@techreport{UCAM-CL-TR-718,
author = {Moore, Tyler},
title = {{Cooperative attack and defense in distributed networks}},
year = 2008,
month = jun,
url = {http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-718.pdf},
institution = {University of Cambridge, Computer Laboratory},
issn = {1476-2986},
abstract = {The advance of computer networking has made cooperation
essential to both attackers and defenders. Increased
decentralization of network ownership requires devices to
interact with entities beyond their own realm of control.
The distribution of intelligence forces decisions to be
taken at the edge. The exposure of devices makes
multiple, simultaneous attacker-chosen compromise a
credible threat. Motivation for this thesis derives from
the observation that it is often easier for attackers to
cooperate than for defenders to do so. I describe a
number of attacks which exploit cooperation to
devastating effect. I also propose and evaluate defensive
strategies which require cooperation.
I first investigate the security of decentralized, or
`ad-hoc', wireless networks. Many have proposed
pre-loading symmetric keys onto devices. I describe two
practical attacks on these schemes. First, attackers may
compromise several devices and share the pre-loaded
secrets to impersonate legitimate users. Second, whenever
some keys are not pre-assigned but exchanged upon
deployment, a revoked attacker can rejoin the network.
I next consider defensive strategies where devices
collectively decide to remove a malicious device from the
network. Existing voting-based protocols are made
resilient to the attacks I have developed, and I propose
alternative strategies that can be more efficient and
secure. First, I describe a reelection protocol which
relies on positive affirmation from peers to continue
participation. Then I describe a more radical alternative
called suicide: a good device removes a bad one
unilaterally by declaring both devices dead. Suicide
offers significant improvements in speed and efficiency
compared to voting-based decision mechanisms. I then
apply suicide and voting to revocation in vehicular
networks.
Next, I empirically investigate attack and defense in
another context: phishing attacks on the Internet. I have
found evidence that one group responsible for half of all
phishing, the rock-phish gang, cooperates by pooling
hosting resources and by targeting many banks
simultaneously. These cooperative attacks are shown to be
far more effective.
I also study the behavior of defenders -- banks and
Internet service providers -- who must cooperate to
remove malicious sites. I find that phishing-website
lifetimes follow a long-tailed lognormal distribution.
While many sites are removed quickly, others remain much
longer. I examine several feeds from professional
`take-down' companies and find that a lack of data
sharing helps many phishing sites evade removal for long
time periods.
One anti-phishing organization has relied on volunteers
to submit and verify suspected phishing sites. I find its
voting-based decision mechanism to be slower and less
comprehensive than unilateral verification performed by
companies. I also note that the distribution of user
participation is highly skewed, leaving the scheme
vulnerable to manipulation.},
number = {UCAM-CL-TR-718}
}
This file was generated by bibtex2html 1.99.