BibTeX for papers by David Kotz; for complete/updated list see
https://www.cs.dartmouth.edu/~kotz/research/papers.html

@Article{tan:dist,
  author =        {Keren Tan and Chris McDonald and Bennet Vance and Chrisil Arackaparambil and Sergey Bratus and David Kotz},
  title =         {{From MAP to DIST: the evolution of a large-scale WLAN monitoring system}},
  journal =       {IEEE Transactions on Mobile Computing},
  year =          2014,
  month =         {January},
  volume =        13,
  number =        1,
  pages =         {216--229},
  publisher =     {IEEE},
  copyright =     {IEEE},
  DOI =           {10.1109/TMC.2012.237},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/tan-dist/index.html},
  abstract =      {The edge of the Internet is increasingly becoming wireless. Therefore, monitoring the wireless edge is important to understanding the security and performance aspects of the Internet experience. We have designed and implemented a large-scale WLAN monitoring system, the Distributed Internet Security Testbed (DIST), at Dartmouth College. It is equipped with distributed arrays of ``sniffers'' that cover 210 diverse campus locations and more than 5,000 users. In this paper, we describe our approach, designs and solutions for addressing the technical challenges that have resulted from efficiency, scalability, security, and management perspectives. We also present extensive evaluation results on a production network, and summarize the lessons learned.},
}

@PhdThesis{tan:thesis,
  author =        {Keren Tan},
  title =         {{Large-scale Wireless Local-area Network Measurement and Privacy Analysis}},
  school =        {Dartmouth College Computer Science},
  year =          2011,
  month =         {August},
  copyright =     {Keren Tan},
  address =       {Hanover, NH},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/tan-thesis/index.html},
  note =          {Available as Dartmouth Computer Science Technical Report TR2011-703},
  abstract =      {The edge of the Internet is increasingly becoming wireless. Understanding the wireless edge is therefore important for understanding the performance and security aspects of the Internet experience. This need is especially necessary for enterprise-wide wireless local-area networks (WLANs) as organizations increasingly depend on WLANs for mission-critical tasks. To study a live production WLAN, especially a large-scale network, is a difficult undertaking. Two fundamental difficulties involved are (1) building a scalable network measurement infrastructure to collect traces from a large-scale production WLAN, and (2) preserving user privacy while sharing these collected traces to the network research community. In this dissertation, we present our experience in designing and implementing one of the largest distributed WLAN measurement systems in the United States, the Dartmouth Internet Security Testbed (DIST), with a particular focus on our solutions to the challenges of efficiency, scalability, and security. We also present an extensive evaluation of the DIST system. To understand the severity of some potential trace-sharing risks for an enterprise-wide large-scale wireless network, we conduct privacy analysis on one kind of wireless network traces, a user-association log, collected from a large-scale WLAN. We introduce a machine-learning based approach that can extract and quantify sensitive information from a user-association log, even though it is sanitized. Finally, we present a case study that evaluates the tradeoff between utility and privacy on WLAN trace sanitization.},
}

@TechReport{arackaparambil:clock-skew-tr,
  author =        {Chrisil Arackaparambil and Sergey Bratus and Anna Shubina and David Kotz},
  title =         {{On the Reliability of Wireless Fingerprinting using Clock Skews}},
  institution =   {Dartmouth Computer Science},
  year =          2010,
  month =         {January},
  number =        {TR2010-661},
  copyright =     {the authors},
  address =       {Hanover, NH},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/arackaparambil-clock-skew-tr/index.html},
  abstract =      {Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points. We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.},
}

@InProceedings{arackaparambil:clock-skew,
  author =        {Chrisil Arackaparambil and Sergey Bratus and Anna Shubina and David Kotz},
  title =         {{On the Reliability of Wireless Fingerprinting using Clock Skews}},
  booktitle =     {{Proceedings of the ACM Conference on Wireless Network Security (WiSec)}},
  year =          2010,
  month =         {March},
  numpages =      6,
  pages =         {169--174},
  publisher =     {ACM},
  copyright =     {ACM},
  DOI =           {10.1145/1741866.1741894},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/arackaparambil-clock-skew/index.html},
  abstract =      {Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points. \par  We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.},
}

@InProceedings{tan:saluki,
  author =        {Keren Tan and David Kotz},
  title =         {{Saluki: a High-Performance Wi-Fi Sniffing Program}},
  booktitle =     {{Proceedings of the International Workshop on Wireless Network Measurements (WiNMee)}},
  year =          2010,
  month =         {May},
  pages =         {591--596},
  publisher =     {IEEE},
  copyright =     {IEEE},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/tan-saluki/index.html},
  note =          {Invited paper},
  abstract =      {Building a campus-wide wireless LAN measurement system faces many efficiency, scalability and security challenges. To address these challenges, we developed a distributed Wi-Fi sniffing program called Saluki. Compared to our previous implementation and to other available sniffing programs, Saluki has the following advantages: (1) its small footprint makes it suitable for a resource-constrained Linux platform, such as those in commercial Wi-Fi access points; (2) the frame-capture rate increased more than three-fold over tcpdump with minimal frame loss; (3) all traffic between this sniffer and the back-end server was secured using 128-bit encryption; and (4) the traffic load on the backbone network was reduced to only 30\% of that in our previous implementation. In this paper, we introduce the design and the implementation details of this high-performance sniffing program, along with preliminary evaluation results.},
}

@InProceedings{bratus:dist-cset,
  author =        {Sergey Bratus and David Kotz and Keren Tan and William Taylor and Anna Shubina and Bennet Vance and Michael E. Locasto},
  title =         {{Dartmouth Internet Security Testbed (DIST): building a campus-wide wireless testbed}},
  booktitle =     {{Proceedings of the Workshop on Cyber Security Experimentation and Test (CSET)}},
  year =          2009,
  month =         {August},
  numpages =      6,
  publisher =     {USENIX Association},
  copyright =     {the authors},
  URL =           {https://www.cs.dartmouth.edu/~kotz/research/bratus-dist-cset/index.html},
  abstract =      {We describe our experiences in deploying a campus-wide wireless security testbed. The testbed gives us the capability to monitor security-related aspects of the 802.11 MAC layer in over 200 diverse campus locations. We describe both the technical and the social challenges of designing, building, and deploying such a system, which, to the best of our knowledge, is the largest such testbed in academia (with the UCSD's Jigsaw infrastructure a close competitor). In this paper we focus on the \emph{testbed setup}, rather than on the experimental data and results.},
}