William G. Conner

A trust management framework for service-oriented environments

Many reputation management systems have been developed under the assumption that each entity in the system will use a variant of the same scoring function. Much of the previous work in reputation management has focused on providing robustness and improving performance for a given reputation scheme. In this paper, we present a reputation-based trust management framework that supports the synthesis of trust-related feedback from many different entities while also providing each entity with the flexibility to apply different scoring functions over the same feedback data for customized trust evaluations. We also propose a novel scheme to cache trust values based on recent client activity. To evaluate our approach, we implemented our trust management service and tested it on a realistic application scenario in both LAN and WAN distributed environments. Our results indicate that our trust management service can effectively support multiple scoring functions with low overhead and high availability.

Using data aggregation to prevent traffic analysis in wireless sensor networks

When communication in sensor networks occurs over wireless links, confidential information about the communication patterns between sensor nodes could be leaked even when encryption is used to protect the actual contents of the messages. The communication patterns, which often reveal higher volumes of traffic near the sink, could allow an attacker to identify the vicinity of the sink node. With this information, an attacker could potentially disable the network by destroying the sink. In this paper, we present the decoy sink protocol, which protects the location of the sink in target tracking sensor network applications by forwarding data to a decoy sink for aggregation before the aggregated data is forwarded to the real sink from the decoy sink. Combining indirection and data aggregation in our protocol creates more traffic away from the sink and reduces the amount of traffic near the sink, which makes traffic analysis more difficult for attackers.

Preventing DoS attacks in peer-to-peer media streaming systems

This paper presents a framework for preventing both selfishness and denial-of-service attacks in peer-to-peer media streaming systems. Our framework, called Oversight, achieves prevention of these undesirable activities by running a separate peer-to-peer download rate enforcement protocol along with the underlying peer-to-peer media streaming protocol. This separate Oversight protocol enforces download rate limitations on each participating peer. These limitations prevent selfish or malicious nodes from downloading an overwhelming amount of media stream data that could potentially exhaust the entire system. Since Oversight is based on a peer-to-peer architecture, it can accomplish this enforcement functionality in a scalable, efficient, and decentralized way that fits better with peer-to-peer media streaming systems compared to other solutions based on central server architectures. As peer-to-peer media streaming systems continue to grow in popularity, the threat of selfish and malicious peers participating in such large peer-to-peer networks will continue to grow as well. For example, since peer-to-peer media streaming systems allow users to send small request messages that result in the streaming of large media objects, these systems provide an opportunity for malicious users to exhaust resources in the system with little effort expended on their part. However, Oversight addresses these threats associated with selfish or malicious peers who cause such disruptions with excessive download requests. We evaluated our Oversight solution through simulations and our results show that applying Oversight to peer-to-peer media streaming systems can prevent both selfishness and denial-of-service attacks by effectively limiting the download rates of all nodes in the system.

Protecting SIP Proxy Servers from Ringing-Based Denial-of-Service Attacks

As Internet telephony systems continue to replace existing Public Switched Telephone Network systems, proxy servers running the Session Initiation Protocol (SIP) will continue to grow in importance for Voice-over-IP deployments that use SIP for call signaling. Since the protection of the global telecommunications infrastructure is critical to peoples everyday lives, ensuring the availability of SIP proxy servers under attack should be a high priority. This paper first describes a disruptive denial-of-service attack that exploits the semantics of the SIP protocol to exhaust resources at a stateful SIP proxy server. Unlike previous approaches that focus on flooding-based denial-of-service attacks, we consider attacks that do not result in high incoming call traffic rates at the SIP proxy server. After describing this semantic-based attack, we then propose a new algorithm to reduce the effects of such an attack. Our algorithm has been implemented in a SIP proxy server and evaluated extensively through experiments on a local testbed.

Securing peer-to-peer media streaming systems from selfish and malicious behavior

We present a flexible framework for throttling attackers in peer-to-peer media streaming systems. In such systems, selfish nodes (e.g., free riders) and malicious nodes (e.g., DoS attackers) can overwhelm the system by issuing too many requests in a short interval of time. Since peer-to-peer systems are decentralized, it is difficult for individual peers to limit the aggregate download bandwidth consumed by other remote peers. This could potentially allow selfish and malicious peers to exhaust the systems available upload bandwidth. In this paper, we propose a framework to provide a solution to this problem by utilizing a subset of trusted peers (called kantoku nodes) that collectively monitor the bandwidth usage of untrusted peers in the system and throttle attackers. This framework has been evaluated through simulation thus far. Experiments with a full implementation on a network testbed are part of our future work.

Session management for accountability in distributed multimedia services

Internet-based multimedia applications (e.g., voice-over-IP, instant messaging, and video conferencing) are continuing to grow in importance as more people depend on such applications for personal and professional communications. Although performance is almost always a concern with multimedia systems that must satisfy quality-of-service (QoS) constraints, security is also a major requirement given the increasing criticality of such applications. For example, businesses might depend on Internet telephony to reach customers while governments might depend on video streaming to disseminate information. For distributed multimedia services, in addition to the traditional security properties (confidentiality, integrity, and availability), accountability is also important to complement perimeter defenses. Accounting for user actions within the system enables the development of higher-level security services.