Tim Grube

AnonPubSub: Anonymous publish-subscribe overlays

Publish-subscribe is an increasingly popular messaging pattern for distributed systems, supporting scalable and extensible programming, and optimal spatial, temporal, and control-flow decoupling of distributed components. Publish-subscribe middleware and methods were extended towards supporting security, in particular confidentiality, and increased availability, yet a few prior works addressed anonymity of participants. Anonymity of senders and receivers may however be crucial, e.g., for supporting freedom of expression in regimes where political repression and censorship prevail. In this article, we review basic security and privacy requirements and introduce a new attacker model based on statistical disclosure, used to challenge anonymity. We elaborate on design options for privacy-preserving publish-subscribe systems and present a novel system that leverages peer-to-peer networking concepts; this novel approach protects subscriber anonymity by means of Probabilistic Forwarding (PF) and through a novel so-called Shell Game (SG) algorithm. We verify our solution against the requirements and provide a simulation-based analysis of the effectiveness of our approaches in light of our attacker model. The results show that the SG algorithm efficiently protects subscriber anonymity, and that anonymity sets can be adjusted via PF.

Hide and seek: Detecting sensors in P2P botnets

Many cyber-crimes, such as Denial of Service (DoS) attacks and banking frauds, originate from botnets. To prevent botnets from being taken down easily, botmasters have adopted peer-to-peer (P2P) mechanisms to prevent any single point of failure. However, sensor nodes that are often used for both, monitoring and executing sinkholing attacks, are threatening such botnets. In this paper, we introduce a novel mechanism to detect sensor nodes in P2P botnets using the clustering coefficient as a metric. We evaluated our mechanism on the real-world botnet Sality over the course of a week and were able to detect an average of 25 sensors per day with a false positive rate of 20%.

Internal attacks in anonymous publish-subscribe P2P overlays

Privacy, in particular anonymity, is desirable in Online Social Networks (OSNs) like Twitter, especially when considering the threat of political repression and censorship. P2P-based publish-subscribe is a well suited paradigm for OSN scenarios as users can publish and follow topics of interest. However, anonymity in P2P-based publish-subscribe (pub-sub) has been hardly analyzed so far. Research on add-on anonymization systems such as Tor mostly focuses on large scale traffic analysis rather than malicious insiders. Therefore, we analyze colluding insider attackers in more detail that operate on the basis of timing information. For that, we model a generic anonymous pub-sub system, present an attacker model, and discuss timing attacks. We analyze these attacks by a realistic simulation model and discuss potential countermeasures. Our findings indicate that even few malicious insiders are capable to disclose a large number of participants, while an attacker using large amounts of colluding nodes achieves only minor additional improvements.

SensorBuster: On Identifying Sensor Nodes in P2P Botnets

The ever-growing number of cyber attacks originating from botnets has made them one of the biggest threat to the Internet ecosystem. Especially P2P-based botnets like ZeroAccess and Sality require special attention as they have been proven to be very resilient against takedown attempts. To identify weaknesses and to prepare takedowns more carefully it is thus a necessity to monitor them by crawling and deploying sensor nodes. This in turn provokes botmasters to come up with monitoring countermeasures to protect their assets. Most existing anti-monitoring countermeasures focus mainly on the detection of crawlers and not on the detection of sensors deployed in a botnet. In this paper, we propose two sensor detection mechanisms called SensorRanker and SensorBuster. We evaluate these mechanisms in two real world botnets, Sality and ZeroAccess. Our results indicate that SensorRanker and SensorBuster are able to detect up to 17 sensors deployed in Sality and four within ZeroAccess.

Cover Traffic: A Trade of Anonymity and Efficiency

Communication is ubiquitous in today’s societies; more and more devices participate in communication processes, as in for example the Internet of Things. With this omnipresent communication, the process of communication is sensitive itself as it already can disclose information about the content. Anonymous communication is desirable in many scenarios, e.g., the IoT, allowing to communicate without someone being able to attribute the communication to its senders and recipients. Sender anonymity is a hard goal; the only viable option to achieve it is cover traffic which blends communication into noise. In turn, this noise degrades the system’s efficiency rendering it unrealizable eventually. Moreover, cover traffic as a technique is hardly understood and analyzed. We perform a parameter study to analyze the influence of varying participation, utilization, and timing properties on anonymity and efficiency. Our results indicate that cover traffic can be generated more efficiently while anonymity is still on a reasonable level. Nonetheless, randomization of cover traffic allows performing intersection attacks to diminish anonymity in the long run.

Ant colony optimisation — A solution to efficient anonymous group communication?

Online Social Networks (OSNs) are the core of most communications nowadays, leading to possibly sensitive information exchange. Privacy is an important building block of free societies, and thus, for OSNs. OSNs function as group communication systems and can be build in centralised and distributed styles. Privacy can be achieved in distributed systems as all participants contribute to privacy. Peer-to-peer-based group communication systems achieve this privacy improvement partially, at the cost of additional messaging overhead. In this paper, we introduce ant colony optimisation to reduce the messaging overhead of anonymous communication systems, bridging the gap between privacy and efficiency. We apply our adapted privacy sensitive ant colony optimization to improve routing paths by encouraging re-usage and aggregation. Our first results indicate a 9–13% lower messaging overhead compared to the state of the art, while maintaining privacy.

Ant colonies for efficient and anonymous group communication systems

Online Social Networks (OSNs) are the core of many social interactions nowadays. Privacy is an important building block of free societies, and thus, for OSNs. Therefore, OSNs should support privacy-enabled communication between citizens that participate. OSNs function as group communication systems and can be build in centralized and distributed styles. Centralized, privacy is under the sole control of a single entity. If this entity is distributed, privacy can be improved as all participants contribute to privacy. Peer-to-peer-based group communication systems overcome this issue, at the cost of large messaging overhead. The message overhead is mainly caused by early message duplication due to disjunct routing paths. In this paper, we introduce ant colony optimization to reduce the messaging overhead in peer-to-peer-based group communication systems, bridging the gap between privacy and efficiency. To optimize disjunct routing paths, we apply our adapted privacy sensitive ant colony optimization to encourage re-usage and aggregation of known paths. Our results indicate a 9–31% lower messaging overhead compared to the state of the art. Moreover, our ant colony optimization-based method reuses paths without leaking additional information, that is, we maintain the anonymity sets so that participants remain probable innocent.

A formal Holon model for operating future energy grids during blackouts

Modern energy grids introduce local energy producers into city networks. Whenever a city network is disconnected from the distribution grid, a blackout occurs and local producers are disabled. Micro grids circumvent blackouts by leveraging these local producers to power a fixed subset of consumers. In this paper, we evolve micro grids to Holons, which overcome the need for fixed subsets and power as much of the city network as possible. We contribute a formal model of Holons and investigate the impact of the Holon concept in a simulation with 10,000 randomly generated city networks. These city networks are based on parameters obtained from a real-world test site in a medium-sized German city. Our results show that the Holon approach can supply an average fraction of 22.08% of any city network, even when fixed micro grids would fail to power the city network as a whole.