Biblio

The distribution of video contents generated by Content Providers (CPs) significantly contributes to increase the congestion within the networks of Internet Service Providers (ISPs). To alleviate this problem, CPs can serve a portion of their catalogues to the end users directly from servers (i.e., the caches) located inside the ISP network. Users served from caches perceive an increased QoS (e.g., average retrieval latency is reduced) and, for this reason, caching can be considered a form of traffic prioritization. Hence, since the storage of caches is limited, its subdivision among several CPs may lead to discrimination. A static subdivision that assignes to each CP the same portion of storage is a neutral but ineffective appraoch, because it does not consider the different popularities of the CPs' contents. A more effective strategy consists in dividing the cache among the CPs proportionally to the popularity of their contents. However, CPs consider this information sensitive and are reluctant to disclose it. In this work, we propose a protocol based on Shamir Secret Sharing (SSS) scheme that allows the ISP to calculate the portion of cache storage that a CP is entitled to receive while guaranteeing network neutrality and resource efficiency, but without violating its privacy. The protocol is executed by the ISP, the CPs and a Regulator Authority (RA) that guarantees the actual enforcement of a fair subdivision of the cache storage and the preservation of privacy. We perform extensive simulations and prove that our approach leads to higher hit-rates (i.e., percentage of requests served by the cache) with respect to the static one. The advantages are particularly significant when the cache storage is limited.

Unlike traditional processors, embedded Internet of Things (IoT) devices lack resources to incorporate protection against modern sophisticated attacks resulting in critical consequences. Remote attestation (RA) is a security service to establish trust in the integrity of a remote device. While conventional RA is static and limited to detecting malicious modification to software binaries at load-time, recent research has made progress towards runtime attestation, such as attesting the control flow of an executing program. However, existing control-flow attestation schemes are inefficient and vulnerable to sophisticated data-oriented programming (DOP) attacks subvert these schemes and keep the control flow of the code intact. In this paper, we present LiteHAX, an efficient hardware-assisted remote attestation scheme for RISC-based embedded devices that enables detecting both control-flow attacks as well as DOP attacks. LiteHAX continuously tracks both the control-flow and data-flow events of a program executing on a remote device and reports them to a trusted verifying party. We implemented and evaluated LiteHAX on a RISC-V System-on-Chip (SoC) and show that it has minimal performance and area overhead.