34 research outputs found
A privacy preserving framework for cyber-physical systems and its integration in real world applications
A cyber-physical system (CPS) comprises of a network of processing and communication capable sensors and actuators that are pervasively embedded in the physical world. These intelligent computing elements achieve the tight combination and coordination between the logic processing and physical resources. It is envisioned that CPS will have great economic and societal impact, and alter the qualify of life like what Internet has done. This dissertation focuses on the privacy issues in current and future CPS applications. as thousands of the intelligent devices are deeply embedded in human societies, the system operations may potentially disclose the sensitive information if no privacy preserving mechanism is designed. This dissertation identifies data privacy and location privacy as the representatives to investigate the privacy problems in CPS. The data content privacy infringement occurs if the adversary can determine or partially determine the meaning of the transmitted data or the data stored in the storage. The location privacy, on the other hand, is the secrecy that a certain sensed object is associated to a specific location, the disclosure of which may endanger the sensed object. The location privacy may be compromised by the adversary through hop-by-hop traceback along the reverse direction of the message routing path. This dissertation proposes a public key based access control scheme to protect the data content privacy. Recent advances in efficient public key schemes, such as ECC, have already shown the feasibility to use public key schemes on low power devices including sensor motes. In this dissertation, an efficient public key security primitives, WM-ECC, has been implemented for TelosB and MICAz, the two major hardware platform in current sensor networks. WM-ECC achieves the best performance among the academic implementations. Based on WM-ECC, this dissertation has designed various security schemes, including pairwise key establishment, user access control and false data filtering mechanism, to protect the data content privacy. The experiments presented in this dissertation have shown that the proposed schemes are practical for real world applications. to protect the location privacy, this dissertation has considered two adversary models. For the first model in which an adversary has limited radio detection capability, the privacy-aware routing schemes are designed to slow down the adversary\u27s traceback progress. Through theoretical analysis, this dissertation shows how to maximize the adversary\u27s traceback time given a power consumption budget for message routing. Based on the theoretical results, this dissertation also proposes a simple and practical weighted random stride (WRS) routing scheme. The second model assumes a more powerful adversary that is able to monitor all radio communications in the network. This dissertation proposes a random schedule scheme in which each node transmits at a certain time slot in a period so that the adversary would not be able to profile the difference in communication patterns among all the nodes. Finally, this dissertation integrates the proposed privacy preserving framework into Snoogle, a sensor nodes based search engine for the physical world. Snoogle allows people to search for the physical objects in their vicinity. The previously proposed privacy preserving schemes are applied in the application to achieve the flexible and resilient privacy preserving capabilities. In addition to security and privacy, Snoogle also incorporates a number of energy saving and communication compression techniques that are carefully designed for systems composed of low-cost, low-power embedded devices. The evaluation study comprises of the real world experiments on a prototype Snoogle system and the scalability simulations
A Review on Security Attacks in Vehicular Ad hoc Network
Whenever a communication takes place between two or more vehicles there has been a need for protection. The attacker can gain access to the network by compromising either the vehicle or road side unit or the communication medium that transfers the messages between vehicles. Vehicular Ad hoc Network (VANET) have motivated the interest towards the passenger comfort and secure driving environment. However, the open-wide communication becomes a tedious challenge for VANET organization. Because of the wireless self-structured background, VANET are prone to many attackers. In this paper, we are focusing on security issues like DoS, Sybil, DDoS, jamming and flooding attacks as well as techniques like TESLA which causes harm to VANET and also security countermeasures like digital signature which are used to prevent the mentioned security issues that alleviate VANET
Adaptive Response System for Distributed Denial-of-Service Attacks
The continued prevalence and severe damaging effects of the Distributed Denial of Service (DDoS)
attacks in today’s Internet raise growing security concerns and call for an immediate response to come
up with better solutions to tackle DDoS attacks. The current DDoS prevention mechanisms are usually
inflexible and determined attackers with knowledge of these mechanisms, could work around them.
