MUSeS: Mobile User Secured Session

International audienceMobility and security are very important services for both current and future network infrastructures. However, the integration of mobility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken application connections. In order to address this issue, we propose a new communication system called Mobile User Secured Session. Based upon a peer-to-peer overlay network, it provides security services to the application layer connections of mobile users. The secure and resilient sessions allow user connections to survive network failures as opposed to regular transport layer secured connections. We have implemented a prototype and have assessed its proper functioning by running experimentations upon a simple virtual dynamic network

Prädiktive Middleware-basierte Mobilitätsunterstützung für multikriterielle Handover

Diese Dissertation befasst sich mit Mobilitätsunterstützungen für moderne mobile Endgeräte, welche auf das Internet zugreifen sollen. Zuerst werden die zahlreichen existieren Lösungen klassifiziert, wofür Anforderungen definiert wurden, welche sich an "unbedarften Nutzern" orientieren. Es wird gezeigt, dass lediglich die Gruppe der Middleware-basierten Mobilitätsunterstützungen diese Anforderungen erfüllen kann. Da aber bislang keine Umsetzung verfügbar war, wurde die "Roaming-Enabled Architecture" (REACH) entwickelt. REACH setzt Proxyserver ein, welche als "Ankerpunkte" fungieren und die Server im Internet vor den negativen Auswirkungen von Mobilitätsereignissen abschotten. Es werden eine Vielzahl an Fragestellungen diskutiert, unter anderem "Dreiecks-Routing", die Nutzung nicht modifizierter Anwendungen, längerfristige Isolationssituationen sowie eine auf Prädiktion basierende Handoverentscheidung. Zudem beherrscht REACH "weichere vertikale Handover" sowie Kanalbündelungsszenarien.This doctoral thesis deals with mobility extensions for modern mobile devices that want to access resources of the Internet. At first, the existing approaches are classified, with requirements that were derived with focus on normal users. These users want to use their mobile devices in scenarios that involve mobility. It is shown that only the group of middleware-based solutions is able to fulfil these requirements. However, none of the existing solutions was suitable, thus the "Roaming-Enabled Architecture" (REACH) was created. REACH implements such a middleware-based approach and was designed to fulfil all requirements. It involves proxy servers that act as "anchor points" isolating the servers in the Internet from the negative effects of mobility. By connecting to multiple proxy servers at the same time, REACH is able to minimize the negative effects of "triangle routing". Furthermore, it was challenging to intercept the data streams of the unmodified applications, to apply the protection schemes of REACH. Multiple possibilities are discussed, and it is a special feature of REACH that they are all available and can be combined with each other. Long lasting isolation situations are not problematic, and REACH is the first mobility extension that is able to involve the users. Additionally, a predictive handover management scheme is presented. It is able to analyze signal strength measurements of wireless networks to predict link loss events before they actually happen. REACH is able to involve any network access technology, as long as it offers access to the Internet. "Softer handovers" are possible as well as channel bundling scenarios. The testbed already supports Ethernet, WIFI and is able to involve GPRS by accessing a cellphone that is connected via bluetooth. REACH offers a practical solution to allow Internet access in mobile environments. Tests were made in order to underline this. Therefore, REACH was already presented during multiple public demonstrations, where a diversified audience was present.Die vorliegende Dissertation befasst sich mit Mobilitätsunterstützungen für moderne mobile Endgeräte, welche auf das Internet zugreifen sollen. Um die Vielzahl der bereits verfügbaren Lösungen zu klassifizieren, werden Anforderungen definiert, welche sich an "unbedarften Nutzern" orientieren, die ihre Geräte wie gewohnt auch im mobilen Umfeld benutzen möchten. Es stellte sich heraus, dass lediglich die Gruppe der Middlewarebasierten Mobilitätsunterstützungen diese Anforderungen erfüllen kann. Da jedoch noch keine der gefundenen Lösungen dazu in der Lage war, wurde die "Roaming-Enabled Architecture" (REACH) entwickelt. REACH tritt mit der Maßgabe an, alle gestellten Anforderungen zu erfüllen. Dazu werden Proxyserver eingesetzt, welche als "Ankerpunkte" fungieren und die Server im Internet vor den negativen Auswirkungen von Mobilitätsereignissen abschotten. Werden mehrere Proxyserver gleichzeitig involviert, kann sogar den negativen Auswirkungen durch das "Dreiecks-Routing" entgegengewirkt werden. Eine große Herausforderung bestand jedoch darin, die Datenströme der nicht modifizierten Anwendungen abzufangen, damit die Sicherungsmechanismen von REACH greifen können. Dazu wird eine Vielzahl an Möglichkeiten diskutiert, wobei ein besonderes Leistungsmerkmal von REACH darin besteht, diese Mechanismen auch in Kombination anbieten zu können. So stellen beispielsweise längerfristige Isolationssituationen keine Probleme mehr für die Anwendungen dar, und es steht erstmalig eine Mobilitätsunterstützung zur Verfügung, welche in solchen Situationen auch die Benutzer mit einbeziehen kann. Weiterhin wird ein prädiktiv arbeitender Handoverentscheider vorgestellt, welcher durch Beobachtung von Signalstärkewerten drahtlos arbeitender Netzzugangstechnologien drohende Abrisse erkennen kann. REACH unterstützt prinzipiell beliebige Netzzugangstechnologien, solange diese einen Zugang zum Internet ermöglichen können, und erlaubt "weichere vertikale Handover" sowie Kanalbündelungsszenarien. So kommen im Demonstrator bereits drahtgebundenes Ethernet, drahtloses arbeitendes WLAN sowie GPRS mittels eines per Bluetooth angebundenen Mobiltelefons zum Einsatz. Der Demonstrator stellt eine praxistaugliche Mobilitätsunterstützung dar, was durch Tests belegt wird und bereits während zahlreicher praktischer Vorführungen einem breit gefächerten Publikum vorgestellt werden konnte

