New Approaches to Mitigation of Malicious Traffic in VoIP Networks

Voice over IP (VoIP) telephony is becoming widespread in use, and is often integrated into computer networks. Because of this, malicious software threatens VoIP systems in the same way that traditional computer systems have been attacked by viruses, worms, and other automated agents. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. This paper describes the design and implementation of a novel VoIP security architecture in which evaluation of, and mitigation against, malicious traffic is demonstrated by the use of virtual machines to emulate vulnerable clients and servers through the use of apparent attack vectors. This new architecture, which is part of an ongoing research project, establishes interaction between the VoIP backend and the end users, thus providing information about ongoing and unknown attacks to users

Know Your Enemy: Stealth Configuration-Information Gathering in SDN

Software Defined Networking (SDN) is a network architecture that aims at providing high flexibility through the separation of the network logic from the forwarding functions. The industry has already widely adopted SDN and researchers thoroughly analyzed its vulnerabilities, proposing solutions to improve its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE), by means of which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks. To address the KYE attack, we also propose an active defense countermeasure based on network flows obfuscation, which considerably increases the complexity for a successful attack. Our solution offers provable security guarantees that can be tailored to the needs of the specific network under consideratio

A framework for cost-sensitive automated selection of intrusion response

In recent years, cost-sensitive intrusion response has gained significant interest due to its emphasis on the balance between potential damage incurred by the intrusion and cost of the response. However, one of the challenges in applying this approach is defining a consistent and adaptable measurement framework to evaluate the expected benefit of a response. In this thesis we present a model and framework for the cost-sensitive assessment and selection of intrusion response. Specifically, we introduce a set of measurements that characterize the potential costs associated with the intrusion handling process, and propose an intrusion response evaluation method with respect to the risk of potential intrusion damage, the effectiveness of the response action and the response cost for a system. The proposed framework has the important quality of abstracting the system security policy from the response selection mechanism, permitting policy adjustments to be made without changes to the model. We provide an implementation of the proposed solution as an IDS-independent plugin tool, and demonstrate its advantages over traditional static response systems and an existing dynamic response system

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies

Space experiment "Kontur-2": Applied methods and obtained results

Space experiment "Kontur-2" aboard the International Space Station is focused on the transfer of information between station and on-ground robot. Station's resources are limited, including communication ones. That is why for the space experiment “Kontur-2” it was decided to use the methods of priority traffic management. New access control mechanisms based on these methods are researched. The usage of the priority traffic processing methods allows using more efficiently the bandwidth of receiving and transmitting equipment onboard the International Space Station through the application of randomized push-out mechanism. The paper considers methods applied for traffic management and access control during international space experiment “Kontur-2” performed aboard the ISS. The obtained results are also presented

