Dartmouth Computer Science Technical Reports

TR2008-633: Attribute-Based, Usefully Secure Email

Fri, 15 Aug 2008 08:04:10 -0400

A secure system that cannot be used by real users to secure real-world processes is not really secure at all. While many believe that usability and security are diametrically opposed, a growing body of research from the field of Human-Computer Interaction and Security (HCISEC) refutes this assumption. All researchers in this field agree that focusing on aligning usability and security goals can enable the design of systems that will be more secure under actual usage.

We bring to bear tools from the social sciences (economics, sociology, psychology, etc.) not only to help us better understand why deployed systems fail, but also to enable us to accurately characterize the problems that we must solve in order to build systems that will be secure in the real world. Trust, a critically important facet of any socio-technical secure system, is ripe for analysis using the tools provided for us by the social sciences.

There are a variety of scopes in which issues of trust in secure systems can be stud- ied. We have chosen to focus on how humans decide to trust new correspondents. Current secure email systems�such as S/MIME and PGP/MIME�are not expressive enough to capture the real ways that trust flows in these sorts of scenarios. To solve this problem, we begin by applying concepts from social science research to a variety of such cases from interesting application domains; primarily, crisis management in the North American power grid. We have examined transcripts of telephone calls made between grid manage- ment personnel during the August 2003 North American blackout and extracted several different classes of trust flows from these real-world scenarios. Combining this knowl- edge with some design patterns from HCISEC, we develop criteria for a system that will enable humans apply these same methods of trust-building in the digital world. We then present Attribute-Based, Usefully Secure Email (ABUSE) and not only show that it meets our criteria, but also provide empirical evidence that real users are helped by the system.

Published August 2008 by Dartmouth College, Computer Science

TR2008-632: TwoKind Authentication: Protecting Private Information in Untrustworthy Environments (Extended Version)

Sun, 17 Aug 2008 08:00:00 -0400

We propose and evaluate TwoKind Authentication, a simple and effective technique that allows users to limit access to their private information in untrustworthy environments. Users often log in to Internet sites from insecure computers, and more recently have started divulging their email passwords to social-networking sites, thereby putting their private communications at risk. To mitigate this problem, we explore the use of multiple authenticators for the same account that are associated with specific sets of privileges. In its simplest form, TwoKind features two modes of authentication, a low and a high authenticator. By using a low authenticator, users can signal to the server they are in an untrusted environment, following which the server restricts the user's actions, including access to private data.

In this paper, we seek to evaluate the effectiveness of multiple authenticators in promoting safer behavior in users. We demonstrate the effectiveness of this approach through a user experiment --- we find that users make a distinction between the two authenticators and generally behave in a security-conscientious way, protecting their high authenticator a majority of the time. Our study suggests that TwoKind will be beneficial to several Internet applications, particularly if the privileges can be customized to a user's security preferences.

Published August 2008 by Dartmouth College, Computer Science

TR2008-631: Pas de Deux avec les Microrobots (Video)

Tue, 05 Aug 2008 11:36:12 -0400

Video captured through an optical microscope, showing simultaneous control and operation of two stress-engineered microrobots. The dimensions of our microrobots are 260 x 60 x 10 micrometers; each robot consists of an unthetered scratch-drive actuator that provides forward motion, and a steering-arm actuator that controls whether the robot moves in a straight line or turns.

Our stress-engineered microrobots are electrostatically powered via a global control signal transmitted to all the robots regardless of the their position and orientation within their operating environment. Hence, a single control and power-delivery signal must be used to simultaneously control all robots within the same operating environment, resulting in a highly underactuated system. Despite this high level of underactution we are able to achieve independent control of the individual microrobots by designing their steering-arms to respond to different voltage levels of the supplied control signal.

This example uses nested hysteresis gaps. A hysteresis gap is the difference between the snap-down and release voltages for a steering-arm actuator. Nested hysteresis gaps allow us to set the states of the steering-arms (up or down) to any configuration. As shown in this video, all four states of the two microrobot steering-arms are used to choreograph their motion.

A disadvantage of nested hysteresis gaps is that they are control-voltage bandwidth intensive, limiting the number of simultaneously-controllable devices. An alternative multi-microrobot control scheme that minimizes control-bandwidth is described in [1].

