Neil Daswani

The ubiquity of mobile devices and their evolution as computing platforms
has made them lucrative targets for malware. Malware, such as spyware,
trojans, rootkits and botnets that have traditionally plagued PCs are now
increasingly targeting mobile devices and are also referred to as mobile mal-
ware. Cybercriminal attacks have used mobile malware trojans to steal and
transmit users’ personal information, including financial credentials, to bot
master servers as well as abuse… Show more

The ubiquity of mobile devices and their evolution as computing platforms
has made them lucrative targets for malware. Malware, such as spyware,
trojans, rootkits and botnets that have traditionally plagued PCs are now
increasingly targeting mobile devices and are also referred to as mobile mal-
ware. Cybercriminal attacks have used mobile malware trojans to steal and
transmit users’ personal information, including financial credentials, to bot
master servers as well as abuse the capabilities of the device (e.g., send
premium SMS messages) to generate fraudulent revenue streams.
In this paper, we describe Triton, a new, network-based architecture, and a
prototype implementation of it, for detecting and mitigating mobile malware.
Our implementation of Triton for both Android and Linux environments was
built in our 3G UMTS lab network, and was found to efficiently detect
and neutralize mobile malware when tested using real malware samples
from the wild. Triton employs a defense-in-depth approach and features:
1) in-the- network malware detectors to identify and prevent the spread of
malware and 2) a server-side mitigation engine that sends threat profiles to an
on-the-phone trusted software component to neutralize and perform
fine-grained remediation of malware on mobile devices. Show less

The IEEE (Institute of Electrical and Electronics Engineers) Center for Secure Design has published some advice to help software developers dodge common mistakes that compromise security.

This paper surveys recent mobile malware attacks that have infected hundreds of thousands of user
devices. It explores how behavioral-based malware detection techniques can be used to identify and
neutralize these nefarious programs before they can accomplish their ultimate aims of stealing user
identity and interrupting mobile commerce. We also explore how web malware threats such as drivebys and malvertising are now emerging on mobile networks

The growth of the web-based online advertising industry has created many
new opportunities for lead generation, brand awareness, and electronic commerce for advertisers. In the online marketplace, page views, form submissions,
clicks, downloads, and purchases often result in money changing hands between
advertisers, ad networks, and web site publishers. Since these web-based actions have financial impact, criminals have also seeked to take advantage of new
opportunities to conduct… Show more

The growth of the web-based online advertising industry has created many
new opportunities for lead generation, brand awareness, and electronic commerce for advertisers. In the online marketplace, page views, form submissions,
clicks, downloads, and purchases often result in money changing hands between
advertisers, ad networks, and web site publishers. Since these web-based actions have financial impact, criminals have also seeked to take advantage of new
opportunities to conduct fraud against these parties with the hopes of having
some money illegitimately change into their own hands. We also discuss countermeasures that ad networks have put in place to
mitigate such fraud. Show less

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once you're enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. The book uses web servers and web applications as running… Show more

Foundations of Security: What Every Programmer Needs to Know teaches new and current software professionals state-of-the-art software security design principles, methodology, and concrete programming techniques they need to build secure software systems. Once you're enabled with the techniques covered in this book, you can start to alleviate some of the inherent vulnerabilities that make today's software so susceptible to attack. The book uses web servers and web applications as running examples throughout the book. Show less

This paper studies the problem of “blasting” attacks in the Chord P2P network. Blasting is an application-layer denial-of-service (DoS) attack in which malicious nodes generate excessive numbers of queries. To deal with the problem, we develop a simple traffic model that captures query flows in Chord, and we use the model to determine how to maximize system throughput. We then propose traf-
fic management schemes and derive traffic limits that can be imposed on query flows. We evaluate our… Show more

This paper studies the problem of “blasting” attacks in the Chord P2P network. Blasting is an application-layer denial-of-service (DoS) attack in which malicious nodes generate excessive numbers of queries. To deal with the problem, we develop a simple traffic model that captures query flows in Chord, and we use the model to determine how to maximize system throughput. We then propose traf-
fic management schemes and derive traffic limits that can be imposed on query flows. We evaluate our proposed traffic management schemes and limits via simulation. We find that our techniques recover system throughput in the face of blasting attacks and virtually eliminate damage due to
excess queries injected by malicious nodes. Show less

This dissertation studies denial-of-service (DoS) attacks in peer-to-peer (P2P) net-
works, and electronic commerce infrastructure for such networks.

