Service Privacy Research Articles

Practical and lightweight defense against website fingerprinting

Website fingerprinting is a passive network traffic analysis technique that enables an adversary to identify the website visited by a user despite encryption and the use of privacy services such as Tor. Several website fingerprinting defenses built on top of Tor have been proposed to guarantee a user’s privacy by concealing trace features that are important to classification. However, some of the best defenses incur a high bandwidth and/or latency overhead. To combat this, new defenses have sought to be both lightweight—i.e., introduce a small amount of bandwidth overhead—and zero-delay to real network traffic. This work introduces a novel zero-delay and lightweight website fingerprinting defense, called BRO, which conceals the feature-rich beginning of a trace while still enabling the obfuscation of features deeper into the trace without spreading the padding budget thin. BRO schedules padding with a randomized beta distribution that can skew to both the extreme left and right, keeping the applied padding clustered to a finite portion of a trace. This work specifically targets deep learning attacks, which continue to be among the most accurate website fingerprinting attacks. Results show that BRO outperforms other well-known website fingerprinting defenses, such as FRONT, with similar bandwidth overhead.

Fifth generation core: the performance enhancement of virtual private server and bare metal

The fifth generation (5G) architecture represents the most recent advancement in mobile networks and is presently operational in various global places. Several new use cases and applications have been introduced, with a specific focus on improving throughput, reducing latency, minimising packet loss, optimising CPU usage, and maximising memory utilisation. In order to effectively address each scenario, it is necessary to integrate the most advanced technology, putting in significant effort to optimise resources and ensure system adaptability. This strategy will establish an architecture capable of accommodating many scenarios of a shared physical infrastructure by using techniques such as virtualization and cloud-based service deployment. Therefore, in this study, a test was carried out related to the performance of the 5G core network (CN) on bare metal servers and virtual private servers (VPSs). The quality of service (QoS) using Wireshark and Iperf3 is tested by utilizing ‘cpustat’ and free tools. The results of performance comparisons of these two methods on the 5G CN shows throughput values of ≥10 Gbps ≤20 Gbps, latency values of ≤4 ms, and packet loss values of 0%, in accordance with IMT 2020 standards. Thus, the ideal 5G CN services can be realized.

Addressing DNS Propagation Challenges with Repurposed STBs, ZeroTier Networking, and Indonesian ISP Integration

PT Transformasi Data Digital (HostData) operates as a web hosting and domain service provider in Indonesia, facing recurring challenges related to DNS propagation. Clients often encounter issues accessing their newly acquired domains or updated DNS records due to a lack of understanding of the propagation process. In response, HostData has developed a DNS Propagation checking system to streamline verification for clients and its support team. This system allows clients to monitor DNS propagation independently, acknowledging variations based on their Internet Service Provider (ISP). Leveraging six local ISPs—Telkomsel, Indosat, XL, Three, Smartfren, and Indihome—the system utilizes repurposed Set Top Boxes (STBs) as mini servers for real-time DNS value verification. These STBs connect via Zerotier to a Virtual Private Server (VPS) with a public IP address, serving as the central control unit. This innovative solution enables clients to confirm domain resolution and serves as an educational tool, offering insights into DNS propagation mechanics.

Implementasi Single Sign-On Menggunakan Protokol Openid Connect (OIDC) Pada Virtual Private Server (VPS)

Single Sign-On (SSO) is an authentication method that allows users to access multiple website services using one account and one login process. OpenID Connect (OIDC) is a protocol based on OAuth 2.0 and provides user identity information through JWT (JSON Web Token) tokens. Virtual Private Server (VPS) is a service that can be configured according to user needs. Internet users have many accounts needed to access various online services such as email, social media, online shopping, and many more. Each online service usually has a different username and password. Users often find it difficult to remember each password needed. In addition, using the same password on each online service is also not recommended because it can increase security risks. Based on this problem, an SSO system is needed that is useful for helping users in logging in. The SSO system will be tested with two Dummy Students and Dummy Elearning clients using Black Box Testing with the Equivalence Partitioning technique. From the test results, it was obtained that the SSO system showed that 83% of the test scenarios were successfully carried out