Published August 2008 by Dartmouth College, Computer Science

TR2008-630: Planar Microassembly by Parallel Actuation of MEMS Microrobots (Microassembly Video)

Tue, 05 Aug 2008 11:35:21 -0400

Movie of a representative microassembly experiment using devices from species 1,3,4 and 5, recorded through an optical microscope. The robots are initially arranged along the corners of a rectangle with sides 1 by 0.9 mm. The assembly experiment is divided into three stages. During stage 1, devices 4 and 5 dock together to form the initial stable shape. In stage 2, device 3 docks with the initial stable shape, while during stage 3, device 1 docks with the stable shape, forming the final assembly.

Published August 2008 by Dartmouth College, Computer Science

TR2008-629: Lighting and Optical Tools for Image Forensics

Tue, 08 Jul 2008 11:53:51 -0400

We present new forensic tools that are capable of detecting traces of tampering in digital images without the use of watermarks or specialized hardware. These tools operate under the assumption that images contain natural properties from a variety of sources, including the world, the lens, and the sensor. These properties may be disturbed by digital tampering and by measuring them we can expose the forgery. In this context, we present the following forensic tools: (1) illuminant direction, (2) specularity, (3) lighting environment, and (4) chromatic aberration. The common theme of these tools is that they exploit lighting or optical properties of images. Although each tool is not applicable to every image, they add to a growing set of image forensic tools that together will complicate the process of making a convincing forgery.

Published July 2008 by Dartmouth College, Computer Science

TR2008-628: Key Management for Secure Power SCADA

Fri, 13 Jun 2008 22:23:13 -0400

This thesis proposes a key management protocol for secure power SCADA systems that seeks to take advantage of the full security capacity of a given network by allowing devices to use public key cryptography for key management if they are capable of doing so and reverting to symmetric key cryptography only when such use is necessitated by the weakness of a given device. Allowing devices to obtain different levels of security permits SCADA networks to maximize their security in the decades before such networks are capable of implementing fully public key-based key management protocols. Such a system is obtained through the use of a protocol based on a modified version of SSL using X.509 certificates containing encrypted symmetric keys that allow master devices the option of using the symmetric keys for encrypting the shared secret used to create keying material, instead of using a slave device's public key. This thesis presents the protocol and uses proof-of-concept code to carry out a performance evaluation of the key management scheme.

Published June 2008 by Dartmouth College, Computer Science

TR2008-626: Anchor-Free Localization in Mixed Wireless Sensor Network Systems

Mon, 09 Jun 2008 06:41:13 -0400

Recent technological advances have fostered the emergence of Wireless Sensor Networks (WSNs), which consist of tiny, wireless, battery-powered nodes that are expected to revolutionize the ways in which we understand and construct complex physical systems. A fundamental property needed to use and maintain these WSNs is ``localization'', which allows the establishment of spatial relationships among nodes over time.

This dissertation presents a series of Geographic Distributed Localization (GDL) algorithms for mixed WSNs, in which both static and mobile nodes can coexist. The GDL algorithms provide a series of useful methods for localization in mixed WSNs. First, GDL provides an approximation called ``hop-coordinates'', which improves the accuracy of both hop-counting and connectivity-based measurement techniques. Second, GDL utilizes a distributed algorithm to compute the locations of all nodes in static networks with the help of the hop-coordinates approximation. Third, GDL integrates a sensor component into this localization paradigm for possible mobility and as a result allows for a more complex deployment of WSNs as well as lower costs. In addition, the development of GDL incorporated the possibility of manipulated communications, such as wormhole attacks. Simulations show that such a localization system can provide fundamental support for security by detecting and localizing wormhole attacks.

Although several localization techniques have been proposed in the past few years, none currently satisfies our requirements to provide an accurate, efficient and reliable localization for mixed WSNs. The contributions of this dissertation are: (1) our measurement technique achieves better accuracy both in measurement and localization than other methods; (2) our method significantly improves the efficiency of localization in updating location in mixed WSNs by incorporating sensors into the method; (3) our method can detect and locate the communication that has been manipulated by a wormhole in a network without relying on a central server.