This paper studies the problem of resource discovery in unstructured peer-to-peer (P2P) systems. We propose simple policies that make the discovery of resources re- silient to coordinated attacks by malicious nodes. We focus on a novel P2P protocol called GUESS [8] that uses a pong cache, a set of currently known nodes, to discover new ones. We describe how to limit pong cache poisoning, a condition in which the ids of malicious nodes appear in the pong caches of good nodes.
We propose an ID… Show more

This paper studies the problem of resource discovery in unstructured peer-to-peer (P2P) systems. We propose simple policies that make the discovery of resources re- silient to coordinated attacks by malicious nodes. We focus on a novel P2P protocol called GUESS [8] that uses a pong cache, a set of currently known nodes, to discover new ones. We describe how to limit pong cache poisoning, a condition in which the ids of malicious nodes appear in the pong caches of good nodes.
We propose an ID smearing algorithm (IDSA) and a dynamic network partitioning (DNP) scheme that can be used together to reduce the impact of malicious nodes. We also propose adding an introduction protocol (IP) as a basic mechanism to GUESS to ensure liveness. We suggest using a most-recently-used (MRU) cache replacement policy to slow down the rate of poisoning. Finally, we determine the marginal utility of using a malicious node detector (MND) to further limit poison-
ing, and the level of accuracy required of the detector. Show less

In peer-to-peer (P2P) systemswhere individualpeers must cooperate to process each other’srequests,
a useful metric for evaluating the system is how many remote requests are serviced by each peer. In this
paper we apply this remote work metric to flooding-based P2P search networks such as Gnutella. We
study howto maximize the remote work in the entire network by controlling the rate of query injection at
each node. In particular,we provide a simple procedure forfinding the optimal rate… Show more

In peer-to-peer (P2P) systemswhere individualpeers must cooperate to process each other’srequests,
a useful metric for evaluating the system is how many remote requests are serviced by each peer. In this
paper we apply this remote work metric to flooding-based P2P search networks such as Gnutella. We
study howto maximize the remote work in the entire network by controlling the rate of query injection at
each node. In particular,we provide a simple procedure forfinding the optimal rate of query injection and
prove its optimality. We also show that a simple prefer-high-TTL protocol in which each peer processes
only queries with the highest time-to-live (TTL) is optimal. Show less

In this paper we present recent and ongoing research projects of the Peers research group at Stanford University.

Few P2P file-sharing networks developed to date have successfully provided mechanisms to ensure the authenticity of documents delivered to clients. For example, when a P2P client receives a hit for "Origin of Species," the client currently has no assurance that the corresponding downloaded document is an authentic copy of Charles Darwin's work. The document could be a "decoy" and could contain the content of the book by Charles Darwin with several key passages altered. The document might even… Show more

Few P2P file-sharing networks developed to date have successfully provided mechanisms to ensure the authenticity of documents delivered to clients. For example, when a P2P client receives a hit for "Origin of Species," the client currently has no assurance that the corresponding downloaded document is an authentic copy of Charles Darwin's work. The document could be a "decoy" and could contain the content of the book by Charles Darwin with several key passages altered. The document might even be a different work entirely that advocates creationism. Even worse, the client has no way to tell if the downloaded document might be a newly deployed virus. We call the problem of determining whether a document is authentic the document authenticity problem. Show less

Proposes future directions for research in P2P systems and highlight problems that have not yet been studied in great depth. Focus is on two particular aspects of P2P systems - search & security - and suggest several open and important research problems for the community to address.

