PhD student in Information Assurance at Northeastern University, Boston.
Computer Science Research in Systems Security • Network Security • Underground Economies.
File Sharing/One-Click Hosting
"Illegal file sharing" or "piracy", also known as copyright infringement, is a common activity on the Internet. Copyright infringement can be observed on nearly every online content distribution platform. As web-based file hosting services, One-Click Hosters (OCHs) are one such platform. While most of them claim to take down infringing files when they receive complaints, several operate controversial affiliate programmes that financially reward the uploaders of popular (and frequently infringing) files. Recent public debate about file sharing-related issues, including the SOPA law proposal in the U.S., and the lack of reliable data make illegal uses of OCHs an interesting area of research.
Specifically, we addressed the issue of how effective current anti-piracy measures are when looking at the global availability of infringing content. Furthermore, we estimated how much money uploaders of infringing content can earn from the OCHs' affiliate programmes.
Our findings provide insights into a partially obscure ecosystem that is difficult to characterise as a whole. More generally, our results illustrate once again that copyright infringement is unlikely to disappear as an issue on the Internet. They may help inform future strategies in this area.
Privacy & Security of Content-Centric Networking
Many researchers recognise that the design of the Internet is not optimal when considering that its current use is very different from when the Internet was originally designed. In fact, most communication today is not any more about connecting to a specific machine, but about retrieving information, or content. Content-Centric Networking (CCN) is one of several next-generation Internet architectures that have been proposed to address these issues.
A new design also introduces new attack surfaces. We provided an overview of potential attacks against CCN, focussed on algorithms to extract private information from shared caches in the network, and discussed several high-level solution approaches for this attack.
CCN-style networks are still experimental and not yet deployed for end users. Our early research represents an opportunity to devise remedies for these issues during the design phase.
Automated Social Engineering
Social engineering is a way of compromising certain security properties by attacking not a technical system, but its human users. A typical example is to ask users for their password rather than trying to guess it. It is an open question if, and to what extent, social engineering attacks can be automated.
Our contribution in this domain is a first evaluation of simple automated social engineering attacks. We showed how to bootstrap conversations between human users in Internet chat, and how to modify the messages exchanged in these conversations in order to make users keep talking, click on links, and answer quiz questions.
Automated social engineering attacks may not pose an immediate threat at the moment, but our research has shown that they are conceivable. Attackers might start using them when the cost-benefit ratio becomes more favourable.
Peer-to-Peer Networks/Distributed Hash Tables
A peer-to-peer (P2P) network is a group of communicating participants that is often characterised by the absence of a central authority. A P2P network can run a Distributed Hash Table (DHT) as a service that permits efficient storage and lookup of key-value pairs of data. A common performance issue in P2P networks is that there is a potential mismatch between a participant's logical location in the P2P network and its physical location in the communication network, which can lead to unnecessarily long message routing delays.
In our research, we proposed an enhanced routing algorithm for the Kademlia DHT that can take into account the physical location (or other metrics) of a participant whenever it is an equivalent choice from a logical point of view.
Our enhanced routing algorithm can improve data lookup times when compared to plain Kademlia. It could even be used to preferrably route messages to participants with a higher trustworthiness.
Publications & Talks
|Michael Weissbacher, Tobias Lauinger, and William Robertson: Why is CSP Failing? Trends and Challenges in CSP Adoption. Presented at the 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2014) in Gothenburg, Sweden on 19 September 2014. Published in Angelos Stavrou, Herbert Bos, and Georgios Portokalidis (eds.): Research in Attacks, Intrusions and Defenses, Lecture Notes in Computer Science (LNCS), vol. 8688, p. 212-233, Springer-Verlag Berlin Heidelberg, Germany, 2014.
Content Security Policy can serve as a second line of defence against certain web-based attacks such as cross-site scripting. In this paper, we surveyed the web ecosystem and found that only very few web sites used CSP effectively. We investigated potential automated approaches to generate policies for web sites without the need to make any changes to the sites. Different architectural choices can make it easy or difficult to automatically generate policies. Existing third-party libraries and common programming idioms limit the effectiveness of CSP. Browsers that enforce CSP for modifications made by browser extensions further complicate CSP deployments in practice.
|Tobias Lauinger, Kaan Onarlioglu, Abdelberi Chaabane, Engin Kirda, William Robertson, and Mohamed Ali Kaafar: Holiday Pictures or Blockbuster Movies? Insights into Copyright Infringement in User Uploads to One-Click File Hosters. Presented at the 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2013) in Rodney Bay, St. Lucia on 25 October 2013. Published in Salvatore Stolfo, Angelos Stavrou, and Charles Wright (eds.): Research in Attacks, Intrusions and Defenses, Lecture Notes in Computer Science (LNCS), vol. 8145, p. 369-389, Springer-Verlag Berlin Heidelberg, Germany, 2013.