Published June 2008 by Dartmouth College, Computer Science

TR2008-624: Making RBAC Work in Dynamic, Fast-Changing Corporate Environments

Wed, 11 Jun 2008 19:56:15 -0400

In large organizations with tens of thousands of employees, managing individual people's permissions is tedious and error prone, and thus a possible source of security risks. Role-Based Access Control addresses this problem by grouping users into roles, which reflect job functions in the corporation. Permissions are assigned to roles instead of directly to users, which means that all users assigned to a role have the same set of permissions with respect to that role. However, adoption of RBAC in organizations such as investment banks is hindered by two main factors: first, it is costly and time-consuming to define roles. Second, there are certain job functions (such as consultant) that cannot be expressed as RBAC roles, because their users need to have different permission sets.

The topic of this thesis is to investigate whether roles can be applied to domains that exhibit the peculiarities of the investment bank example. We introduce a new framework for roles that allows us to separately represent what the role means as a job function, and what permissions its individual users have. That way we maintain the key property of RBAC - that the number of roles is small, while allowing for variations among users. We have also investigated machine learning approaches in order to figure out whether roles are concepts that can be learned or approximated by a function. We present our findings that certain learning schemes, such as Probably Approximately Correct (PAC) earning and Instance-based learning are not applicable to roles, while others - such as decision-tree learning, might be useful.

Published June 2008 by Dartmouth College, Computer Science

TR2008-623: Linkability in Activity Inference Data Sets

Fri, 06 Jun 2008 06:24:07 -0400

Activity inference is an active area of ubiquitous computing research. By training machine learning algorithms on data from sensors worn by volunteers, researchers hope to develop software that can interact more naturally with the user by inferring what the user is doing. In this thesis, we use the same sensor data to infer which volunteer is carrying the sensors. Such inference could be useful -- for example, a mobile device might infer who is carrying it and adapt to that user's preferences. It also raises some privacy concerns, since an attacker could learn more about a user by linking together several sensor traces from the same user. We develop a model to differentiate users based on their sensor data, and examine its accuracy as well as the potential benefits and pitfalls.

Published June 2008 by Dartmouth College, Computer Science

TR2008-621: Group-Aware Stream Filtering

Thu, 29 May 2008 20:49:12 -0400

Recent years have witnessed a new class of monitoring applications that need to continuously collect information from remote data sources. Those data sources, such as web click-streams, stock quotes, and sensor data, are often characterized as fast-rate high-volume ``streams''. Distributed stream-processing systems are thus designed to efficiently use system resources to serve the data-acquisition needs of the applications. Most of the state-of-the-art stream-processing systems assume an Ethernet-based network whose bandwidth is abundant, and focus on mechanisms to save computational power and memory. For applications involving wireless networks, particularly multi-hop mesh networks, we recognize that the most limiting factor in efficiently processing streams lies in the network's highly constrained bandwidth. Hence, this dissertation proposes a group-aware stream filtering approach that saves bandwidth at the cost of increased CPU time, for low-bandwidth data-streaming systems.

This approach, used together with multicasting, exploits two overlooked properties of monitoring applications: 1) many of them can tolerate some degree of ``slack'' in their data quality requirements, and 2) there may exist multiple subsets of the source data satisfying the quality needs of an application. We can thus choose the ``best alternative'' subset for each application to maximize the data overlap within the group to best benefit from multicasting. After proving the problem NP-hard, we introduce a suite of heuristics-based algorithms that ensure data quality, specifically data granularity and timeliness, in addition to preserving network bandwidth.

Our framework for group-aware stream filtering is extensible and supports a diverse range of filtering needs of monitoring applications. We evaluate this approach with a prototype system based on real-world data sets. The results show that quality-managed group-aware filtering is effective in trading CPU time for bandwidth savings, compared with self-interested stream filtering. We also evaluate the effect of each algorithm on temporal freshness of the data. Finally, we discuss other application realms that might benefit from group-aware stream filtering.

Published May 2008 by Dartmouth College, Computer Science

TR2008-620: A Dynamically Refocusable Sampling Infrastructure for 802.11 Networks

Thu, 29 May 2008 21:03:40 -0400

The edge of the Internet is increasingly wireless. Enterprises large and small, homeowners, and even whole cities have deployed Wi-Fi networks for their users, and many users never need to--- or never bother to--- use the wired network. With the advent of high-throughput wireless networks (such as 802.11n) some new construction, even of large enterprise build- ings, may no longer be wired for Ethernet. To understand Internet traffic, then, we need to understand the wireless edge.

