Preview: IEEE Internet Computing
IEEE Internet Computing
IEEE Internet Computing helps computer scientists and engineers use the ever-expanding resources of the Internet.
IC and IC Online publish the latest developments in Internet-based applications and supporting technologies and address the Internet's wide
Published: Mon, 3 Nov 2014 15:35:12 GMT
PrePrint: Experimenting with AAA in WebRTC PaaS infrastructures: the case of Kurento
WebRTC server infrastructures are useful for creating rich Real-Time Communication (RTC) applications. Developers commonly use them for accessing capabilities such as group communications, archiving and transcoding. Due to this, details on how to implement and use them in a secure manner are of increasing interest for the engineering community. Following this, in this paper we present some experiments in the context of Kurento: an open source project providing a WebRTC media server and a PaaS platform built on top of it. We present its API and analyze different security models for it investigating the suitability of using simple ACLs (Access Control Lists) and Capability-Based Security (CAP) schemes for providing authorization. Using a minimal implementation, we discuss the advantages and drawbacks of each and conclude that, for the proposed schemes, ACLs are less scalable but provide more granularity.
PrePrint: Who Is Calling Which Page on the Web?
Web identity and resolution is responsible to identify, authenticate and locate users on the Web. It is a critical aspect of WebRTC (Web Real-Time Communication), a joint effort from W3C and IETF to develop standards for secure real-time communication over the Web. Although WebRTC proposes a security architecture to integrate with federated Web identity systems, this architecture is not compatible with those identity protocols that do not satisfy the WebRTC requirements. To fill the gap, we describe two alternative architectures to adapt incompatible identity protocols to the WebRTC security architecture. We also propose a Web-of-Trust model to address the limitations of hierarchical identity systems. Furthermore, we propose a mirror presence system to locate users on the Web in real-time while they are moving between. Some of the proposed methods and systems have been implemented with satisfactory performance.
PrePrint: I Know Where You've Been: Geo-Inference Attacks via the Browser Cache
Many websites customize their services according to different geo-locations of users, to provide more relevant content and better responsiveness, including Google, Craigslist, etc. Recently, mobile devices further allow web applications to directly read users' geo-location information from GPS sensors. However, if geo-oriented websites leave location-sensitive content in the browser cache, other sites can sniff users' geo-locations by utilizing timing side-channels. In this paper, we demonstrate that such geo-location leakage channels are widely open in popular web applications today, including 62 percent of Alexa Top 100 websites. With geo-inference attacks that measure the timing of browser cache queries, we can locate users' countries, cities and neighborhoods in our case studies. We also discuss existing defenses and propose a more balanced solution to defeat such attacks with minor performance overhead.
PrePrint: Bidding Strategies for Spot Instances in Cloud Computing Markets
Dynamic pricing schemes such as the spot markets for cloud services are becoming increasingly popular. These new pricing formats though efficient in terms of costs and resource utilization, have added to the complexity of decision making of typical cloud computing users. To understand and recommend bidding strategies in spot markets, we investigate the current strategies adopted by cloud users and the strategies recommended by service providers. We perform a simulation study based on the data from Amazon EC2 Spot market. Our analysis provides guidelines on bidding strategies by considering trade-offs between cost, wait-time and interruption-rates.
PrePrint: An Experimental Study of TLS Forward Secrecy Deployments
Forward secrecy guarantees that eavesdroppers simply cannot reveal secret data of past communications. Currently, Transport Layer Security (TLS) servers can deploy the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy. However, we surveyed a total of 473,802 TLS servers and found that 82.9 percent of the DHE-enabled servers were using weak DH parameters, resulting in a false sense of security. Furthermore, given current parameter and algorithm choices, we show that the traditional performance argument against forward secrecy is no longer true. We compared the server throughput of various TLS setups, and measured real-world client-side latencies using an advertisement network. Our results indicate that forward secrecy is no harder, and can even be faster using elliptic curve cryptography (ECC), than no forward secrecy.
PrePrint: Anti-Reconnaissance Tools: Detecting Targeted Socialbots
Advanced attackers use online social networks in order to extract useful information about the target organization, including infor-mation about members of the organization, their connections, affiliation, positions, etc. Socialbots are artificial, machine operated, social network profiles that connect to real members of the organization, thus greatly increasing the amount of information an attacker can collect. There are several strategies an attacker can employ to connect the socialbots. In this study we present a method for haunting socialbots by intelligently selecting profiles of members of the organization and monitoring their activity. Our results demonstrate the efficacy of the proposed detection method. Specifically, we show that given that an attacker knows the defense strategy being deployed; her best choice of attack is random sprayed friend requests which eventually lead to a low number of connections.
PrePrint: Recommending Venues to Visitors of City Scale Events by Continuous Predictive Social Media Analytics
This paper demonstrates how a novel Continuous Predictive Social Media Analytics system, CP-SMA, operates in real-time on social media streams and graphs to recommend venues to visitors of geo- and temporally-bounded city scale events. By making a unique combination of deductive and inductive stream reasoning techniques with visitor modeling functionalities, this system is able to semantically analyze and link social network activities of visitors to produce high quality visitor-venue link predictions when little information about preferences is available. The quality of the system is shown through experiments on real-world data.
PrePrint: Edge Sign Prediction in Social Networks via Frequent Subgraph Discovery
We investigate signed social networks, in which users are connected via directional signed links indicating their opinions on each other. Predicting the sign of such links is a crucial task for many real world applications like recommendation systems. In this work, we focus on the mining of graph patterns that emerge frequently in the social graph, and we show that they possess enough discriminative power to predict accurately the relationships among the social network users. We evaluate our approach through a thorough experimental study that comprises three large-scale real-world datasets and show that it outperforms state-of-the art methods.
PrePrint: ExaMine: Dynamic Latent EXpertise Mining in Social Networks
With an ever increasing number of individuals using social networks and the wide range of activities these platforms provide, there is a growing need to develop knowledge extraction methods. In this study we present a system for identifying expertise found within a user's social network connections (i.e., friends). During the learning phase, the system generates a profile for each connection by mining the activities associated with each connection. Then, when the user browses the Web, the system actively retrieves an ordered list of connections for any Web page that is viewed; these connections are identified as experts on the dynamic topic(s) of the Web page according to a classification process. Our evaluation shows promising results for retrieved connections with their true areas of expertise, where the mean average precision over all experimented topics is 0.60, outperforming a human baseline.