Ein mehrschichtiges sicheres Framework für Fahrzeugsysteme

In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each one of these ECUs runs a number of software components that collaborate with each other to perform various vehicle functions. Modern vehicles are also equipped with wireless communication technologies, such as WiFi, Bluetooth, and so on, giving them the capability to interact with other vehicles and roadside infrastructure. While these improvements have increased the safety of the automotive system, they have vastly expanded the attack surface of the vehicle and opened the door for new potential security risks. The situation is made worse by a lack of security mechanisms in the vehicular system which allows the escalation of a compromise in one of the non-critical sub-systems to threaten the safety of the entire vehicle and its passengers. This dissertation focuses on providing a comprehensive framework that ensures the security of the vehicular system during its whole life-cycle. This framework aims to prevent the cyber-attacks against different components by ensuring secure communications among them. Furthermore, it aims to detect attacks which were not prevented successfully, and finally, to respond to these attacks properly to ensure a high degree of safety and stability of the system.In den letzten Jahren wurden bedeutende Entwicklungen im Bereich der Fahrzeuge vorgestellt, die die Fahrzeuge zu einem Netzwerk mit vielen im gesamten Fahrzeug verteile integrierte Systeme weiterentwickelten, den sogenannten Steuergeräten (ECU, englisch = Electronic Control Units). Jedes dieser Steuergeräte betreibt eine Reihe von Softwarekomponenten, die bei der Ausführung verschiedener Fahrzeugfunktionen zusammenarbeiten. Moderne Fahrzeuge sind auch mit drahtlosen Kommunikationstechnologien wie WiFi, Bluetooth usw. ausgestattet, die ihnen die Möglichkeit geben, mit anderen Fahrzeugen und der straßenseitigen Infrastruktur zu interagieren. Während diese Verbesserungen die Sicherheit des Fahrzeugsystems erhöht haben, haben sie die Angriffsfläche des Fahrzeugs erheblich vergrößert und die Tür für neue potenzielle Sicherheitsrisiken geöffnet. Die Situation wird durch einen Mangel an Sicherheitsmechanismen im Fahrzeugsystem verschärft, die es ermöglichen, dass ein Kompromiss in einem der unkritischen Subsysteme die Sicherheit des gesamten Fahrzeugs und seiner Insassen gefährdet kann. Diese Dissertation konzentriert sich auf die Entwicklung eines umfassenden Rahmens, der die Sicherheit des Fahrzeugsystems während seines gesamten Lebenszyklus gewährleistet. Dieser Rahmen zielt darauf ab, die Cyber-Angriffe gegen verschiedene Komponenten zu verhindern, indem eine sichere Kommunikation zwischen ihnen gewährleistet wird. Darüber hinaus zielt es darauf ab, Angriffe zu erkennen, die nicht erfolgreich verhindert wurden, und schließlich auf diese Angriffe angemessen zu reagieren, um ein hohes Maß an Sicherheit und Stabilität des Systems zu gewährleisten

Design and Implementation of Legal Protection for Trade Secrets in Cloud Brokerage Architectures relying on Blockchains