Development of Smart Servers for Informatics Education Program Using NDLC Method

The development of processor technology, especially Multicore Processors, has had a significant impact in various fields, including the field of higher education, one of which is the need for Virtual Private Servers for information management and their potential as a storage space for web development products. This research aims to create a Virtual Private Server in the Informatics Education program at the Faculty of Mathematics and Natural Sciences of Hamzanwadi University. It uses the Research & Development (R&D) method with the Network Development Life Cycle (NDLC) approach, involving six stages: Analysis, Design, Prototype Simulation, Implementation, Monitoring, and Management. Data were obtained through interviews and questionnaires, then analyzed descriptively qualitatively. The research resulted in a Virtual Private Server using Proxmox VE 7.4, Ubuntu 18.04.5 operating system, remote access via OpenSSH-Server, Control Panel AAPanel 6.8.30, Nginx 1.21.4 web server, MySQL 5.7.34 database management system, PHP 7.4, PhpMyAdmin 5.0 for web access to the database, and PureFTPd 1.1.49 as the FTP Server. Expert evaluations in the field of IT yielded a rating of 83% with the category "Highly Suitable," indicating that the Virtual Private Server product is suitable for use as a storage facility for web-based development products in the Informatics Education program at the Faculty of Mathematics and Natural Sciences, Hamzanwadi University

Server Redundancy: Performa Jaringan Mengunakan DNS Failover MikroTik pada Kasus Private Server dan Public Server

The digitization of user services has increased, in line with the need for VPS and cloud computing services, which are rampant among application and platform developers. Quite a few companies that create applications or application users have servers to handle user needs. Testing is carried out using the ICMP Protocol to get real-time results and can be measured. From Scenario 1, carrying out 20 test requests, we get a packet loss of 5% with RTT Avarage of 195,838ms and Mdev 4,103ms. If you apply DNS failover in scenario 2, the client will likely access the web a little slower, as evidenced by the packet loss being 25% greater in value. Compared to scenario 1, having a high standard deviation (Mdev) of round-trip times is not desirable. This variation is also known as jitter. Increased jitter can cause a bad user experience, especially in real-time audio and video streaming applications. However, this is still understandable because it only has a 1-5 second effect on the service. Next, in scenario 3, we can see that private and public servers have relatively high gab with 0% packet loss, which has a small Mdev value of 0.309ms. Therefore, the DNS failover method is a solution for network administrators who have problems related to server migration between public servers and private servers so that services can run even if a server is maintaining or downlinking.

The Design of a Location Monitoring System for a Fleet of Electric Scooters

The development of geolocation systems( geostationary satellite networks), as well as devices capable of receiving signals and processing the data coming from them, makes possible the implementation of location monitoring systems for various purposes. Whether it's about security or optimizing travel times or routes, these systems are based on information in the form of global coordinates (latitude and longitude) from satellite systems or cell towers. The design of such a system is presented in this paper, being a good guide in the design and implementation of such a system, regardless of the application. Both, the hardware part (the designed equipment) and the software part (the backend component running on a virtual private server, as well as a mobile application) are presented in this paper. In the development of the system, was used only location provided by information from satellites, without using GSM cell signals. The entire system has been successfully tested in different GSM signal conditions as well as various locations to see the influence of environmental parameters on performance. The system described in the paper can be the starting point for the development of other systems for a variety of applications that require the management of the location of some devices.

Artificial Identification: A Novel Privacy Framework for Federated Learning Based on Blockchain

To provide off-chain federations with complete privacy services to realize on-chain federated learning (FL), this article proposes a novel privacy framework for FL based on blockchain and smart contracts, named Artificial Identification. It consists of two modules: private peer-to-peer identification and private FL, using two scalable smart contracts to manage the identification and learning process, respectively. Based on Ethereum and interplenary file systems (IPFS), we implement our framework and comprehensively analyze its performance. Experiments show that the proposed framework has acceptable collaboration costs and offers advantages in terms of privacy, security, and decentralization. Furthermore, combined with radio frequency identification (RFID) technology, the framework has the potential to realize automatic on-chain identification and autonomous FL of machine clusters composed of Internet of Things (IoT) devices or distributed participants.