Measuring Wi-Fi traffic, however, is challenging. It is insufficient to capture traffic in the access points, or upstream of the access points, because the activity of neighboring networks, ad hoc networks, and physical interference cannot be seen at that level. To truly understand the MAC-layer behavior, we need to capture frames from the air using Air Monitors (AMs) placed in the vicinity of the network. Such a capture is always a sample of the network activity, since it is physically impossible to capture a full trace: all frames from all channels at all times in all places.

We have built a monitoring infrastructure that captures frames from the 802.11 network. This infrastructure includes several "channel sampling" strategies that will capture repre- sentative traffic from the network. Further, the monitoring infrastructure needs to modify its behavior according to feedback received from the downstream consumers of the captured traffic in case the analysis needs traffic of a certain type. We call this technique "refocusing". The "coordinated sampling" technique improves the efficiency of the monitoring by utilizing the AMs intelligently.

Finally, we deployed this measurement infrastructure within our Computer Science building to study the performance of the system with real network traffic.

Published May 2008 by Dartmouth College, Computer Science

TR2008-619: Mesh-Mon: a Monitoring and Management System for Wireless Mesh Networks

Wed, 28 May 2008 16:40:37 -0400

A mesh network is a network of wireless routers that employ multi-hop routing and can be used to provide network access for mobile clients. Mobile mesh networks can be deployed rapidly to provide an alternate communication infrastructure for emergency response operations in areas with limited or damaged infrastructure.

In this dissertation, we present Dart-Mesh: a Linux-based layer-3 dual-radio two-tiered mesh network that provides complete 802.11b coverage in the Sudikoff Lab for Computer Science at Dartmouth College. We faced several challenges in building, testing, monitoring and managing this network. These challenges motivated us to design and implement Mesh-Mon, a network monitoring system to aid system administrators in the management of a mobile mesh network. Mesh-Mon is a scalable, distributed and decentralized management system in which mesh nodes cooperate in a proactive manner to help detect, diagnose and resolve network problems automatically. Mesh-Mon is independent of the routing protocol used by the mesh routing layer and can function even if the routing protocol fails. We demonstrate this feature by running Mesh-Mon on two versions of Dart-Mesh, one running on AODV (a reactive mesh routing protocol) and the second running on OLSR (a proactive mesh routing protocol) in separate experiments.

Mobility can cause links to break, leading to disconnected partitions. We identify critical nodes in the network, whose failure may cause a partition. We introduce two new metrics based on social-network analysis: the Localized Bridging Centrality (LBC) metric and the Localized Load-aware Bridging Centrality (LLBC) metric, that can identify critical nodes efficiently and in a fully distributed manner.

We run a monitoring component on client nodes, called Mesh-Mon-Ami, which also assists Mesh-Mon nodes in the dissemination of management information between physically disconnected partitions, by acting as carriers for management data.

We conclude, from our experimental evaluation on our 16-node Dart-Mesh testbed, that our system solves several management challenges in a scalable manner, and is a useful and effective tool for monitoring and managing real-world mesh networks.

Published May 2008 by Dartmouth College, Computer Science

TR2008-618: The Weakest Failure Detector to Solve Mutual Exclusion

Thu, 17 Apr 2008 17:44:03 -0400

Mutual exclusion is not solvable in an asynchronous message-passing system where processes are subject to crash failures. Delporte-Gallet et. al. determined the weakest failure detector to solve this problem when a majority of processes are correct. Here we identify the weakest failure detector to solve mutual exclusion in any environment, i.e., regardless of the number of faulty processes.

We also show a relation between mutual exclusion and consensus, arguably the two most fundamental problems in distributed computing. Specifically, we show that a failure detector that solves mutual exclusion is sufficient to solve non-uniform consensus but not necessarily uniform consensus.

Published April 2008 by Dartmouth College, Computer Science

TR2008-617: YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems (Extended Version)

Fri, 18 Apr 2008 06:26:17 -0400

We construct a bump-in-the-wire (BITW) solution that retrofits security into time-critical communications over bandwidth-limited serial links between devices in legacy Supervisory Control And Data Acquisition (SCADA) systems, on which the proper operations of critical infrastructures such as the electric power grid rely. Previous BITW solutions do not provide the necessary security within timing constraints; the previous solution that does is not BITW.

