Attack monitoring and localization in an all-optical network

An All-Optical Network (AON) is a network in which data does not undergo optical-to-electrical (O-E) or electrical-to-optical (E-O) conversion within the network. Although AONs are a viable technology for future telecommunication and data networks, little attentions has been devoted to the intrinsic differences between AONs and existing existing electro-optic/electronic networks in issues of security management. Without. O-E-O conversion, many security vulnerabilities that do not exist in traditional networks are created. Transparency and non-regeneration features make attack detection and localization difficult. However, it is important to detect and localize an attack connection quickly in a transparent AON;Among all attack methods, crosstalk attack has the highest damage capabilities. Therefore, we specifically focus on crosstalk attacks in this dissertation. We show that it is possible to effectively reduce the number of monitors while still retaining all diagnostic capabilities. We make the following contributions: (1) We provide a crosstalk attack model and a monitoring model. (2) Based on these models, we prove necessary and sufficient conditions for a both one attack and more than one (i.e., k-crosstalk) attack diagnostic network. The key ideas used in our solution are to employ the status of connections as diagnostic data. (3) We develop efficient monitor placement policies, test connection setup policies, and routing policies for such a network. These conditions lead to efficient k-attack detection and diagnosis algorithms. (4) Finally, we analyze the performance of these algorithms;By these conditions and policies, we prove that the concept of a sparse monitor system for monitoring and localizing crosstalk attacks in AON is not only possible but also feasible

xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs

In this paper we show how attackers can covertly leak data (e.g., encryption keys, passwords and files) from highly secure or air-gapped networks via the row of status LEDs that exists in networking equipment such as LAN switches and routers. Although it is known that some network equipment emanates optical signals correlated with the information being processed by the device ('side-channel'), intentionally controlling the status LEDs to carry any type of data ('covert-channel') has never studied before. A malicious code is executed on the LAN switch or router, allowing full control of the status LEDs. Sensitive data can be encoded and modulated over the blinking of the LEDs. The generated signals can then be recorded by various types of remote cameras and optical sensors. We provide the technical background on the internal architecture of switches and routers (at both the hardware and software level) which enables this type of attack. We also present amplitude and frequency based modulation and encoding schemas, along with a simple transmission protocol. We implement a prototype of an exfiltration malware and discuss its design and implementation. We evaluate this method with a few routers and different types of LEDs. In addition, we tested various receivers including remote cameras, security cameras, smartphone cameras, and optical sensors, and also discuss different detection and prevention countermeasures. Our experiment shows that sensitive data can be covertly leaked via the status LEDs of switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per LED

Biometric presentation attack detection: beyond the visible spectrum

The increased need for unattended authentication in multiple scenarios has motivated a wide deployment of biometric systems in the last few years. This has in turn led to the disclosure of security concerns specifically related to biometric systems. Among them, presentation attacks (PAs, i.e., attempts to log into the system with a fake biometric characteristic or presentation attack instrument) pose a severe threat to the security of the system: any person could eventually fabricate or order a gummy finger or face mask to impersonate someone else. In this context, we present a novel fingerprint presentation attack detection (PAD) scheme based on i) a new capture device able to acquire images within the short wave infrared (SWIR) spectrum, and i i) an in-depth analysis of several state-of-theart techniques based on both handcrafted and deep learning features. The approach is evaluated on a database comprising over 4700 samples, stemming from 562 different subjects and 35 different presentation attack instrument (PAI) species. The results show the soundness of the proposed approach with a detection equal error rate (D-EER) as low as 1.35% even in a realistic scenario where five different PAI species are considered only for testing purposes (i.e., unknown attacks