DOCSLIB.ORG

Darknet As a Source of Cyber Threat Intelligence: Investigating Distributed and Reflection Denial of Service Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Darknet As a Source of Cyber Threat Intelligence: Investigating Distributed and Reflection Denial of Service Attacks Darknet as a Source of Cyber Threat Intelligence: Investigating Distributed and Reflection Denial of Service Attacks Claude Fachkha A Thesis in The Department of Electrical and Computer Engineering Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy at Concordia University Montreal, Quebec, Canada November 2015 c Claude Fachkha, 2015 CONCORDIA UNIVERSITY SCHOOL OF GRADUATE STUDIES This is to certify that the thesis prepared By: Claude Fachkha Darknet as a Source of Cyber Threat Intelligence: Entitled: Investigating Distributed and Reflection Denial of Service Attacks and submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy complies with the regulations of the University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: 'U'HERUDK'\VDUW*DOH Chair 'U0RKDPPDG=XONHUQLQH External Examiner 'U-RH\3DTXHW External to Program 'U5DFKLGD'VVRXOL Examiner 'U5RFK+*OLWKR Examiner 'U0RXUDG'HEEDEL Thesis Supervisor Approved by 'U$EGHO5D]LN6HEDN Chair of Department or Graduate Program Director 'U$PLU$VLI Dean of Faculty ABSTRACT Cyberspace has become a massive battlefield between computer criminals and com- puter security experts. In addition, large-scale cyber attacks have enormously ma- tured and became capable to generate, in a prompt manner, significant interruptions and damage to Internet resources and infrastructure. Denial of Service (DoS) attacks are perhaps the most prominent and severe types of such large-scale cyber attacks. Furthermore, the existence of widely available encryption and anonymity techniques greatly increases the difficulty of the surveillance and investigation of cyber attacks. In this context, the availability of relevant cyber monitoring is of paramount im- portance. An effective approach to gather DoS cyber intelligence is to collect and analyze traffic destined to allocated, routable, yet unused Internet address space known as darknet. In this thesis, we leverage big darknet data to generate insights on various DoS events, namely, Distributed DoS (DDoS) and Distributed Reflection DoS (DRDoS) activities. First, we present a comprehensive survey of darknet. We primarily define and characterize darknet and indicate its alternative names. We further list other trap-based monitoring systems and compare them to darknet. In addition, we provide a taxonomy in relation to darknet technologies and identify research gaps that are related to three main darknet categories: deployment, traffic analysis, and visualization. Second, we characterize darknet data. Such informa- tion could generate indicators of cyber threat activity as well as provide in-depth understanding of the nature of its traffic. Particularly, we analyze darknet pack- ets distribution, its used transport, network and application layer protocols and iii Darknet as a Source of Cyber Threat Intelligence pinpoint its resolved domain names. Furthermore, we identify its IP classes and destination ports as well as geo-locate its source countries. We further investigate darknet-triggered threats. The aim is to explore darknet inferred threats and cat- egorize their severities. Finally, we contribute by exploring the inter-correlation of such threats, by applying association rule mining techniques, to build threat asso- ciation rules. Specifically, we generate clusters of threats that co-occur targeting a specific victim. Third, we propose a DDoS inference and forecasting model that aims at providing insights to organizations, security operators and emergency re- sponse teams during and after a DDoS attack. Specifically, this work strives to predict, within minutes, the attacks’ features, namely, intensity/rate (packets/sec) and size (estimated number of compromised machines/bots). The goal is to under- stand the future short-term trend of the ongoing DDoS attacks in terms of those features and thus provide the capability to recognize the current as well as future similar situations and hence appropriately respond to the threat. Further, our work aims at investigating DDoS campaigns by proposing a clustering approach to infer various victims targeted by the same campaign and predicting related