Vasileios Giotsas’s research while affiliated with WWF United Kingdom and other places

p>Reliance on commercial virtual private networks has increased manifold in the recent past. This paradigm shift of global internet users is primarily driven by their need of online privacy, censorship circumvention, and accessing geo-filtered content among other motivations. Variety of VPN services underscored by their opaque nature captures huge user base which is technically unsophisticated, and has very limited means to verify claims of a given VPN service. Capitalizing on extensive literature and online review, we have selected a sample of 60 x VPNs (from categories of free as well as paid services) which adequately represents the commercial VPN market from cost-quality perspective. An elaborate eco-system analysis reveals significant variations against the claims of service providers. Our crystallized infrastructure testing methodology executed over selected VPNs reveals: (1) Anonymity index of free versus paid VPNs differs widely at all levels i.e., IP, subnet, country and ISP; (2) 54% of selected VPN’s server locations in attractive geographic locations are virtual instead of physical; (3) 4/10 VPN tested services have been found to share their vantage points at subnet level; and (4) Selective co-location of 22% vantage points have also been observed. </p

p>Reliance on commercial virtual private networks has increased manifold in the recent past. This paradigm shift of global internet users is primarily driven by their need of online privacy, censorship circumvention, and accessing geo-filtered content among other motivations. Variety of VPN services underscored by their opaque nature captures huge user base which is technically unsophisticated, and has very limited means to verify claims of a given VPN service. Capitalizing on extensive literature and online review, we have selected a sample of 60 x VPNs (from categories of free as well as paid services) which adequately represents the commercial VPN market from cost-quality perspective. An elaborate eco-system analysis reveals significant variations against the claims of service providers. Our crystallized infrastructure testing methodology executed over selected VPNs reveals: (1) Anonymity index of free versus paid VPNs differs widely at all levels i.e., IP, subnet, country and ISP; (2) 54% of selected VPN’s server locations in attractive geographic locations are virtual instead of physical; (3) 4/10 VPN tested services have been found to share their vantage points at subnet level; and (4) Selective co-location of 22% vantage points have also been observed. </p

This study identifies a method to create fine-grained multilayer maps of the Internet’s structure, which are currently lacking. We begin with an investigation of current techniques for geolocating hosts using passive, active, and hybrid methods. This is followed by a survey of the fundamental problems that IP geolocation techniques must address. The survey points to the obvious difficulties in using Delay-Distance models and suggests that the use of Return Trip Times can lead to highly misleading results. We therefore develop a new procedure that combines state-of-the-art methods to avoid many of the fundamental problems in Internet topology mapping, whilst creating finer-grained internet maps than those currently available. This procedure is tested on the UK infrastructure by conducting a series of tests using distributed measurement points provided by the RIPE Atlas platform. Our results show that we can accurately geolocate routers between two endpoints to create a fine-grained map of the internet infrastructure involved in our measurements. Researchers have long recognized the scarcity of ground truth datasets where IP geolocation is a concern. As a byproduct of our new method reported in this paper, we create a validation dataset that maps hundreds of IP addresses to geo-coordinate landmarks or vantage points, which is highly desirable for IP geolocation research. Finally, we discuss some limitations of this method, and we summarise the next steps toward accurate and complete Internet infrastructure maps.

BGP-Multipath (BGP-M) is a multipath routing technique for load balancing. Distinct from other techniques deployed at a router inside an Autonomous System (AS), BGP-M is deployed at a border router that has installed multiple inter-domain border links to a neighbour AS. It uses the equal-cost multi-path (ECMP) function of a border router to share traffic to a destination prefix on different border links. Despite recent research interests in multipath routing, there is little study on BGP-M. Here we provide the first measurement and a comprehensive analysis of BGP-M routing in the Internet. We extracted information on BGP-M from query data collected from Looking Glass (LG) servers. We revealed that BGP-M has already been extensively deployed and used in the Internet. A particular example is Hurricane Electric (AS6939), a Tier-1 network operator, which has implemented >1,000 cases of BGP-M at 69 of its border routers to prefixes in 611 of its neighbour ASes, including many hyper-giant ASes and large content providers, on both IPv4 and IPv6 Internet. We examined the distribution and operation of BGP-M. We also ran traceroute using RIPE Atlas to infer the routing paths, the schemes of traffic allocation, and the delay on border links. This study provided the state-of-the-art knowledge on BGP-M with novel insights into the unique features and the distinct advantages of BGP-M as an effective and readily available technique for load balancing.

The advent of Industry 4.0 and smart manufacturing has led to an increased convergence of traditional manufacturing and production technologies with IP communications. Legacy Industrial Control System (ICS) devices now interconnected via public networks, are exposed to a wide range of previously unconsidered threats, threats which must be considered to ensure the continued safe operation of industrial processes. This paper surveys the ICS honeypot deployments in the literature to date and provides an overview of ICS focused threat vectors, and studies how honeypots can be integrated within an organisations defensive strategy. We discuss relevant legislation, such as the UK Cyber Assessment Framework, the US NIST Framework for Improving Critical Infrastructure Cybersecurity, and associated industry-based standards and guidelines supporting operator compliance. This is used to frame a discussion on our survey of existing ICS honeypot implementations in the literature, and their role in supporting regulatory objectives. We observe that many low-interaction honeypots are limited in their use. This is largely due to the increased knowledge attackers have on how real-world ICS devices are configured and operate, vs. the configurability of simulated honeypot systems. Furthermore, we find that environments with increased interaction provide more extensive capabilities and value, due to their inherent obfuscation delivered through the use of real-world systems. Based on these insights, we propose a novel framework towards the classification and implementation of ICS honeypots.