Software Produced from Research
for providing users with transparency and control over the network
traffic generated by their mobile devices.
systems are closed, locked-down systems that provide users and
reseachers with little visibility into how devices and apps use the
mobile network, and almost no control over the network traffic they
generate. Meddle seeks to address this by using VPNs to tunnel all
mobile network traffic to a server where we can use software middlebox
techniques to filter, modify and/or block it. This allows users to
regain control over network traffic and provides researchers visiblity
into performance, privacy and reliablity issues in mobile networks.
See also, Differentiation Detector.
System for measuring Internet performance from mobile devices.
Mobilyzer is an open source library for measuring network performance on mobile platforms. You can measure your network's throughput and latency, as well as other useful network metrics. Mobilyzer also supports background measurements, server-scheduled measurements, and push-based measurements.
The data is collected either anonymously or from your selected account, which allows you to see your own data. The user credentials collected are not shared outside of this site, and any data used in research projects in universities are anonymized before use.
Practical, anonymous voice over IP (VOIP).
In the face of strong adversaries with widespread surveillance,
existing privacy tools fail to provide the required anonymity
or performance for interactive communication (e.g., VoIP). In this
work, we are building a VoIP system that resists traffic analysis
under a strong adversarial model, without sacrificing performance.
We will be releasing the tool, along with source code, shortly.
- SSL/PKI Security
Understanding the security of the currently deployed public key infrastructure.
Central to the secure operation of a public key infrastructure
(PKI) is the ability to revoke certificates. While much
of users’ security rests on this process taking place quickly,
in practice, revocation typically requires a human to decide
to reissue a new certificate and revoke the old one. Thus,
having a proper understanding of how often systems administrators
reissue and revoke certificates is crucial to understanding
the integrity of a PKI. We are currently investigating how
certificates are revoked, how these revocations are enforced by
client software (browsers), what are the security implications of
existing practices, and how we can improve the state of the art.
Firefox that reveals Web login safety before you submit your
Piigeon is a Firefox extension that records whether websites
protect your username and password when you sign in. For most sites,
the cursor will change, telling you whether your login is encrypted or
if it could instead be intercepted. Over time a report of your
password safety is created.
Created by Xiao (Sophia) Wang.
Plugin for the Vuze (Azureus) BitTorrent client that provides
downloading privacy through plausible deniability.
goal of this plugin is to make it harder for an attacker to figure out
your downloading habits in BitTorrent. One of the reasons BitTorrent
works so well is that it lets you download from large numbers of
connections -- but these same connections offer multiple of
opportunities for eavesdropping. Our recent study of the BitTorrent
network shows that user connection patterns reveal strong communities
that enable a guilt-by-association attack, where an entire community
of users can be classified by monitoring one of its members. With P2P
networks increasingly under surveillance from private and government
organizations, SwarmScreen provides a practical and effective solution
to disrupt these attacks. SwarmScreen protects you by hiding your real
BitTorrent traffic in a sea of connections to randomly selected
torrents. So that you don't look suspicious, SwarmScreen carefully
adjusts random connections to appear the same as your real ones.
Plugin for the Vuze (Azureus) BitTorrent client that reliably
finds problems in the network and raises alerts about them.
The NEWS (Network Early Warning System) plugin does this by passively
monitoring your BitTorrent performance and checking for changes that
might indicate problems with the network. Because a network problem
can be anywhere, including your local network, NEWS uses corroboration
from multiple users running in the same area (e.g., ISP or country).
If enough people see the same problem in the same area, an alarm is
raised. The main benefit of our solution is that it uses a
common-sense approach of monitoring the natural traffic generated by
your BitTorrent client, making detection of anomalies extremely