features. To achieve our goal, our proposed approach leverages a number of time series and fluc- tuation analysis techniques, statistical methods and forecasting approaches. Fourth, we propose a novel approach to infer and characterize Internet-scale DRDoS attacks by leveraging the darknet space. Complementary to the pioneer work on inferring DDoS activities using darknet, this work shows that we can extract DoS activities without relying on backscattered analysis. The aim of this work is to extract cyber security intelligence related to DRDoS activities such as intensity, rate and geo- location in addition to various network-layer and flow-based insights. To achieve this task, the proposed approach exploits certain DDoS parameters to detect the attacks and the expectation maximization and k-means clustering techniques in an attempt to identify campaigns of DRDoS attacks. Finally, we conclude this work by providing some discussions and pinpointing some future work. iv DEDICATION I dedicate this thesis to my parents, Antonio and Georgette, my brothers Jean and Gilbert, and my sister Nathalie. Thank you for your unconditional support with my studies. I am honored to be a member of your peaceful and lovely family. Thanks for standing by me and giving me an ever-lasting chance to prove and improve myself through all my walks of life. I love you all. v ACKNOWLEDGEMENTS - I would primarily like to express my gratitude to my academic father and supervi- sor, Professor Mourad Debbabi, for the training and guidance during my graduate studies. Thanks for giving me the chance to work and grow with you. Furthermore, thanks for teaching me on perfectionism and dedication in the workplace throughout your professionalism and distinguished leadership skills. - I thank National Cyber-Forensics & Training Alliance (NCFTA) Canada for pro- viding facilities for conducting research, this work would not be possible without their active supports. I thank Farsight Security, Inc. and in particular, Dr. Paul Vixie, for access to rich data feeds. - I would also like to express my appreciation towards the students, faculty and staff of Concordia University. I thank them for providing crucial aid and constant support throughout my graduate studies at Concordia University. - I wish to extend my utmost gratitude to all my lab-mates and friends for their wonderful participation and cooperation. In particular, I would like to thank my friend, colleague and teammate, Dr. Elias Bou-Harb, who acted as a real brother during my PhD studies. - Furthermore, I would like to thank my partner Flora for being so kind and loving. - Last but not least, I would like to thank God, the natural power of creation, for giving me strength, courage, dedication, determination, patience, as well as guid- ance in conducting this long research study, despite all difficulties. vi TABLE OF CONTENTS LISTOFFIGURES................................ x LISTOFTABLES................................. xii 1 Introduction 1 1.1 Objectives ................................. 4 1.2 Contributions ............................... 4 1.3Organization............................... 5 2 Background 6 2.1 Darknet Definitions ............................ 6 2.2Trap-BasedMonitoringSystems..................... 7 2.3DarknetInferredCyberThreats.....................10 2.4DarknetOperation............................ 12 2.5 DoS Attack Techniques .......................... 15 2.5.1 Protocol-based Flooding Attacks ................ 16 2.5.2 Protocol-basedReflectionAttacks................ 18 2.5.3 Summary ............................. 20 2.6 DoS Defense Mechanisms ......................... 21 2.6.1 AttackPreventionandMitigation................ 21 2.6.2 AttackDetection......................... 22 2.6.3 Attack Attribution ........................ 23 2.6.4 Summary ............................. 24 3DarknetTaxonomy 25 3.1DarknetDeployment........................... 26 3.1.1 DarknetVariants......................... 28 3.1.2 Deployment Techniques ..................... 29 vii 3.1.3 Sensor Placement Techniques .................. 31 3.1.4 Sensor Identification Techniques ................. 33 3.1.5 Data Handling Techniques .................... 35 3.1.6 Projects .............................. 35 3.1.7 Summary ............................. 39 3.2DarknetAnalysis............................. 41 3.2.1 DataAnalysis........................... 