The official inofficial organization pad for the reading group of the Resilient Networking Lecture (KIT) during winter 24/25.
Every paper-slot can be claimed by one student (every paper is read on Tue once, and on Thu once).
If you don't manage to get access to one of the manuscripts (using google scholar, for instance), you can email the authors or your professor, who has a
pdf of each of the papers (as a last resort)...
Thanks!
Tuesday/Thursday 2PM
Note, that we are finishing on Jan 30, so two weeks before the sessions end right now. My calendar allows to stretch the reading groups in 2025 - if you feel that there are too many papers in too short time we could push RG 4 back by one week and RG 5 by 2. Let me know what you prefer.
Add your names to claim your date and paper below, the assingments to days is as follows:
Tuesday
1) Springer
2) Mathes
3) Junge
4) Dormann
5) Baumgarten
6) Adler
7) Bräunig
8) Jossé
9) Schall
Thursday
1) Castro
2) Wahl
3) Purge
4) Knapp-Holldorf
5) Schupp
6) Caspar
7) B. Engel
8) Nguyen
9) YM Engel
Reading Group 1
a) Herley, Cormac, and Paul C. Van Oorschot. "Sok: Science, security and the elusive goal of security as a scientific pursuit." 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017.
Tuesday Dec 10:
Thursday Dec 12:
b) Albert, Jeong, Barabasi: Error and Attack Tolerance of Complex Networks, Nature
Tuesday: Springer
Thursday: Knapp-Holldorf
RG2
a) Magoni, Damien. "Tearing down the Internet." IEEE Journal on Selected Areas in Communications 21.6 (2003): 949-960
Tuesday Jan 7: Mats Dormann
Thursday Jan 9: Simon Schupp
--> Please note that we're reading the version with 9 pages from ACM CCS, not the 3-page short version!
Tuesday: Schall
Thursday:
RG3
a)
Liu, Daiping, Shuai Hao, and Haining Wang."All your DNS records point to us." Proceedings of the 2016 ACM SIGSAC Conference on Computer and
Communications Security. ACM, 2016.
Tuesday Jan 14: Junge
Thursday Jan 16: Castro
b)
Provable Security for PKI Schemes
Sara Wrótniak (Dept. of Computer Science and Engineering, University of Connecticut, Storrs, CT) Hemi Leibowitz (School of Computer Science, The College of Management Academic Studies Rishon Lezion, Israel) Ewa Syta (Dept. of Computer Science, Trinity College, Hartford, CT) Amir Herzberg (Dept. of Computer Science and Engineering, University of Connecticut, Storrs, CT), CCS 2024
Tuesday:
Thursday:
RG4
a) Rossow, Christian. "Amplification Hell: Revisiting Network Protocols for
DDoS Abuse." NDSS. 2014.
Tuesday Jan 21: Morris Baumgarten-Egemole
Thursday Jan 23:YM Engel
b) Rossow et al. "Identifying the scan and attack infrastructures
behind amplification DDoS attacks." Proceedings of the 2016 ACM SIGSAC
Conference on Computer and Communications Security. ACM, 2016.
Tuesday: Erik Adler
Thursday:
RG5)
a)
Detecting Tunneled Flooding Traffic via Deep Semantic Analysis of Packet Length Patterns
Chuanpu Fu (Tsinghua University)Qi Li (Tsinghua University) Meng Shen (Beijing Institute of echnology) Ke Xu (Tsinghua University), CCS 2024
Tuesday Jan 28:
Thursday Jan 30:
===============================================================
Additional Papers:
a)
CAMP: Compositional Amplification Attacks against DNS
Huayi Duan, Marco Bearzi, Jodok Vieli, David Basin, Adrian Perrig, and Si Liu, ETH Zürich; Bernhard Tellenbach, Armasuisse
Attack Modelling for Information Security and Survivability
Herley, Cormac, and Paul C. Van Oorschot. "Sok: Science, security and the elusive goal of security as a scientific pursuit." 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017.
Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines
James P.G. Sterbenz et al.
Albert, Jeong, Barabasi: Error and Attack Tolerance of Complex Networks, Nature
Magoni, Damien. "Tearing down the Internet." IEEE Journal on Selected Areas in Communications 21.6 (2003): 949-960
--> Please note that we're reading the version with 9 pages from ACM CCS, not the 3-page short version!
Cohen, Reuven, Raziel Hess-Green, and Gabi Nakibly. "Small lies, lots of damage: a partition attack on link-state routing protocols." 2015 IEEE Conference on Communications and Network Security (CNS). IEEE, 2015
Keep Your Friends Close, but Your Routeservers Closer: Insights into RPKI Validation in the Internet
Authors:
Tomas Hlavacek, Fraunhofer Institute for Secure Information Technology SIT and National Research Center for Applied Cybersecurity ATHENE; Haya Shulman and Niklas Vogel, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Goethe-Universität Frankfurt; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Technische Universität Darmstadt
Liu, Daiping, Shuai Hao, and Haining Wang."All your DNS records point to us." Proceedings of the 2016 ACM SIGSAC Conference on Computer and
Communications Security. ACM, 2016.
