Blaze, Matt
Email Address
ORCID
Disciplines
relationships.isProjectOf
relationships.isOrgUnitOf
Position
Introduction
Research Interests
Collection
15 results
Search Results
Now showing 1 - 10 of 15
Publication QuanTM: A Quantitative Trust Management System(2009-03-01) West, Andrew G; Aviv, Adam J; Chang, Jian; Prabhu, Vinayak S; Blaze, Matthew A; Kannan, Sampath; Lee, Insup; Smith, Jonathan M; Sokolsky, OlegQuantitative Trust Management (QTM) provides a dynamic interpretation of authorization policies for access control decisions based on upon evolving reputations of the entities involved. QuanTM, a QTM system, selectively combines elements from trust management and reputation management to create a novel method for policy evaluation. Trust management, while effective in managing access with delegated credentials (as in PolicyMaker and KeyNote), needs greater flexibility in handling situations of partial trust. Reputation management provides a means to quantify trust, but lacks delegation and policy enforcement. This paper reports on QuanTM’s design decisions and novel policy evaluation procedure. A representation of quantified trust relationships, the trust dependency graph, and a sample QuanTM application specific to the KeyNote trust management language, are also proposed.Publication On the Reliability of Current Generation Network Eavesdropping Tools(2006-01-01) Cronin, Eric; Sherr, Micah; Blaze, Matthew AThis paper analyzes the problem of interception of Internet traffic from the eavesdropper's point of view. We examine the reliability and accuracy of transcripts, and show that obtaining "high fidelity" transcripts is harder than previously assumed. Even in highly favorable situations, such as capturing unencrypted traffic using standard protocols, simple -- and entirely unilateral -- countermeasures are shown to be sufficient to prevent accurate traffic analysis in many Internet interception configurations. In particular, these countermeasures were successful against every available eavesdropping system we tested. Central to our approach is a new class of techniques that we call confusion, which, unlike cryptography or steganography, does not require cooperation by the communicating parties and, in some case, can be employed entirely by a third party not involved in the communication at all.Publication Signaling Vulnerabilities in Wiretapping Systems(2005-11-01) Sherr, Micah; Cronin, Eric; Clark, Sandy; Blaze, Matthew AMany law enforcement wiretap systems are vulnerable to simple, unilateral countermeasures that exploit the unprotected in-band signals passed between the telephone network and the collection system. This article describes the problem as well as some remedies and workarounds.Publication Sensor Network Security: More Interesting Than You Think(2006-07-31) Anand, Madhukar; Cronin, Eric; Sherr, Micah; Blaze, Matthew A; Ives, Zachary G; Lee, InsupWith the advent of low-power wireless sensor networks, a wealth of new applications at the interface of the real and digital worlds is emerging. A distributed computing platform that can measure properties of the real world, formulate intelligent inferences, and instrument responses, requires strong foundations in distributed computing, artificial intelligence, databases, control theory, and security. Before these intelligent systems can be deployed in critical infrastructures such as emergency rooms and powerplants, the security properties of sensors must be fully understood. Existing wisdom has been to apply the traditional security models and techniques to sensor networks. However, sensor networks are not traditional computing devices, and as a result, existing security models and methods are ill suited. In this position paper, we take the first steps towards producing a comprehensive security model that is tailored for sensor networks. Incorporating work from Internet security, ubiquitous computing, and distributed systems, we outline security properties that must be considered when designing a secure sensor network. We propose challenges for sensor networks – security obstacles that, when overcome, will move us closer to decreasing the divide between computers and the physical world.Publication Toward a Broader View of Security Protocols(2006-01-01) Blaze, Matthew AComputer and network security researchers usually focus on the security of computers and networks. Although it might seem as if there is more than enough insecurity here to keep all of us fully occupied for the foreseeable future, this narrow view of our domain may actually be contributing to the very problems that we are trying to solve. We miss important insights from, and opportunities to make contributions to, a larger world that has been grappling with security since long before the computer was invented.Publication Steganographic Timing Channels(2011-01-01) Aviv, Adam; Shah, Guarav; Blaze, MattThis paper describes steganographic timing channels that use cryptographic primitives to hide the presence of covert channels in the timing of network traffic. We have identified two key properties for steganographic timing channels: (1) the parameters of the scheme should be cryptographically keyed, and (2) the distribution of input timings should be indistinguishable from output timings. These properties are necessary (although we make no claim they are sufficient) for the undetectability of a steganographic timing channel. Without them, the contents of the channel can be read and observed by unauthorized persons, and the presence of the channel is trivially exposed by noticing large changes in timing distributions – a previously proposed methodology for covert channel detection. Our steganographic timing scheme meets the secrecy requirement by employing cryptographic keys, and we achieve a restricted form of input/output distribution parity. Under certain distributions, our schemes conforms to a uniformness property; input timings that are uniformly distributed modulo a timing window are indistinguishable from output timings, measured under the same modulo. We also demonstrate that our scheme