Most existing detection and response mechanisms are standalone systems which do not rely on
adaptive updates to mitigate attacks. As different responses vary in their “leniency” in treating
detected attack traffic, there is a need for an Adaptive Response System.
We designed and implemented our DDoS Adaptive ResponsE (DARE) System, which is a
distributed DDoS mitigation system capable of executing appropriate detection and mitigation
responses automatically and adaptively according to the attacks. It supports easy integrations for both
signature-based and anomaly-based detection modules. Additionally, the design of DARE’s individual
components takes into consideration the strengths and weaknesses of existing defence mechanisms,
and the characteristics and possible future mutations of DDoS attacks. These components consist of an
Enhanced TCP SYN Attack Detector and Bloom-based Filter, a DDoS Flooding Attack Detector and
Flow Identifier, and a Non Intrusive IP Traceback mechanism. The components work together
interactively to adapt the detections and responses in accordance to the attack types. Experiments
conducted on DARE show that the attack detection and mitigation are successfully completed within
seconds, with about 60% to 86% of the attack traffic being dropped, while availability for legitimate
and new legitimate requests is maintained. DARE is able to detect and trigger appropriate responses in
accordance to the attacks being launched with high accuracy, effectiveness and efficiency.
We also designed and implemented a Traffic Redirection Attack Protection System (TRAPS), a
stand-alone DDoS attack detection and mitigation system for IPv6 networks. In TRAPS, the victim
under attack verifies the authenticity of the source by performing virtual relocations to differentiate the
legitimate traffic from the attack traffic. TRAPS requires minimal deployment effort and does not
require modifications to the Internet infrastructure due to its incorporation of the Mobile IPv6
protocol. Experiments to test the feasibility of TRAPS were carried out in a testbed environment to
verify that it would work with the existing Mobile IPv6 implementation. It was observed that the
operations of each module were functioning correctly and TRAPS was able to successfully mitigate an
attack launched with spoofed source IP addresses
Wide spectrum attribution: Using deception for attribution intelligence in cyber attacks
Modern cyber attacks have evolved considerably. The skill level required to conduct
a cyber attack is low. Computing power is cheap, targets are diverse and plentiful.
Point-and-click crimeware kits are widely circulated in the underground economy, while
source code for sophisticated malware such as Stuxnet is available for all to download
and repurpose. Despite decades of research into defensive techniques, such as firewalls,
intrusion detection systems, anti-virus, code auditing, etc, the quantity of successful
cyber attacks continues to increase, as does the number of vulnerabilities identified.
Measures to identify perpetrators, known as attribution, have existed for as long as there
have been cyber attacks. The most actively researched technical attribution techniques
involve the marking and logging of network packets. These techniques are performed
by network devices along the packet journey, which most often requires modification of
existing router hardware and/or software, or the inclusion of additional devices. These
modifications require wide-scale infrastructure changes that are not only complex and
costly, but invoke legal, ethical and governance issues. The usefulness of these techniques
is also often questioned, as attack actors use multiple stepping stones, often innocent
systems that have been compromised, to mask the true source. As such, this thesis
identifies that no publicly known previous work has been deployed on a wide-scale basis
in the Internet infrastructure.
This research investigates the use of an often overlooked tool for attribution: cyber de-
ception. The main contribution of this work is a significant advancement in the field of
deception and honeypots as technical attribution techniques. Specifically, the design and
implementation of two novel honeypot approaches; i) Deception Inside Credential Engine
(DICE), that uses policy and honeytokens to identify adversaries returning from different
origins and ii) Adaptive Honeynet Framework (AHFW), an introspection and adaptive
honeynet framework that uses actor-dependent triggers to modify the honeynet envi-
ronment, to engage the adversary, increasing the quantity and diversity of interactions.
The two approaches are based on a systematic review of the technical attribution litera-
ture that was used to derive a set of requirements for honeypots as technical attribution
techniques. Both approaches lead the way for further research in this field
Design Optimization and Security For Communication Networks
In this work we introduce a new mathematical tool for optimization
of routes, topology design, and energy efficiency in wireless
sensor networks. We introduce a vector field formulation that
models communication in the network, and routing is performed in
the direction of this vector field at every location of the
network. The magnitude of the vector field at every location
represents the density of amount of data that is being transited
through that location. We define the total communication cost in
the network as the integral of a quadratic form of the vector
field over the network area.
