Network Operations and Internet Security @ UChicago

Home Networking and DNS Security Papers Accepted to Internet Measurement Conference

1 Comment

Project BISmark

Our research group has had three long papers accepted at the ACM SIGCOMM Internet Measurement Conference this October in Berlin, Germany.  Two of the papers are on studying the performance and usage of home networks.  A third paper is on the security of the Internet’s domain name system.  The draft abstracts of the papers are below.  We are very well represented (seven students, and one alum, Nazanin, who is now at Cisco).

There were only 25 long papers accepted at IMC, so we are very well-represented in the program.

Congrats to Sarthak, Srikanth, Shuang, Mi Seon, Sam, Joon, Bharath, and Nazanin!

Peeking Behind the NAT: An Empirical Study of Home Networks
Sarthak Grover (Georgia Institute of Technology)
Mi Seon Park (Georgia Institute of Technology)
Srikanth Sundaresan (Georgia Institute of Technology)
Sam Burnett (Georgia Institute of Technology)
Hyojoon Kim (Georgia Institute of Technology)
Bharath Ravi (Georgia Institute of Technology)
Nick Feamster (Georgia Institute of Technology)

We present the first empirical study of home network availability, infrastructure, and usage, using data collected from home networks around the world. In each home, we deploy a router with custom firmware to collect information about the availability of home broadband network connectivity, the home network infrastructure (including the wireless connectivity in each home network and the number of devices connected to the network), and how people in each home network use the network. Outages are more frequent and longer in developing countries—sometimes due to the network, and in other cases because they simply turn their home router off. We also find that some portions of the wireless spectrum are extremely crowded, that diurnal patterns are more pronounced during the week, and that most traffic in home networks is exchanged over a few connections to a small number of domains. Our study is both a preliminary view into many home networks and an illustration of how measurements from a home router can yield significant information about home networks.

Measuring and Mitigating Web Performance Bottlenecks in Broadband Access Networks
Srikanth Sundaresan (Georgia Institute of Technology)
Nick Feamster (Georgia Institute of Technology)
Renata Teixeira (CNRS/UPMC Sorbonne Universites)
Nazanin Magharei (Cisco Systems)

We measure Web performance bottlenecks in home broadband access networks and evaluate ways to mitigate these bottlenecks with caching in home networks. We first measure Web performance bottlenecks to nine popular Web sites from more than 5,000 broadband access networks and demonstrate that when the downstream throughput of the access link exceeds about 16 Mbits/s, latency is the main bottleneck for Web page load time. Next, we use a router-based Web measurement tool, Mirage, to deconstruct Web page load time into its constituent components (DNS lookup, TCP connection setup, object download) and show that simple latency optimizations can yield significant improvements in overall page load times. We then present a case for placing a cache in the home network and deploy three common optimizations: DNS caching, TCP connection caching, and content caching. We show that just caching DNS and TCP connections can can yield significant improvements in page load time, and even user’s browser is already performing similar independent optimizations. Finally, we use traces from real homes to demonstrate how popularity-based prefetching of DNS and TCP connections in a home-router cache can achieve faster page load times in home networks.

Understanding the Domain Registration Behavior of Spammers
Shuang Hao (Georgia Institute of Technology)
Matthew Thomas (Verisign, Inc.)
Vern Paxson (ICSI & UC Berkeley)
Nick Feamster (Georgia Institute of Technology)
Christian Kreibich (ICSI)
Chris Grier (ICSI)
Scott Hollenbeck (Verisign, Inc.)

Spammers register tremendous number of domains to evade blacklisting and takedown efforts. Current techniques to detect such domains rely on crawling spam URLs or monitoring lookup traffic. Such detection triggers after the spammers have already launched their campaigns, and thus these countermeasures may only come into play after the spammer has already reaped significant benefits from the dissemination of large volumes of spam. In this paper we examine the registration process of such domains, with a particular eye towards features that might indicate directly at registration time that a given domain likely has a malicious purpose. Our assessment includes exploring the characteristics of registrars, domain life cycles, registration bursts, and naming patterns. By investigating zone changes from the .com TLD over a 5-month period, we discover that spammers employ bulk registration, often re-use domains previously registered by others, and tend to register and host their domains over a small set of registrars. Our findings suggest a number of steps that registries and/or registrars could employ to crimp the ease with which miscreants acquire domains in bulk, thus potentially increasing their costs and reducing their agility for large-scale attacks.

Author: Nick Feamster

Nick Feamster is a professor in the Department of Computer Science at Princeton University. Before joining the faculty at Princeton, he was a professor in the School of Computer Science at Georgia Tech. He received his Ph.D. in Computer science from MIT in 2005, and his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively. His research focuses on many aspects of computer networking and networked systems, including the design, measurement, and analysis of network routing protocols, network operations and security, and anonymous communication systems. In December 2008, he received the Presidential Early Career Award for Scientists and Engineers (PECASE) for his contributions to cybersecurity, notably spam filtering. His honors include the Technology Review 35 "Top Young Innovators Under 35" award, a Sloan Research Fellowship, the NSF CAREER award, the IBM Faculty Fellowship, and award papers at SIGCOMM 2006 (network-level behavior of spammers), the NSDI 2005 conference (fault detection in router configuration), Usenix Security 2002 (circumventing web censorship using Infranet), and Usenix Security 2001 (web cookie analysis).

One thought on “Home Networking and DNS Security Papers Accepted to Internet Measurement Conference

  1. Pingback: Home Networking and DNS Security Papers Accepted to Internet … | DNS Internet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s