Towards Loop-Free Forwarding of Anonymous Internet Datagrams that Enforce Provenance

The way in which addressing and forwarding are implemented in the Internet constitutes one of its biggest privacy and security challenges. The fact that source addresses in Internet datagrams cannot be trusted makes the IP Internet inherently vulnerable to DoS and DDoS attacks. The Internet forwarding plane is open to attacks to the privacy of datagram sources, because source addresses in Internet datagrams have global scope. The fact an Internet datagrams are forwarded based solely on the destination addresses stated in datagram headers and the next hops stored in the forwarding information bases (FIB) of relaying routers allows Internet datagrams to traverse loops, which wastes resources and leaves the Internet open to further attacks. We introduce PEAR (Provenance Enforcement through Addressing and Routing), a new approach for addressing and forwarding of Internet datagrams that enables anonymous forwarding of Internet datagrams, eliminates many of the existing DDoS attacks on the IP Internet, and prevents Internet datagrams from looping, even in the presence of routing-table loops.Comment: Proceedings of IEEE Globecom 2016, 4-8 December 2016, Washington, D.C., US

Identifying attack surfaces in the evolving space industry using reference architectures

The space environment is currently undergoing a substantial change and many new entrants to the market are deploying devices, satellites and systems in space; this evolution has been termed as NewSpace. The change is complicated by technological developments such as deploying machine learning based autonomous space systems and the Internet of Space Things (IoST). In the IoST, space systems will rely on satellite-to-x communication and interactions with wider aspects of the ground segment to a greater degree than existing systems. Such developments will inevitably lead to a change in the cyber security threat landscape of space systems. Inevitably, there will be a greater number of attack vectors for adversaries to exploit, and previously infeasible threats can be realised, and thus require mitigation. In this paper, we present a reference architecture (RA) that can be used to abstractly model in situ applications of this new space landscape. The RA specifies high-level system components and their interactions. By instantiating the RA for two scenarios we demonstrate how to analyse the attack surface using attack trees

‘The Others’: Gender and Conscientious Objection in the First World War

In a time when ‘if one was born a male, one became a soldier’, what does it mean to be a man who refuses to fight? This article uses Connell’s framework of ‘hegemonic masculinity’ to locate conscientious objectors’ male identities as a suppressed, subaltern manliness that deviated from the dominant norm of martial masculinity. It argues that despite rejecting many aspects of this norm, objectors nonetheless articulated their counter-hegemonic struggle in starkly militarised language, presenting themselves as heroes sacrificing their lives for the greater good. It suggests that in order to understand, rather than merely judge, this strategy, it is important to see masculinity not as a completely discrete field of struggle, but as one of many mutually constitutive structuring principles underpinning a social order that is arranged not merely along patriarchal lines, but along lines of nation and class. In turn, these other principles impose limits on the nature of and possibilities for counter-hegemonic struggle

A Secure PLAN (Extended Version)

Active networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. We describe the design and implementation of a security architecture for the active network PLANet (Hicks et al., 1999). Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN (Hicks et al., 1998), with an environment of general-purpose service routines governed by trust management (Blaze et al., 1996). In particular, we employ a technique which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets

Rapid Response Command and Control (R2C2): a systems engineering analysis of scaleable communications for Regional Combatant Commanders

Includes supplementary materialDisaster relief operations, such as the 2005 Tsunami and Hurricane Katrina, and wartime operations, such as Operation Enduring Freedom and Operation Iraqi Freedom, have identified the need for a standardized command and control system interoperable among Joint, Coalition, and Interagency entities. The Systems Engineering Analysis Cohort 9 (SEA-9) Rapid Response Command and Control (R2C2) integrated project team completed a systems engineering (SE) process to address the military’s command and control capability gap. During the process, the R2C2 team conducted mission analysis, generated requirements, developed and modeled architectures, and analyzed and compared current operational systems versus the team’s R2C2 system. The R2C2 system provided a reachback capability to the Regional Combatant Commander’s (RCC) headquarters, a local communications network for situational assessments, and Internet access for civilian counterparts participating in Humanitarian Assistance/Disaster Relief operations. Because the team designed the R2C2 system to be modular, analysis concluded that the R2C2 system was the preferred method to provide the RCC with the required flexibility and scalability to deliver a rapidly deployable command and control capability to perform the range of military operations

A SYSTEMS ANALYSIS OF ENERGY USAGE AND EFFECTIVENESS OF A COUNTER-UNMANNED AERIAL SYSTEM USING A CYBER-ATTACK APPROACH

Existing counter-unmanned aerial systems (C-UAS) rely heavily on radio frequency (RF) jamming techniques that require a large amount of energy. RF jamming results in undesirable consequences such as jamming nearby friendly devices as well as increasing RF footprint of local operators. Current cybersecurity analysis of commercial-off-the shelf (COTS) UASs have revealed vulnerabilities that can be used to conduct C-UAS operations in the cyber domain via cyber-attacks that hijack device-specific communication links on narrow RF bands. This thesis validates the cyber-attack C-UAS (CyC-UAS) concept through reviewing recent C-UAS operational experimental scenarios and conducting analysis on the collected data. Then, a model of a defense facility is constructed to analyze and validate specific mission scenarios and several proposed concepts of operation. A comparison of the energy requirements between CyC-UAS and existing C-UAS techniques is performed to assess energy efficiency and trade-offs of different C-UAS approaches. The comparison of energy requirements between the CyC-UAS prototype and existing C-UAS RF jamming products shows CyC-UAS has significant energy savings while not affecting other telecommunication devices operating at the same frequencies. CyC-UAS is able to achieve the same mission by consuming much less energy and shows promise as a new, lower energy, and lower collateral damage approach to defending against UASs.Outstanding ThesisMajor, Republic of Singapore Air ForceApproved for public release. Distribution is unlimited