"LUDO" - Kids playing Distributed Denial of Service

Distributed denial of service attacks pose a serious threat to the availability of the network infrastructures and services. GE̿ANT, the pan-European network with terabit capacities witnesses close to hundreds of DDoS attacks on a daily basis. The reason is that DDoS attacks are getting larger, more sophisticated and frequent. At the same time, it has never been easier to execute DDoS attacks, e.g., Booter services offer paying customers without any technical knowledge the possibility to perform DDoS attacks as a service. Given the increasing size, frequency and complexity of DDoS attacks, there is a need to perform a collaborative mitigation. Therefore, we developed (i) a DDoSDB to share real attack data and allow collaborators to query, compare, and download attacks, (ii) the Security attack experimentation framework to test mitigation and response capabilities and (iii) a collaborative mitigation and response process among trusted partners to disseminate security event information. In addition to these developments, we present and would like to discuss our latest research results with experienced networking operators and bridging the gap between academic research and operational business

A principled approach to measuring the IoT ecosystem

Internet of Things (IoT) devices combine network connectivity, cheap hardware, and actuation to provide new ways to interface with the world. In spite of this growth, little work has been done to measure the network properties of IoT devices. Such measurements can help to inform systems designers and security researchers of IoT networking behavior in practice to guide future research. Unfortunately, properly measuring the IoT ecosystem is not trivial. Devices may have different capabilities and behaviors, which require both active measurements and passive observation to quantify. Furthermore, the IoT devices that are connected to the public Internet may vary from those connected inside home networks, requiring both an external and internal vantage point to draw measurements from. In this thesis, we demonstrate how IoT measurements drawn from a single vantage point or mesaurement technique lead to a biased view of the network services in the IoT ecosystem. To do this, we conduct several real-world IoT measurements, drawn from both inside and outside home networks using active and passive monitoring. First, we leverage active scanning and passive observation in understanding the Mirai botnet---chiefly, we report on the devices it infected, the command and control infrastructure behind the botnet, and how the malware evolved over time. We then conduct active measurements from inside 16M home networks spanning 83M devices from 11~geographic regions to survey the IoT devices installed around the world. We demonstrate how these measurements can uncover the device types that are most at risk and the vendors who manufacture the weakest devices. We compare our measurements with passive external observation by detecting compromised scanning behavior from smart homes. We find that while passive external observation can drive insight about compromised networks, it offers little by way of concrete device attribution. We next compare our results from active external scanning with active internal scanning and show how relying solely on external scanning for IoT measurements under-reports security important IoT protocols, potentially skewing the services investigated by the security community. Finally, we conduct passive measurements of 275~smart home networks to investigate IoT behavior. We find that IoT device behavior varies by type and devices regularly communicate over a myriad of bespoke ports, in many cases to speak standard protocols (e.g., HTTP). Finally, we observe that devices regularly offer active services (e.g., Telnet, rpcbind) that are rarely, if ever, used in actual communication, demonstrating the need for both active and passive measurements to properly compare device capabilities and behaviors. Our results highlight the need for a confluence of measurement perspectives to comprehensively understand IoT ecosystem. We conclude with recommendations for future measurements of IoT devices as well as directions for the systems and security community informed by our work

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

A Novel Zero-Trust Framework to Secure IoT Communications

The phenomenal growth of the Internet of Things (IoT) has highlighted the security and privacy concerns associated with these devices. The research literature on the security architectures of IoT makes evident that we need to define and formalize a framework to secure the communications among these devices. To do so, it is important to focus on a zero-trust framework that will work on the principle premise of ``trust no one, verify everyone'' for every request and response. In this thesis, we emphasize the need for such a framework and propose a zero-trust communication model that addresses security and privacy concerns of devices with no operating system or with a real-time operating system. The framework provides an end-to-end security framework for users and devices to communicate with each other privately. A common concern is how to implement high-end encryption algorithm within the limited resources of an IoT device. We demonstrated that by offloading the data and process heavy operation like audit management to the gateway we were able to overcome this limitation. We built a temperature and humidity sensor and were able to implement the framework and successfully evaluate and document its efficient operations. We defined four areas for evaluation and validation, namely, security of communications, memory utilization of the device, response time of operations, and cost of its implementation, and for each, we defined a threshold to evaluate and validate our findings. The results are satisfactory and are documented

Bowdoin Orient v.99, no.1-22 (1969-1970)

https://digitalcommons.bowdoin.edu/bowdoinorient-1970s/1000/thumbnail.jp