Standards and practices necessary to implement a successful security review program for intrusion management systems

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2002Includes bibliographical references (leaves: 84-85)Text in English; Abstract: Turkish and Englishviii, 91 leavesIntrusion Management Systems are being used to prevent the information systems from successful intrusions and their consequences. They also have detection features. They try to detect intrusions, which have passed the implemented measures. Also the recovery of the system after a successful intrusion is made by the Intrusion Management Systems. The investigation of the intrusion is made by Intrusion Management Systems also. These functions can be existent in an intrusion management system model, which has a four layers architecture. The layers of the model are avoidance, assurance, detection and recovery. At the avoidance layer necessary policies, standards and practices are implemented to prevent the information system from successful intrusions. At the avoidance layer, the effectiveness of implemented measures are measured by some test and reviews. At the detection layer the identification of an intrusion or intrusion attempt is made in the real time. The recovery layer is responsible from restoring the information system after a successful intrusion. It has also functions to investigate the intrusion. Intrusion Management Systems are used to protect information and computer assets from intrusions. An organization aiming to protect its assets must use such a system. After the implementation of the system, continuous reviews must be conducted in order to ensure the effectiveness of the measures taken. Such a review can achieve its goal by using principles and standards. In this thesis, the principles necessary to implement a successful review program for Intrusion Management Systems have been developed in the guidance of Generally Accepted System Security Principles (GASSP). These example principles are developed for tools of each Intrusion Management System layer. These tools are firewalls for avoidance layer, vulnerability scanners for assurance layer, intrusion detection systems for detection layer and integrity checkers for recovery layer of Intrusion Management Systems

Practical Analysis of Encrypted Network Traffic

The growing use of encryption in network communications is an undoubted boon for user privacy. However, the limitations of real-world encryption schemes are still not well understood, and new side-channel attacks against encrypted communications are disclosed every year. Furthermore, encrypted network communications, by preventing inspection of packet contents, represent a significant challenge from a network security perspective: our existing infrastructure relies on such inspection for threat detection. Both problems are exacerbated by the increasing prevalence of encrypted traffic: recent estimates suggest that 65% or more of downstream Internet traffic will be encrypted by the end of 2016. This work addresses these problems by expanding our understanding of the properties and characteristics of encrypted network traffic and exploring new, specialized techniques for the handling of encrypted traffic by network monitoring systems. We first demonstrate that opaque traffic, of which encrypted traffic is a subset, can be identified in real-time and how this ability can be leveraged to improve the capabilities of existing IDS systems. To do so, we evaluate and compare multiple methods for rapid identification of opaque packets, ultimately pinpointing a simple hypothesis test (which can be implemented on an FPGA) as an efficient and effective detector of such traffic. In our experiments, using this technique to “winnow”, or filter, opaque packets from the traffic load presented to an IDS system significantly increased the throughput of the system, allowing the identification of many more potential threats than the same system without winnowing. Second, we show that side channels in encrypted VoIP traffic enable the reconstruction of approximate transcripts of conversations. Our approach leverages techniques from linguistics, machine learning, natural language processing, and machine translation to accomplish this task despite the limited information leaked by such side channels. Our ability to do so underscores both the potential threat to user privacy which such side channels represent and the degree to which this threat has been underestimated. Finally, we propose and demonstrate the effectiveness of a new paradigm for identifying HTTP resources retrieved over encrypted connections. Our experiments demonstrate how the predominant paradigm from prior work fails to accurately represent real-world situations and how our proposed approach offers significant advantages, including the ability to infer partial information, in comparison. We believe these results represent both an enhanced threat to user privacy and an opportunity for network monitors and analysts to improve their own capabilities with respect to encrypted traffic.Doctor of Philosoph