Security Issues And Challenges In Cloud Computing

Data is a very essential source for all organizations in today’s world. In the past years data was stored in a sever which was physically placed inside the organizations. As the amount of data is been increasing, it is a great challenge for the Database Administrator to manage the database. The entire data was in the control of the Database Administrator. To overcome this challenge arose the concept of Cloud computing. It is a technique that describes software and services that run through the internet rather than private servers and hard drives. In cloud computing the consumers does not own the infrastructure needed to support the programs or any applications they use. The data is owned by a third party and the end users pay for the services provided to them. This paper discusses about the basics of cloud computing management and its types. Cloud provides various advantages to its users and at the same time the major concern is towards the security of data. The data is stored in the cloud and it can be accessed through internet only. Internet is playing a major role in everyone’s life. The world has become too small and it is placed in the palm of a human. This is because of the technology that is ruling the world. To secure the data in cloud is a major and the most important task that should be looked into. This paper focusses mainly the security issues and challenges in cloud.

The Proposed Framework for Cloud Computing System Security and Privacy Services

Public cloud computing has emerged as a popular and efficient solution for organizations to store, process, and access their data and applications. However, with the increasing adoption of public cloud services, concerns regarding security have become a critical factor in decision-making processes. This study aims to investigate the security aspects of public cloud computing and identify potential vulnerabilities and threats that organizations may face. The aim of this study is to examine the challenges associated with cloud computing and its security concerns. Cloud computing is a technology that utilizes the internet to share data and resources. It is characterized by five key features: On-Demand self-service, Resource Pooling, Broad network access, Rapid elasticity, and Measured Service. However, despite these benefits, cloud computing has several open issues, including Security, Availability, Scalability, and Interoperability. Traditional security techniques are insufficient in fully securing cloud computing. Security and privacy issues often arise during cloud deployment and delivery models. As a result, researchers are interested in learning more about cloud computing security and its methods. Industries are creating architectural models with a high level of protection for their data center to solve current security challenges. This article examines the security of cloud deployment strategies and analyzes cloud security and privacy challenges. The cloud computing service models are also discussed, along with any security issues. The study emphasizes the significance of Audit as a key factor in offering a security solution that covers all relevant security characteristics as determined by the literature. The study's conclusions present a fresh challenge to cloud service providers and suggest a new security paradigm that explains customer security needs. Overall, this study offers a parameter-by-parameter assessment of available security solutions and makes recommendations for enhancements to address cloud security issues.

Implementation of Dynamic Virtual Cloud Architecture for Privacy Data Storage

Nowadays rapidly developing technologies, cloud computing offers versatile services. However, cloud computing presents a challenge to secure information sharing. Customers can securely share their data with others and remotely store it in the cloud using cloud storage services. In recent times, cloud storage typically represents as the primary method of external data storage. The primary challenge is safeguarding the cloud-based data against attacks. Over the information network, the growth of private or semi-private information has increased. The search techniques have not been addressed by privacy safeguards. As there is no suitable audit system, the validity of the stored data has become in question. In addition, user authentication presents additional difficulties. Hence in order to solve these issues, Design and implementation of dynamic virtual cloud architecture for privacy data storage is presented. In this approach, third-party audits are presented accompanied a new, regenerative public audit methodology. A distributed KDC (Key Distribution Center) is employed to encrypt the data. Documents can be stored on a private server in plain word form, which compromise the protection of privacy. As a result, system security can be improved to make the documents safer and more effective. The main objective of this Virtual Cloud Architecture is to achieve data confidentiality, as well as authenticity.

CNN based Blockchain Information Protection Model for Emerging Cloud Applications

In the age of mobile internet, the amount of data is growing, and ability to process service data is always getting better. So, protecting data privacy and making sure the service environment is trustworthy have become very important. This paper looks at a trusted privacy service computing model for common uses of convolutional neural networks. The goal is to find data and model calculation methods that support homomorphic encryption to protect data privacy. Build a service process certificate and a method for distributing calculation rights based on blockchain and new contract technology to make sure that service calculations are open, trustworthy, and easy to track. Explore how the new cloud environment resource data service model helps resource providers, model owners, and users work together to make the most of their resources and grow the sharing economy. Lastly, experiments are done to figure out how the model protects privacy.

