what is network and security research? network and security research, or information communication...
TRANSCRIPT
What is Network and Security Research?
Network and Security Research, or Information Communication Technology (ICT) Research involves:
the collection, use and disclosure of information collected via networks or using hardware and software associated with information technology
Examples include:
• Phishing experiments
• Botnets
• Honeypots
• Analysis of internet network traffic
Ethical Challenges in ICT Research
ICT research differs from traditional human subjects research which poses new ethical challenges:
Interactions with humans are often indirect with intervening technology
It is often not feasible to obtain informed consent
Deception may be necessary
There are varying degrees of linkage between data and individuals’ identities for behaviors
Researchers can easily engage millions of “subjects” and billions of associated data “objects” simultaneously.
There is more to it than “data”
Data
Application
Host Computer
Network
Information and Information System
http://en.wikipedia.org/wiki/McCumber_cube
Case Studies of ICT Research• Shining Light in Dark
Places: Understanding the ToR Network
• Learning More About the Underground Economy: A Case Study of Keyloggers and Dropzones
• Your Botnet is My Botnet: Examination of a Botnet Takeover
• Why and How to Perform Fraud Experiments
• Measurement and Mitigation of Peer-to-Peer-Based Botnets: A Case Study on Storm Worm
• Spamalytics: An Empirical Analysis of Spam Marketing Conversion
• Studying Spamming Botnets Using Botlab
• P2P as Botnet Command and Control: A Deeper Insight
• DDoS Attacks Against South Korean and U.S. Government Sites
• BBC: Experiments with Commercial Botnets
• Lycos Europe “Make Love Not Spam” Campaign
• University of Bonn: “Stormfucker”
• Information Warfare Monitor: “Ghostnet”
• Tipping Point: Kraken Botnet Takeover
• Symbiot: “Active Defense”
• Tracing Anonymous Packets to the Approximate Source
• LxLabs Kloxo/HyperVM
• Exploiting Open Functionality in SMS-Capable Networks
• Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
• Black Ops 2008 -- Its The End Of The Cache As We Know It
• How to Own the Internet in Your Spare Time
• Botnet Design
• RFID Hacking
• WORM vs. WORM: preliminary study of an active counter-attack mechanism
• A Pact with the Devil
• Playing Devil's Advocate: Inferring Sensitive Data from Anonymized Network Traces
• Protected Repository for the Defense of Infrastructure Against Cyber Attacks
Likely to be considered Human Subjects
Research subject to IRB review
A Bit of Context
Review boards lack expertise in this area of research
It is difficult for researcher or IRB to quantify risks
Distance1 between researcher and “subject” differs from traditional human subjects research:
– As the “distance” between the researcher and subject decreases, we are more likely to define the research scenario as one that involves “human subjects.”
– As the “distance” increases, we are more likely to define the research scenario as one that does not involve “human subjects”.
Concern about possible “human harming research”
1 Elizabeth Buchanan and Annette Markham
Subject or Object?
Social Network Honeypot Case Study
[Discuss here] SOCIAL NETWORK HONEYPOT CASE STUDY
Case Study: Social Network Honeypots
• Research Method• Deceptively “friend” millions of users
• Follow all posts, identifying malware through “sandbox” analysis
• Develop detection and filtering mechanisms
• Involved Stakeholders• End users of social networks (i.e., victims)
• Criminals
• Social network platform providers
• Law enforcement
• Researchers
Case Study: Social Network Honeypots
• Benefits• New detective, protective, and possibly investigative
techniques
• Publicity from novel, high-profile research
• Risks of harm• Loss of user privacy (researcher obtaining personal
communications and personally identifiable information)
• Harm resulting from use of deception
• Costs to provider to respond to complaints
• Harming a criminal investigation
• Violation of acceptable use policy
Case Study: Social Network Honeypots
• Benefits• New detective, protective, and possibly investigative
techniques
• Publicity from novel, high-profile research
• Risks of harm• Loss of user privacy (researcher obtaining personal
communications and personally identifiable information)
• Harm resulting from use of deception
• Costs to provider to respond to complaints
• Harming a criminal investigation
• Violation of acceptable use policy
Case study: Questions
THIS IS A TEST! In this case study:
Is there use of “personally identifiable data?”
Is there an expectation ofprivacy in communications?
Is use of deception necessary?
Does it make a difference that amillion users (as opposed to hundreds)are being deceived?
Are waivers of consent and/orof debriefing warranted?
Does it matter that researchers may impact law enforcement investigations, or other researchers’ data collection/experimentation?