Anecdotal evidence (and a glance at file sharing sites) suggest that many files uploaded to One-Click Hosters (OCHs) infringe copyright. OCHs have legitimate use cases, too, and it is unclear whether legitimate or infringing uploads prevail. To answer this question, we extracted the names of all files uploaded to several large OCHs during two days in 2011. For privacy reasons, we manually classified the file names but did not download or open any files. The results were surprisingly diverse among the OCHs. We found significant evidence for both legitimate and infringing uses, but we weren't able to classify a non-negligible portion of the file names. They can be ambiguous and don't always reflect the content of a file, so our results are only a rough estimate that is to be taken with a grain of salt.
|Tobias Lauinger, Martin Szydlowski, Kaan Onarlioglu, Gilbert Wondracek, Engin Kirda, and Christopher Kruegel: Clickonomics: Determining the Effect of Anti-Piracy Measures for One-Click Hosting. Presented at the 20th Annual Network and Distributed System Security Symposium (NDSS 2013) in San Diego, CA on 26 February 2013.
Investigates the effectiveness of current and proposed anti-"piracy" measures in the One-Click Hosting (OCH) ecosystem. Shows that despite takedown efforts targeting files or even entire hosting services such as Megaupload, infringing content remains available for rather long time periods. Measures included in the SOPA law proposal, for instance, can either be circumvented by users, or they target the "wrong" actors of the ecosystem. However, there is first evidence that some measures force hosting services to increase their own anti-abuse efforts. While this may lead to reduced availability of infringing content, it is unlikely that these developments will solve the issue of copyright infringement on the Internet.
|Tobias Lauinger: Cache-Induced Privacy Risks in Named Data Networking: What is the Cost of Performance? Invited panel talk at the 26th IEEE Annual Computer Communications Workshop (CCW 2012) in Sedona, AZ on 8 November 2012.
Talk outlining the cache privacy attack in Content-Centric Networking and the main arguments for countermeasures from the editorial note.
|Tobias Lauinger, Nikolaos Laoutaris, Pablo Rodriguez, Thorsten Strufe, Ernst Biersack, and Engin Kirda: Privacy Risks in Named Data Networking: What is the Cost of Performance? Editorial note published in Srinivasan Keshav (editor): ACM SIGCOMM Computer Communication Review, 42(5), p. 54-57, ACM New York, NY, USA, October 2012.
Discusses at a high level several solution approaches to defend against the cache privacy attack in Content-Centric Networking (CCN), which is described in the technical report and the Master's thesis. Advocates the timely implementation of countermeasures so that users are not exposed to privacy risks, and that privacy-conscious users don't resort to generalised tunnelling of their traffic as a countermeasure. The latter would disable caching in the access network and could lead to degraded overall network performance.
|Tobias Lauinger, Nikolaos Laoutaris, Pablo Rodriguez, Thorsten Strufe, Ernst Biersack and Engin Kirda: Privacy Implications of Ubiquitous Caching in Named Data Networking Architectures. Technical report TR-iSecLab-0812-001, August 2012.
Provides attack algorithms that exploit ubiquitous network-level caches in the Content-Centric Networking (CCN) architecture to compromise the privacy of users without requiring any special privileges for the attacker. The algorithms are given for a variety of assumptions regarding protocol features (such as the presence of a hop count field) and replacement policies. The attack allows arbitrary users of a cache to collect information about the network traffic of their neighbours. Extended and updated version of the cache privacy attack first described in the Master's thesis.
|Tobias Lauinger, Engin Kirda, and Pietro Michiardi: Paying for Piracy? An Analysis of One-Click Hosters' Controversial Reward Schemes. Presented at the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012) in Amsterdam, The Netherlands on 13 September 2012. Published in Davide Balzarotti, Salvatore Stolfo, and Marco Cova (eds.): Research in Attacks, Intrusions and Defenses, Lecture Notes in Computer Science (LNCS), vol. 7462, p. 169-189, Springer-Verlag Berlin Heidelberg, Germany, 2012.
Many One-Click Hosters (OCHs) used to operate affiliate programmes that financially rewarded uploaders of popular files. These programmes were controversial for allegedly encouraging copyright infringement. We anaysed publicly observable pay-per-download income on three web sites where uploaders could publish their download links. The inferred income could be quite high in a few cases, but most uploaders earned next to nothing. Since users uploaded a lot of unpopular content and most content was also uploaded by users with low income, we conclude that the affiliate programmes don't appear to be a major driver for copyright infringement, at least on the three observed sites.
|Tobias Lauinger: Security & Scalability of Content-Centric Networking. Master's thesis, submitted to Technische Universität Darmstadt, Darmstadt, Germany and Eurécom, Sophia-Antipolis, France in September 2010. Advisors: Ernst Biersack (Eurécom), Nikolaos Laoutaris (Telefónica), Pablo Rodriguez (Telefónica), and Thorsten Strufe (TU Darmstadt).
