Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying

Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying

When employed by online content providers, access-control policies can be evaded whenever clients masquerade behind a middlebox (MB) that meets the policies. An MB, commonly being the gateway of a virtual private network (VPN), typically contacts the content provider on behalf of the clients it coll...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE communications letters 2015-01, Vol.19 (1), p.42-45
Hauptverfasser: Abdou, AbdelRahman, Matrawy, Ashraf, van Oorschot, Paul C.
Format: Artikel
Sprache:eng
Schlagworte:
Computer networks
IP networks
Middleboxes
Queueing analysis
Relays
Service introduction
Time measurement
Virtual private networks
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 45
container_issue 1
container_start_page 42
container_title IEEE communications letters
container_volume 19
creator Abdou, AbdelRahman
Matrawy, Ashraf
van Oorschot, Paul C.
description When employed by online content providers, access-control policies can be evaded whenever clients masquerade behind a middlebox (MB) that meets the policies. An MB, commonly being the gateway of a virtual private network (VPN), typically contacts the content provider on behalf of the clients it colludes with, and relays the provider's outbound traffic to those clients. We propose a solution to hinder MBs from unauthorized relaying of traffic to a large number of clients. To the best of our knowledge, this is the first work to address this problem. Our solution increases the cost of collusion by leveraging client puzzles in a novel way, and uses network properties to help the content provider detect if its outbound traffic is being further relayed beyond a transport-layer connection. Our evaluation shows that the number of colluding clients follows a hyperbolic decay with the rate of creation of puzzles and the time required to solve a puzzle-both factors are influenced by the content provider, but grows almost linearly with the MB's computational resources.
doi_str_mv 10.1109/LCOMM.2014.2349973
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_crossref_primary_10_1109_LCOMM_2014_2349973</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6881620</ieee_id><sourcerecordid>3577245131</sourcerecordid><originalsourceid>FETCH-LOGICAL-c339t-9f133da27e0b865dd2f0ae7a6039f61507cafd6e06ca4188b2cd1e20bf3787803</originalsourceid><addsrcrecordid>eNo9kE1Lw0AQhoMoWKt_QC8Bz6mzu9mPeJNirZBS1NbrssnOtilpopsEWn-9qS1eZobhfWbgCYJbAiNCIHlIx_PZbESBxCPK4iSR7CwYEM5VRPty3s-gkkjKRF0GV02zAQBFORkEnwuzK6pV2K4xfOuww8dwWlQW_WE5K6wtMat32IQTX2_DZWW6dl374gdtmBq_wugjNyWGC2-cK_LwHUuz79Hr4MKZssGbUx8Gy8nzYjyN0vnL6_gpjXLGkjZKHGHMGioRMiW4tdSBQWkEsMQJwkHmxlmBIHITE6UymluCFDLHpJIK2DC4P9798vV3h02rN3Xnq_6lJoIDj0XMRZ-ix1Tu66bx6PSXL7bG7zUBffCn__zpgz998tdDd0eoQMR_QChFBAX2C7sgbBE</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1650546456</pqid></control><display><type>article</type><title>Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying</title><source>IEEE Xplore</source><creator>Abdou, AbdelRahman ; Matrawy, Ashraf ; van Oorschot, Paul C.</creator><creatorcontrib>Abdou, AbdelRahman ; Matrawy, Ashraf ; van Oorschot, Paul C.</creatorcontrib><description>When employed by online content providers, access-control policies can be evaded whenever clients masquerade behind a middlebox (MB) that meets the policies. An MB, commonly being the gateway of a virtual private network (VPN), typically contacts the content provider on behalf of the clients it colludes with, and relays the provider's outbound traffic to those clients. We propose a solution to hinder MBs from unauthorized relaying of traffic to a large number of clients. To the best of our knowledge, this is the first work to address this problem. Our solution increases the cost of collusion by leveraging client puzzles in a novel way, and uses network properties to help the content provider detect if its outbound traffic is being further relayed beyond a transport-layer connection. Our evaluation shows that the number of colluding clients follows a hyperbolic decay with the rate of creation of puzzles and the time required to solve a puzzle-both factors are influenced by the content provider, but grows almost linearly with the MB's computational resources.</description><identifier>ISSN: 1089-7798</identifier><identifier>EISSN: 1558-2558</identifier><identifier>DOI: 10.1109/LCOMM.2014.2349973</identifier><identifier>CODEN: ICLEF6</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Computer networks ; IP networks ; Middleboxes ; Queueing analysis ; Relays ; Service introduction ; Time measurement ; Virtual private networks</subject><ispartof>IEEE communications letters, 2015-01, Vol.19 (1), p.42-45</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2015</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c339t-9f133da27e0b865dd2f0ae7a6039f61507cafd6e06ca4188b2cd1e20bf3787803</citedby><cites>FETCH-LOGICAL-c339t-9f133da27e0b865dd2f0ae7a6039f61507cafd6e06ca4188b2cd1e20bf3787803</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6881620$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6881620$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Abdou, AbdelRahman</creatorcontrib><creatorcontrib>Matrawy, Ashraf</creatorcontrib><creatorcontrib>van Oorschot, Paul C.