BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Andrzej Duda

Andrzej Duda contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Networking and Internet ArchitectureCryptography and Securitystat.OT

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
9works
0followers
3topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

9 published item(s)

preprint2022arXiv

Early Detection of Spam Domains with Passive DNS and SPF

Spam domains are sources of unsolicited mails and one of the primary vehicles for fraud and malicious activities such as phishing campaigns or malware distribution. Spam domain detection is a race: as soon as the spam mails are sent, taking down the domain or blacklisting it is of relative use, as spammers have to register a new domain for their next campaign. To prevent malicious actors from sending mails, we need to detect them as fast as possible and, ideally, even before the campaign is launched. In this paper, using near-real-time passive DNS data from Farsight Security, we monitor the DNS traffic of newly registered domains and the contents of their TXT records, in particular, the configuration of the Sender Policy Framework, an anti-spoofing protocol for domain names and the first line of defense against devastating Business Email Compromise scams. Because spammers and benign domains have different SPF rules and different traffic profiles, we build a new method to detect spam domains using features collected from passive DNS traffic. Using the SPF configuration and the traffic to the TXT records of a domain, we accurately detect a significant proportion of spam domains with a low false positives rate demonstrating its potential in real-world deployments. Our classification scheme can detect spam domains before they send any mail, using only a single DNS query and later on, it can refine its classification by monitoring more traffic to the domain name.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Don't Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic

This paper concerns the problem of the absence of ingress filtering at the network edge, one of the main causes of important network security issues. Numerous network operators do not deploy the best current practice - Source Address Validation (SAV) that aims at mitigating these issues. We perform the first Internet-wide active measurement study to enumerate networks not filtering incoming packets by their source address. The measurement method consists of identifying closed and open DNS resolvers handling requests coming from the outside of the network with the source address from the range assigned inside the network under the test. The proposed method provides the most complete picture of the inbound SAV deployment state at network providers. We reveal that 32 673 Autonomous Systems (ASes) and 197 641 Border Gateway Protocol (BGP) prefixes are vulnerable to spoofing of inbound traffic. Finally, using the data from the Spoofer project and performing an open resolver scan, we compare the filtering policies in both directions.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

DTLS Performance in Duty-Cycled Networks

The Datagram Transport Layer Security (DTLS) protocol is the IETF standard for securing the Internet of Things. The Constrained Application Protocol, ZigBee IP, and Lightweight Machine-to-Machine (LWM2M) mandate its use for securing application traffic. There has been much debate in both the standardization and research communities on the applicability of DTLS to constrained environments. The main concerns are the communication overhead and latency of the DTLS handshake, and the memory footprint of a DTLS implementation. This paper provides a thorough performance evaluation of DTLS in different duty-cycled networks through real-world experimentation, emulation and analysis. In particular, we measure the duration of the DTLS handshake when using three duty cycling link-layer protocols: preamble-sampling, the IEEE 802.15.4 beacon-enabled mode and the IEEE 802.15.4e Time Slotted Channel Hopping mode. The reported results demonstrate surprisingly poor performance of DTLS in radio duty-cycled networks. Because a DTLS client and a server exchange more than 10 signaling packets, the DTLS handshake takes between a handful of seconds and several tens of seconds, with similar results for different duty cycling protocols. Moreover, because of their limited memory, typical constrained nodes can only maintain 3-5 simultaneous DTLS sessions, which highlights the need for using DTLS parsimoniously.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

OSCAR: Object Security Architecture for the Internet of Things

Billions of smart, but constrained objects wirelessly connected to the global network require novel paradigms in network design. New protocol standards, tailored to constrained devices, have been designed taking into account requirements such as asynchronous application traffic, need for caching, and group communication. The existing connection oriented security architecture is not able to keep up---first, in terms of the supported features, but also in terms of the scale and resulting latency on small constrained devices. In this paper, we propose an architecture that leverages the security concepts both from content-centric and traditional connection-oriented approaches. We rely on secure channels established by means of (D)TLS for key exchange, but we get rid of the notion of the 'state' among communicating entities. We provide a mechanism to protect from replay attacks by coupling our scheme with the CoAP application protocol. Our object-based security architecture (OSCAR) intrinsically supports caching and multicast, and does not affect the radio duty-cycling operation of constrained objects. We evaluate OSCAR in two cases: 802.15.4 Low Power and Lossy Networks (LLN) and Machine-to-Machine (M2M) communication for two different hardware platforms and MAC layers on a real testbed and using the Cooja emulator. We show significant energy savings at constrained servers and reasonable delays. We also discuss the applicability of OSCAR to Smart City deployments.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Performance Comparison of the RPL and LOADng Routing Protocols in a Home Automation Scenario

