Three CIS PhD Students Receive Ripple Graduate Fellowship

University of Oregon and Computer and Information Science department were selected as one of the first partners for Ripple’s University Blockchain Research Initiative (UBRI). Ripple's philanthropic gift (2018-2023) provides scholarships, faculty fellowships, research support, industry engagement, and supports the Oregon Blockchain Student Club. This year, the Ripple’s UBRI has selected three PhD students in the CIS department to receive a graduate fellowship in support of their proposed research in the area of Secure Digital Transaction. The fellowship funds tuition, fees, stipend, and health insurance for the nine-month academic year 2020-2021, and upto $1500 for travel to conferences and  other research-related expenses. The award recipients are: Zhangxiang Hu, Chris Misa, and Yebo Feng, and their proposed research projects are as follows:

An Efficient Privacy-Preserving Blockchain Model and Its Applications In IoT (Zhangxiang Hu)

The standard blockchain solution in cryptocurrency systems suffers from the privacy issue. This is because transaction records in blockchain are stored in plaintext and exposed to the public. Recent works show that attackers can trivially access all records and trace specific transactions to recover users’ profiles or even real identities. In this work, we are going to investigate how to achieve privacy in blockchain and its applications in different areas.

Our primary goal is to design and develop a generic privacy-preserving blockchain model. In this model, We will formalize the essential security properties for privacy-preserving blockchain and discuss the cryptographic primitives that are commonly used to achieve such security properties. Furthermore, users can easily implement our model to a real privacy-preserving blockchain instance with appropriate cryptographic primitives. More importantly, our model will be “resource-friendly” such that it can be applied in resource-constraint environments such as IoT environments.

The usage of our privacy-preserving blockchain model is not just limited to the cryptocurrency systems but also for any blockchain applications that require privacy. Indeed, since traditional cryptographic primitives are too expensive for resource-constraint devices, our work also considers the energy efficiency requirement and will focus on applications in IoT environments such as human microchip implant, vehicular ad hoc networks, eHealthcare, etc.

Securing the Cryptocurrency Ecosystem with Runtime Programmable Network Telemetry (Chris Misa)

A network telemetry system allows “visibility” into network traffic in order to capture a set of traffic features. These features are then used as input to a rule-based or machine leaning (ML) “detection schemes” to detect security and performance events such as denial of service (DoS) attacks. Our work addresses several critical challenges faced in translating the goals of network telemetry into practical useful systems. In particular, we are working on scheduling techniques to efficiently execute telemetry queries on programmable switch hardware and evaluations to understand how ML detection schemes interact with accuracy and latency relaxations taken to improve telemetry system efficiency.

Many critical systems, including Ripple's XRP currency, depend on distributed nodes communicating over Internet connections, e.g., to reach consensus on the state of a currency's ledger. However, DoS attacks can be used by adversaries to bring down a large number of critical nodes (e.g., validators in XRP) leading to violations of the assumptions (e.g., weak asynchrony) underlying a system’s correctness and security. For example, an adversary could leverage low-volume DoS attack techniques to bring down a critical majority of the 36 validators currently supporting XRP transactions bringing the Ripple XRP system to a halt. In light of this high-level vulnerability, it is critical for organizations dependent on such systems (such as Ripple) to develop easily deployable DoS attack detection and defense mechanisms.

Our efforts are not just confined to laboratory experiments: we are actively working to involve UO information services and several local ISPs to collaborate in test deployments of our telemetry system prototypes. In addition to assessment of our system’s performance and utility, we hope these collaborations will directly assist our collaborators in improving their networks’ security and performance-- ultimately benefiting the entire UO and Eugene-area community.

Privacy-Preserving Detection of Cryptojacking Activities in Network Traffic (Yebo Feng)

With the increasing popularity of cryptocurrencies, the revenue generated by crypto-mining is rising rapidly. Under this circumstance, cryptojacking has become a severe cyber threat. Cryptojacking is a term that represents the unauthorized use of someone else’s computing resources to mine cryptocurrency. Hackers conduct cryptojacking by getting the victim to click on a malicious link that downloads crypto-mining code onto their computer, infecting a website with JavaScript crypto-mining code that automatically runs itself once downloaded into a victim’s browser, or compromising the servers to stealthily run the mining programs in the background. Such malicious behavior may occupy the computing resources of the devices, waste a mass of electricity, or even cause permanent damage to the computing devices.

To solve this problem, Yebo Feng proposed a privacy-preserving detection approach that can analyze the content-agnostic network traffic flows to identify the cryptojacking traces. This approach only requires flow-level traffic data for detection at a traffic gateway point (e.g., a border router or switch). Such traffic data is the metadata of network operations and contains no private information of the users. The proposed approach extracts inter-packet times and protocol-related features from the traffic flows. It then inputs preprocessed features to a Long short-term memory (LSTM) model to detect cryptojacking-related traffic.

Compared with the existing cryptojacking detection solutions that require deployments on the endpoints or deep packet inspections, this proposed approach has several advantages. First of all, it is privacy-preserving, which can detect potential cryptojacking activities in a network without analyzing users’ content data, such as their packets payload and application-layer messages. Besides, this approach is easy to deploy because users can install the detection system at their network’s gateway, such as the border router of a network or the main networking switch. There is no need for users to install it on every device in their network. Moreover, it is efficient since it conducts analysis on the flow-level Internet traffic, which means the size of data is greatly reduced.