Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 25 of 25
Full-Text Articles in Physical Sciences and Mathematics
Topological Structures In The Equities Market Network, Gregory Leibon, Scott Pauls, Daniel Rockmore, Robert Savell
Topological Structures In The Equities Market Network, Gregory Leibon, Scott Pauls, Daniel Rockmore, Robert Savell
Dartmouth Scholarship
We present a new method for articulating scale-dependent topological descriptions of the network structure inherent in many complex systems. The technique is based on “partition decoupled null models,” a new class of null models that incorporate the interaction of clustered partitions into a random model and generalize the Gaussian ensemble. As an application, we analyze a correlation matrix derived from 4 years of close prices of equities in the New York Stock Exchange (NYSE) and National Association of Securities Dealers Automated Quotation (NASDAQ). In this example, we expose (i) a natural structure composed of 2 interacting partitions of …
Nymble: Blocking Misbehaving Users In Anonymizing Networks, Patrick P. Tsang, Apu Kapadia, Cory Cornelius, Sean W. Smith
Nymble: Blocking Misbehaving Users In Anonymizing Networks, Patrick P. Tsang, Apu Kapadia, Cory Cornelius, Sean W. Smith
Computer Science Technical Reports
Anonymizing networks such as Tor allow users to access Internet services privately by using a series of routers to hide the client's IP address from the server. The success of such networks, however, has been limited by users employing this anonymity for abusive purposes such as defacing popular websites. Website administrators routinely rely on IP-address blocking for disabling access to misbehaving users, but blocking IP addresses is not practical if the abuser routes through an anonymizing network. As a result, administrators block \emph{all} known exit nodes of anonymizing networks, denying anonymous access to misbehaving and behaving users alike. To address …
Functional Monitoring Without Monotonicity, Chrisil Arackaparambil, Joshua Brody, Amit Chakrabarti
Functional Monitoring Without Monotonicity, Chrisil Arackaparambil, Joshua Brody, Amit Chakrabarti
Computer Science Technical Reports
The notion of distributed functional monitoring was recently introduced by Cormode, Muthukrishnan and Yi to initiate a formal study of the communication cost of certain fundamental problems arising in distributed systems, especially sensor networks. In this model, each of k sites reads a stream of tokens and is in communication with a central coordinator, who wishes to continuously monitor some function f of \sigma, the union of the k streams. The goal is to minimize the number of bits communicated by a protocol that correctly monitors f(\sigma), to within some small error. As in previous work, we focus on a …
Digital Image Ballistics From Jpeg Quantization: A Followup Study, Hany Farid
Digital Image Ballistics From Jpeg Quantization: A Followup Study, Hany Farid
Computer Science Technical Reports
The lossy JPEG compression scheme employs a quantization table that controls the amount of compression achieved. Because different cameras typically employ different tables, a comparison of an image's quantization scheme to a database of known cameras affords a simple technique for confirming or denying an image's source. This report describes the analysis of quantization tables extracted from 1,000,000 images downloaded from Flickr.com.
Group-Aware Stream Filtering For Bandwidth-Efficient Data Dissemination, Ming Li, David Kotz
Group-Aware Stream Filtering For Bandwidth-Efficient Data Dissemination, Ming Li, David Kotz
Dartmouth Scholarship
In this paper we are concerned with disseminating high-volume data streams to many simultaneous applications over a low-bandwidth wireless mesh network. For bandwidth efficiency, we propose a group-aware stream filtering approach, used in conjunction with multicasting, that exploits two overlooked, yet important, properties of these applications: 1) many applications can tolerate some degree of “slack” in their data quality requirements, and 2) there may exist multiple subsets of the source data satisfying the quality needs of an application. We can thus choose the “best alternative” subset for each application to maximize the data overlap within the group to best benefit …
Toward Evaluating Lighting Design Interface Paradigms For Novice Users, William Brandon Kerr, Fabio Pellacini
Toward Evaluating Lighting Design Interface Paradigms For Novice Users, William Brandon Kerr, Fabio Pellacini
Computer Science Technical Reports
