Paper Review: Heimdall: A Privacy-Respecting Implicit Preference Collection Framework

In this paper, the authors present Heimdall, a tool for preference collection in a privacy-respecting manner. This tool can be implemented in IoT devices as well. Many applications, be it mobile or web applications rely on the users' feedback and reviews for suggestions of online recommendation systems. These systems access to certain implicit information like … Continue reading Paper Review: Heimdall: A Privacy-Respecting Implicit Preference Collection Framework →

Paper Review: Building Web Applications on Top of Encrypted Data Using Mylar

In this paper, the authors developed and present Mylar, a web platform that protects confidentiality against full server compromise. Most web applications currently are dependent on servers to store and process confidential information. But in case an adversary gains access to the server, they can obtain all the data present on the server. Mylar prevents … Continue reading Paper Review: Building Web Applications on Top of Encrypted Data Using Mylar →

Paper Review: Online Tracking: A 1-million-site Measurement and Analysis

In this paper, the authors performed the largest and most detailed measurement of tracking conducted on top 1 million websites. For each website, they have measured 15 features including stateful (cookie-based) and stateless (fingerprinting-based) tracking, the effect of browser privacy tools, and the exchange of tracking data between different sites (“cookie syncing”). There is no … Continue reading Paper Review: Online Tracking: A 1-million-site Measurement and Analysis →

Paper Review: Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools

In this paper, the authors have tried to measure the effectiveness of third-party tracker blockers. First, they analyzed the architecture of different blocking solutions and then discuss the pros and cons of each method. The analysis also measures the protection offered against trackers present on more than 100,000 popular websites and 10,000 popular Android applications. … Continue reading Paper Review: Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools →

Paper Review: BGP Security in Partial Deployment

As we saw in the previous paper i.e. "A survey of BGP security issues and solutions", several high profile routing failures have highlighted vulnerabilities in BGP (Border Gateway Protocol), internet's main interdomain routing protocol. To overcome this challenge, the authentication using RPKI is gaining momentum among the network operators. There is a push to standardize … Continue reading Paper Review: BGP Security in Partial Deployment →

Paper Review: A Survey of BGP Security Issues and Solutions

In this paper, the authors perform a survey on the existing Border Gateway Protocol (BGP), the issues related to them and their solutions. BGP is the glue that holds the internet together. However, it is quite highly vulnerable and it does not address the security issues adequately. The authors review the proposed improvements in BGP. … Continue reading Paper Review: A Survey of BGP Security Issues and Solutions →

Paper Review: Bohatei: Flexible and Elastic DDoS Defense

In this paper, the authors present Bohatei, a flexible and elastic DDoS defense system. They have made use of new networking paradigms like Software Defined Networking (SDN) and Network Function Virtualization (NFV) to develop this system. The need to develop such a system needed for multiple reasons. DDoS attacks impose huge attacks on victims. The … Continue reading Paper Review: Bohatei: Flexible and Elastic DDoS Defense →

Paper Review: MD5 To Be Considered Harmful Someday

In this paper, the authors argue that MD5 will be considered harmful at some point in the future. Joux and Wang’s multicollision attack has yielded collisions for several one-way hash algorithms. Of all these one-way hash algorithms, MD5 is most problematic as it is most widely used and heavily deployed. There is a belief that the … Continue reading Paper Review: MD5 To Be Considered Harmful Someday →

Paper Review: DROWN: Breaking TLS using SSLv2

In this paper, the authors present DROWN, which is a novel cross-protocol attack on TLS that uses server supporting SSLv2 as a means to decrypt modern TLS connection. They have developed two versions of the attack. In the first version, they exploit multiple unnoticed protocol flaws in SSLv2 to develop a new and stronger variant … Continue reading Paper Review: DROWN: Breaking TLS using SSLv2 →

Paper Review: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

In this paper, the authors review the security of the Diffie-Hellman key exchange which is used in popular internet protocols. The results show that it is less secure than widely believed. The authors start by presenting Logjam,  which is a flaw in TLS that lets a man in the middle downgrade connections to "export-grade" Diffie … Continue reading Paper Review: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice →