilized bandwidth across multiple datacenters and backbone networks and use it for non-real-time applications, such as backups, propagation of bulky updates, and migration of data. Achieving the above is non-trivial since leftover bandwidth appears at different times, for different durations, and at different places in the world. For this purpose, we have designed, implemented, and validated NetStitcher, a system that employs a network of storage nodes to stitch together unutilized bandwidth, whenever and wherever it exists. It gathers information about leftover resources, uses a store-and-forward algorithm to schedule data transfers, and adapts to resource fluctuations. We have compared NetStitcher with other bulk transfer mechanisms using both a testbed and a live deployment on a real CDN. Our testbed evaluation shows that NetStitcher outperforms all other mechanisms and can rescue up to five times additional datacenter bandwidth thus making it a valuable tool for datacenter providers. Our live CDN deployment demonstrates that our solution can perform large data transfers at a much lower cost than naive end-to-end or store-and-forward schemes.

Poking facebook: characterization of osn applications

Facebook is one of the most popular Internet sites today. A key feature that arguably contributed to Facebooks unprecedented success is its application platform, which enables the development of third-party social-networking applications. Understanding how these applications are installed and used is important for the function and utility of web-based online social networks, e.g. to better engineer them and/or to design advertising campaigns. In this paper, we characterize the popularity and user reach of Facebook applications. We analyze application usage data gathered over a period of six months from Facebook and Adonomics - a Facebook analytics service. We also crawl publicly accessible Facebook user profiles and obtain per-user application installation statistics, for approximately 300K users and 13.6K applications. Our findings include that (i) the popularity of Facebook applications has a highly skewed distribution; (ii) although the total number of application installations increases with time, the average user activity decreases; and (iii) users with more applications installed are more likely to install new applications.

Non-Manipulable Aggregator Node Election Protocols for Wireless Sensor Networks

Aggregator nodes commonly have the ability to read, corrupt or disrupt the flow of information produced by a wireless sensor network (WSN). Despite this fact, existing aggregator node election schemes do not address an adversary that strives to influence the election process towards candidate nodes that it controls. We discuss the requirements that need to be fulfilled by a non-manipulable aggregator node election protocol. We conclude that these requirements can be satisfied by a distributed random number generator function in which no node is able to determine the output of the function. We provide and compare three protocols that instantiate such function.

Using audio in secure device pairing

Secure pairing of electronic devices is an important issue that must be addressed in many contexts. In the absence of prior security context, the need to involve the user in the pairing process is a prominent challenge. In this paper, we investigate the use of the audio channel for human-assisted device pairing. First we assume a common (insecure) wireless channel between devices. We then obviate the assumption of a pre-existing common channel with a single-channel device pairing approach only based on audio. Both approaches are applicable to a wide range of devices and place light burden on the user.

Robust and efficient incentives for cooperative content distribution

Content distribution via the Internet is becoming increasingly popular. To be cost-effective, commercial content providers are now using peer-to-peer (P2P) protocols such as BitTorrent to save bandwidth costs and to handle peak demands. When an online content provider uses a P2P protocol, it faces an incentive issue: how to motivate its clients to upload to their peers. This paper presents Dandelion, a system designed to address this issue. Unlike previous incentive-compatible systems, such as BitTorrent, our system provides non-manipulable incentives for clients to upload to their peers. A client that honestly uploads to its peers is rewarded in the following two ways. First, if its peers are unable to reciprocate its uploads, the content provider rewards the clients service with credit. This credit can be redeemed for discounts on paid content or other monetary rewards. Second, if the clients peers possess content of interest and have appropriate uplink capacity, the client is rewarded with reciprocal uploads from its peers. In designing Dandelion, we trade scalability for the ability to provide robust incentives for cooperation. The evaluation of our prototype system on PlanetLab demonstrates the viability of our approach. A Dandelion server that runs on commodity hardware with a moderate access link is capable of supporting up to a few thousand clients. The download completion time for these clients is substantially reduced due to the additional upload capacity offered by strongly incentivized uploaders.