Lighting design is a complex and fundamental task in computer cinematography, involving adjustment of light parameters to define final scene appearance. Many lighting interfaces have been proposed to improve lighting design work flow. These paradigms exist in three paradigm categories: direct light parameter manipulation, indirect light feature manipulation (e.g., shadow dragging), and goal-based optimization of light through painting. To this date, no formal evaluation of the relative effectiveness of these methods has been performed. In this paper, we present a first step toward evaluating the three paradigms in the form of a user study with novice users. We focus our …
Blac: Revoking Repeatedly Misbehaving Anonymous Users Without Relying On Ttps, Patrick P. Tsang, Man Ho Au, Apu Kapadia, Sean W. Smith
Blac: Revoking Repeatedly Misbehaving Anonymous Users Without Relying On Ttps, Patrick P. Tsang, Man Ho Au, Apu Kapadia, Sean W. Smith
Computer Science Technical Reports
Several credential systems have been proposed in which users can authenticate to service providers anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability of the TTP to revoke a user's privacy at any time, however, is too strong a punishment for misbehavior. To limit the scope of deanonymization, systems have been proposed in which users are deanonymized if they authenticate ``too many times,'' such as ``double spending'' with electronic cash. While useful in some applications, it is …
The Changing Usage Of A Mature Campus-Wide Wireless Network, Tristan Henderson, David Kotz, Ilya Abyzov
The Changing Usage Of A Mature Campus-Wide Wireless Network, Tristan Henderson, David Kotz, Ilya Abyzov
Dartmouth Scholarship
Wireless Local Area Networks (WLANs) are now commonplace on many academic and corporate campuses. As "Wi-Fi" technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslog messages, telephone records, SNMP polling and tcpdump packet captures. This is the largest WLAN study to date, and the first to look at a mature WLAN. We compare this trace to a trace taken after the network's …
Lzfuzz: A Fast Compression-Based Fuzzer For Poorly Documented Protocols, Sergey Bratus, Axel Hansen, Anna Shubina
Lzfuzz: A Fast Compression-Based Fuzzer For Poorly Documented Protocols, Sergey Bratus, Axel Hansen, Anna Shubina
Computer Science Technical Reports
Real-world infrastructure offers many scenarios where protocols (and other details) are not released due to being considered too sensitive or for other reasons. This situation makes it hard to apply fuzzing techniques to test their security and reliability, since their full documentation is only available to their developers, and domain developer expertise does not necessarily intersect with fuzz-testing expertise (nor deployment responsibility). State-of-the-art fuzzing techniques, however, work best when protocol specifications are available. Still, operators whose networks include equipment communicating via proprietary protocols should be able to reap the benefits of fuzz-testing them. In particular, administrators should be able to …
Detecting Kernel Rootkits, Ashwin Ramaswamy
Detecting Kernel Rootkits, Ashwin Ramaswamy
Computer Science Technical Reports
Kernel rootkits are a special category of malware that are deployed directly in the kernel and hence have unmitigated reign over the functionalities of the kernel itself. We seek to detect such rootkits that are deployed in the real world by first observing how the majority of kernel rootkits operate. To this end, comparable to how rootkits function in the real world, we write our own kernel rootkit that manipulates the network driver, thus giving us control over all packets sent into the network. We then implement a mechanism to thwart the attacks of such rootkits by noticing that a …
Streaming Estimation Of Information-Theoretic Metrics For Anomaly Detection (Extended Abstract), Sergey Bratus, Joshua Brody, David Kotz, Anna Shubina
Streaming Estimation Of Information-Theoretic Metrics For Anomaly Detection (Extended Abstract), Sergey Bratus, Joshua Brody, David Kotz, Anna Shubina
Dartmouth Scholarship
Information-theoretic metrics hold great promise for modeling traffic and detecting anomalies if only they could be computed in an efficient, scalable ways. Recent advances in streaming estimation algorithms give hope that such computations can be made practical. We describe our work in progress that aims to use streaming algorithms on 802.11a/b/g link layer (and above) features and feature pairs to detect anomalies.
