| 1. |
- Hasselquist, David, et al.
(författare)
-
Longitudinal Analysis of Wildcard Certificates in the WebPKI
- 2023
-
Ingår i: 2023 IFIP NETWORKING CONFERENCE, IFIP NETWORKING. - : IEEE. - 9783903176577 - 9798350339383
-
Konferensbidrag (refereegranskat)abstract
- The use of wildcard certificates and multi-domain certificates can impact how sensitive a certificate is to attacks and how many (sub)domains and machines may be impacted if a private key is compromised. Unfortunately, there are no globally agreed-upon best practices for these certificate types and the recommendations have changed many times over the years. In this paper, we present a 10-year longitudinal analysis of the usage of wildcard certificates and multi-domain certificates on the internet. Our analysis captures and highlights substantial differences in the heterogenous wildcard and multi-domain certificate practices. The results also show that there are several ways that CAs and domain owners have chosen to improve their practices, with many appearing to reduce the number of domains (and subdomains) for which each certificate is responsible.
|
|
| 2. |
- Hasselquist, David, et al.
(författare)
-
Now is the Time: Scalable and Cloud-supported Audio Conferencing using End-to-End Homomorphic Encryption
- 2023
-
Ingår i: PROCEEDINGS OF THE 2023 CLOUD COMPUTING SECURITY WORKSHOP, CCSW 2023. - : ASSOC COMPUTING MACHINERY. - 9798400702594 ; , s. 41-53
-
Konferensbidrag (refereegranskat)abstract
- Homomorphic encryption (HE) allows computations on encrypted data, leaking neither the input nor the computational output. While the method has historically been infeasible to use in practice, due to recent advancements, HE has started to be applied in real-world applications. Motivated by the possibility of outsourcing heavy computations to the cloud and still maintaining end-to-end security, in this paper, we use HE to design a basic audio conferencing application and demonstrate that our design approach (including some advanced features) is both practical and scalable. First, by homomorphically mixing encrypted audio in an untrusted, honest-but-curious server, we demonstrate the practical use of HE in audio communication. Second, by using multiplication operations, we go beyond the purely additive audio mixing and implement advanced example features capable of handling server-side mute and breakout rooms without the cloud server being able to extract sensitive user-specific metadata. Whereas the encryption and decryption times are shown to be magnitudes slower than generic AES encryption and roughly ten times slower than Signal's AES implementation, our solution approach is scalable and achieves end-to-end encryption while keeping performance well within the bounds of practical use. Third, besides studying the performance aspects, we also objectively evaluate the perceived audio quality, demonstrating that this approach also achieves excellent audio quality. Finally, our comprehensive evaluation and empirical findings provide valuable insights into the tradeoffs between HE schemes, their security configurations, and audio parameters. Combined, our results demonstrate that audio mixing using HE (including advanced features) now can be made both practical and scalable.
|
|
| 3. |
- Hasselquist, David, et al.
(författare)
-
Twitch Chat Fingerprinting
- 2022
-
Ingår i: Proc. IFIP Network Traffic Measurement and Analysis Conference (TMA) 2022.
-
Konferensbidrag (refereegranskat)abstract
- The streaming content that we choose to watch canreveal much about our thoughts, opinions, and interests. Anadversary capable of determining what users watch thereforepresents a significant privacy threat. In this paper, we presentand evaluate the first fingerprinting attack on Twitch that allowsviewers of individual live streams to be identified despite thetraffic being encrypted. The attack targets the traffic patternsassociated with chat messages associated with each stream. Ourresults show that high accuracy can be achieved by eavesdroppingonly for a short time (e.g., 90 seconds) and that the accuracy canbe increased even further by interacting with the stream. We alsotake a closer look at how the accuracy and activity level differbetween different Twitch channels and provide insights into theaccuracy that attackers using different strategies for selectingtarget channels may have. Finally, we study countermeasures toprotect against such attacks and demonstrate that the naive use ofVPN is not enough. We instead present countermeasures alteringpacket timing and sizes. Our large-scale evaluation of differentcountermeasures provides important insights that help both thestreaming providers and users better protect their privacy.
|
|
| 4. |
|
|
| 5. |
- Aaro, Gustav, 1995-, et al.
(författare)
-
Toolset for Run-time Dataset Collection of Deep-scene Information
- 2020
-
Ingår i: Symposium on Modelling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS). - Cham : Springer. - 9783030681098 ; , s. 224-236
-
Konferensbidrag (refereegranskat)abstract
- Virtual reality (VR) provides many exciting new application opportunities, but also present new challenges. In contrast to 360° videos that only allow a user to select its viewing direction, in fully immersive VR, users can also move around and interact with objects in the virtual world. To most effectively deliver such services it is therefore important to understand how users move around in relation to such objects. In this paper, we present a methodology and software tool for generating run-time datasets capturing a user’s interactions with such 3D environments, evaluate and compare different object identification methods that we implement within the tool, and use datasets collected with the tool to demonstrate example uses. The tool was developed in Unity, easily integrates with existing Unity applications through the use of periodic calls that extracts information about the environment using different ray-casting methods. The software tool and example datasets are made available with this paper.
|
|
| 6. |
- Abdel-Halim, Adam, et al.
(författare)
-
Temporal Analysis of X.509 Revocations and their Statuses
- 2022
-
Ingår i: 7TH IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2022). - : IEEE. - 9781665495608 ; , s. 258-265
-
Konferensbidrag (refereegranskat)abstract
- Despite the X509 public key infrastructure (PKI) being essential for ensuring the trust we place in our communication with web servers, the revocation of the trust placed in individual X509 certificates is neither transparent nor well-studied, leaving many unanswered questions. In this paper, we present a temporal analysis of 36 million certificates, whose revocation statuses we followed for 120 days since first being issued. We characterize the revocation rates of different certificate authorities (CAs) and how the rates change over the lifetime of the certificates. We identify and discuss several instances where the status changes from "revoked" to "good", "unauthorized" or "unknown", respectively, before the certificates expiry. This complements prior work that has observed such inconsistencies in some CAs behavior after expiry but also highlight a potentially more severe problem. Our results highlight heterogeneous revocation practices among the CAs.
|
|
| 7. |
- Acemoglu, Daron, et al.
(författare)
-
Harmonic influence in largescale networks
- 2014. - 3
-
Ingår i: ACM SIGMETRICS Performance Evaluation Review. - : Association for Computing Machinery (ACM). - 0163-5999. - 9781450327893 ; 42, s. 24-24
-
Konferensbidrag (refereegranskat)
|
|
| 8. |
|
|
| 9. |
- Ahlén, Niklas, 1970-
(författare)
-
Carbothermal synthesis of transition metal carbide and carbonitride whiskers via a Vapour-Liquid-Solid (VLS) growth mechanism
- 1999
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- A route for the synthesis of TiC, TiCyN1-y, TaxTi1-xC and TaxTi1-xCyN1-y whiskers via a carbothermal Vapour-Liquid-Solid (VLS) growth mechanism, yielding 70-90 vol.% whiskers, has been established. The whiskers were uniform in diameter (0.3-0.6mm), and had a length of about 10-30mm. The starting materials consisted of TiO2 and/or Ta2O5, C, a catalyst metal (Ni or Fe) and NaCl. Carbon was added to reduce the oxides, and NaCl to provide chlorine in the formation of TiClx(g) and TaOxCly(g) species. The overall chemical reaction is a straightforward carbothermal reduction process. The optimum synthesis temperature was found to be 1250°C for TiCyN1-y, TaxTi1-xC and TaxTi1-xCyN1-y whisker, and 1400°C for TiC. The growth direction of the whiskers was found to be <100> for TaC and TaxTi1-xC and either <100> or <111> for TiC. Nitridation of TiC whiskers yielded TiCyN1-y whiskers with morphology and chemical composition different from those obtained by the carbothermal VLS growth mechanism. From oxidation studies it was found that TiC had the lowest oxidation resistance (onset temperature Ton=390°C) and that TaC had the highest (Ton=550°C). The oxidation onset temperature was found to increase with increasing x-value for both TaxTi1-xC and TaxTi1-xCyN1-y whiskers. Microscopy studies (SEM and TEM) showed that whiskers with a native diameter exceeding 0.3 mm split into two halves along their length when oxidised. It was found that the TiO2 particle size of oxidised TaxTi1-xC whiskers are markedly smaller than that obtained from oxidation of TiC whiskers, whereas the Ta2O5 particle size was the same as that observed for oxidised TaC whiskers.
|
|
| 10. |
- Almquist, Mathias, et al.
(författare)
-
The Prefetch Aggressiveness Tradeof in 360 degrees Video Streaming
- 2018
-
Ingår i: PROCEEDINGS OF THE 9TH ACM MULTIMEDIA SYSTEMS CONFERENCE (MMSYS18). - New York, NY, USA : ASSOC COMPUTING MACHINERY. - 9781450351928 ; , s. 258-269
-
Konferensbidrag (refereegranskat)abstract
- With 360 degrees video, only a limited fraction of the full view is displayed at each point in time. This has prompted the design of streaming delivery techniques that allow alternative playback qualities to be delivered for each candidate viewing direction. However, while prefetching based on the users expected viewing direction is best done close to playback deadlines, large buffers are needed to protect against shortfalls in future available bandwidth. This results in conflicting goals and an important prefetch aggressiveness tradeoff problem regarding how far ahead in time from the current playpoint prefetching should be done. This paper presents the first characterization of this tradeoff. The main contributions include an empirical characterization of head movement behavior based on data from viewing sessions of four different categories of 360 degrees video, an optimization-based comparison of the prefetch aggressiveness tradeoffs seen for these video categories, and a data-driven discussion of further optimizations, which include a novel system design that allows both tradeoff objectives to be targeted simultaneously. By qualitatively and quantitatively analyzing the above tradeoffs, we provide insights into how to best design tomorrows delivery systems for 360 degrees videos, allowing content providers to reduce bandwidth costs and improve users playback experiences.
|
|
