author = {Moore, Tyler},
  title = {{Cooperative attack and defense in distributed networks}},
  year = 2008,
  month = jun,
  url = {},
  institution = {University of Cambridge, Computer Laboratory},
  issn = {1476-2986},
  abstract = {The advance of computer networking has made cooperation
            	  essential to both attackers and defenders. Increased
            	  decentralization of network ownership requires devices to
            	  interact with entities beyond their own realm of control.
            	  The distribution of intelligence forces decisions to be
            	  taken at the edge. The exposure of devices makes
            	  multiple, simultaneous attacker-chosen compromise a
            	  credible threat. Motivation for this thesis derives from
            	  the observation that it is often easier for attackers to
            	  cooperate than for defenders to do so. I describe a
            	  number of attacks which exploit cooperation to
            	  devastating effect. I also propose and evaluate defensive
            	  strategies which require cooperation.
            	  I first investigate the security of decentralized, or
            	  `ad-hoc', wireless networks. Many have proposed
            	  pre-loading symmetric keys onto devices. I describe two
            	  practical attacks on these schemes. First, attackers may
            	  compromise several devices and share the pre-loaded
            	  secrets to impersonate legitimate users. Second, whenever
            	  some keys are not pre-assigned but exchanged upon
            	  deployment, a revoked attacker can rejoin the network.
            	  I next consider defensive strategies where devices
            	  collectively decide to remove a malicious device from the
            	  network. Existing voting-based protocols are made
            	  resilient to the attacks I have developed, and I propose
            	  alternative strategies that can be more efficient and
            	  secure. First, I describe a reelection protocol which
            	  relies on positive affirmation from peers to continue
            	  participation. Then I describe a more radical alternative
            	  called suicide: a good device removes a bad one
            	  unilaterally by declaring both devices dead. Suicide
            	  offers significant improvements in speed and efficiency
            	  compared to voting-based decision mechanisms. I then
            	  apply suicide and voting to revocation in vehicular
            	  Next, I empirically investigate attack and defense in
            	  another context: phishing attacks on the Internet. I have
            	  found evidence that one group responsible for half of all
            	  phishing, the rock-phish gang, cooperates by pooling
            	  hosting resources and by targeting many banks
            	  simultaneously. These cooperative attacks are shown to be
            	  far more effective.
            	  I also study the behavior of defenders -- banks and
            	  Internet service providers -- who must cooperate to
            	  remove malicious sites. I find that phishing-website
            	  lifetimes follow a long-tailed lognormal distribution.
            	  While many sites are removed quickly, others remain much
            	  longer. I examine several feeds from professional
            	  `take-down' companies and find that a lack of data
            	  sharing helps many phishing sites evade removal for long
            	  time periods.
            	  One anti-phishing organization has relied on volunteers
            	  to submit and verify suspected phishing sites. I find its
            	  voting-based decision mechanism to be slower and less
            	  comprehensive than unilateral verification performed by
            	  companies. I also note that the distribution of user
            	  participation is highly skewed, leaving the scheme
            	  vulnerable to manipulation.},
  number = {UCAM-CL-TR-718}

This file was generated by bibtex2html 1.98.