41 3.2.2 ThreatAnalysis.......................... 49 3.2.3 Events............................... 70 3.2.4 Summary ............................. 72 3.3DarknetVisualization........................... 74 3.3.1 Summary ............................. 79 3.4RelatedSurveys.............................. 80 4 Darknet Investigation 82 4.1DarknetMeasurements..........................83 4.1.1 InsideDarknet.......................... 84 4.1.2 Case Studies ............................ 85 4.2 Darknet Profiling ............................. 88 4.2.1 ThreatAnalysis.......................... 93 4.3ThreatsCorrelation............................ 95 4.3.1 Approach............................. 95 4.4 Empirical Evaluation ...........................100 4.5RelatedWork...............................104 4.6 Summary .................................105 5 Prediction Model for DDoS Activities 107 5.1AttackPrediction.............................110 5.1.1 Extracting Backscattered
Load more

Recommended publications
  • 2 | 2013 2 | Volume Issue ISSN 2190-3387 Law
    2 | 2013 Volume 4 (2013) Issue 2 ISSN 2190-3387 Law and Electronic Commerce Information Technology, Intellectual Property, Journal of Articles Online Sexual Harassment: Issues & Solutions by Mohamed Chawki, Yassin el Shazly Breathing Space for Cloud-Based Business Models: Exploring the Matrix of Copyright Limitations, Safe Harbours and Injunctions by Martin Senftleben A Model Framework for publishing Grey Literature in Open Access by Matěj Myška, Jaromír Šavelka Injunctions against innocent Third Parties: The Case of Website Blocking by Martin Husovec Evaluation of the Role of Access Providers Discussion of Dutch Pirate Bay Case Law and Introducing Principles on Directness, Effectiveness, Costs, Relevance and Time by Arno R. Lodder, Nicole S. van der Meule Das Verhältnis zwischen Urheberrecht und Wissenschaft: Auf die Perspektive kommt es an! by Alexander Peukert Editors: Thomas Dreier Axel Metzger Gerald Spindler Lucie Guibault Miquel Peguera Journal of Intellectual Property, Information Technology and Table Of Contents Electronic Commerce Law Volume 4 Issue 2, August 2013 Articles www.jipitec.eu [email protected] Online Sexual Harassment: Issues & Solutions A joint publication of: by Mohamed Chawki, Yassin el Shazly 71 Prof. Dr. Thomas Dreier, M. C. J., Karlsruhe Institute of Technology, Vincenz-Prießnitz-Str. 3, Breathing Space for Cloud-Based Business Models: 76131 Karlsruhe Exploring the Matrix of Copyright Limitations, Safe Prof. Dr. Axel Metzger, LL. M., Harbours and Injunctions Exploring the Matrix of Institute for Legal Informatics,
    [Show full text]
  • Combining Bittorrent with Darknets for P2P Privacy
    Combining Bittorrent with Darknets for P2P privacy Öznur Altintas Niclas Axelsson Abstract Over the last few years, traditional downloading of programs and application from a website has been replaced by another medium - peer to peer file sharing networks and programs. Peer- to-peer sharing has grown to tremendous level with many networks having more then millions of users to share softwareʼs, music files, videos and programs etc. However, this rapid growth leaves privacy concerns in its awake. P2P applications disable clients to limit the sharing of documents to a specific set of users and maintain their anonymity. Using P2P applications like BitTorrent exposes clientsʼ information to the other people. OneSwarm is designed to overcome this privacy problem. OneSwarm is a new P2P data sharing system that provides users with explicit, configurable control over their data. In this report, we will discuss briefly Darknets and privacy terms, and mainly how OneSwarm solves privacy problem while providing good performance. Introduction For a better understanding of this report, we begin with the explanation of some terms such as Darknets and privacy and brief background information underlies the idea of OneSwarm. Darknet—a collection of networks and technologies used to share digital content. The darknet is not a separate physical network but an application and protocol layer riding on existing networks. Examples of Darknets are peer-to-peer file sharing, CD and DVD copying and key or password sharing on email and newsgroups. When used to describe a file sharing network, the term is often used as a synonym for "friend-to-friend", both describing networks where direct connections are only established between trusted friends.
