You are here

Best Student Paper

Do Incentives Build Robustness in BitTorrent?

April 11, 2007 - 10:30 am-12:00 pm
Michael Piatek::University of Washington
Tomas Isdal::University of Washington
Thomas Anderson::University of Washington
Arvind Krishnamurthy::University of Washington
Arun Venkataramani::University of Massachusetts Amherst

A fundamental problem with many peer-to-peer systems is the tendency for users to “free ride” to consume resources without contributing to the system. The popular file distribution tool BitTorrent was explicitly designed to address this problem, using a tit-for-tat reciprocity strategy to provide positive incentives for nodes to contribute resources to the swarm. While BitTorrent has been extremely successful, we show that its incentive mechanism is not robust to strategic clients. Through performance modeling parameterized by real world traces, we demonstrate that all peers contribute resources that do not directly improve their performance. We use these results to drive the design and implementation of BitTyrant, a strategic BitTorrent client that provides a median 70% performance gain for a 1 Mbit client on live Internet swarms. We further show that when applied universally, strategic clients can hurt average per-swarm performance compared to today’s BitTorrent client implementations.

Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks

August 8, 2007 - 4:00 pm-5:30 pm
Saar Drimer::Computer Laboratory, University of Cambridge
Steven J. Murdoch::Computer Laboratory, University of Cambridge

Modern smartcards, capable of sophisticated cryptography, provide a high assurance of tamper resistance and are thus commonly used in payment applications. Although extracting secrets out of smartcards requires resources beyond the means of many would-be thieves, the manner in which they are used can be exploited for fraud. Cardholders authorize financial transactions by presenting the card and disclosing a PIN to a terminal without any assurance as to the amount being charged or who is to be paid, and have no means of discerning whether the terminal is authentic or not. Even the most advanced smartcards cannot protect customers from being defrauded by the simple relaying of data from one location to another. We describe the development of such an attack, and show results from live experiments on the UK's EMV implementation, Chip & PIN. We discuss previously proposed defences, and show that these cannot provide the required security assurances. A new defence based on a distance bounding protocol is described and implemented, which requires only modest alterations to current hardware and software. As far as we are aware, this is the first complete design and implementation of a secure distance bounding protocol. Future smartcard generations could use this design to provide cost-effective resistance to relay attacks, which are a genuine threat to deployed applications. We also discuss the security-economics impact to customers of enhanced authentication mechanisms.

An Analysis of Data Corruption in the Storage Stack

February 28, 2008 - 3:30 pm-5:00 pm
Lakshmi N. Bairavasundaram::University of Wisconsin, Madison
Garth Goodson::Network Appliance, Inc.
Bianca Schroeder::University of Toronto
Andrea C. Arpaci-Dusseau::University of Wisconsin, Madison
Remzi H. Arpaci-Dusseau::University of Wisconsin, Madison

An important threat to reliable storage of data is silent data corruption. In order to develop suitable protection mechanisms against data corruption, it is essential to understand its characteristics. In this paper, we present the first large-scale study of data corruption. We analyze corruption instances recorded in production storage systems containing a total of $1.53$ million disk drives, over a period of $41$ months. We study three classes of corruption: checksum mismatches, identity discrepancies, and parity inconsistencies. We focus on checksum mismatches since they occur the most.

We find more than 400,000 instances of checksum mismatches over the 41-month period. We find many interesting trends among these instances including: (i) nearline disks (and their adapters) develop checksum mismatches an order of magnitude more often than enterprise class disk drives, (ii) checksum mismatches within the same disk are not independent events and they show high spatial and temporal locality, and (iii) checksum mismatches across different disks in the same storage system are not independent. We use our observations to derive lessons for corruption-proof system design.

Lest We Remember: Cold Boot Attacks on Encryption Keys

July 30, 2008 - 2:00 pm-3:30 pm
J. Alex Halderman::Princeton University
Seth D. Schoen::Electronic Frontier Foundation
Nadia Heninger::Princeton University
William Clarkson::Princeton University
William Paul::Wind River Systems
Joseph A. Calandrino::Princeton University
Ariel J. Feldman::Princeton University
Jacob Appelbaum
Edward W. Felten::Princeton University

Automatic Software Fault Diagnosis by Exploiting Application Signatures

November 12, 2008 - 11:00 am-12:30 pm
Xiaoning Ding::The Ohio State University
Hai Huang::IBM T.J. Watson Research Center
Yaoping Ruan::IBM T.J. Watson Research Center
Anees Shaikh::IBM T.J. Watson Research Center
Xiaodong Zhang::The Ohio State University

Capsicum: Practical Capabilities for UNIX

Available Media

presentation video

Download Video

Federated Access Control and Workflow Enforcement in Systems Configuration

Available Media

presentation video

Download Video

presentation audio