BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Gabi Nakibly

Gabi Nakibly contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Security

Trust snapshot

Quick read

Trust 19 - UnverifiedVerification L1Unclaimed author
5works
0followers
1topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

5 published item(s)

preprint2016arXiv

Website-Targeted False Content Injection by Network Operators

It is known that some network operators inject false content into users' network traffic. Yet all previous works that investigate this practice focus on edge ISPs (Internet Service Providers), namely, those that provide Internet access to end users. Edge ISPs that inject false content affect their customers only. However, in this work we show that not only edge ISPs may inject false content, but also core network operators. These operators can potentially alter the traffic of \emph{all} Internet users who visit predetermined websites. We expose this practice by inspecting a large amount of traffic originating from several networks. Our study is based on the observation that the forged traffic is injected in an out-of-band manner: the network operators do not update the network packets in-path, but rather send the forged packets \emph{without} dropping the legitimate ones. This creates a race between the forged and the legitimate packets as they arrive to the end user. This race can be identified and analyzed. Our analysis shows that the main purpose of content injection is to increase the network operators' revenue by inserting advertisements to websites. Nonetheless, surprisingly, we have also observed numerous cases of injected malicious content. We publish representative samples of the injections to facilitate continued analysis of this practice by the security community.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Hardware Fingerprinting Using HTML5

Device fingerprinting over the web has received much attention both by the research community and the commercial market a like. Almost all the fingerprinting features proposed to date depend on software run on the device. All of these features can be changed by the user, thereby thwarting the device's fingerprint. In this position paper we argue that the recent emergence of the HTML5 standard gives rise to a new class of fingerprinting features that are based on the \emph{hardware} of the device. Such features are much harder to mask or change thus provide a higher degree of confidence in the fingerprint. We propose several possible fingerprint methods that allow a HTML5 web application to identify a device's hardware. We also present an initial experiment to fingerprint a device's GPU.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

PowerSpy: Location Tracking using Mobile Device Power Analysis

Modern mobile platforms like Android enable applications to read aggregate power usage on the phone. This information is considered harmless and reading it requires no user permission or notification. We show that by simply reading the phone's aggregate power consumption over a period of a few minutes an application can learn information about the user's location. Aggregate phone power consumption data is extremely noisy due to the multitude of components and applications that simultaneously consume power. Nevertheless, by using machine learning algorithms we are able to successfully infer the phone's location. We discuss several ways in which this privacy leak can be remedied.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Mobile Device Identification via Sensor Fingerprinting

We demonstrate how the multitude of sensors on a smartphone can be used to construct a reliable hardware fingerprint of the phone. Such a fingerprint can be used to de-anonymize mobile devices as they connect to web sites, and as a second factor in identifying legitimate users to a remote server. We present two implementations: one based on analyzing the frequency response of the speakerphone-microphone system, and another based on analyzing device-specific accelerometer calibration errors. Our accelerometer-based fingerprint is especially interesting because the accelerometer is accessible via JavaScript running in a mobile web browser without requesting any permissions or notifying the user. We present the results of the most extensive sensor fingerprinting experiment done to date, which measured sensor properties from over 10,000 mobile devices. We show that the entropy from sensor fingerprinting is sufficient to uniquely identify a device among thousands of devices, with low probability of collision.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

ACTIDS: An Active Strategy For Detecting And Localizing Network Attacks

In this work we investigate a new approach for detecting attacks which aim to degrade the network's Quality of Service (QoS). To this end, a new network-based intrusion detection system (NIDS) is proposed. Most contemporary NIDSs take a passive approach by solely monitoring the network's production traffic. This paper explores a complementary approach in which distributed agents actively send out periodic probes. The probes are continuously monitored to detect anomalous behavior of the network. The proposed approach takes away much of the variability of the network's production traffic that makes it so difficult to classify. This enables the NIDS to detect more subtle attacks which would not be detected using the passive approach alone. Furthermore, the active probing approach allows the NIDS to be effectively trained using only examples of the network's normal states, hence enabling an effective detection of zero-day attacks. Using realistic experiments, we show that an NIDS which also leverages the active approach is considerably more effective in detecting attacks which aim to degrade the network's QoS when compared to an NIDS which relies solely on the passive approach. Lastly, we show that the false positives rate remains very low even in the face of Byzantine faults.

0 citations0 reviewsNo code linkedOpen access