Cooperative attack and defense in distributed networks

The advance of computer networking has made cooperation essential to both attackers and defenders. Increased decentralization of network ownership requires devices to interact with entities beyond their own realm of control. The distribution of intelligence forces decisions to be taken at the edge. The exposure of devices makes multiple, simultaneous attacker-chosen compromise a credible threat. Motivation for this thesis derives from the observation that it is often easier for attackers to cooperate than for defenders to do so. I describe a number of attacks which exploit cooperation to devastating effect. I also propose and evaluate defensive strategies which require cooperation. I first investigate the security of decentralized, or 'ad-hoc', wireless networks. Many have proposed pre-loading symmetric keys onto devices. I describe two practical attacks on these schemes. First, attackers may compromise several devices and share the pre-loaded secrets to impersonate legitimate users. Second, whenever some keys are not pre-assigned but exchanged upon deployment, a revoked attacker can rejoin the network. I next consider defensive strategies where devices collectively decide to remove a malicious device from the network. Existing voting-based protocols are made resilient to the attacks I have developed, and I propose alternative strategies that can be more efficient and secure. First, I describe a reelection protocol which relies on positive affirmation from peers to continue participation. Then I describe a more radical alternative called suicide: a good device removes a bad one unilaterally by declaring both devices dead. Suicide offers significant improvements in speed and efficiency compared to voting-based decision mechanisms. I then apply suicide and voting to revocation in vehicular networks. Next, I empirically investigate attack and defense in another context: phishing attacks on the Internet. I have found evidence that one group responsible for half of all phishing, the rock-phish gang, cooperates by pooling hosting resources and by targeting many banks simultaneously. These cooperative attacks are shown to be far more effective. I also study the behavior of defenders – banks and Internet service providers – who must cooperate to remove malicious sites. I find that phishing-website lifetimes follow a long-tailed lognormal distribution. While many sites are removed quickly, others remain much longer. I examine several feeds from professional 'take-down' companies and find that a lack of data sharing helps many phishing sites evade removal for long time periods. One anti-phishing organization has relied on volunteers to submit and verify suspected phishing sites. I find its voting-based …

[1]  Jonathan K. Millen,et al.  Efficient fault-tolerant certificate revocation , 2000, CCS.

[2]  Anindya Ghose,et al.  The Economic Incentives for Sharing Security Information , 2004, Inf. Syst. Res..

[3]  Raph Levien,et al.  Attack-Resistant Trust Metrics , 2009, Computing with Social Trust.

[4]  Ross J. Anderson,et al.  Key infection: smart trust for smart dust , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[5]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[6]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[7]  G. Hardin,et al.  Tragedy of the Commons , 1968 .

[8]  Petra Wohlmacher,et al.  Digital certificates: a survey of revocation methods , 2000, MULTIMEDIA '00.

[9]  Charalampos Manifavas,et al.  A new family of authentication protocols , 1998, OPSR.

[10]  C. Shapiro,et al.  Network Externalities, Competition, and Compatibility , 1985 .

[11]  Sarah Gordon,et al.  When Worlds Collide: Information Sharing for the Security and Anti-virus Communities , 1999 .

[12]  Tyler Moore,et al.  The consequence of non-cooperation in the fight against phishing , 2008, 2008 eCrime Researchers Summit.

[13]  Tyler Moore,et al.  Countering Hidden-Action Attacks on Networked Systems , 2005, WEIS.

[14]  Rahul Telang,et al.  Market for Software Vulnerabilities? Think Again , 2005, Manag. Sci..

[15]  George Danezis,et al.  Economics of Information Security , 2005 .

[16]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[17]  Eytan Adar,et al.  Implicit Structure and the Dynamics of Blogspace , 2004 .

[18]  Mani B. Srivastava,et al.  Reputation-based framework for high integrity sensor networks , 2004, SASN '04.

[19]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[20]  M. E. J. Newman,et al.  Power laws, Pareto distributions and Zipf's law , 2005 .

[21]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[22]  Lorrie Faith Cranor,et al.  Phinding Phish: Evaluating Anti-Phishing Tools , 2006 .

[23]  R. Anderson The Eternity Service , 1996 .

[24]  Panagiotis Papadimitratos,et al.  Fast Exclusion of Errant Devices from Vehicular Networks , 2008, 2008 5th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[25]  A. Perrig,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[26]  Debin Liu The Economics of Proof-of-Work , 2007 .

[27]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[28]  Ramayya Krishnan,et al.  An Empirical Analysis of Vendor Response to Disclosure Policy , 2005, WEIS.

[29]  Ross J. Anderson The Initial Costs and Maintenance Costs of Protocols , 2005, Security Protocols Workshop.

[30]  Paul Ohm The Myth of the Superuser: Fear, Risk, and Harm Online , 2007 .

[31]  Adrian Perrig,et al.  Challenges in Securing Vehicular Networks , 2005 .