Sistem Pendukung Keputusan Pemilihan Virtual Private Server (VPS) Menggunakan Metode MOORA

Virtual Private Server (VPS) is a hosting solution where one physical server is divided into several isolated virtual servers. Each virtual server operates independently with the resources assigned to it. VPS uses virtualization technology that allows multiple virtual servers to run on one physical server. The main advantage of VPS is the ability to have complete control over the server without the need to manage complex physical infrastructure. In addition, VPS also offers a higher level of privacy and security compared to share hosting. However, in choosing a VPS, several problems can arise. Too few resources can hurt website or application performance, while too many resources can result in waste and unnecessary costs. Also, issues such as downtime, poor connection speed, or server constraints can cause disruption to the hosted website or application. To choose a VPS that suits user needs, the MOORA method is used as a decision support system. In this case, 9 VPS providers were selected which would be evaluated based on the criteria of CPU, RAM, Storage, Bandwidth and Cost. After applying the MOORA method, alternative A4 with a Yi value of 1,590 was declared the best alternative, and the Exabytes provider was considered the best VPS service provider.

Omnichannel expansion for traditional retailers: Considering consumers' privacy concerns

AbstractDigital economy development is driving the profound revolution in omnichannel retail, yet digital technology inevitably raises privacy concerns. This paper examines the optimal pricing and service strategies for a traditional single‐channel retailer transitioning to omnichannel sales when the market has privacy issues. We construct a nonlinear constrained optimization model to discuss the retailer's optimal gains and pricing when faced with profit‐seeking and privacy‐sensitive consumers during the discount and full‐price periods. Besides, we analyze the influence of item privacy attributes and clients' profit‐seeking or strategic behavior. Several valuable findings are as follows. First, the product's privacy attributes significantly influence retailer's pricing decisions. High‐privacy value goods benefit them in the full‐price period, while common items with low‐privacy attributes are profitable in all sales periods. Second, profit‐seeking (myopic) consumers are the mainstay of the discount period, whereas privacy‐sensitive (strategic) consumers prefer to act in the full‐price period. Lastly, when supported by appropriate privacy services, the strategic actions of privacy consumers also help retailers to optimize profits.

Implementasi Honeypot Sebagai Pendeteksi Serangan Pada Virtual Private Server (VPS)

VPS (Virtual Private Server) is a server virtualization technology that is currently widely used by users for a variety of purposes, including personal, work, office, and business. Virtual Private Server (VPS) is a technology that uses VPS. Since renting a virtual private server (VPS) is less expensive than purchasing or renting a dedicated server, VPS is widely used. However, VPS has some disadvantages as well, one of which concerns security. The Intrusion Detection System (IDS), the Virtual Private Network (VPN), and the Honeypot are just a few of the other options that can be utilized to secure servers. The Honeypot application is needed to protect Virtual Private Server (VPS), which requires a detection application that can reduce attacks on VPS. Cowrie is able to detect and record all attacks that occur on the server based on the results of attack testing that was carried out 25 times for each attack test, beginning with port scanning and progressing through DDoS attacks, brute force attacks, and individual, double, and multiple tests. considered to be very effective, but when multiple attacks were carried out simultaneously, the server experienced a downtime or lag

GRACE: a comprehensive web-based platform for integrative single-cell transcriptome analysis.

Large-scale single-cell RNA sequencing (scRNA-seq) has emerged as a robust method for dissecting cellular heterogeneity at single-cell resolution. However, to meet the increasingly high computational demands of non-programming experts, a user-friendly, scalable, and accessible online platform for analyzing scRNA-seq data is urgently needed. Here, we have developed a web-based platform GRACE (GRaphical Analyzing Cell Explorer) (http://grace.flowhub.com.cn or http://grace.jflab.ac.cn:28080) that enables online massive single-cell transcriptome analysis, improving interactivity and reproducibility using high-quality visualization frameworks. GRACE provides easy access to interactive visualization, customized parameters, and publication-quality graphs. Furthermore, it comprehensively integrates preprocessing, clustering, developmental trajectory inference, cell-cell communication, cell-type annotation, subcluster analysis, and pathway enrichment. In addition to the website platform, we also provide a Docker version that can be easily deployed on private servers. The source code for GRACE is freely available at (https://github.com/th00516/GRACE). Documentation and video tutorials are accessible from website homepage (http://grace.flowhub.com.cn). GRACE can analyze massive scRNA-seq data more flexibly and be accessible to the scientific community. This platform fulfills the major gap that exists between experimental (wet lab) and bioinformatic (dry lab) research.

