Advances in privacy-enhancing technologies, including cryptographic mechanisms, standardized security protocols, and infrastructure, significantly improved privacy and had a significant impact on society by protecting users. At the same time, the success of such infrastructure has attracted abuse from illegal activities, including sophisticated botnets and ransomware, and has become a marketplace for drugs and contraband; botnets rose to be a major tool for cybercrime and their developers proved to be highly resourceful. It is contended that the next waves of botnets will extensively attempt to subvert privacy infrastructure and cryptographic mechanisms, which has the potential of both undermining their legal basis and future performance.
This project will develop the theoretical and experimental foundations for analyzing, monitoring and mitigating the next generation of botnets that subvert privacy-enhancing technologies. Towards that goal, the project will develop tools for: 1) Analytical framework: the project develops a concrete strategy for approaching the detection, characterization, and mitigation of abuse of privacy infrastructure by crystallizing an analytical framework for reasoning about such botnets. This includes the identification and formalization of their key properties (e.g., traceback and tomography resiliency, stealthy monetization), enabling mechanisms (e.g., IP address de-coupling, control/data traffic indistinguishability), fundamental limitations, and evaluation metrics. The project will explore analogous scenarios of abuse in future Internet architectures where anonymity is facilitated by design. 2) Monitoring and analysis: the project develops an experimental framework to track activities of the next generation of botnets for scalable and effective mitigation. Such framework will exploit their ideal design and behavioral properties, and draws on various preliminary measurement results in related contexts. 3) Mitigation: The project has the ultimate goal of proactively developing an arsenal of mitigation techniques grounded in a sound theoretical foundation, analyzed within the theoretical framework, and evaluated within the experimental framework. The mitigation techniques span the gamut of increasing the cost of operating such botnets, to actively containing and neutralizing bots, to proposing modifications to the privacy-enhancing protocols. The results of this project will be communicated with the concerned communities for having a direct and immediate impact on existing and future privacy infrastructure. The project will also develop educational material to train students in the foundations and systems for enabling privacy enhancing technologies.
