With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission m...With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission model does not fully consider the information security issues caused by the uncontrollable internet environment.Network security communication solutions represented by encrypted virtual private networks(VPN)are facing multiple security threats.In fact,during the communication process,the user application needs to protect not only the content of the communication but also the behavior of the communication,such as the communication relationship,the communication protocol,and so on.Inspired by blockchain and software-defined networking technology,this paper proposes a resilient anonymous information sharing environment,RAISE.The RAISE system consists of user agents,a core switching network and a control cluster based on a consortium blockchain.User agents are responsible for segmenting,encrypting,and encapsulating user traffic.The core switching network forwards user traffic according to the rules issued by the controller,and the controller dynamically calculates the forwarding rules according to the security policy.Different from onion routing technology,RAISE adopts the controller to replace the onion routing model,which effectively overcomes the uncontrollability of nodes.The dispersed computing model is introduced to replace the TCP/IP pipeline transmission models,which overcomes the problems of anti-tracking and traffic hijacking that cannot be solved by VPNs.We propose a blockchain control plane framework,design the desired consensus algorithmand deploy a RAISE systemconsisting of 150 nodes in an internet environment.The experimental results show that the use of blockchain technology can effectively improve the reliability and security of the control plane.While maintaining high-performance network transmission,it further provides network communication security.展开更多
With the rapid development of the Internet,people pay more and more attention to the protection of privacy.The second-generation onion routing system Tor is the most commonly used among anonymous communication systems...With the rapid development of the Internet,people pay more and more attention to the protection of privacy.The second-generation onion routing system Tor is the most commonly used among anonymous communication systems,which can be used to protect user privacy effectively.In recent years,Tor’s congestion problem has become the focus of attention,and it can affect Tor’s performance even user experience.Firstly,we investigate the causes of Tor network congestion and summarize some link scheduling algorithms proposed in recent years.Then we propose the link scheduling algorithm SWRR based on WRR(Weighted Round Robin).In this process,we design multiple weight functions and compare the performance of these weight functions under different congestion conditions,and the appropriate weight function is selected to be used in our algorithms based on the experiment results.Finally,we also compare the performance of SWRR with other link scheduling algorithms under different congestion conditions by experiments,and verify the effectiveness of the algorithm SWRR.展开更多
Tor is pervasively used to conceal target websites that users are visiting. A de-anonymization technique against Tor, referred to as website fingerprinting attack, aims to infer the websites accessed by Tor clients by...Tor is pervasively used to conceal target websites that users are visiting. A de-anonymization technique against Tor, referred to as website fingerprinting attack, aims to infer the websites accessed by Tor clients by passively analyzing the patterns of encrypted traffic at the Tor client side. However, HTTP pipeline and Tor circuit multiplexing techniques can affect the accuracy of the attack by mixing the traffic that carries web objects in a single TCP connection. In this paper, we propose a novel active website fingerprinting attack by identifying and delaying the HTTP requests at the first hop Tor node. Then, we can separate the traffic that carries distinct web objects to derive a more distinguishable traffic pattern. To fulfill this goal, two algorithms based on statistical analysis and objective function optimization are proposed to construct a general packet delay scheme. We evaluate our active attack against Tor in empirical experiments and obtain the highest accuracy of 98.64%, compared with 85.95% of passive attack. We also perform experiments in the open-world scenario. When the parameter k of k-NN classifier is set to 5, then we can obtain a true positive rate of 90.96% with a false positive rate of 3.9%.展开更多
基金This work was supported by the National Natural Science Foundation of China(Grant No.61976064).
文摘With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission model does not fully consider the information security issues caused by the uncontrollable internet environment.Network security communication solutions represented by encrypted virtual private networks(VPN)are facing multiple security threats.In fact,during the communication process,the user application needs to protect not only the content of the communication but also the behavior of the communication,such as the communication relationship,the communication protocol,and so on.Inspired by blockchain and software-defined networking technology,this paper proposes a resilient anonymous information sharing environment,RAISE.The RAISE system consists of user agents,a core switching network and a control cluster based on a consortium blockchain.User agents are responsible for segmenting,encrypting,and encapsulating user traffic.The core switching network forwards user traffic according to the rules issued by the controller,and the controller dynamically calculates the forwarding rules according to the security policy.Different from onion routing technology,RAISE adopts the controller to replace the onion routing model,which effectively overcomes the uncontrollability of nodes.The dispersed computing model is introduced to replace the TCP/IP pipeline transmission models,which overcomes the problems of anti-tracking and traffic hijacking that cannot be solved by VPNs.We propose a blockchain control plane framework,design the desired consensus algorithmand deploy a RAISE systemconsisting of 150 nodes in an internet environment.The experimental results show that the use of blockchain technology can effectively improve the reliability and security of the control plane.While maintaining high-performance network transmission,it further provides network communication security.
基金This work is supported by the National Natural Science Foundation of China(Grant No.61170273,No.U1536111)and the China Scholarship Council(No.[2013]3050).In addition,we express our sincere gratitude to Lingling Gong,Meng Luo,Zhimin Lin,Peiyuan Li and the anonymous reviewers for their valuable comments and suggestions.
文摘With the rapid development of the Internet,people pay more and more attention to the protection of privacy.The second-generation onion routing system Tor is the most commonly used among anonymous communication systems,which can be used to protect user privacy effectively.In recent years,Tor’s congestion problem has become the focus of attention,and it can affect Tor’s performance even user experience.Firstly,we investigate the causes of Tor network congestion and summarize some link scheduling algorithms proposed in recent years.Then we propose the link scheduling algorithm SWRR based on WRR(Weighted Round Robin).In this process,we design multiple weight functions and compare the performance of these weight functions under different congestion conditions,and the appropriate weight function is selected to be used in our algorithms based on the experiment results.Finally,we also compare the performance of SWRR with other link scheduling algorithms under different congestion conditions by experiments,and verify the effectiveness of the algorithm SWRR.
基金partially supported by the National Key R&D Program of China(No.2017YFB1003000)the National Natural Science Foundation of China(Nos.61572130,61320106007,61632008,61502100,61532013,and 61402104)+3 种基金the Jiangsu Provincial Natural Science Foundation(No.BK20150637)the Jiangsu Provincial Key Technology R&D Program(No.BE2014603)the Qing Lan Project of Jiangsu Province,Jiangsu Provincial Key Laboratory of Network and Information Security(No.BM2003201)the Key Laboratory of Computer Network and Information Integration of the Ministry of Education of China(No.93K-9)
文摘Tor is pervasively used to conceal target websites that users are visiting. A de-anonymization technique against Tor, referred to as website fingerprinting attack, aims to infer the websites accessed by Tor clients by passively analyzing the patterns of encrypted traffic at the Tor client side. However, HTTP pipeline and Tor circuit multiplexing techniques can affect the accuracy of the attack by mixing the traffic that carries web objects in a single TCP connection. In this paper, we propose a novel active website fingerprinting attack by identifying and delaying the HTTP requests at the first hop Tor node. Then, we can separate the traffic that carries distinct web objects to derive a more distinguishable traffic pattern. To fulfill this goal, two algorithms based on statistical analysis and objective function optimization are proposed to construct a general packet delay scheme. We evaluate our active attack against Tor in empirical experiments and obtain the highest accuracy of 98.64%, compared with 85.95% of passive attack. We also perform experiments in the open-world scenario. When the parameter k of k-NN classifier is set to 5, then we can obtain a true positive rate of 90.96% with a false positive rate of 3.9%.