ALPS: Achieving accuracy-aware location privacy service via assisted regions

Location search services (LSSs) provide convenience and enhanced functionality of ubiquitous computing, but they lead to a new risk of private location data leakage. The existing approaches generally use obfuscation to protect location privacy by perturbing the user’s location. However, this strategy inevitably degrades the accuracy of LSSs and affects the quality of service. In this paper, we propose an achieving accuracy-aware location privacy service via assisted regions, named ALPS, to protect user location privacy while ensuring the accuracy of services. Specifically, we devise two novel mechanisms (assisted regions mechanism and query obfuscation mechanism) to protect the user’s location privacy and ensure the accuracy of LSSs based on trilateration. The assisted regions mechanism prevents the attackers from getting the exact location of the user by protecting the user’s location within the overlapping region formed by the assisted regions. The query obfuscation mechanism obscures the user’s query content to prevent the attacker from predicting the user’s location based on the query content; the distance between the user and the query contents is calculated locally based on trilateration and the user’s location to ensure the accuracy of the LSSs. Theoretical analysis and experimental evaluation demonstrate that our scheme can protect location privacy without compromising the accuracy of LSSs.

Smart power switch using internet of things

The increase in electricity consumption coupled with the lack of a convenient way to assist the consumers to lower their electricity consumption is a growing concern. Smart internet of things (IoT)-based devices has been developed in this regard. However, no specific standards were followed, and this is a problem for the consumer as they have to own different smart device from different brands which results in higher cost. To solve these issues, a smart power switch using IoT is proposed. The system consists of microcontroller (ESP32), relay and current sensor (ACS712). The ACS712 measures the current of the appliance. The ESP32 then send these readings to server. Whenever the ESP32 receives switching commands from the cloud platform, ESP32 will activate the relay and hence switching the appliance. The cloud platform is linux based virtual private server (VPS) running on Django Python and structured query language (SQL) ite database. The mobile application built using flutter to allow both iOS and android users to use the app to control and monitor the normal appliances. The server, circuit and mobile application have showed a real-time data exchange, fast response, numerical, graphical consumption presentation and capable of setting energy or power limit for the appliance to not exceed.

Traversal Using Relays Around Nat by Coturn for Webrtc Systems

Real-time communication between people in the form of audio, images, video, and data is now a necessity. Web Real-Time Communication Technology, WebRTC, is implemented as an open web standard and is available to build such communication. WebRTC requires a server that functions as both signaling and media servers. Signaling server for establishing communication channels, exchanging information, and synchronizing changes. Media servers exchange media, codecs, bandwidth, and rate control. Different Real-time Protocol (RTP) topologies have different requirements on servers, including those caused by the NAT configuration used. This research focuses on the role of the TURN server using CoTurn to create web-based real-time communication services. How is the quality of WebRTC service when CoTurn is a TURN server to pass signaling and media. The method used is divided into three stages, namely: (1) installation and configuration, (2) building WebRTC, and (3) testing. This study shows that real-time communication in the form of audio and video can be carried out even through a symmetrical NAT configuration. It is just that with more than five users in the WebRTC system, communication is slowing down. The proposed further research is developing and engineering the RTP topology to increase the number of users. The CoTurn application can be installed on a Virtual Private Server (VPS) and configured as a TURN Server as a media server service in the WebRTC system.

FORENSIC NETWORK ANALYSIS AND IMPLEMENTATION OF SECURITY ATTACKS ON VIRTUAL PRIVATE SERVERS

ABSTRACT-PT Kodinglab Integrasi Indonesia's Virtual Private Server (VPS) product requires good quality standards, including security. The challenge that arises is still frequent disruptions to the protection of PT Kodinglab's VPS customers, where it is difficult to identify the source of the attack. Network forensics in the form of dead forensics and live forensics using the NIST method with the stages of collection, examination, Analysis, and reporting are used to find the source of the attack. Data for dead forensics comes from snort tools, and data for live forensics comes from capture Wireshark. The collection stage involves collecting attack data from snort logs and wireshark for life forensics. While the examination dataset stages are further analyzed and mapped. Advanced check on the server via syslog snort. From the attack testing carried out to obtain information in the form of the attacker's IP address, destination IP address, date of the attack, server time, and type of attack from testing the TCP Flooding and UDP Flooding attacks, all attacks on the customer's VPS can be identified. The information obtained regarding the attacker is in the form of the date and time the attack occurred, the attacker's IP address and the victim's IP address, and the protocol used. Kata kunci : Network Forensic, Dead Forensic, Live Forensic, Virtual Private Server, DDos, TCP Flooding, UDP Flooding.