Patryk Szewczyk

Using Traffic Analysis to Identify the Second Generation Onion Router

Anonymous networks provide security for users by obfuscating messages with encryption and hiding communications amongst cover traffic provided by other network participants. The traditional goal of academic research into these networks has been attacks that aim to uncover the identity of network users. But the success of an anonymous network relies not only on its technical capabilities, but on adoption by a large enough user base to provide adequate cover traffic. If anonymous network nodes can be identified, the users can be harassed, discouraging participation. Tor is an example of widely used anonymous network which uses a form of Onion Routing to provide low latency anonymous communications. This paper demonstrates that traffic from a simulated Tor network can be distinguished from regular encrypted traffic, suggesting that real world Tor users may be vulnerable to the same analysis.

Insecurity by Obscurity: A Review of SoHo Router Literature from a Network Security Perspective

Because of prevalent threats to SoHo based ADSL Routers, many more devices are compromised. Whilst an end-user may be at fault for not applying the appropriate security mechanisms to counter these threats, vendors should equally share the blame. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and willingness to implement security controls on their ADSL router. It argues that whilst the number of threats circulating the Internet is increasing, vendors are not improving their product literature.

Ignorant Experts: Computer and Network Security Support from Internet Service Providers

The paper examines the advice and support provided by seven major Internet Service Providers in Australia through late 2009 and early 2010 in relation to computer and network security. Previous research has indicated that many end-users will attempt to utilise the support provided by Internet Service Providers as a simple and effective method by which to obtain key information in regards to computer security. This paper demonstrates that in many cases the individuals working at the help desk are either reluctant to provide IT security support or have insufficient skill to provide the correct information.

Usability of Internet Security Software: Have they got it right?

Security software usability has been an ongoing issue for end-users. Whilst manufactures have focused on making computers and operating systems more usable, the same cannot be said for security software. Whilst the number of threats continues to escalate, end-users are left attempting to implement a security solution on their own. Previous research has shown that users are unaware of Internet threats and do not know where to start with mitigation. This paper demonstrates that in 2011, Internet Security Software is gradually becoming more usable, although there are key elements which still require improvements. This paper shows the strengths and weaknesses of current security software, and proposes a series of solutions that software vendors should consider in future releases.

Analysis of Data Remaining on Second Hand ADSL Routers

In theory an ADSL router is capable of providing immense security capabilities including but not limited to wireless encryption, denial of service prevention through firewall rule sets, and logging facilities for review or analysis of network events. However, most laymen may be unaware of the intricacies of the security measures available to them. As a result a vast array of information could remain on ADSL routers once the device is sold, including the users’ approach to security, Internet usage habits, or more importantly confidential user or account information. This paper presents the findings of data acquired from second hand ADSL routers purchased during the first quarter of 2011. The outcomes demonstrate that individuals are not removing their identity adequately and are leaving confidential data which may lead to detrimental outcomes if misused. The paper also demonstrates that the overall security of these devices is alarmingly low, and thus many consumers may fall victim to new and emergent Internet based crimes.