Розробка та реалізація мережних протоколів. Навчальний посібник

Розробка та реалізація мережних протоколів важлива частина сучасної галузі знань, що необхідна для актуального забезпечення взаємозв’язку рівнів та різних технологій будь-якої локальної і глобальної мереж. Мережеві протоколи базуються на міжнародних стандартах, що забезпечують якісну взаємодію різних інноваційних технологій та різних елементів мережі. Вони складають семирівневу структуру, яка здійснює забезпечення вирішення інженерно-технічних питань та потребує постійно оновлювати, вдосконалювати та розробки нових протоколів, як правила взаємодії всіх складових глобальної мережі. Розробка та реалізація мережних протоколів потребує постійного розвитку та вдосконалення для надання абонентам високонадійних видів послуг з високошвидкісною передачею даних.The development and implementation of network protocols is an important part of the modern field of knowledge that is necessary for the actual interconnection of levels and different technologies of any local and global networks. Network protocols are based on international standards that ensure high-quality interaction of various innovative technologies and various network elements. They form a seven-tier structure that provides solutions to engineering and technical issues and requires constant updating, improvement and development of new protocols, as rules of interaction of all components of the global network. The development and implementation of network protocols requires constant development and improvement to provide subscribers with highly reliable types of services with high-speed data transmission.Разработка и реализация сетевых протоколов важная часть современной отрасли знаний, которая необходима для актуального обеспечения взаимосвязи уровней и различных технологий любой локальной и глобальной сетей. Сетевые протоколы базируются на международных стандартах, обеспечивающих качественное взаимодействие различных инновационных технологий и различных элементов сети. Они составляют семиступенчатая структуру, которая осуществляет обеспечение решения инженерно-технических вопросов и требует постоянно обновлять, совершенствовать и разрабатывать новые протоколы, как правила взаимодействия всех составляющих глобальной сети. Разработка и реализация сетевых протоколов требует постоянного развития и совершенствования для предоставления абонентам высоконадежных видов услуг по высокоскоростной передачей данных

Preemptive mobile code protection using spy agents

This thesis introduces 'spy agents' as a new security paradigm for evaluating trust in remote hosts in mobile code scenarios. In this security paradigm, a spy agent, i.e. a mobile agent which circulates amongst a number of remote hosts, can employ a variety of techniques in order to both appear 'normal' and suggest to a malicious host that it can 'misuse' the agent's data or code without being held accountable. A framework for the operation and deployment of such spy agents is described. Subsequently, a number of aspects of the operation of such agents within this framework are analysed in greater detail. The set of spy agent routes needs to be constructed in a manner that enables hosts to be identified from a set of detectable agent-specific outcomes. The construction of route sets that both reduce the probability of spy agent detection and support identification of the origin of a malicious act is analysed in the context of combinatorial group testing theory. Solutions to the route set design problem are proposed. A number of spy agent application scenarios are introduced and analysed, including: a) the implementation of a mobile code email honeypot system for identifying email privacy infringers, b) the design of sets of agent routes that enable malicious host detection even when hosts collude, and c) the evaluation of the credibility of host classification results in the presence of inconsistent host behaviour. Spy agents can be used in a wide range of applications, and it appears that each application creates challenging new research problems, notably in the design of appropriate agent route sets

Cybercrime precursors: towards a model of offender resources

This thesis applies Ekblom and Tilley’s concept of offender resources to the study of criminal behaviour on the Internet. Offender predispositions are influenced by situational, that is the environmental incentives to commit crime. This thesis employs non-participation observation of online communities involved in activities linked to malicious forms of software. Actual online conversations are reproduced, providing rich ethnographic detail of activities that have taken place between 2008 and 2012 from eight discussion forums where malicious software and cases of hacking are openly discussed among actors. A purposeful sample of key frontline cybercrime responders (N=12) were interviewed about crimeware and their views of the activity observed in the discussion forums. Based on the empirical data, this thesis tests a number of criminological theories and assesses their relative compatibility with social interactions occurring in various online forum sites frequented by persons interested in the formation and use of malicious code. The thesis illustrates three conceptual frameworks of offender resources, based on different criminological theories. The first model ties ‘offender resources’ to the actual offender, suggesting that certain malicious software and its associated activities derive from the decisions, knowledge and abilities of the individual agent. The second model submits that ‘offender resources’ should be viewed more as a pathway leading to offending behaviour that must be instilled and then indoctrinated over a length of time through social interaction with other offenders. The third model emphasises the complex relationships that constitute or interconnect with ‘offender resources’ such as the nexus of relevant social groups and institutions in society. These include the Internet security industry, the law, and organised crime. Cybercrime is facilitated by crimeware, a specific type of computer software, and a focus on this element can help better understand how cybercrime evolves