NRDelegationAttack: Complexity DDoS attack on DNS Recursive Resolvers
Authors:
Yehuda Afek and Anat Bremler-Barr, Tel-Aviv University; Shani Stajnrod, Reichman University
Rossow, Christian. "Amplification Hell: Revisiting Network Protocols for
DDoS Abuse." NDSS. 2014.
Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack
Authors:
Run Guo, Tsinghua University; Jianjun Chen, Tsinghua University and Zhongguancun Laboratory; Yihang Wang and Keran Mu, Tsinghua University; Baojun Liu, Tsinghua University and Zhongguancun Laboratory; Xiang Li, Tsinghua University; Chao Zhang, Tsinghua University and Zhongguancun Laboratory; Haixin Duan, Tsinghua University and Zhongguancun Laboratory and QI-ANXIN Technology Research Institute; Jianping Wu, Tsinghua University and Zhongguancun Laboratory
Rossow et al. "Identifying the scan and attack infrastructures
behind amplification DDoS attacks." Proceedings of the 2016 ACM SIGSAC
Conference on Computer and Communications Security. ACM, 2016.
Glowing in the Dark: Uncovering IPv6 Address Discovery and Scanning Strategies in the Wild
Authors:
Hammas Bin Tanveer, The University of Iowa; Rachee Singh, Microsoft and Cornell University; Paul Pearce, Georgia Tech; Rishab Nithyanand, University of Iowa
How to Count Bots in Longitudinal Datasets of IP Addresses
Leon Böck (Technische Universität Darmstadt), Dave Levin (University of Maryland), Ramakrishna Padmanabhan (CAIDA), Christian Doerr (Hasso Plattner Institute), Max Mühlhäuser (Technical University of Darmstadt)
Preventing SIM Box Fraud Using Device Model Fingerprinting
BeomSeok Oh (KAIST), Junho Ahn (KAIST), Sangwook Bae (KAIST), Mincheol Son (KAIST), Yonghwa Lee (KAIST), Min Suk Kang (KAIST), Yongdae Kim (KAIST)
IMP4GT: IMPersonation Attacks in 4G NeTworks
David Rupprecht (Ruhr University Bochum), Katharina Kohls (Ruhr University Bochum), Thorsten Holz (Ruhr University Bochum), Christina Poepper (NYU Abu Dhabi), NDSS 2020
Detecting Tunneled Flooding Traffic via Deep Semantic Analysis of Packet Length Patterns
Chuanpu Fu (Tsinghua University)Qi Li (Tsinghua University) Meng Shen (Beijing Institute of echnology) Ke Xu (Tsinghua University), CCS 2024
Provable Security for PKI Schemes
Sara Wrótniak (Dept. of Computer Science and Engineering, University of Connecticut, Storrs, CT) Hemi Leibowitz (School of Computer Science, The College of Management Academic Studies Rishon Lezion, Israel) Ewa Syta (Dept. of Computer Science, Trinity College, Hartford, CT) Amir Herzberg (Dept. of Computer Science and Engineering, University of Connecticut, Storrs, CT), CCS 2024
Dietzel, C., Feldmann, A., & King, T. (2016, March). Blackholing at ixps: On the effectiveness of ddos mitigation in the wild. In International Conference on Passive and Active Network Measurement (pp. 319-332). Springer, Cham.