Twokind Authentication: Protecting Private Information In Untrustworthy Environments (Extended Version), Katelin Bailey, Apu Kapadia, Linden Vongsathorn, Sean W. Smith
Twokind Authentication: Protecting Private Information In Untrustworthy Environments (Extended Version), Katelin Bailey, Apu Kapadia, Linden Vongsathorn, Sean W. Smith
Computer Science Technical Reports
We propose and evaluate TwoKind Authentication, a simple and effective technique that allows users to limit access to their private information in untrustworthy environments. Users often log in to Internet sites from insecure computers, and more recently have started divulging their email passwords to social-networking sites, thereby putting their private communications at risk. To mitigate this problem, we explore the use of multiple authenticators for the same account that are associated with specific sets of privileges. In its simplest form, TwoKind features two modes of authentication, a low and a high authenticator. By using a low authenticator, users can signal …
Workshop Report — Crawdad Workshop 2007, Jihwang Yeo, David Kotz, Tristan Henderson
Workshop Report — Crawdad Workshop 2007, Jihwang Yeo, David Kotz, Tristan Henderson
Dartmouth Scholarship
Wireless network researchers are hungry for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD, the Community Resource for Archiving Wireless Data at Dartmouth, is an NSF-funded project that is building a wireless network data archive for the research community. We host wireless data, and provide tools and documents to make it easy to collect and use wireless network data. We hope that this resource will help researchers to identify and evaluate real and interesting problems in mobile and pervasive computing. This report outlines the CRAWDAD project and summarizes the third CRAWDAD workshop, …
Quality-Managed Group-Aware Stream Filtering, Ming Li, David Kotz
Quality-Managed Group-Aware Stream Filtering, Ming Li, David Kotz
Dartmouth Scholarship
We consider a distributed system that disseminates high-volume event streams to many simultaneous monitoring applications over a low-bandwidth network. For bandwidth efficiency, we propose a group-aware stream filtering approach, used together with multicasting, that exploits two overlooked, yet important, properties of monitoring applications: 1) many of them can tolerate some degree of “slack” in their data quality requirements, and 2) there may exist multiple subsets of the source data satisfying the quality needs of an application. We can thus choose the “best alternative” subset for each application to maximize the data overlap within the group to best benefit from multicasting. …
Poster Abstract: Reliable People-Centric Sensing With Unreliable Voluntary Carriers, Cory Cornelius, Apu Kapadia, David Kotz, Dan Peebles, Minho Shin, Patrick Tsang
Poster Abstract: Reliable People-Centric Sensing With Unreliable Voluntary Carriers, Cory Cornelius, Apu Kapadia, David Kotz, Dan Peebles, Minho Shin, Patrick Tsang
Dartmouth Scholarship
As sensor technology becomes increasingly easy to integrate into personal devices such as mobile phones, clothing, and athletic equipment, there will be new applications involving opportunistic, people-centric sensing. These applications, which gather information about human activities and personal social context, raise many security and privacy challenges. In particular, data integrity is important for many applications, whether using traffic data for city planning or medical data for diagnosis. Although our AnonySense system (presented at MobiSys) addresses privacy in people-centric sensing, protecting data integrity in people-centric sensing still remains a challenge. Some mechanisms to protect privacy provide anonymity, and thus provide limited …
Anonysense: Opportunistic And Privacy-Preserving Context Collection, Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Dan Peebles, David Kotz
Anonysense: Opportunistic And Privacy-Preserving Context Collection, Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Dan Peebles, David Kotz
Dartmouth Scholarship
Opportunistic sensing allows applications to “task” mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street, or users' mobile phones to locate (Bluetooth-enabled) objects in their neighborhood. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk—even if a report has been anonymized, the accompanying time and location can reveal sufficient information to deanonymize the user whose device sent the report. \par We propose AnonySense, a general-purpose architecture for leveraging users' mobile …
Yasir: A Low-Latency, High-Integrity Security Retrofit For Legacy Scada Systems (Extended Version), Patrick P. Tsang, Sean W. Smith
Yasir: A Low-Latency, High-Integrity Security Retrofit For Legacy Scada Systems (Extended Version), Patrick P. Tsang, Sean W. Smith
Computer Science Technical Reports
We construct a bump-in-the-wire (BITW) solution that retrofits security into time-critical communications over bandwidth-limited serial links between devices in legacy Supervisory Control And Data Acquisition (SCADA) systems, on which the proper operations of critical infrastructures such as the electric power grid rely. Previous BITW solutions do not provide the necessary security within timing constraints; the previous solution that does is not BITW. At a hardware cost comparable to existing solutions, our BITW solution provides sufficient security, and yet incurs minimal end-to-end communication latency.
The Weakest Failure Detector To Solve Mutual Exclusion, Vibhor Bhatt, Nicholas Christman, Prasad Jayanti
The Weakest Failure Detector To Solve Mutual Exclusion, Vibhor Bhatt, Nicholas Christman, Prasad Jayanti
Computer Science Technical Reports
Mutual exclusion is not solvable in an asynchronous message-passing system where processes are subject to crash failures. Delporte-Gallet et. al. determined the weakest failure detector to solve this problem when a majority of processes are correct. Here we identify the weakest failure detector to solve mutual exclusion in any environment, i.e., regardless of the number of faulty processes. We also show a relation between mutual exclusion and consensus, arguably the two most fundamental problems in distributed computing. Specifically, we show that a failure detector that solves mutual exclusion is sufficient to solve non-uniform consensus but not necessarily uniform consensus.