At a hardware cost comparable to existing solutions, our BITW solution provides sufficient security, and yet incurs minimal end-to-end communication latency.

Published April 2008 by Dartmouth College, Computer Science

TR2008-616: Bounded Unpopularity Matchings

Wed, 16 Apr 2008 20:32:42 -0400

We investigate the following problem: given a set of jobs and a set of people with preferences over the jobs, what is the optimal way of matching people to jobs? Here we consider the notion of \emph{popularity}. A matching $M$ is popular if there is no matching $M'$ such that more people prefer $M'$ to $M$ than the other way around. Determining whether a given instance admits a popular matching and, if so, finding one, was studied in \cite{AIKM05}. If there is no popular matching, a reasonable substitute is a matching whose {\em unpopularity} is bounded. We consider two measures of unpopularity - {\em unpopularity factor} denoted by $u(M)$ and {\em unpopularity margin} denoted by $g(M)$. McCutchen recently showed that computing a matching $M$ with the minimum value of $u(M)$ or $g(M)$ is NP-hard, and that if $G$ does not admit a popular matching, then we have $u(M) \ge 2$ for all matchings $M$ in $G$.

Here we show that a matching $M$ that achieves $u(M) = 2$ can be computed in $O(m\sqrt{n})$ time (where $m$ is the number of edges in $G$ and $n$ is the number of nodes) provided a certain graph $H$ admits a matching that matches all people. We also describe a sequence of graphs: $H = H_2, H_3,\ldots,H_k$ such that if $H_k$ admits a matching that matches all people, then we can compute in $O(km\sqrt{n})$ time a matching $M$ such that $u(M) \le k-1$ and $g(M) \le n(1-\frac{2}{k})$. Simulation results suggest that our algorithm finds a matching with low unpopularity.

Published April 2008 by Dartmouth College, Computer Science

TR2008-615: PPAA: Peer-to-Peer Anonymous Authentication (Extended Version)

Tue, 08 Apr 2008 17:27:30 -0400

In the pursuit of authentication schemes that balance user privacy and accountability, numerous anonymous credential systems have been constructed. However, existing systems assume a client-server architecture in which only the clients, but not the servers, care about their privacy. In peer-to-peer (P2P) systems where both clients and servers are peer users with privacy concerns, no existing system correctly strikes that balance between privacy and accountability.

In this paper, we provide this missing piece: a credential system in which peers are {\em pseudonymous} to one another (that is, two who interact more than once can recognize each other via pseudonyms) but are otherwise anonymous and unlinkable across different peers. Such a credential system finds applications in, e.g., Vehicular Ad-hoc Networks (VANets) and P2P networks.

We formalize the security requirements of our proposed credential system, provide a construction for it, and prove the security of our construction. Our solution is efficient: its complexities are independent of the number of users in the system.

Published April 2008 by Dartmouth College, Computer Science

TR2008-614: Experiment Planning for Protein Structure Elucidation and Site-Directed Protein Recombination

Thu, 06 Mar 2008 23:11:32 -0500

In order to most effectively investigate protein structure and improve protein function, it is necessary to carefully plan appropriate experiments. The combinatorial number of possible experiment plans demands effective criteria and efficient algorithms to choose the one that is in some sense optimal. This thesis addresses experiment planning challenges in two significant applications. The first part of this thesis develops an integrated computational-experimental approach for rapid discrimination of predicted protein structure models by quantifying their consistency with relatively cheap and easy experiments (cross-linking and site-directed mutagenesis followed by stability measurement). In order to obtain the most information from noisy and sparse experimental data, rigorous Bayesian frameworks have been developed to analyze the information content. Efficient algorithms have been developed to choose the most informative, least expensive, and most robust experiments. The effectiveness of this approach has been demonstrated using existing experimental data as well as simulations, and it has been applied to discriminate predicted structure models of the pTfa chaperone protein from bacteriophage lambda.

The second part of this thesis seeks to choose optimal breakpoint locations for protein engineering by site-directed recombination. In order to increase the possibility of obtaining folded and functional hybrids in protein recombination, it is necessary to retain the evolutionary relationships among amino acids that determine protein stability and functionality. A probabilistic hypergraph model has been developed to model these relationships, with edge weights representing their statistical significance derived from database and a protein family. The effectiveness of this model has been validated by showing its ability to distinguish functional hybrids from non-functional ones in existing experimental data. It has been proved to be NP-hard in general to choose the optimal breakpoint locations for recombination that minimize the total perturbation to these relationships, but exact and approximate algorithms have been developed for a number of important cases.