is practical under real network conditions, and finally present an empirical study of its covertness using the firstorder entropy metric, as suggested by Gianvecchio and Wang [8], which is currently the best published practical detection heuristic for timing channels.Publication Moving Targets: Geographically Routed Human Movement Networks(2010-03-01) Aviv, Adam J; Sherr, Micah; Blaze, Matt; Smith, Jonathan MWe introduce a new communication paradigm, Human-to-human Mobile Ad hoc Networking (HuManet), that exploits smartphone capabilities and human behavior to create decentralized networks for smartphone-to-smartphone message delivery. HuManets support stealth command-and-control messaging for mobile BotNets, covert channels in the presence of an observer who monitors all cellular communication, and distributed protocols for querying the state or content of targeted mobile devices. In this paper, we introduce techniques for constructing HumaNets and describe protocols for efficiently routing and addressing messages. In contrast to flooding or broadcast schemes that saturate the network and aggressively consume phone resources (e.g., batteries), our protocols exploit human mobility patterns to significantly increase communication efficiency while limiting the exposure of HuManets to mobile service providers. Our techniques leverage properties of smartphones – in particular, their highly synchronized clocks and ability to discern location information – to construct location profiles for each device. HuManets’ fully-distributed and heuristic-based routing protocols route messages towards phones with location profiles that are similar to those of the intended receiver, enabling efficient message delivery with limited effects to end-to-end latency.Publication Notes on Theoretical Limitations and Practical Vulnerabilities of Internet Surveillance Capture(2010-09-10) Cronin, Eric C.; Blaze, Matthew ASurveillance of Internet communications is increasingly common. As a greater and greater percentage of communication occurs over the Internet, the desire by law enforcement, intelligence agencies, criminals, and others to access these communications grows. In recent years, motivated by updated legislation, we have seen the first large-scale systems for intercepting Internet communications deployed, and there is increasing pressure for more such systems to be developed and put to use. Such systems raise a number of obvious questions for the security research community. Unfortunately, nearly all the systems that have been developed are closed and proprietary, and their inner workings closely guarded for commercial and “security” reasons. Very little research exists in the open academic literature exploring the technical aspects of Internet surveillance, and (to our knowledge) none which focuses on security or reliability. In this work we examine one specific problem, that of performing reliable capture of Internet communications. This work has three main contributions which address some, but by no means all, of the open questions relating to reliable capture in Internet surveillance. First, we provide a survey of the current state of practice for Internet capture in the public literature. Second, we examine a number of ways in which existing capture solutions fall short of perfect capture, and the consequences, namely theoretical vulnerabilities as well as practical attacks on the accuracy and completeness of information analyzed. Finally, we construct a set of improved capture tools which provide stronger, more reliable results when used in conjunction with existing tools. This document represents a dissertation in progress.Publication Scalable Link-Based Relay Selection for Anonymous Routing(2009-08-01) Sherr, Micah; Blaze, Matthew; Loo, Boon ThauThe performance of an anonymous path can be described using many network metrics – e.g., bandwidth, latency, jitter, loss, etc. However, existing relay selection algorithms have focused exclusively on producing paths with high bandwidth. In contrast to traditional node-based path techniques in which relay selection is biased by relays’ node-characteristics (i.e., bandwidth), this paper presents the case for link-based path generation in which relay selection is weighted in favor of the highest performing links. Link-based relay selection supports more flexible routing, enabling anonymous paths with low latency, jitter, and loss, in addition to high bandwidth. Link-based approaches are also more secure than node-based techniques, eliminating “hotspots” in the network that attract a disproportionate amount of traffic. For example, misbehaving relays cannot advertise themselves as “low-latency” nodes to attract traffic, since latency has meaning only when measured between two endpoints. We argue that link-based path selection is practical for certain anonymity networks, and describe mechanisms for efficiently storing and disseminating link information.Publication Security Weaknesses in the APCO Project 25 Two-Way Radio System(2010-11-18) Clark, Sandy; Metzger, Perry; Wasserman, Zachary; Xu, Kevin; Blaze, Matthew AAPCO Project 25 (“P25”) is a suite of wireless communications protocols designed for public safety two-way (voice) radio systems. The protocols include security options in which voice and data traffic can be cryptographically protected from eavesdropping. This report analyzes the security of P25 systems against passive and active attacks. We find a number of protocol, implementation, and user interface weaknesses that can leak information to a passive eavesdropper and that facilitate active attacks. In particular, P25 systems are highly susceptible to active traffic analysis attacks, in which radio user locations are surreptitiously determined, and selective jamming attacks, in which an attacker can jam specific kinds of traffic (such as encrypted messages or key management traffic). The P25 protocols make such attacks not only feasible but highly efficient, requiring, for example, significantly less aggregate energy output from a jammer than from the legitimate transmitters.