We describe a simple but effective traffic model that can be used to understand the effects of denial-of-service (DoS) attacks based on query floods in Gnutella networks. We run simulations based on the model to analyze how different choices of network topology and application level load balancing policies can minimize the effect of these types of DoS attacks. In addition, we also study how damage caused by query floods is distributed throughout the network, and how application-level policies… Show more

We describe a simple but effective traffic model that can be used to understand the effects of denial-of-service (DoS) attacks based on query floods in Gnutella networks. We run simulations based on the model to analyze how different choices of network topology and application level load balancing policies can minimize the effect of these types of DoS attacks. In addition, we also study how damage caused by query floods is distributed throughout the network, and how application-level policies can localize the damage. Show less

Digital materials can be protected from failures by replicating them at multiple autonomous, distributed sites. A Peer-to-peer Information Preservation and Exchange (PIPE) network is a good way to build a distributed replication system. A significant challenge in such networks is ensuring that documents are replicated and accessible despite malicious sites. Such sites may hinder the replication of documents in a variety of ways, including agreeing to store a copy but erasing it instead… Show more

Digital materials can be protected from failures by replicating them at multiple autonomous, distributed sites. A Peer-to-peer Information Preservation and Exchange (PIPE) network is a good way to build a distributed replication system. A significant challenge in such networks is ensuring that documents are replicated and accessible despite malicious sites. Such sites may hinder the replication of documents in a variety of ways, including agreeing to store a copy but erasing it instead, refusing to serve a document, or serving an altered version of the document. We define a model of PIPE networks, a threat model for malicious sites, and propose basic solutions for managing these malicious sites. The basic solutions are inefficient, but demonstrate that a secure system can be built. We also sketch ways to improve the efficiency of the system. Show less

In this paper, we describe the concept of a highly secure wireless aggregation service. A wireless aggregation service is a service that allows a user to view all of his or her personal information (bank balances, credit card balances, brokerage account balances, travel reservations, and email) from any mobile device without requiring the user to “browse.” This personal information is gathered and kept up to date from all the web sites that a user already uses, including online banking… Show more

In this paper, we describe the concept of a highly secure wireless aggregation service. A wireless aggregation service is a service that allows a user to view all of his or her personal information (bank balances, credit card balances, brokerage account balances, travel reservations, and email) from any mobile device without requiring the user to “browse.” This personal information is gathered and kept up to date from all the web sites that a user already uses, including online banking, credit card, and brokerage web sites, such as Citibank Direct Access, American Express Cards Online, and Merrill Lynch Direct. Yodlee’s wireless aggregation service gathers information from over 1,400 such web sites today, securely stores all a user’s login names, passwords, and personal data in one place, and allows the user to securely access this information from a variety of mobile devices including PDAs and web-enabled phones through wireless access and synchronization. Show less

Course Notes - You will learn about WAP Security Architecture. After covering some basic security concepts, will dive into learning about WAP Security and how various security goals are accomplished in WAP

This paper analyzes the cryptographic operation time that is required to execute secure transactions on wireless PDAs with WAP browsers. We evaluate the time required to execute the necessary cryptographic operations to set up a WTLS connection on a Palm OS device with both ECC-based public key cryptography as well as with RSA-based public key cryptography. We find that the execution times for server-authenticated 1024-bit RSA handshakes can be up to twice as fast as for server-authenticated… Show more

This paper analyzes the cryptographic operation time that is required to execute secure transactions on wireless PDAs with WAP browsers. We evaluate the time required to execute the necessary cryptographic operations to set up a WTLS connection on a Palm OS device with both ECC-based public key cryptography as well as with RSA-based public key cryptography. We find that the execution times for server-authenticated 1024-bit RSA handshakes can be up to twice as fast as for server-authenticated 163-bit ECC-based handshakes, but that the execution time for mutually-authenticated (client and server authenticated) handshakes is at least eight times faster using ECC-based handshakes. Show less

In this paper, we introduce the novel concept of a secure interface definition compiler (a "security " compiler, for short). We show how interface designers can declare an application's security requirements as part of the interface definition process, and how a security compiler can automatically generate code that implements security requirements in client stubs and server skeletons.

