CyberCraft: Protecting Electronic Systems with Lightweight Agents

The United States military is seeking new and innovative methods for securing and maintaining its computing and network resources locally and world-wide. This document presents a work-in-progress research thrust toward building a system capable of meeting many of the US military’s network security and sustainment requirements. The system is based on a Distributed Multi-Agent System (DMAS), that is secure, small, and scalable to the large networks found in the military. It relies on a staged agent architecture capable of dynamic configuration to support changing mission environments. These agents are combined into Hierarchical Peer-to-Peer (HP2P) networks to provide scalable solutions. They employ Public Key Infrastructure (PKI) communications (with digital signatures), and support trust chain management concepts. This document, a work-in-progress, presents the motivation and current challenges in choosing a network communications architecture capable of supporting one million or more agents in a DMAS

A NOVEL LINEAR DIOPHANTINE EQUATION-BAESD LOW DIAMETER STRUCTURED PEER-TO-PEER NETWORK

This research focuses on introducing a novel concept to design a scalable, hierarchical interest-based overlay Peer-to-Peer (P2P) system. We have used Linear Diophantine Equation (LDE) as the mathematical base to realize the architecture. Note that all existing structured approaches use Distributed Hash Tables (DHT) and Secure Hash Algorithm (SHA) to realize their architectures. Use of LDE in designing P2P architecture is a completely new idea; it does not exist in the literature to the best of our knowledge. We have shown how the proposed LDE-based architecture outperforms some of the most well established existing architecture. We have proposed multiple effective data query algorithms considering different circumstances, and their time complexities are bounded by (2+ r/2) only; r is the number of distinct resources. Our alternative lookup scheme needs only constant number of overlay hops and constant number of message exchanges that can outperform DHT-based P2P systems. Moreover, in our architecture, peers are able to possess multiple distinct resources. A convincing solution to handle the problem of churn has been offered. We have shown that our presented approach performs lookup queries efficiently and consistently even in presence of churn. In addition, we have shown that our design is resilient to fault tolerance in the event of peers crashing and leaving. Furthermore, we have proposed two algorithms to response to one of the principal requests of P2P applications’ users, which is to preserve the anonymity and security of the resource requester and the responder while providing the same light-weighted data lookup

Using Covert Means to Establish Cybercraft Command and Control

With the increase in speed and availability of computers, our nation\u27s computer and information systems are being attacked with increased sophistication. The Air Force Research Laboratory (AFRL) Information Directorate (RI) is researching a next generation network defense architecture, called Cybercraft, that provides automated and trusted cyber defense capabilities for AF network assets. This research we consider the issues to protect or obfuscate command and control aspects of Cybercraft. In particular, we present a methodology to hide aspects of Cybercraft platform initialization in context to formation of hierarchical, peer-to-peer groups that collectively form the Cybercraft network. Because malicious code networks (known as botnets) currently manifest many properties of obfuscating command and control sequencing, we evaluate and consider our proposed methodology in light of leading bot detection algorithms. This research subjects Bothunter to a series of tests to validate these claims. We use a leading bot detection utility, Bothunter, and an ARP validation tool, XArp, to build a case for the effectiveness of our approach. We present three scenarios that correlate to how we believe Cybercraft platforms integrate in the future and consider stealthiness in terms of these representative tools. Our research gives emphasis on measurable hiding related to the Cybercraft initialization sequence, and we show how common network protocols such as ARP, HTTP, and DNS may be modified to carry C2 commands while evading common detection methods found in current tools

Enabling technologies for decentralized interpersonal communication

In the recent years the Internet users have witnessed the emergence of Peer-to-Peer (P2P) technologies and applications. One class of P2P applications is comprised of applications that are targeted for interpersonal communication. The communication applications that utilize P2P technologies are referred to as decentralized interpersonal communication applications. Such applications are decentralized in a sense that they do not require assistance from centralized servers for setting up multimedia sessions between users. The invention of Distributed Hash Table (DHT) algorithms has been an important, but not an inclusive enabler for decentralized interpersonal communication. Even though the DHTs provide a basic foundation for decentralization, there are still a number of challenges without viable technological solutions. The main contribution of this thesis is to propose technological solutions to a subset of the existing challenges. In addition, this thesis also presents the preliminary work for the technological solutions. There are two parts in the preliminary work. In the first part, a set of DHT algorithms are evaluated from the viewpoint of decentralized interpersonal communication, and the second part gives a coherent presentation of the challenges that a decentralized interpersonal communication application is going to encounter in mobile networks. The technological solution proposals contain two architectures and two algorithms. The first architecture enables an interconnection between a decentralized and a centralized communication network, and the second architecture enables the decentralization of a set of legacy applications. The first algorithm is a load balancing algorithm that enables good scalability, and the second algorithm is a search algorithm that enables arbitrary searches. The algorithms can be used, for example, in DHT-based networks. Even though this thesis has focused on the decentralized interpersonal communication, some of the proposed technological solutions also have general applicability outside the scope of decentralized interpersonal communication

Enabling technologies for decentralized interpersonal communication

In the recent years the Internet users have witnessed the emergence of Peer-to-Peer (P2P) technologies and applications. One class of P2P applications is comprised of applications that are targeted for interpersonal communication. The communication applications that utilize P2P technologies are referred to as decentralized interpersonal communication applications. Such applications are decentralized in a sense that they do not require assistance from centralized servers for setting up multimedia sessions between users. The invention of Distributed Hash Table (DHT) algorithms has been an important, but not an inclusive enabler for decentralized interpersonal communication. Even though the DHTs provide a basic foundation for decentralization, there are still a number of challenges without viable technological solutions. The main contribution of this thesis is to propose technological solutions to a subset of the existing challenges. In addition, this thesis also presents the preliminary work for the technological solutions. There are two parts in the preliminary work. In the first part, a set of DHT algorithms are evaluated from the viewpoint of decentralized interpersonal communication, and the second part gives a coherent presentation of the challenges that a decentralized interpersonal communication application is going to encounter in mobile networks. The technological solution proposals contain two architectures and two algorithms. The first architecture enables an interconnection between a decentralized and a centralized communication network, and the second architecture enables the decentralization of a set of legacy applications. The first algorithm is a load balancing algorithm that enables good scalability, and the second algorithm is a search algorithm that enables arbitrary searches. The algorithms can be used, for example, in DHT-based networks. Even though this thesis has focused on the decentralized interpersonal communication, some of the proposed technological solutions also have general applicability outside the scope of decentralized interpersonal communication