Enhancing ISP-consumer security notifications

Fruchter. Nathaniel H.

Author(s)

Fruchter. Nathaniel H.

Download1126790910-MIT.pdf (2.123Mb)

Alternative title

Enhancing Internet Service Provider-consumer security notifications

Other Contributors

Massachusetts Institute of Technology. Institute for Data, Systems, and Society.

Technology and Policy Program.

Advisor

David D. Clark.

Terms of use

MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

Security notification schemes hold great promise for improving both consumer cybersecurity and general network health as malware and other sources of malicious activity are becoming more prevalent on home networks. For example, botnets of Internet of Things devices engage in denial of service (DoS) attacks and ransomware holds data on personal and commercial systems hostage. Many of these threats are relatively opaque for an end user. An end user may not know that their smart device is participating in a DoS attack at all, unless they notice a protracted slowdown in network speeds. An upstream network provider like a consumer ISP has more visibility into the issue. Due to their privileged position, ISPs often have more data about the status of a malware infection, denial of service attack, or other malicious activity. This extra information can be of great benefit for the purposes of notification. For instance, an ISP may be able to notify a customer that a device on their network is being used for a DoS attackor that they see communication with a server involved in distributing ransomware. ISPs and other organizations that try and implement these schemes often run into a set of questions: How do I get the right data to power the notification? How do I ensure the user trusts the notification? Can I ensure the notification is not spoofed? Is there an optimal way to present the notification? How do I make sure a user takes the proper remedial action? This thesis presents a framework for new notification schemes to answer these questions by examining four key elements of a notification: form, delivery, and content. It also proposes multi-factor verification, a novel scheme to address trust and spoofing issues within a notification scheme. Finally, it provides a model for a new ISP-user security notification scheme within the context of the United States market and policy landscape.

Description

This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.

Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, School of Engineering, Institute for Data, Systems, and Society, Technology and Policy Program, 2019

Cataloged from student-submitted PDF version of thesis.

Includes bibliographical references (pages 79-85).

Date issued

2019

URI

https://hdl.handle.net/1721.1/122916

Department

Massachusetts Institute of Technology. Institute for Data, Systems, and Society; Massachusetts Institute of Technology. Engineering Systems Division; Technology and Policy Program

Publisher

Massachusetts Institute of Technology

Keywords

Institute for Data, Systems, and Society., Technology and Policy Program.

Collections

Graduate Theses