[32]  Adrian Perrig,et al.  PIKE: peer intermediaries for key establishment in sensor networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[33]  Maxim Raya,et al.  The security of vehicular ad hoc networks , 2005, SASN '05.

[34]  Ian F. Akyildiz,et al.  Sensor Networks , 2002, Encyclopedia of GIS.

[35]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies † , 2007 .

[36]  Vahab S. Mirrokni,et al.  On spectrum sharing games , 2004, PODC '04.

[37]  Nalini Venkatasubramanian,et al.  Security Issues in a Future Vehicular Network , 2002 .

[38]  Whitfield Diffie The first ten years of public-key cryptography , 1988 .

[39]  Peifang Zheng,et al.  Tradeoffs in certificate revocation schemes , 2003, CCRV.

[40]  Deborah Estrin,et al.  An energy-efficient MAC protocol for wireless sensor networks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[41]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[42]  L. Jean Camp,et al.  Reliable, Usable Signaling to Defeat Masquerade Attacks , 2006, WEIS.

[43]  Refik Molva,et al.  Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks , 2002, Communications and Multimedia Security.

[44]  Ross J. Anderson,et al.  On dealing with adversaries fairly , 2004 .

[45]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[46]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[47]  Noam Nisan,et al.  Algorithmic mechanism design (extended abstract) , 1999, STOC '99.

[48]  F. Massey The Kolmogorov-Smirnov Test for Goodness of Fit , 1951 .

[49]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[50]  Christos H. Papadimitriou,et al.  Worst-case Equilibria , 1999, STACS.

[51]  Amit Kumar Saha,et al.  Modeling mobility for vehicular ad-hoc networks , 2004, VANET '04.

[52]  Adrian Perrig,et al.  On the distribution and revocation of cryptographic keys in sensor networks , 2005, IEEE Transactions on Dependable and Secure Computing.

[53]  Charles A. Holt,et al.  Information Cascades in the Laboratory , 1998 .

[54]  Xuhua Ding,et al.  Anomaly Based Web Phishing Page Detection , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[55]  Paul F. Syverson,et al.  A different look at secure distributed computation , 1997, Proceedings 10th Computer Security Foundations Workshop.

[56]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[57]  Berk Sunar,et al.  State of the art in ultra-low power public key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[58]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[59]  Cormac Herley,et al.  Evaluating a trial deployment of password re-use for phishing prevention , 2007, eCrime '07.

[60]  Xiaotie Deng,et al.  Detection of phishing webpages based on visual similarity , 2005, WWW '05.

[61]  John S. Quarterman PhishScope: Tracking Phish Server Clusters , 2006, J. Digit. Forensic Pract..

[62]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[63]  Tyler Moore,et al.  Examining the impact of website take-down on phishing , 2007, eCrime '07.

[64]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[65]  Robert E. Mullen,et al.  The lognormal distribution of software failure rates: origin and evidence , 1998, Proceedings Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257).

[66]  W. Hamilton,et al.  The evolution of cooperation. , 1984, Science.

[67]  Berk Sunar,et al.  Public Key Cryptography in Sensor Networks - Revisited , 2004, ESAS.

[68]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[69]  Laurent Massoulié,et al.  Faithfulness in internet algorithms , 2004, PINS '04.

[70]  Chrysanthos Dellarocas,et al.  Analyzing the economic efficiency of eBay-like online reputation reporting mechanisms , 2011, EC '01.

[71]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[72]  Yunghsiang Sam Han,et al.  A key management scheme for wireless sensor networks using deployment knowledge , 2004, IEEE INFOCOM 2004.

[73]  James Aspnes,et al.  Inoculation strategies for victims of viruses and the sum-of-squares partition problem , 2005, SODA '05.

[74]  Tyler Moore A collusion attack on pairwise key predistribution schemes for distributed sensor networks , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[75]  Daisuke Miyamoto,et al.  SPS: A Simple Filtering Algorithm to Thwart Phishing Attacks , 2005, AINTEC.

[76]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[77]  Jean-Pierre Hubaux,et al.  Security and Cooperation in Wireless Networks , 2007, ESAS.

[78]  Peter Kruus,et al.  TinyPK: securing sensor networks with public key technology , 2004, SASN '04.

[79]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[80]  Rob Thomas,et al.  The underground economy: priceless , 2006 .

[81]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[82]  Bart Preneel,et al.  Power consumption evaluation of efficient digital signature schemes for low power devices , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[83]  Roberto Di Pietro,et al.  Energy efficient node-to-node authentication and communication confidentiality in wireless sensor networks , 2006, Wirel. Networks.

[84]  J. Hirshleifer From weakest-link to best-shot: The voluntary provision of public goods , 1983 .

[85]  Haiyun Luo,et al.  Adaptive security for multilevel ad hoc networks , 2002, Wirel. Commun. Mob. Comput..