</creatorcontrib><title>Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying</title><title>IEEE communications letters</title><addtitle>COML</addtitle><description>When employed by online content providers, access-control policies can be evaded whenever clients masquerade behind a middlebox (MB) that meets the policies. An MB, commonly being the gateway of a virtual private network (VPN), typically contacts the content provider on behalf of the clients it colludes with, and relays the provider's outbound traffic to those clients. We propose a solution to hinder MBs from unauthorized relaying of traffic to a large number of clients. To the best of our knowledge, this is the first work to address this problem. Our solution increases the cost of collusion by leveraging client puzzles in a novel way, and uses network properties to help the content provider detect if its outbound traffic is being further relayed beyond a transport-layer connection. Our evaluation shows that the number of colluding clients follows a hyperbolic decay with the rate of creation of puzzles and the time required to solve a puzzle-both factors are influenced by the content provider, but grows almost linearly with the MB's computational resources.</description><subject>Computer networks</subject><subject>IP networks</subject><subject>Middleboxes</subject><subject>Queueing analysis</subject><subject>Relays</subject><subject>Service introduction</subject><subject>Time measurement</subject><subject>Virtual private networks</subject><issn>1089-7798</issn><issn>1558-2558</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kE1Lw0AQhoMoWKt_QC8Bz6mzu9mPeJNirZBS1NbrssnOtilpopsEWn-9qS1eZobhfWbgCYJbAiNCIHlIx_PZbESBxCPK4iSR7CwYEM5VRPty3s-gkkjKRF0GV02zAQBFORkEnwuzK6pV2K4xfOuww8dwWlQW_WE5K6wtMat32IQTX2_DZWW6dl374gdtmBq_wugjNyWGC2-cK_LwHUuz79Hr4MKZssGbUx8Gy8nzYjyN0vnL6_gpjXLGkjZKHGHMGioRMiW4tdSBQWkEsMQJwkHmxlmBIHITE6UymluCFDLHpJIK2DC4P9798vV3h02rN3Xnq_6lJoIDj0XMRZ-ix1Tu66bx6PSXL7bG7zUBffCn__zpgz998tdDd0eoQMR_QChFBAX2C7sgbBE</recordid><startdate>201501</startdate><enddate>201501</enddate><creator>Abdou, AbdelRahman</creator><creator>Matrawy, Ashraf</creator><creator>van Oorschot, Paul C.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope></search><sort><creationdate>201501</creationdate><title>Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying</title><author>Abdou, AbdelRahman ; Matrawy, Ashraf ; van Oorschot, Paul C.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c339t-9f133da27e0b865dd2f0ae7a6039f61507cafd6e06ca4188b2cd1e20bf3787803</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Computer networks</topic><topic>IP networks</topic><topic>Middleboxes</topic><topic>Queueing analysis</topic><topic>Relays</topic><topic>Service introduction</topic><topic>Time measurement</topic><topic>Virtual private networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Abdou, AbdelRahman</creatorcontrib><creatorcontrib>Matrawy, Ashraf</creatorcontrib><creatorcontrib>van Oorschot, Paul C.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore</collection><collection>CrossRef</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><jtitle>IEEE communications letters</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Abdou, AbdelRahman</au><au>Matrawy, Ashraf</au><au>van Oorschot, Paul C.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying</atitle><jtitle>IEEE communications letters</jtitle><stitle>COML</stitle><date>2015-01</date><risdate>2015</risdate><volume>19</volume><issue>1</issue><spage>42</spage><epage>45</epage><pages>42-45</pages><issn>1089-7798</issn><eissn>1558-2558</eissn><coden>ICLEF6</coden><abstract>When employed by online content providers, access-control policies can be evaded whenever clients masquerade behind a middlebox (MB) that meets the policies. An MB, commonly being the gateway of a virtual private network (VPN), typically contacts the content provider on behalf of the clients it colludes with, and relays the provider's outbound traffic to those clients. We propose a solution to hinder MBs from unauthorized relaying of traffic to a large number of clients. To the best of our knowledge, this is the first work to address this problem. Our solution increases the cost of collusion by leveraging client puzzles in a novel way, and uses network properties to help the content provider detect if its outbound traffic is being further relayed beyond a transport-layer connection. Our evaluation shows that the number of colluding clients follows a hyperbolic decay with the rate of creation of puzzles and the time required to solve a puzzle-both factors are influenced by the content provider, but grows almost linearly with the MB's computational resources.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/LCOMM.2014.2349973</doi><tpages>4</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1089-7798
ispartof IEEE communications letters, 2015-01, Vol.19 (1), p.42-45
issn 1089-7798
1558-2558
language eng
recordid cdi_crossref_primary_10_1109_LCOMM_2014_2349973
source IEEE Xplore
subjects Computer networks
IP networks
Middleboxes
Queueing analysis
Relays
Service introduction
Time measurement
Virtual private networks
title Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-20T13%3A21%3A29IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Taxing%20the%20Queue:%20Hindering%20Middleboxes%20From%20Unauthorized%20Large-Scale%20Traffic%20Relaying&rft.jtitle=IEEE%20communications%20letters&rft.au=Abdou,%20AbdelRahman&rft.date=2015-01&rft.volume=19&rft.issue=1&rft.spage=42&rft.epage=45&rft.pages=42-45&rft.issn=1089-7798&rft.eissn=1558-2558&rft.coden=ICLEF6&rft_id=info:doi/10.1109/LCOMM.2014.2349973&rft_dat=%3Cproquest_RIE%3E3577245131%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1650546456&rft_id=info:pmid/&rft_ieee_id=6881620&rfr_iscdi=true