Data Protection legislation has evolved around the globe to maximize legal protection of trade secrets. However, it is becoming increasingly difficult to prove trade secret violations in cloud context. Embedding legal protection as a preemptive measure could effectively reduce such burden of proof in a court of law, which can be implemented by an online broker in the cloud. The primary aim of this research was to propose a model for an online broker that embeds le-gal protection as preemptive measure to reduce burden of proof during litigation. This is a novel area of inter-disciplinary research whose body of knowledge is not yet well established. The underlying concept in the proposed model was built upon the notion of factor analysis from the discipline of unsupervised machine learning. For evaluation, two-stage procedure was implemented that showed ap-plication of legal protection as preemptive measure and subsequently, reduced burden of proof in a court of law. A real time quality of service based dataset for cloud storage providers (Carbonite, Dropbox, iBackup, JustCloud, SOS Online Backup, SugarSync, and Zip Cloud) was used for the technical evaluation. The simulation results showed better results of proposed model as compared to its counterparts in the field, which in court of law can be used as a part of evidence to reduce burden of proof. For legal validation of such conclusion, questionnaires were sent to law and ICT experts. There were total of six respondents (two from the field of ICT, two from the field of law, and two from the field of ICT and Law). The sample (5 out of 6 respondents) agreed that results of our model could be used in the court (or judiciary) as a part of evidence to reduce burden of proof. Theoretically, this part of research (focused on primary aim) is a pioneer effort on providing legal protection to trade secrets in the cloud. Practically, it will benefit an enterprise to negotiate contract with service providers to minimize trade secret misappropriation in the cloud. However, for enterprise that is using decentralized architecture in the cloud e.g. blockchains, contracts could emerge towards smart contracts (an autono-mous software program running over blockchains). In this context, a well negoti-ated contract will not be a solution to minimize trade secret misappropriation. In fact, for this case it is particularly relevant to instantiate role of judiciary over a blockchain. The secondary aim of this research was to develop a model that can be implemented over the blockchain to automatically issue preliminary injunc-tion (or temporary restraining order by court of law) for the breach of contract that can potentially lead to trade secret misappropriation. This part of the re-search extended the previously proposed model by using stochastic modeling from the discipline of data science. High performance computing (HPC) cluster at University of Luxembourg (HPC @ Uni.lu) and docker (a software container platform) were used to emulate contractual environment of three service provid-ers: Redis, MongoDB, and Memcached Servers. The results showed that court in-junction(s) was issued only for Redis and MongoDB Servers. Technically, this difference could be attributed to the fact that Memcached is simply used for caching and therefore, it is less prone to breach of contract. Whereas, Redis and MongoDB as databases and message brokers are performing more complex oper-ations and are more likely to cause a breach. For legal validation of the results, questionnaires were sent to law and ICT experts. There were total of six respond-ents (two from the field of ICT, two from the field of law, and two from the field of ICT and Law). The sample (4 out of 6 respondents) disagreed “ONLY” using the results of the model by the court of law (or judiciary) to issues a preliminary injunction (or temporary restraining order) for the breach of contract. Theoreti-cally, this part of the research is a pioneer attempt for providing legal protection over the blockchain. Practically, it will benefit blockchain driven enterprises to control and stop breach of contract that can potentially lead to trade secret mis-appropriation. In addition to above mentioned applied benefits, following list briefly presents research contributions of this multidisciplinary Ph.D. research in the domain of Law. • It is first in-line to focus on legal protection for trade secrets in the cloud. A well-established similar concept is “information security”, which provides technical protection for trade secrets in the cloud e.g. encryption, hashing etc. • In the domain of case law, despite of the jurisdiction constraint i.e. precedents (or court rulings) are binding on all courts within the same jurisdiction, this research is first in-line to use case law together with newly proposed Delphi Sampling method to provide legal protection for trade secrets in borderless online cloud environment. • It is first in-line to implement notion of “confidentiality by design”, which focuses on a legal person or an enterprise. A well-established similar concept is “privacy by design” that focuses on a physical per-son or human being. • By defying the myth that “smart contracts cannot be breached” and in the context of contract law, this research is first in-line to automate role of the court (evidential hearing). In addition to the above mentioned research contribution in the domain of Law, following list briefly presents research contribution in the domain of ICT. • In the context of multi-criteria decision analysis, this research is first in-line to identify and analyze noise in the data and solves related is-sue of structural uncertainty (or misspecification of criteria). • In the context of machine learning, this research is first in-line to propose “self-regulated multi-criteria decision analysis” that operates without decision maker’s interference and hence, it can be used in the context where automation of decision making process is required. • In the context of multidisciplinary research, this study is first in-line to propose a method of Delphi Sampling that seeks inter-disciplinary validation for research results

Design and Implementation of Legal Protection for Trade Secrets in Cloud Brokerage Architectures relying on Blockchains

Data Protection legislation has evolved around the globe to maximize legal protection of trade secrets. However, in an online cross-jurisdiction environment of cloud computing and blockchains, it is becoming increasingly difficult to maximize retribution for trade secret misappropriation. This multidisciplinary Ph.D. research proposes a model for legal protection for trade secrets in the cloud and over blockchains. Two QoS based datasets were used for evaluation of proposed model. The prior dataset i.e., feedback from customers, was compiled using leading review websites such as Cloud Hosting Reviews, Best Cloud Computing Providers, and Cloud Storage Reviews and Ratings. The later dataset i.e., feedback from servers, was generated from Cloud brokerage architecture that was emulated using high performance computing (HPC) cluster at University of Luxembourg (HPC @ Uni.lu). The simulation runs in the stable environment i.e. when uncertainty is low, show better results of proposed model as compared to its counterparts in the field. In particular, the results have implications for enterprises that view trade secrets misappropriation as a limiting factor for acquisition of Cloud services. For legal validation of the results, questionnaires were sent to law and ICT experts. There were total of six respondents (two from the field of ICT, two from the field of law, and two from the field of ICT and Law). The sample (5 out of 6 respondents) agreed with the findings of this PhD research