    [Show full text]
  • The Internet Organised Crime Threat Assessment (IOCTA) 2015
    The Internet Organised Crime Threat Assessment (IOCTA) 2015 2 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 3 TABLE OF FOREWORD 5 CONTENTS ABBREVIATIONS 6 EXECUTIVE SUMMARY 7 KEY FINDINGS 10 KEY RECOMMENDATIONS 12 SUGGESTED OPERATIONAL PRIORITIES 15 INTRODUCTION 16 MALWARE 18 ONLINE CHILD SEXUAL EXPLOITATION 29 PAYMENT FRAUD 33 SOCIAL ENGINEERING 37 DATA BREACHES AND NETWORK ATTACKS 40 ATTACKS ON CRITICAL INFRASTRUCTURE 44 CRIMINAL FINANCES ONLINE 46 CRIMINAL COMMUNICATIONS ONLINE 50 DARKNETS 52 BIG DATA, IOT AND THE CLOUD 54 THE GEOGRAPHICAL DISTRIBUTION OF CYBERCRIME 57 GENERAL OBSERVATIONS 62 APPENDICES 67 A1. THE ENCRYPTION DEBATE 67 A2. AN UPDATE ON CYBER LEGISLATION 70 A3. COMPUTER CRIME, FOLLOWED BY CYBERCRIME FOLLOWED BY …. ROBOT AND AI CRIME? 72 4 THE INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2015 FOREWORD These include concrete actions under the three main mandated Threat Assessment (IOCTA), the annual presentation of the areas – child sexual exploitation, cyber attacks, and payment I am pleased to present the 2015 Internet Organised Crime fraud – such as targeting certain key services and products Centre (EC3). offered as part of the Crime-as-a-Service model, addressing the cybercrime threat landscape by Europol’s European Cybercrime growing phenomenon of live-streaming of on-demand abuse of children, or targeted actions with relevant private sector partners ofUsing cybercrime the 2014 for report the asperiod a baseline, under this consideration. assessment Itcovers offers the a cross-cutting crime enablers such as bulletproof hosting, illegal viewkey developments, predominantly changes from a lawand enforcement emerging threats perspective in the based field tradingagainst onlinesites on payment Darknets fraud.
    [Show full text]
  • Combating Spyware in the Enterprise.Pdf
    www.dbebooks.com - Free Books & magazines Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you will find an assortment of value-added features such as free e-booklets related to the topic of this book, URLs of related Web site, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE EBOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These eBooks are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our ebooks onto servers in corporations, educational institutions, and large organizations.
    [Show full text]
  • Unveiling the I2P Web Structure: a Connectivity Analysis
    Unveiling the I2P web structure: a connectivity analysis Roberto Magan-Carri´ on,´ Alberto Abellan-Galera,´ Gabriel Macia-Fern´ andez´ and Pedro Garc´ıa-Teodoro Network Engineering & Security Group Dpt. of Signal Theory, Telematics and Communications - CITIC University of Granada - Spain Email: [email protected], [email protected], [email protected], [email protected] Abstract—Web is a primary and essential service to share the literature have analyzed the content and services offered information among users and organizations at present all over through this kind of technologies [6], [7], [2], as well as the world. Despite the current significance of such a kind of other relevant aspects like site popularity [8], topology and traffic on the Internet, the so-called Surface Web traffic has been estimated in just about 5% of the total. The rest of the dimensions [9], or classifying network traffic and darknet volume of this type of traffic corresponds to the portion of applications [10], [11], [12], [13], [14]. Web known as Deep Web. These contents are not accessible Two of the most popular darknets at present are The Onion by search engines because they are authentication protected Router (TOR; https://www.torproject.org/) and The Invisible contents or pages that are only reachable through the well Internet Project (I2P;https://geti2p.net/en/). This paper is fo- known as darknets. To browse through darknets websites special authorization or specific software and configurations are needed. cused on exploring and investigating the contents and structure Despite TOR is the most used darknet nowadays, there are of the websites in I2P, the so-called eepsites.