This paper describes our experience with implementing an electronic payment system for the PalmPilot. Although Palm OS lacks support for many security features, we are able to build a system suitable for small payments. We discuss the advantages and disadvantages of using a PDA to make secure payments as opposed to using a smartcard or a desktop PC. In addition, we describe the engineering of PDA-PayWord, our implementation of a commerce protocol that takes advantage of both elliptic curve and… Show more

This paper describes our experience with implementing an electronic payment system for the PalmPilot. Although Palm OS lacks support for many security features, we are able to build a system suitable for small payments. We discuss the advantages and disadvantages of using a PDA to make secure payments as opposed to using a smartcard or a desktop PC. In addition, we describe the engineering of PDA-PayWord, our implementation of a commerce protocol that takes advantage of both elliptic curve and RSA public key cryptography to support payments efficiently on PDAs with limited processing capability. Show less

Most existing digital wallet implementations support a single or a limited set of proprietary financial instruments and protocols for electronic commerce transactions, preventing a user from having one consolidated digital wallet to manage all of his or her financial instruments. Commercial efforts to implement extensible digital wallets that are capable of inter-operating with multiple instruments and protocols are a step in the right directions, but these wallets have other limitations. In… Show more

Most existing digital wallet implementations support a single or a limited set of proprietary financial instruments and protocols for electronic commerce transactions, preventing a user from having one consolidated digital wallet to manage all of his or her financial instruments. Commercial efforts to implement extensible digital wallets that are capable of inter-operating with multiple instruments and protocols are a step in the right directions, but these wallets have other limitations. In this paper, we propose a new digital wallet architecture that is extensible (can support multiple existing and newly developed instruments and protocols), symmetric (has common instrument management and protocol management interfaces across end-user, vendor, and bank applications), non-web-centric (can be implemented in non-web environments), and client-driven (the user initiates all operations, including wallet invocation). Show less

The paper aims to aid further understanding of a signifcant, successful P2P VoIP system, as well as provide experimental data that may be useful for future design and modeling of such sys­tems. These results also imply that the nature of aVoIP P2P system like Skype differs fundamentally from earlier P2P systems that are oriented toward ?le­sharing, and music and video download appli­cations, and deserves more attention from the research community.

Drive-by downloads planted on legitimate sites (e.g., via "structural" and other
vulnerabilities in web applications) cause web sites to get blacklisted by Google, Yahoo,
and other search engines and browsers. In this paper, we describe the technical
architecture and implementation of mod_antimalware, a novel, open-source
containment technology for web servers that can be used to 1) quarantine web-based
malware infections before they impact users, 2) allow web pages to… Show more

Drive-by downloads planted on legitimate sites (e.g., via "structural" and other
vulnerabilities in web applications) cause web sites to get blacklisted by Google, Yahoo,
and other search engines and browsers. In this paper, we describe the technical
architecture and implementation of mod_antimalware, a novel, open-source
containment technology for web servers that can be used to 1) quarantine web-based
malware infections before they impact users, 2) allow web pages to safely be served
even while a site is infected, and 3) give webmasters time to recover from an attack
before their web sites get blacklisted by popular search engines and browsers. Show less

This paper provides a detailed case study of the architecture of the Clickbot.A botnet that attempted a low-noise click fraud attack against syndicated search engines. The botnet of over 100,000 machines was controlled using a HTTP-based botmaster. Google identified all clicks on its ads exhibiting Clickbot.Alike patterns and marked them as invalid. We disclose the results of our investigation of this botnet to educate the security research community and provide information regarding… Show more

This paper provides a detailed case study of the architecture of the Clickbot.A botnet that attempted a low-noise click fraud attack against syndicated search engines. The botnet of over 100,000 machines was controlled using a HTTP-based botmaster. Google identified all clicks on its ads exhibiting Clickbot.Alike patterns and marked them as invalid. We disclose the results of our investigation of this botnet to educate the security research community and provide information regarding the
novelties of the attack. Show less

It is important for search and pay-per-click engines to penetration test their click fraud detection systems, in order to find potential vulnerabilities and correct them before fraudsters can exploit them. In this paper, we describe: (1) some goals and desirable qualities of a click fraud penetration testing
system, based on our experience, and (2) our experiences with the challenges of building and using a click fraud penetration testing system called Camelot that has been in use at Google.