Assessing the veracity of identity assertions via OSNs

Anonymity is one of the main virtues of the Internet, as it protects privacy and enables users to express opinions more freely. However, anonymity hinders the assessment of the veracity of assertions that online users make about their identity attributes, such as age or profession. We propose FaceTrust, a system that uses online social networks to provide lightweight identity credentials while preserving a users anonymity. Face-Trust employs a “game with a purpose” design to elicit the opinions of the friends of a user about the users self-claimed identity attributes, and uses attack-resistant trust inference to assign veracity scores to identity attribute assertions. FaceTrust provides credentials, which a user can use to corroborate his assertions. We evaluate our proposal using a live Facebook deployment and simulations on a crawled social graph. The results show that our veracity scores strongly correlate with the ground truth, even when a large fraction of the social network users is dishonest and employs the Sybil attack.

Combating Friend Spam Using Social Rejections

Unwanted friend requests in online social networks (OSNs), also known as friend spam, are among the most evasive malicious activities. Friend spam can result in OSN links that do not correspond to social relationship among users, thus pollute the underlying social graph upon which core OSN functionalities are built, including social search engine, ad targeting, and OSN defense systems. To effectively detect the fake accounts that act as friend spammers, we propose a system called Rejecto. It stems from the observation on social rejections in OSNs, i.e., Even well-maintained fake accounts inevitably have their friend requests rejected or they are reported by legitimate users. Our key insight is to partition the social graph into two regions such that the aggregate acceptance rate of friend requests from one region to the other is minimized. This design leads to reliable detection of a region that comprises friend spammers, regardless of the request collusion among the spammers. Meanwhile, it is resilient to other strategic manipulations. To efficiently obtain the graph cut, we extend the Kernighan-Lin heuristic and use it to iteratively detect the fake accounts that send out friend spam. Our evaluation shows that Rejecto can discern friend spammers under a broad range of scenarios and that it is computationally practical.

Exploiting path diversity in datacenters using MPTCP-aware SDN

Recently, Multipath TCP (MPTCP) has been proposed as an alternative transport approach for datacenter networks. MPTCP provides the ability to split a flow into multiple paths thus providing better performance and resilience to failures. Usually, MPTCP is combined with flow-based Equal-Cost Multi-Path Routing (ECMP), which uses random hashing to split the MPTCP subflows over different paths. However, random hashing can be suboptimal as distinct subflows may end up using the same paths, while other available paths remain unutilized. In this paper, we explore an MPTCP-aware SDN controller that facilitates an alternative routing mechanism for the MPTCP subflows. The controller uses packet inspection to provide deterministic subflow assignment to paths. Using the controller, we show that MPTCP can deliver significantly improved performance when connections are not limited by the access links of hosts. To lessen the effect of throughput limitation due to access links, we also investigate the usage of multiple interfaces at the hosts. We demonstrate, using our modification of the MPTCP Linux Kernel, that using multiple subflows per pair of IP addresses can yield improved performance in multi-interface settings.

Sharing the cost of backbone networks: cui bono?

We study the problem of how to share the cost of a backbone network among its customers. A variety of empirical cost-sharing policies are used in practice by backbone network operators but very little ever reaches the research literature about their properties. Motivated by this, we present a systematic study of such policies focusing on the discrepancies between their cost allocations. We aim at quantifying how the selection of a particular policy biases an operators understanding of cost generation. We identify F-discrepancies due to the specific function used to map traffic into cost (e.g., volume vs. peak rate vs. 95-percentile) and M-discrepancies, which have to do with where traffic is metered (per device vs. ingress metering). We also identify L-discrepancies relating to the liability of individual customers for triggered upgrades and consequent costs (full vs. proportional), and finally, TCO-discrepancies emanating from the fact that the cost of carrying a bit is not uniform across the network (old vs. new equipment, high vs. low energy or real estate costs, etc.). Using extensive traffic, routing, and cost data from a tier-1 network we show that F-discrepancies are large when looking at individual links but cancel out when considering network-wide cost-sharing. Metering at ingress points is convenient but leads to large M-discrepancies, while TCO-discrepancies are huge. Finally, L-discrepancies are intriguing and esoteric but understanding them is central to determining the cost a customer inflicts on the network.