    [Show full text]
  • DS0122 1007 FISE:DS0100 0605 FT EE.Qxd.Qxd
    FaceTime Internet Security Edition™ Total Control for Web and Real-Time Internet Communications About FaceTime Internet Security FaceTime Internet Security Edition is the next generation Internet security solution, providing Edition total control over web usage and real-time communications. For the first time, enterprises FaceTime Internet Security Edition can enable, secure and manage all Internet channels – web browsing, IM, P2P, Skype, and enables the safe and productive use chat - with unified policy management through a single access point. FaceTime Internet of the Internet including web brows- Security Edition combines state-of-the-art IM & P2P security with an industry leading URL ing, IM, P2P, Skype and other real- filtering database and award winning gateway anti-spyware solution. time communications applications. Purpose-built and integrated to pro- Real-time Communications in the Enterprise vide total visibility and control, Internet communications have evolved from point-to-point channels such as email to real- FaceTime Internet Security Edition time, presence-oriented communications like IM, P2P file-sharing, Skype, and web confer- allows organizations to implement encing. For the new generation of workers, access to real-time communications is an powerful policies that detect, assumption; if it’s not available, they will download it to their computer regardless of policy, secure, manage and enable real- because they know what a positive impact these applications can have on effectiveness and time collaborative applications while efficiency. preventing malware threats, mini- mizing information leakage, and FaceTime terms these real-time communications applications ‘greynets’ – often installed by control employee Internet use. end users without the permission or knowledge of the IT department and use highly evasive techniques to circumvent the existing security infrastructure.
    [Show full text]
  • Bittorrent Darknets Chao Zhang, Prithula Dhungel, Di Wu, Zhengye Liu and Keith W
    BitTorrent Darknets Chao Zhang, Prithula Dhungel, Di Wu, Zhengye Liu and Keith W. Ross Woonhak Kang 2010. 11. 04 VLDB Lab. [email protected] Contents • Introduction • BitTorrent (Background) § Architecture and Term. § Public and Private torrent sites • Overview of BitTorrent Darknets Operation • Analysis § Macroscopic § Medium-scopic § Microscopic • Conclusion 2 SKKU VLDB Lab. Introduction • Darknet § 비공개 토런트 사이트(private torrent sites) § 가입자에게만 공개 § 초대(inviatation), 사이트 임시 가입기간에 가입 § 사용자의 upload, download 크기를 기록 - up/down 비율을 통해 사용자의 이용제한 - up/down 비율이 높은 유저에게 혜택 • Motivation § 연구분야에서 큰 주목을 받지 못했다. § 독특한 정책 때문에 공개 토런트와 특성이 다르다. § 토런트 전체 시스템의 이해를 위해서는 공개/비공개 모두를 고려할 필요 가 있다 3 SKKU VLDB Lab. Introduction • Analysis § Macroscopic - 800개 이상의 비공개 토런트 분석 - Sharky list 와 Alexa rank 이용 - 전체 토런트 파일, 유저, 피어(peer) 정보 분석 § Medium-scopic - 4개의 인기 비공개 토런트 분석 - 트랙커(trackers), 피어(peer), 유저, 실제 공유파일 분석 - 공개 사이트와 비공개 사이트간의 상관관계 § Microscopic - HDChina 분석 - 유저의 up/down 기록, 활동시간 조사 4 SKKU VLDB Lab. Contents • Introduction • BitTorrent (Background) § Architecture and Term. § Public and Private torrent sites • Overview of BitTorrent Darknets Operation • Analysis § Macroscopic § Medium-scopic § Microscopic • Conclusion 5 SKKU VLDB Lab. BitTorrent (Background) • Bittorrent is a system for efficient and scalable replication of large amounts of static data § Scalable - the throughput increases with the number of downloaders § Efficient - it utilises a large amount of available network bandwidth • The file to be distributed is split up in pieces and an SHA-1 hash is calculated for each piece 6 SKKU VLDB Lab. BitTorrent (Background) • A metadata file (.torrent) is distributed to all peers § Usually via HTTP • The metadata contains: § The SHA-1 hashes of all pieces § A mapping of the pieces to files § trackers reference 7 SKKU VLDB Lab.