[86]  Srinivasan Seshan,et al.  Selfish behavior and stability of the internet:: a game-theoretic analysis of TCP , 2002, SIGCOMM '02.

[87]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[88]  Ingrid Verbauwhede,et al.  Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks , 2006, ESAS.

[89]  L. Kleinrock,et al.  Packet Switching in Radio Channels: Part II - The Hidden Terminal Problem in Carrier Sense Multiple-Access and the Busy-Tone Solution , 1975, IEEE Transactions on Communications.

[90]  Tyler Moore,et al.  Evaluating the Wisdom of Crowds in Assessing Phishing Websites , 2008, Financial Cryptography.

[91]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[92]  Tim Roughgarden,et al.  How bad is selfish routing? , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[93]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[94]  J. Venn,et al.  . On the diagrammatic and mechanical representation of propositions and reasonings , 2022 .

[95]  Lada A. Adamic,et al.  Looking at the Blogosphere Topology through Different Lenses , 2007, ICWSM.

[96]  Stuart E. Schechter,et al.  Bootstrapping the Adoption of Internet Security Protocols , 2006, WEIS.

[97]  Joan Feigenbaum,et al.  A BGP-based mechanism for lowest-cost routing , 2002, PODC '02.

[98]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[99]  Claude Crépeau,et al.  A certificate revocation scheme for wireless ad hoc networks , 2003, SASN '03.

[100]  Alessandro Acquisti,et al.  Is There a Cost to Privacy Breaches? An Event Study , 2006, WEIS.

[101]  Donggang Liu,et al.  Location-based pairwise key establishments for static sensor networks , 2003, SASN '03.

[102]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, TSEC.

[103]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[104]  Jonathan J. Oliver,et al.  Anatomy of a Phishing Email , 2004, CEAS.

[105]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[106]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[107]  Srdjan Capkun,et al.  Secure positioning in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[108]  James Surowiecki The wisdom of crowds: Why the many are smarter than the few and how collective wisdom shapes business, economies, societies, and nations Doubleday Books. , 2004 .

[109]  Ion Stoica,et al.  Robust incentive techniques for peer-to-peer networks , 2004, EC '04.

[110]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[111]  Srinivas Katar,et al.  HomePlug 1.0 powerline communication LANs - protocol description and performance results , 2003, Int. J. Commun. Syst..

[112]  Albert-László Barabási,et al.  Error and attack tolerance of complex networks , 2000, Nature.

[113]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[114]  Shouhuai Xu,et al.  Establishing pairwise keys for secure communication in ad hoc networks: a probabilistic approach , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[115]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[116]  Éva Tardos,et al.  Near-optimal network design with selfish agents , 2003, STOC '03.

[117]  Panagiotis Papadimitratos,et al.  Eviction of Misbehaving and Faulty Nodes in Vehicular Networks , 2007, IEEE Journal on Selected Areas in Communications.

[118]  Master Gardener,et al.  Mathematical games: the fantastic combinations of john conway's new solitaire game "life , 1970 .

[119]  Donggang Liu,et al.  Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[120]  Peter J. Denning,et al.  Wikipedia risks , 2005, CACM.

[121]  Michael K. Reiter,et al.  Toward acceptable metrics of authentication , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[122]  Markus Jakobsson,et al.  Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[123]  Panagiotis Papadimitratos,et al.  Securing Vehicular Communications - Assumptions, Requirements, and Principles , 2006 .

[124]  Paula Fikkert,et al.  Specification of the Bluetooth System , 2003 .

[125]  Tim Hwang,et al.  Threat Modeling: Herdict: A distributed model for threats online , 2007 .

[126]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[127]  Christof Paar,et al.  Enabling Full-Size Public-Key Algorithms on 8-Bit Sensor Nodes , 2007, ESAS.

[128]  M. Newman Power laws, Pareto distributions and Zipf's law , 2005 .

[129]  Lawrence A. Gordon,et al.  Sharing Information on Computer Systems Security: An Economic Analysis , 2003 .

[130]  Jessica Staddon,et al.  Detecting and correcting malicious data in VANETs , 2004, VANET '04.

[131]  Mark S. Ackerman,et al.  Expertise networks in online communities: structure and algorithms , 2007, WWW '07.

[132]  Jolyon Clulow,et al.  Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks , 2007, SEC.

[133]  Tim Leinmüller,et al.  Improved security in geographic ad hoc routing through autonomous position verification , 2006, VANET '06.

[134]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[135]  Scott Shenker,et al.  On a network creation game , 2003, PODC '03.

[136]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[137]  Ben Laurie,et al.  \Proof-of-Work" Proves Not to Work , 2004 .

[138]  Jolyon Clulow,et al.  New Strategies for Revocation in Ad-Hoc Networks , 2007, ESAS.

[139]  Indra Widjaja,et al.  IEEE 802.11 Wireless Local Area Networks , 1997, IEEE Commun. Mag..