Content-Centric Networking (CCN) is a proposal for a new Internet architecture based on content names instead of location identifiers as it is the case today. While CCN claims to solve several security issues in the current Internet, it also introduces a potential for new attacks. This thesis gives an overview of several denial-of-service and privacy attacks against CCN. It then analyses in detail an attack that compromises the privacy of users by exploiting information stored in network-level caches. The thesis led to the publication of a more detailed technical report and a more general editorial note covering this attack.
|Tobias Lauinger, Veikko Pankakoski, Davide Balzarotti, and Engin Kirda: Honeybot: Your Man in the Middle for Automated Social Engineering. Presented at the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2010) in San Jose, CA on 27 April 2010.
Experiment carried out in IRC channels to measure how users react to different kinds of chat spam, and how conversations can be influenced in an automated way. Set up conversations by contacting two users with private messages and relaying these messages between the users in a man-in-the-middle fashion. Showed that this technique can result in surprisingly high click rates. Such attacks are difficult to detect and give the attacker full control over the conversation. Countermeasures are challenging in settings such as online chat when there is no previously established trust relationship between two users.
|Sebastian Kaune, Tobias Lauinger, Aleksandra Kovacevic, and Konstantin Pussep: Embracing the Peer Next Door: Proximity in Kademlia. Presented at the 8th International Conference on Peer-to-Peer Computing (P2P 2008) in Aachen, Germany on 11 September 2008. Published in Klaus Wehrle, Wolfgang Kellerer, Sandeep K. Singhal, and Ralf Steinmetz (eds.): Proceedings of the International Conference on Peer-to-Peer Computing 2008, p. 343-350, IEEE Computer Society, Los Alamitos, CA, USA, 2008.
Introduces a way of optimising overlay routing in the Kademlia Distributed Hash Table (DHT) according to a distance metric in the underlay network (such as point-to-point latencies in the Internet). Can significantly reduce the delay of searches in the DHT, provided that the typical network transmission delays between peers are larger than non-optimisable delay components such as queueing delays in home modems (that is, modem buffers should be small, or empty). Analogous to "peer locality" efforts aiming to transfer large content objects preferably between nearby peers, but operating at the DHT level. Could be useful in a context where near real-time searches are necessary.
|Tobias Lauinger: HKademlia: Routing in a Virtual Hierarchy. Bachelor's thesis, submitted to Technische Universität Darmstadt, Darmstadt, Germany, in September 2007. Advisor: Ralf Steinmetz, tutor: Sebastian Kaune.
Proposes to optimise overlay routing in the Kademlia Distributed Hash Table (DHT) by organising peers in clusters of a "virtual hierarchy" and by selecting paths from within a peer's own cluster for as long as possible. In contrast to prior work, designed to work with iterative routing algorithms (such as in Kademlia), and with less strict requirements than in a real hierarchical DHT. As follow-up work with the tutor of my thesis, the routing algorithms were abstracted to function with arbitrary underlay metrics, and the results were published as a paper at P2P'08.
|Since May 2011||PhD student in Information Assurance at Northeastern University, Boston, Massachusetts (USA). Advisor: Engin Kirda|
|Jun 2013 — Aug 2013||Intern at Square, San Francisco, California (USA)|
|Nov 2010 — Apr 2011||Scientific visitor and research engineer at Eurécom, Sophia-Antipolis (France). Supervisors: Engin Kirda and Davide Balzarotti|
|September 2010||Master of Science (Computer Science), Technische Universität Darmstadt, Darmstadt (Germany)
Diplôme d'Ingénieur, Télécom ParisTech, Paris (France)
Attestation de formation (cursus d'ingénieur en Systèmes de Communication), Eurécom, Sophia-Antipolis (France)
Advisors of the Master's thesis/stage d'ingénieur: Ernst Biersack, Thorsten Strufe
|Mar 2010 — Sep 2010||Research intern at Telefónica Investigación y Desarrollo, Barcelona (Spain). Supervisors: Nikolaos Laoutaris, Pablo Rodriguez|
|December 2007||Bachelor of Science (Computer Science), Technische Universität Darmstadt, Darmstadt (Germany). Advisor of the Bachelor's thesis: Ralf Steinmetz, tutor: Sebastian Kaune|
|June 2003||Abitur, Gymnasium Michelstadt, Odenwald (Germany)|
The copyright of some of the referenced papers may be held by ACM, IEEE, ISOC, Springer, USENIX, and others. The papers hosted on this web site correspond to the authors' version. The right to distribute or repost these files beyond this web site may be restricted by the copyright release agreements that we were required to sign with the publishers. You can obtain the original works directly from the publishers as linked above.