    [Show full text]
  • Library Genesis and Sci-Hub
    In solidarity with Library Genesis and Sci-Hub In Antoine de Saint Exupéry's tale the Little Prince meets a businessman who accumulates stars with the sole purpose of being able to buy more stars. The Little Prince is perplexed. He owns only a flower, which he waters every day. Three volcanoes, which he cleans every week. "It is of some use to my volcanoes, and it is of some use to my flower, that I own them," he says, "but you are of no use to the stars that you own". There are many businessmen who own knowledge today. Consider Elsevier, the largest scholarly publisher, whose 37% profit margin1 stands in sharp contrast to the rising fees, expanding student loan debt and poverty-level wages for adjunct faculty. Elsevier owns some of the largest databases of academic material, which are licensed at prices so scandalously high that even Harvard, the richest university of the global north, has complained that it cannot afford them any longer. Robert Darnton, the past director of Harvard Library, says "We faculty do the research, write the papers, referee papers by other researchers, serve on editorial boards, all of it for free … and then we buy back the results of our labour at outrageous prices."2 For all the work supported by public money benefiting scholarly publishers, particularly the peer review that grounds their legitimacy, journal articles are priced such that they prohibit access to science to many academics - and all non- academics - across the world, and render it a token of privilege.3 Elsevier has recently filed a copyright infringement suit in New York against Science Hub and Library Genesis claiming millions of dollars in damages.4 This has come as a big blow, not just to the administrators of the websites but also to thousands of researchers around the world for whom these sites are the only viable source of academic materials.
    [Show full text]
  • Ohio Resident Pleads Guilty to Operating Darknet-Based Bitcoin
    UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA UNITED STATES OF AMERICA : : v. : Criminal No. 19-cr-395 (BAH) : LARRY DEAN HARMON, : : Defendant. : STATEMENT OF THE OFFENSE AND RELATED CONDUCT I. THE ELEMENTS OF THE OFFENSES Conspiracy To Launder Monetary Instruments: The essential elements of the offense of Conspiracy To Launder Monetary Instruments, in violation of Title 18, United States Code, Section 1956(h), each of which the government must prove beyond a reasonable doubt to sustain a conviction, are: (1) that an agreement existed between two or more people to commit an act in violation of (a) Title 18, United States Code, Section 1956(a)(1)(A)(i), or (b) Title 18, United States Code, Section 1956(a)(1)(B)(i); and (2) that the defendant intentionally joined in that agreement. The essential elements of promotional money laundering, in violation of Title 18, United States Code, Section 1956(a)(1)(A)(i), are: (1) that the defendant knowingly conducted or tried to conduct a financial transaction; (2) that the defendant knew that the money or property involved in the transaction was the proceeds of some kind of unlawful activity; (3) that the money or property did come from an unlawful activity, specifically the felonious manufacture, importation, receiving, concealment, buying, selling, or otherwise dealing in a controlled substance or listed chemical, in violation of Title 21, United States Code, Sections 841(a)(1) and 846; and (4) that the defendant the defendant acted with intent to promote the carrying on of specified unlawful activity, specifically the felonious manufacture, importation, receiving, concealment, buying, selling, or otherwise dealing in a controlled substance or listed chemical, in violation of Title 21, United States Code, Sections 841(a)(1) and 846.