Keyu Man et al., "DNS Cache Poisoning Attack Reloaded: Revolutions With Side Channels" Proceedings of ACM CCS, 2020
The Maginot Line: Attacking the Boundary of DNS Caching Protection
Authors:
Xiang Li, Chaoyi Lu, and Baojun Liu, Tsinghua University; Qifan Zhang and Zhou Li, University of California, Irvine; Haixin Duan, Tsinghua University, QI-ANXIN Technology Research Institute, and Zhongguancun Laboratory; Qi Li, Tsinghua University and Zhongguancun Laboratory
Fourteen Years in the Life: A Root Server’s Perspective on DNS Resolver Security
Authors:
Alden Hilton, Sandia National Laboratories; Casey Deccio, Brigham Young University; Jacob Davis, Sandia National Laboratories
NRDelegationAttack: Complexity DDoS attack on DNS Recursive Resolvers
Authors:
Yehuda Afek and Anat Bremler-Barr, Tel-Aviv University; Shani Stajnrod, Reichman University
Keep Your Friends Close, but Your Routeservers Closer: Insights into RPKI Validation in the Internet
Authors:
Tomas Hlavacek, Fraunhofer Institute for Secure Information Technology SIT and National Research Center for Applied Cybersecurity ATHENE; Haya Shulman and Niklas Vogel, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Goethe-Universität Frankfurt; Michael Waidner, Fraunhofer Institute for Secure Information Technology SIT, National Research Center for Applied Cybersecurity ATHENE, and Technische Universität Darmstadt
Access Denied: Assessing Physical Risks to Internet Access Networks
Authors:
Alexander Marder, CAIDA / UC San Diego; Zesen Zhang, UC San Diego; Ricky Mok and Ramakrishna Padmanabhan, CAIDA / UC San Diego; Bradley Huffaker, CAIDA/ UC San Diego; Matthew Luckie, University of Waikato; Alberto Dainotti, Georgia Tech; kc claffy, CAIDA/ UC San Diego; Alex C. Snoeren and Aaron Schulman, UC San Diego
Flexsealing BGP Against Route Leaks: Peerlock Active Measurement and Analysis
Tyler McDaniel (University of Tennessee, Knoxville), Jared M. Smith (University of Tennessee, Knoxville), Max Schuchard (University of Tennessee, Knoxville), NDSS
Q. Zhang, J.H. Cho, T. J. Moore, and F. F. Nelson, ``DREVAN: Deep Reinforcement Learning-based Vulnerability-Aware Network Adaptations for Resilient Networks,'' The 2021 IEEE Conference on Communications and Network Security (CNS 2021), 17 June 2021.
Threat modeling – A systematic literature review
a) ROV++: Improved Deployable Defense against BGP Hijacking
Reynaldo Morillo (University of Connecticut), Justin Furuness (University of Connecticut), Cameron Morris (University of Connecticut), James Breslin (University of Connecticut), Amir Herzberg (University of Connecticut), Bing Wang (University of Connecticut), NDSS
b) Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning through Real-World Measurements
Jared M. Smith (University of Tennessee, Knoxville), Kyle Birkeland (University of Tennessee, Knoxville), Tyler McDaniel (University of Tennessee, Knoxville), Max Schuchard (University of Tennessee, Knoxville), NDSS 2020
SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes
Sophia Yoo, Xiaoqi Chen, and Jennifer Rexford, Princeton University
CAMP: Compositional Amplification Attacks against DNS
Huayi Duan, Marco Bearzi, Jodok Vieli, David Basin, Adrian Perrig, and Si Liu, ETH Zürich; Bernhard Tellenbach, Armasuisse
A System to Detect Forged-Origin BGP Hijacks
Thomas Holterbach and Thomas Alfroy, University of Strasbourg; Amreesh Phokeer, Internet Society; Alberto Dainotti, Georgia Tech; Cristel Pelsser, UCLouvain
NDSS 2024
Herwig, Stephen, et al. "Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet."
Smith, Jared M., and Max Schuchard. "Routing around congestion:
Defeating DDoS attacks and adverse network conditions via reactive BGP
routing." 2018 IEEE Symposium on Security and Privacy (SP). IEEE,
2018.
Jonker, Mattijs, et al. "A First Joint Look at DoS Attacks and BGP Blackholing in the Wild."
Proceedings of the Internet Measurement Conference 2018. ACM, 2018.
Meza, Justin, et al. "A large scale study of data center network reliability." Proceedings of the Internet Measurement Conference.ACM, 2018.
DISCO: Sidestepping RPKI's Deployment Barriers
Tomas Hlavacek (Fraunhofer SIT), Italo Cunha (Universidade Federal de Minas Gerais), Yossi Gilad (Hebrew University of Jerusalem), Amir Herzberg (University of Connecticut), Ethan Katz-Bassett (Columbia University), Michael Schapira (Hebrew University of Jerusalem), Haya Shulman (Fraunhofer SIT), NDSS
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches
Menghao Zhang (Tsinghua University), Guanyu Li (Tsinghua University), Shicheng Wang (Tsinghua University), Chang Liu (Tsinghua University), Ang Chen (Rice University), Hongxin Hu (Clemson University), Guofei Gu (Texas A&M University), Qi Li (Tsinghua University), Mingwei Xu (Tsinghua University), Jianping Wu (Tsinghua University), NDSS
maTLS: How to Make TLS middlebox-aware?
Hyunwoo Lee (Seoul National University), Zach Smith (University of Luxembourg), Junghwan Lim (Seoul National University), Gyeongjae Choi (Seoul National University), Selin Chun (Seoul National University), Taejoong Chung (Rochester Institute of Technology), Ted "Taekyoung" Kwon (Seoul National University), NDSS 2021
CDN Judo: Breaking the CDN DoS Protection with Itself
Run Guo, Weizhong Li, Baojun Liu, Shuang Hao, Jia Zhang, Haixin Duan, Kaiwen Sheng, Jianjun Chen, Ying Liu, NDSS 2020