Your search keyword '"Alan Mislove"' showing total 3 results

1. Classifiers Unclassified

Author

Phillipa Gill, Arash Molavi Kakhki, David Choffnes, Alan Mislove, and Fangfan Li

Subjects

Bandwidth management, Voice over IP, Network packet, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Middlebox, 020206 networking & telecommunications, 02 engineering and technology, Internet traffic, computer.software_genre, Network management, Traffic classification, Stateful firewall, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Data mining, business, computer, Computer network

Abstract

A variety of network management practices, from bandwidth management to zero-rating, use policies that apply selectively to different categories of Internet traffic (e.g., video, P2P, VoIP). These policies are implemented by middleboxes that must, in real time, assign traffic to a category using a classifier. Despite their important implications for network management, billing, and net neutrality, little is known about classifier implementations because middlebox vendors use proprietary, closed-source hardware and software. In this paper, we develop a general, efficient methodology for revealing classifiers' matching rules without needing to explore all permutations of flow sizes and contents in our testbed environment. We then use it to explore implementations of two other carrier-grade middleboxes (one of which is currently deployed in T-Mobile). Using packet traces from more than 1,000,000 requests from 300 users, we find that all the devices we test use simple keyword-based matching rules on the first two packets of HTTP/S traffic and small fractions of payload contents instead of stateful matching rules during an entire flow. Our analysis shows that different vendors use different matching rules, but all generally focus on a small number of HTTP, TLS, or content headers. Last, we explore the potential for misclassification based on observed matching rules and discuss implications for subversion and net neutrality violations.

Published

2016

2. Tunneling for Transparency

Author

David Choffnes, Alan Mislove, and Taejoong Chung

Subjects

business.industry, Computer science, End user, 020206 networking & telecommunications, Subject (documents), 02 engineering and technology, Transparency (human–computer interaction), Computer security, computer.software_genre, Software, End-to-end principle, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, The Internet, Privileged access, business, computer, Computer network

Abstract

Detecting violations of application-level end-to-end connectivity on the Internet is of significant interest to researchers and end users; recent studies have revealed cases of HTTP ad injection and HTTPS man-in-the-middle attacks. Unfortunately, detecting such end-to-end violations at scale remains difficult, as it generally requires having the cooperation of many nodes spread across the globe. Most successful approaches have relied either on dedicated hardware, user-installed software, or privileged access to a popular web site. In this paper, we present an alternate approach for detecting end-to-end violations based on Luminati, a HTTP/S proxy service that routes traffic through millions of end hosts. We develop measurement techniques that allow Luminati to be used to detect end-to-end violations of DNS, HTTP, and HTTPS, and, in many cases, enable us to identify the culprit. We present results from over 1.2m nodes across 14k ASes in 172 countries, finding that up to 4.8% of nodes are subject to some type of end-to-end connectivity violation. Finally, we are able to use Luminati to identify and measure the incidence of content monitoring, where end-host software or ISP middleboxes record users' HTTP requests and later re-download the content to third-party servers.

Published

2016

3. Measuring and Applying Invalid SSL Certificates

Author

Dave Levin, Alan Mislove, Christo Wilson, Bruce M. Maggs, Taejoong Chung, David Choffnes, and Yabing Liu

Subjects

Web browser, Engineering, business.industry, computer.internet_protocol, Internet privacy, 020206 networking & telecommunications, Public key infrastructure, 02 engineering and technology, Computer security, computer.software_genre, IPv4, law.invention, law, 020204 information systems, Silent majority, Internet Protocol, 0202 electrical engineering, electronic engineering, information engineering, business, computer

Abstract

SSL and TLS are used to secure the most commonly used Internet protocols. As a result, the ecosystem of SSL certificates has been thoroughly studied, leading to a broad understanding of the strengths and weaknesses of the certificates accepted by most web browsers. Prior work has naturally focused almost exclusively on "valid" certificates--those that standard browsers accept as well-formed and trusted--and has largely disregarded certificates that are otherwise "invalid." Surprisingly, however, this leaves the majority of certificates unexamined: we find that, on average, 65% of SSL certificates advertised in each IPv4 scan that we examine are actually invalid. In this paper, we demonstrate that despite their invalidity, much can be understood from these certificates. Specifically, we show why the web's SSL ecosystem is populated by so many invalid certificates, where they originate from, and how they impact security. Using a dataset of over 80M certificates, we determine that most invalid certificates originate from a few types of end-user devices, and possess dramatically different properties than their valid counterparts. We find that many of these devices periodically reissue their (invalid) certificates, and develop new techniques that allow us to track these reissues across scans. We present evidence that this technique allows us to uniquely track over 6.7M devices. Taken together, our results open up a heretofore largely-ignored portion of the SSL ecosystem to further study.

Published

2016