    [Show full text]
  • The Darknet and the Future of Content Distribution
    The Darknet and the Future of Content Distribution Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman Microsoft Corporation1 Abstract We investigate the darknet – a collection of networks and technologies used to share digital content. The darknet is not a separate physical network but an application and protocol layer riding on existing networks. Examples of darknets are peer-to-peer file sharing, CD and DVD copying, and key or password sharing on email and newsgroups. The last few years have seen vast increases in the darknet’s aggregate bandwidth, reliability, usability, size of shared library, and availability of search engines. In this paper we categorize and analyze existing and future darknets, from both the technical and legal perspectives. We speculate that there will be short-term impediments to the effectiveness of the darknet as a distribution mechanism, but ultimately the darknet-genie will not be put back into the bottle. In view of this hypothesis, we examine the relevance of content protection and content distribution architectures. 1 Introduction People have always copied things. In the past, most items of value were physical objects. Patent law and economies of scale meant that small scale copying of physical objects was usually uneconomic, and large-scale copying (if it infringed) was stoppable using policemen and courts. Today, things of value are increasingly less tangible: often they are just bits and bytes or can be accurately represented as bits and bytes. The widespread deployment of packet-switched networks and the huge advances in computers and codec-technologies has made it feasible (and indeed attractive) to deliver such digital works over the Internet.
    [Show full text]
  • A Generic Data Exchange System for Friend-To-Friend Networks Cyril Soler
    A Generic Data Exchange System for Friend-to-Friend Networks Cyril Soler To cite this version: Cyril Soler. A Generic Data Exchange System for Friend-to-Friend Networks. [Research Report] RR-9107, INRIA Grenoble - Rhone-Alpes. 2017, pp.1-25. hal-01617423 HAL Id: hal-01617423 https://hal.inria.fr/hal-01617423 Submitted on 20 Oct 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. A Generic Data Exchange System for Friend-to-Friend Networks Cyril Soler RESEARCH REPORT N° 9107 Oct 2017 Project-Team Maverick ISSN 0249-6399 ISRN INRIA/RR--9107--FR+ENG A Generic Data Exchange System for Friend-to-Friend Networks Cyril Soler Project-Team Maverick Research Report n° 9107 — Oct 2017 — 22 pages Abstract: Decentralized private networks (a.k.a. darknets) guaranty privacy and concealment of infor- mation against global observers. Although a significant number of decentralized data distribution systems ex- ist, most of them target peer-to-peer architectures where any pair of nodes can exchange data using a temporary encrypted connec- tion. Little has been done to achieve the same confidentiality in static darknet architectures, also known as “Friend-to-Friend” net- works, in which participants form a static mesh of nodes, each node only talking to a set of “friend” nodes managed by the user himself.
    [Show full text]
  • The Darknet Index: U.S
    The Darknet Index: U.S. Government Edition Ranking U.S. government agencies using darknet intelligence Introduction One measure of cybersecurity risk involves assessing how much data is available on the darknet about a company or organization that can be misused by hackers or criminals. A greater availability of data implies a higher risk profile, as more attack vectors are available for use against the organization. TABLE OF CONTENTS OWL Cybersecurity recently reranked the companies of the Fortune 1 500 based on their darknet footprints . We then ranked the largest Introduction ...............................1 2 commercial entities in Germany . Methodology................................3 The Top 10 ...................................5 In this report, we address how prominent U.S. government agencies, Conclusions..................................8 departments, and the U.S. military fare on the darknet as compared The Darknet Index......................9 to commercial enterprises. We examine 59 large divisions of the U.S. Government to see whether they have a markedly different About Us .....................................12 darknet footprint than the Fortune 500. Unfortunately, the results reveal that the U.S. Government has the largest collective darknet footprint of all of our darknet indices. By comparing how much compromised data was available on these numerous private networks, forums and channels, and running this information through our proprietary algorithm, we reached some key takeaways about the differences and similarities between the U.S. Government and large U.S. commercial entities. Intelligence gained from monitoring the darknets (Tor and other interconnected sources including IRC, I2P, ZeroNet, other hacker forums), as well as FTP servers, select paste sites, high-risk surface internet sites and more, constitutes what OWL Cybersecurity calls DARKINT™, or darknet intelligence.
    [Show full text]