RPL, the routing protocol proposed by IETF for IPv6/6LoWPAN Low Power and Lossy Networks has significant complexity. Another protocol called LOADng, a lightweight variant of AODV, emerges as an alternative solution. In this paper, we compare the performance of the two protocols in a Home Automation scenario with heterogenous traffic patterns including a mix of multipoint-to-point and point-to-multipoint routes in realistic dense non-uniform network topologies. We use Contiki OS and Cooja simulator to evaluate the behavior of the ContikiRPL implementation and a basic non-optimized implementation of LOADng. Unlike previous studies, our results show that RPL provides shorter delays, less control overhead, and requires less memory than LOADng. Nevertheless, enhancing LOADng with more efficient flooding and a better route storage algorithm may improve its performance.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Topology Construction in RPL Networks over Beacon-Enabled 802.15.4

In this paper, we propose a new scheme that allows coupling beacon-enabled IEEE 802.15.4 with the RPL routing protocol while keeping full compliance with both standards. We provide a means for RPL to pass the routing information to Layer 2 before the 802.15.4 topology is created by encapsulating RPL DIO messages in beacon frames. The scheme takes advantage of 802.15.4 command frames to solicit RPL DIO messages. The effect of the command frames is to reset the Trickle timer that governs sending DIO messages. We provide a detailed analysis of the overhead incurred by the proposed scheme to understand topology construction costs. We have evaluated the scheme using Contiki and the instruction-level Cooja simulator and compared our results against the most common scheme used for dissemination of the upper-layer information in beacon-enabled PANs. The results show energy savings during the topology construction phase and in the steady state.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

Broadcast Strategies with Probabilistic Delivery Guarantee in Multi-Channel Multi-Interface Wireless Mesh Networks

Multi-channel multi-interface Wireless Mesh Networks permit to spread the load across orthogonal channels to improve network capacity. Although broadcast is vital for many layer-3 protocols, proposals for taking advantage of multiple channels mostly focus on unicast transmissions. In this paper, we propose broadcast algorithms that fit any channel and interface assignment strategy. They guarantee that a broadcast packet is delivered with a minimum probability to all neighbors. Our simulations show that the proposed algorithms efficiently limit the overhead.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

Technical Report: Energy Evaluation of preamble Sampling MAC Protocols for Wireless Sensor Networks

The paper presents a simple probabilistic analysis of the energy consumption in preamble sampling MAC protocols. We validate the analytical results with simulations. We compare the classical MAC protocols (B-MAC and X-MAC) with LAMAC, a method proposed in a companion paper. Our analysis highlights the energy savings achievable with LA-MAC with respect to B-MAC and X-MAC. It also shows that LA-MAC provides the best performance in the considered case of high density networks under traffic congestion.

0 citations0 reviewsNo code linkedOpen access
preprint2010arXiv

A Divide-and-Conquer Scheme for Assigning Roles in Multi-Channel Wireless Mesh Networks

A multi-channel MAC seems to be an interesting approach for improving network throughput by multiplexing transmissions over orthogonal channels. In particular, Molecular MAC has recently proposed to modify the standard IEEE 802.11 DCF access method to use dynamic channel switching for efficient packet forwarding over multiple hops. However, this MAC layer requires role and channel assignment to nodes: some of them use a static channel, while others dynamically switch to neighbor channels on-demand. To assign roles and channels, we extend the notion of the Weakly Connected Dominating Set, the structure already used in clustering. More precisely, we adapt the WCDS structure and introduce new constraints to define what we call a reversible WCDS (r-WCDS), which is particularly suitable for wireless mesh networks operating under Molecular MAC. We propose a divide-and-conquer scheme that partitions the network into clusters with one leader per cluster solving a MILP formulation to assign roles in its cluster. By appropriately defining the roles at the border of clusters, we maintain global connectivity in the r-wcds. Finally, our simulations show that the performance of the propose scheme is close to a centralized algorithm.

0 citations0 reviewsNo code linkedOpen access