I’ve recently seen a paper, published at a peer-reviewed conference, where the authors argue that some inter-arrival times were exponentially distributed and that the number of events per unit time were poisson distributed. They did some statistical tests and concluded that the evidence was not enough to discard either hypothesis.
Sounds OK? Well, not quite. Continue reading
In my last articles, I argued that next-generation Internet security requires collaboration and that privacy concerns are the main road block for such cooperative solutions. I’ve also discussed network trace anonymization as a potential solution to the privacy issues with network data. Unfortunately, the delicate privacy-utility tradeoff involved in anonymization makes it impractical for real-world use. Continue reading
In my last article, I discussed why collaboration among networks is essential for monitoring the Internet and maintaining its security in the future. Unfortunately, such collaboration is very difficult in practice due to privacy concerns. Continue reading
In the fable “The Blind Men and the Elephant” by the American poet John Godfrey Saxe, six blind men from Indostan heard of a thing called “an elephant” but did not know what it was. To satisfy their minds, they went to observe a real elephant. Each of them approached the elephant from a different side and came to his own conclusion about what an elephant is. The one that touched the side found “It’s very like a wall!”, while the one examining the tusk shouted “It’s very like a spear!”. The knee was judged to be like a tree, the trunk like a snake, the ear like a fan, and the tail like a rope. When they finally came together to discuss their observations they had a long dispute about what an elephant was. However, as Saxe put it: “Though each was partly in the right, all were in the wrong!”
Is the Internet an Elephant? Continue reading
On May 31, 2011, “Kassensturz”, a popular consumer magazine on Swiss TV, will look into e-banking systems as offered to customers of Swiss banks. Members of the CSG participated in evaluating the usability and security of e-banking systems of Migrosbank, UBS, Raiffeisen, Berner Kantonalbank and Postfinance. Due to the legal situation in Switzerland, a security evaluation – in this case tantamount to a limited penetration test – could only be carried out with the explicit consent of the banks concerned.
In our security evaluation we mimicked a real case of an e-banking fraud attempt, in which an on-going session of an e-banking customer was hijacked by cyber-criminals. The hijackers managed to initiate a transfer of a five digit amount to an account presumably under their control. Ultimately the off-line anti-fraud system of the bank detected the anomaly and blocked the attempted scam.
On behalf of Kassensturz we investigated to what extent the e-banking systems under test are vulnerable to the same type of session hijacking as in the real case. The results vary significantly.
Don’t miss “Kassensturz” on May 31st, 21:o5 hours, Swiss TV SF1. http://www.kassensturz.sf.tv/
A rather large collaborative work from the people who brought you Spamalytics was presented this week at the IEEE Symposium on Security and Privacy (known in the field simply as Oakland). The paper represents a new direction in academic research on the spam problem: following the value chain of the products advertised in spam back to the people selling them. Continue reading
Welcome to the blog of ETH Zurich’s Communication Systems Group. In this space, we will write about research that we’re doing, projects in which we participate, papers that have been published, and generally all the things that occupy us.
If you have any comments or suggestions, don’t hesitate to contact us.
And now, have fun browsing our blog!
The Communication Systems Group
