DipZoom: A Marketplace for Internet Measurements Michael Rabinovich, Sipat Tiukose, Zhihua Wen Limin Wang EECS Department Case Western Reserve University.

Slides:

Advertisements

Similar presentations

DipZoom: A Marketplace for Internet Measurements Michael Rabinovich, Sipat Tiukose, Limin Wang EECS Department Case Western Reserve University.

Advertisements

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Authentication Applications The Kerberos Protocol Standard

17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

H t t p : / / w w w. e e c s. c a s e. e d u / DipZoom A Marketplace for Internet Measurements Faculty: Michael Rabinovich Students: Sipat Tiukose, Zhihua.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

Firewalls and Intrusion Detection Systems

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Unit 28- Website Development Assignment 1- THEORY P3

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

Dr. Philip Cannata 1 Principles of Network Applications.

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

1 Integrating ISA Server and Exchange Server. 2 How works.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.

Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Business Strategy Evaluation & Recommendations EVALUATE BUSINESS STRATEGY Internal Assessments Evaluation : Bridge of Business-To-Customer Information.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CPT 123 Internet Skills Class Notes Internet Security Session A.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

Wireless Network Security. How Does Wireless Differ? Wireless networks are inherently insecure because data is transmitted over a very insecure medium,

Firewall Security.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

Module 7: Advanced Application and Web Filtering.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

1 Agility in Virtualized Utility Computing Hangwei Qian, Elliot Miller, Wei Zhang Michael Rabinovich, Craig E. Wills {EECS Department, Case Western Reserve.

Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Applications Software. Is a software used to carry out a particular task e.g. a game or word processor.

Sheng Jiang (Speaker) Xu Chen Xuan Song Huawei Neighbor Cache Protection in Neighbor Discover Protocol draft-jiang-v6ops-nc-prtection-01 IETF 77 V6OPS.

Palo Alto Networks Certified Network Security Engineer

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

Web Services Security.

CPS 512 midterm exam #1, 10/5/17 Your name please: NetID:_______ Sign for your honor:____________________________.

Jon Peppler, Menlo Security Channels

Using SSL – Secure Socket Layer

Distributed Peer-to-peer Name Resolution

Presentation transcript:

DipZoom: A Marketplace for Internet Measurements Michael Rabinovich, Sipat Tiukose, Zhihua Wen Limin Wang EECS Department Case Western Reserve University

Internet Measurements A-priori measurement platforms (e.g. IDMaps) - Great for large-scale characterizations On-demand measurements (Keynote, Scriptroute/PlanetLab, traceroute servers) –Hard to deploy sufficient platform to serve unpredictable needs –Vulnerable to being “gamed” –Limited choice of measurements

Example 1: Choosing a CDN CDN measurements –Chinese readership –With/without persistent connections –Repeat/new users Keynote limitations –Only one location in China –Not all measurements offered –Losing CDN cries foul

Example 2: Latency Measurements Measuring latency between a laptop connected through VZACCESS BroadbandAccess and a Linux PC on Case network RTT measured by average of 2000 pings: 280 msec King Measurements

Our Approach: Coax Internet users to become measurement providers Deploy a matchmaking service instead of measurement infrastructure Use market approach with real money as the means to control the system Focused on-demand measurements Infrastructure that scale with Internet –Measuring host (MH) location –MH type (platform, connectivity) –Measurement type and regime Needs:

DipZoom: Deep Internet Performance Zoom Anyone can offer measurements Anyone can request measurements Anyone can offer measuring software Participants are free to set their prices, compete for requests, bit and solicit bids, etc. Facilitates open echosystem, “ebay for Internet measurements”

Some Questions Will anyone want to become a provider? upromise.com, gomez.com suggest “yes”. Will anyone pay for the measurements? –Keynote and Gomez suggest “yes”

Related Work Gomez.com –Closed system DIMES, –No incentives –Users participate in a particular measurement experiment –Users can’t ask for a measurement

System Overview UDDI/WSDL/SOAP SSL IOTP

Issues Security –Induced DoS attacks against measurment target –Open ports on measuring hosts –High-level DoS attack against measuring host –Measurement side-effects Payment trust –Trusted core helps –Replay-based cheating Measurement trust –Fake MH registrations –MH impersonation –Fake measurements Traversing firewalls and NATs

Core Needs Integrity of measuring software Globally unique ID of measuring host (MHID) Duplicate detection + request/response matching Measurement rate limiting Building blocks of a solution: –Unique embedded secret –GUID or MAC address or hostID –Nonces –Ranking and calibration

DipZoom Request Credential DipZoom core returns an encrypted credential with response to requester’s query Requester includes the credential with request Measuring host –Decrypts nonce –Modifies it using a well known operation (nonce + 1) –Return encrypted nonce with response –Caches nonces for early duplicate detection Nonce/modified nonce addresses request replay and response replay, and third-party response replay attacks MHID addresses the random nonce attack

Ranking and Calibration Security measures raise the bar but do not guarantee protection from malicious MH. If can’t protect - detect and blacklist! –Deploy calibrating measurement targets –Purchase measurements from suspect MHs –Compare responses with passive measurements by calibrating hosts Can calibrating hosts be gamed? –Keynote advertises its measuring hosts location –Calibrating hosts are secret –The risk of blacklisting deters data mining

Status Pre-alpha is hereby released! – –No payments yet –Includes NAT/firewall traversal –Either measuring software or a client and MH bundle –Just ping and wget for now

Summary Growing Internet diversity (devices, links, applications) entails growing needs for focused measurements Proprietary platforms are insufficient DipZoom: a facilitator instead of infrastructure –Open system (pricing, measurements, participants) –Market approach to system control –Based on P2P principles Many challenges ahead Temporary Web site for more information: