34,184 research outputs found
Attack monitoring and localization in an all-optical network
An All-Optical Network (AON) is a network in which data does not undergo optical-to-electrical (O-E) or electrical-to-optical (E-O) conversion within the network. Although AONs are a viable technology for future telecommunication and data networks, little attentions has been devoted to the intrinsic differences between AONs and existing existing electro-optic/electronic networks in issues of security management. Without. O-E-O conversion, many security vulnerabilities that do not exist in traditional networks are created. Transparency and non-regeneration features make attack detection and localization difficult. However, it is important to detect and localize an attack connection quickly in a transparent AON;Among all attack methods, crosstalk attack has the highest damage capabilities. Therefore, we specifically focus on crosstalk attacks in this dissertation. We show that it is possible to effectively reduce the number of monitors while still retaining all diagnostic capabilities. We make the following contributions: (1) We provide a crosstalk attack model and a monitoring model. (2) Based on these models, we prove necessary and sufficient conditions for a both one attack and more than one (i.e., k-crosstalk) attack diagnostic network. The key ideas used in our solution are to employ the status of connections as diagnostic data. (3) We develop efficient monitor placement policies, test connection setup policies, and routing policies for such a network. These conditions lead to efficient k-attack detection and diagnosis algorithms. (4) Finally, we analyze the performance of these algorithms;By these conditions and policies, we prove that the concept of a sparse monitor system for monitoring and localizing crosstalk attacks in AON is not only possible but also feasible
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
Biometric presentation attack detection: beyond the visible spectrum
The increased need for unattended authentication in
multiple scenarios has motivated a wide deployment of biometric
systems in the last few years. This has in turn led to the
disclosure of security concerns specifically related to biometric
systems. Among them, presentation attacks (PAs, i.e., attempts
to log into the system with a fake biometric characteristic or
presentation attack instrument) pose a severe threat to the
security of the system: any person could eventually fabricate
or order a gummy finger or face mask to impersonate someone
else. In this context, we present a novel fingerprint presentation
attack detection (PAD) scheme based on i) a new capture device
able to acquire images within the short wave infrared (SWIR)
spectrum, and i i) an in-depth analysis of several state-of-theart
techniques based on both handcrafted and deep learning
features. The approach is evaluated on a database comprising
over 4700 samples, stemming from 562 different subjects and
35 different presentation attack instrument (PAI) species. The
results show the soundness of the proposed approach with a
detection equal error rate (D-EER) as low as 1.35% even in a
realistic scenario where five different PAI species are considered
only for testing purposes (i.e., unknown attacks
- …