Published May 2007 by Dartmouth College, Computer Science

TR2008-613: Complete Configuration Space Analysis for Structure Determination of Symmetric Homo-oligomers by NMR

Mon, 18 Feb 2008 15:49:29 -0500

Symmetric homo-oligomers (protein complexes with similar subunits arranged symmetrically) play pivotal roles in complex biological processes such as ion transport and cellular regulation. Structure determination of these complexes is necessary in order to gain valuable insights into their mechanisms. Nuclear Magnetic Resonance (NMR) spectroscopy is an experimental technique used for structural studies of such complexes. The data available for structure determination of symmetric homo-oligomers by NMR is often sparse and ambiguous in nature, raising concerns about existing heuristic approaches for structure determination. We have developed an approach that is complete in that it identifies all consistent conformations, data-driven in that it separately evaluates the consistency of structures to data and biophysical constraints and efficient in that it avoids explicit consideration of each of the possible structures separately. By being complete, we ensure that native conformations are not missed. By being data-driven, we are able to separately quantify the information content in the data alone versus data and biophysical modeling. We take a configuration space (degree-of-freedom) approach that provides a compact representation of the conformation space and enables us to efficiently explore the space of possible conformations. This thesis demonstrates that the configuration space-based method is robust to sparsity and ambiguity in the data and enables complete, data-driven and efficient structure determination of symmetric homo-oligomers.

Published February 2008 by Dartmouth College, Computer Science

TR2008-612: Localized Bridging Centrality for Distributed Network Analysis

Wed, 30 Jan 2008 12:31:32 -0500

Centrality is a concept often used in social network analysis to study different properties of networks that are modeled as graphs. We present a new centrality metric called Localized Bridging Centrality (LBC). LBC is based on the Bridging Centrality (BC) metric that Hwang et al. recently introduced. Bridging nodes are nodes that are located in between highly connected regions. LBC is capable of identifying bridging nodes with an accuracy comparable to that of the BC metric for most networks. As the name suggests, we use only local information from surrounding nodes to compute the LBC metric, while, global knowledge is required to calculate the BC metric. The main difference between LBC and BC is that LBC uses the egocentric definition of betweenness centrality to identify bridging nodes, while BC uses the sociocentric definition of betweenness centrality. Thus, our LBC metric is suitable for distributed computation and has the benefit of being an order of magnitude faster to calculate in computational complexity. We compare the results produced by BC and LBC in three examples. We applied our LBC metric for network analysis of a real wireless mesh network. Our results indicate that the LBC metric is as powerful as the BC metric at identifying bridging nodes that have a higher flow of information through them (assuming a uniform distribution of network flows) and are important for the robustness of the network.

Published January 2008 by Dartmouth College, Computer Science

TR2008-611: Evaluating Mobility Predictors in Wireless Networks for Improving Handoff and Opportunistic Routing

Mon, 11 Feb 2008 09:24:41 -0500

We evaluate mobility predictors in wireless networks. Handoff prediction in wireless networks has long been considered as a mechanism to improve the quality of service provided to mobile wireless users. Most prior studies, however, were based on theoretical analysis, simulation with synthetic mobility models, or small wireless network traces. We study the effect of mobility prediction for a large realistic wireless situation.

We tackle the problem by using traces collected from a large production wireless network to evaluate several major families of handoff-location prediction techniques, a set of handoff-time predictors, and a predictor that jointly predicts handoff location and time. We also propose a fallback mechanism, which uses a lower-order predictor whenever a higher-order predictor fails to predict.

We found that low-order Markov predictors, with our proposed fallback mechanisms, performed as well or better than the more complex and more space-consuming compression-based handoff-location predictors. Although our handoff-time predictor had modest prediction accuracy, in the context of mobile voice applications we found that bandwidth reservation strategies can benefit from the combined location and time handoff predictor, significantly reducing the call-drop rate without significantly increasing the call-block rate.

