Leveraging a dataset of almost half a billion packets with high-precision packet times and sizes, we extract characteristics of the bursts emitted over Starlink’s Ethernet interface. The structure of these bursts directly reflects the physical layer reception of OFDMA frames on the satellite link. We study these bursts by analyzing their rates, and thus indirectly also the transition between different physical layer rates. The results highlight that there is definitive structure in the transition behavior, and we note specific behaviors such as particular transition steps associated with rate switching, and that rate switching occurs mainly to neighboring rates. We also study the joint burst rate and burst duration transitions, noting that transitions occur mainly within the same rate, and that changes in burst duration are often performed with an intermediate short burst in-between. Furthermore, we examine the configurations of the three factors burst rate, burst duration, and inter-burst silent time, which together determine the effective throughput of a Starlink connection. We perform pattern mining on these three factors, and we use the patterns to construct a dynamic N-gram model predicting the characteristics of the next upcoming burst, and by extension, the short-term future throughput. We further train a Deep Learning time-series model which shows improved prediction performance. 

Online education including MOOCs (Massive Open Online Courses) have steadily gained importance during the COVID-19 pandemic. They also play an important role for enabling lifelong learning and addressing the cybersecurity skills gap. However, it is not always easy to judge the quality of MOOCs for learners or other stakeholders including organisations interested in cybersecurity MOOCs as a means for competence development of their employees. This article provides an overview of the research work conducted by the EU H2020 projects CyberSec4Europe and CONCORDIA on eliciting quality criteria for different types of cybersecurity MOOCs provided in Europe, on defining a quality branding process that was validated through trial evaluations of selected cybersecurity MOOCs, and on conducting a survey with cybersecurity MOOC stakeholders and interviews with certification experts about the role and form of quality certification. Based on this research, the article concludes by proposing building blocks for a “lightweight” certification scheme for future quality branding of cybersecurity MOOC.

The widespread use of encryption and anonymization technologies - -e.g., HTTPS, VPNs, Tor, and iCloud Private Relay - -makes network attackers likely to resort to traffic analysis to learn of client activity. For web traffic, such analysis of encrypted traffic is referred to as Website Fingerprinting (WF). WF attacks have improved greatly in large parts thanks to advancements in Deep Learning (DL). In 2019, a new category of defenses was proposed: traffic splitting, where traffic from the client is split over two or more network paths with the assumption that some paths are unobservable by the attacker. In this paper, we take a look at three recently proposed defenses based on traffic splitting: HyWF, CoMPS, and TrafficSliver BWR5. We analyze real-world and simulated datasets for all three defenses to better understand their splitting strategies and effectiveness as defenses. Using our improved DL attack Maturesc on real-world datasets, we improve the classification accuracy wrt. state-of-the-art from 49.2% to 66.7% for HyWF, the F1 score from 32.9% to 72.4% for CoMPS, and the accuracy from 8.07% to 53.8% for TrafficSliver BWR5. We find that a majority of wrongly classified traces contain less than a couple hundred of packets/cells: e.g., in every dataset 25% of traces contain less than 155 packets. What cannot be observed cannot be classified. Our results show that the proposed traffic splitting defenses on average provide less protection against WF attacks than simply randomly selecting one path and sending all traffic over that path.

The increasing number of fitness tracking wearables deployed worldwide poses challenges to the privacy of their users, esp. in terms of transparency. Privacy notifications facilitate transparency by providing users with situational awareness about the pro-cessing of their personal data. We present the results of two online surveys including English-speaking (n(Eng) = 154) and German-speaking (n(Ger) = 150) users of fitness track-ing devices from Europe, conducted to elicit determinants of notification settings. We found evidence for the perceived usefulness of privacy notifications, and for concordant predictors in terms of when and how users prefer to be notified about personal data processing in 12 scenarios related to fitness tracking.

Especially during the COVID-19 crisis, MOOCs have become more important than ever, also for the cybersecurity domain. The certification of cybersecurity MOOCs could help promote quality aspects of MOOCs and enable their quality assessment and comparison. We conducted an online survey to analyse the role of cybersecurity MOOC certification based on proposed quality criteria for cybersecurity MOOCs and for MOOCs in general. Participants reported mixed experiences with MOOCs and largely agreed with our proposed quality criteria. This paper shows that there is a high acceptance and need for certification.

Cyber security MOOCs (Massive Open Online Courses) canenable  lifelong  learning  and  increase  the  cyber  security  competence  of experts and citizens. This paper contributes with a review of existing cyber  security  MOOCs  and  MOOC  quality  assurance  frameworks.  It then presents quality criteria, which we elicited for evaluating whethercyber  security  MOOCs  are  worthy  to  be  awarded  with  a  quality  seal. Finally,  an  exemplary  evaluation  of  six  selected  European  MOOCs  ispresented  to  exercise  the  quality  seal  awarding  process.  Additionally, the evaluation revealed that criteria for assuring privacy, ethics, meeting professional expectations and openness were on average not clearly met.