Ppaa: Peer-To-Peer Anonymous Authentication (Extended Version), Patrick P. Tsang, Sean W. Smith
Ppaa: Peer-To-Peer Anonymous Authentication (Extended Version), Patrick P. Tsang, Sean W. Smith
Computer Science Technical Reports
In the pursuit of authentication schemes that balance user privacy and accountability, numerous anonymous credential systems have been constructed. However, existing systems assume a client-server architecture in which only the clients, but not the servers, care about their privacy. In peer-to-peer (P2P) systems where both clients and servers are peer users with privacy concerns, no existing system correctly strikes that balance between privacy and accountability. In this paper, we provide this missing piece: a credential system in which peers are {\em pseudonymous} to one another (that is, two who interact more than once can recognize each other via pseudonyms) but …
Bounded Unpopularity Matchings, Chien-Chung Huang, Telikepalli Kavitha, Dimitrios Michail, Meghana Nasre
Bounded Unpopularity Matchings, Chien-Chung Huang, Telikepalli Kavitha, Dimitrios Michail, Meghana Nasre
Computer Science Technical Reports
We investigate the following problem: given a set of jobs and a set of people with preferences over the jobs, what is the optimal way of matching people to jobs? Here we consider the notion of \emph{popularity}. A matching $M$ is popular if there is no matching $M'$ such that more people prefer $M'$ to $M$ than the other way around. Determining whether a given instance admits a popular matching and, if so, finding one, was studied in \cite{AIKM05}. If there is no popular matching, a reasonable substitute is a matching whose {\em unpopularity} is bounded. We consider two measures …
Detecting 802.11 Mac Layer Spoofing Using Received Signal Strength, Yong Sheng, Keren Tan, Guanling Chen, David Kotz, Andrew T. Campbell
Detecting 802.11 Mac Layer Spoofing Using Received Signal Strength, Yong Sheng, Keren Tan, Guanling Chen, David Kotz, Andrew T. Campbell
Dartmouth Scholarship
MAC addresses can be easily spoofed in 802.11 wireless LANs. An adversary can exploit this vulnerability to launch a large number of attacks. For example, an attacker may masquerade as a legitimate access point to disrupt network services or to advertise false services, tricking nearby wireless stations. On the other hand, the received signal strength (RSS) is a measurement that is hard to forge arbitrarily and it is highly correlated to the transmitter's location. Assuming the attacker and the victim are separated by a reasonable distance, RSS can be used to differentiate them to detect MAC spoofing, as recently proposed …
Refocusing In 802.11 Wireless Measurement, Udayan Deshpande, Chris Mcdonald, David Kotz
Refocusing In 802.11 Wireless Measurement, Udayan Deshpande, Chris Mcdonald, David Kotz
Dartmouth Scholarship
The edge of the Internet is increasingly wireless. To understand the Internet, one must understand the edge, and yet the measurement of wireless networks poses many new challenges. IEEE 802.11 networks support multiple wireless channels and any monitoring technique involves capturing traffic on each of these channels to gather a representative sample of frames from the network. We call this procedure \emphchannel sampling, in which each sniffer visits each channel periodically, resulting in a sample of the traffic on each of the channels. \par This sampling approach may be sufficient, for example, for a system administrator or anomaly detection module …
Active Behavioral Fingerprinting Of Wireless Devices, Sergey Bratus, Cory Cornelius, David Kotz, Daniel Peebles
Active Behavioral Fingerprinting Of Wireless Devices, Sergey Bratus, Cory Cornelius, David Kotz, Daniel Peebles
Computer Science Technical Reports
We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing …
Active Behavioral Fingerprinting Of Wireless Devices, Sergey Bratus, Cory Cornelius, David Kotz, Dan Peebles
Active Behavioral Fingerprinting Of Wireless Devices, Sergey Bratus, Cory Cornelius, David Kotz, Dan Peebles
Dartmouth Scholarship
We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing …
Localized Bridging Centrality For Distributed Network Analysis, Soumendra Nanda, David Kotz
Localized Bridging Centrality For Distributed Network Analysis, Soumendra Nanda, David Kotz
Computer Science Technical Reports
Centrality is a concept often used in social network analysis to study different properties of networks that are modeled as graphs. We present a new centrality metric called Localized Bridging Centrality (LBC). LBC is based on the Bridging Centrality (BC) metric that Hwang et al. recently introduced. Bridging nodes are nodes that are located in between highly connected regions. LBC is capable of identifying bridging nodes with an accuracy comparable to that of the BC metric for most networks. As the name suggests, we use only local information from surrounding nodes to compute the LBC metric, while, global knowledge is …