We also developed a prediction-based routing protocol for mobile opportunistic networks. We evaluated and compared our protocol's performance to five existing routing protocols, using simulations driven by real mobility traces. We found that the basic routing protocols are not practical for large-scale opportunistic networks. Prediction-based routing protocols trade off the message delivery ratio against resource usage and performed well and comparable to each other.

Published January 2008 by Dartmouth College, Computer Science

TR2008-610: Active Behavioral Fingerprinting of Wireless Devices

Wed, 28 May 2008 20:17:52 -0400

We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.

Published March 2008 by Dartmouth College, Computer Science

TR2008-609: Settling for limited privacy: how much does it help?

Sun, 13 Apr 2008 22:34:22 -0400

This thesis explores practical and theoretical aspects of several privacy-providing technologies, including tools for anonymous web-browsing, verifiable electronic voting schemes, and private information retrieval from databases. State-of-art privacy-providing schemes are frequently impractical for implementational reasons or for sheer information-theoretical reasons due to the amount of information that needs to be transmitted. We have been researching the question of whether relaxing the requirements on such schemes, in particular settling for imperfect but sufficient in real-world situations privacy, as opposed to perfect privacy, may be helpful in producing more practical or more efficient schemes.

This thesis presents three results. The first result is the introduction of caching as a technique for providing anonymous web-browsing at the cost of sacrificing some functionality provided by anonymizing systems that do not use caching. The second result is a coercion-resistant electronic voting scheme with nearly perfect privacy and nearly perfect voter verifiability. The third result consists of some lower bounds and some simple upper bounds on the amount of communication in nearly private information retrieval schemes; our work is the first in-depth exploration of private information schemes with imperfect privacy.

Published December 2007 by Dartmouth College, Computer Science

TR2007-608: Exclusion and Object Tracking in a Network of Processes

Sat, 26 Jan 2008 23:19:59 -0500

This paper concerns two fundamental problems in distributed computing---mutual exclusion and mobile object tracking. For a variant of the mutual exclusion problem where the network topology is taken into account, all existing distributed solutions make use of tokens. It turns out that these token-based solutions for mutual exclusion can also be adapted for object tracking, as the token behaves very much like a mobile object. To handle objects with replication, we go further to consider the more general $k$-exclusion problem which has not been as well studied in a network setting. A strong fairness property for $k$-exclusion requires that a process trying to enter the critical section will eventually succeed even if \emph{up to} $k-1$ processes stay in the critical section indefinitely. We present a comparative survey of existing token-based mutual exclusion algorithms, which have provided much inspiration for later $k$-exclusion algorithms. We then propose two solutions to the $k$-exclusion problem, the second of which meets the strong fairness requirement. Fault-tolerance issues are also discussed along with the suggestion of a third algorithm that is also strongly fair. Performances of the three algorithms are compared by simulation. Finally, we show how the various exclusion algorithms can be adapted for tracking mobile objects.

Published December 2007 by Dartmouth College, Computer Science

TR2007-606: The Quality of Open Source Production: Zealots and Good Samaritans in the Case of Wikipedia

Sat, 26 Jan 2008 23:19:59 -0500

New forms of production based in electronic technology, such as open-source and open-content production, convert private commodities (typically software) into essentially public goods. A number of studies find that, like in other collective goods, incentives for reputation and group identity motivate contributions to open source goods, thereby overcoming the social dilemma inherent in producing such goods. In this paper we examine how contributor motivations affect the quality of contributions to the open-content online encyclopedia Wikipedia. We find that quality is associated with contributor motivations, but in a surprisingly inconsistent way. Registered users' quality increases with more contributions, consistent with the idea of participants motivated by reputation and commitment to the Wikipedia community. Surprisingly, however, we find the highest quality from the vast numbers of anonymous "Good Samaritans" who contribute only once. Our findings that Good Samaritans as well as committed "zealots" contribute high quality content to Wikipedia suggest that it is the quantity as well as the quality of contributors that positively affects the quality of open source production.

Published September 2007 by Dartmouth College, Computer Science

TR2007-605: Video Stabilization and Enhancement

Tue, 29 Jan 2008 06:31:23 -0500

We describe a simple and computationally efficient approach for video stabilization and enhancement. By combining multiple low-quality video frames, it is possible to extract a high-quality still image. This technique is particularly helpful in identifying people, license plates, etc. from low-quality video surveillance cameras.

Published September 2007 by Dartmouth College, Computer Science