With the above formulation, we introduce a mathematical machinery
based on partial differential equations very similar to the
Maxwell's equations in electrostatic theory. We show that in order
to minimize the cost, the routes should be found based on the
solution of these partial differential equations. In our
formulation, the sensors are sources of information, and they are
similar to the positive charges in electrostatics, the
destinations are sinks of information and they are similar to
negative charges, and the network is similar to a non-homogeneous
dielectric media with variable dielectric constant (or
permittivity coefficient).
In one of the applications of our mathematical model based on the
vector fields, we offer a scheme for energy efficient routing. Our
routing scheme is based on changing the permittivity coefficient
to a higher value in the places of the network where nodes have
high residual energy, and setting it to a low value in the places
of the network where the nodes do not have much energy left. Our
simulations show that our method gives a significant increase in
the network life compared to the shortest
path and weighted shortest path schemes.
Our initial focus is on the case where there is only one
destination in the network, and later we extend our approach to
the case where there are multiple destinations in the network. In
the case of having multiple destinations, we need to partition the
network into several areas known as regions of attraction of the
destinations. Each destination is responsible for collecting all
messages being generated in its region of attraction. The
complexity of the optimization problem in this case is how to
define regions of attraction for the destinations and how much
communication load to assign to each destination to optimize the
performance of the network. We use our vector field model to solve
the optimization problem for this case. We define a vector field,
which is conservative, and hence it can be written as the gradient
of a scalar field (also known as a potential field). Then we show
that in the optimal assignment of the communication load of the
network to the destinations, the value of that potential field
should be equal
at the locations of all the destinations.
Another application of our vector field model is to find the
optimal locations of the destinations in the network. We show that
the vector field gives the gradient of the cost function with
respect to the locations of the destinations. Based on this fact,
we suggest an algorithm to be applied during the design phase of a
network to relocate the destinations for reducing the
communication cost function. The performance of our proposed
schemes is confirmed by several examples and simulation
experiments.
In another part of this work we focus on the notions of
responsiveness and conformance of TCP traffic in communication
networks. We introduce the notion of responsiveness for TCP
aggregates and define it as the degree to which a TCP aggregate
reduces its sending rate to the network as a response to packet
drops. We define metrics that describe the responsiveness of TCP
aggregates, and suggest two methods for determining the values of
these quantities. The first method is based on a test in which we
drop a few packets from the aggregate intentionally and measure
the resulting rate decrease of that aggregate. This kind of test
is not robust to multiple simultaneous tests performed at
different routers. We make the test robust to multiple
simultaneous tests by using ideas from the CDMA approach to
multiple access channels in communication theory. Based on this
approach, we introduce tests of responsiveness for aggregates, and
call it CDMA based Aggregate Perturbation Method (CAPM). We use
CAPM to perform congestion control. A distinguishing feature of
our congestion control scheme is that it maintains a
degree of fairness among different aggregates.
In the next step we modify CAPM to offer methods for estimating
the proportion of an aggregate of TCP traffic that does not
conform to protocol specifications, and hence may belong to a DDoS
attack. Our methods work by intentionally perturbing the aggregate
by dropping a very small number of packets from it and observing
the response of the aggregate. We offer two methods for
conformance testing. In the first method, we apply the
perturbation tests to SYN packets being sent at the start of the
TCP 3-way handshake, and we use the fact that the rate of ACK
packets being exchanged in the handshake should follow the rate of
perturbations. In the second method, we apply the perturbation
tests to the TCP data packets and use the fact that the rate of
retransmitted data packets should follow the rate of
perturbations. In both methods, we use signature based
perturbations, which means packet drops are performed with a rate
given by a function of time. We use analogy of our problem with
multiple access communication to find signatures. Specifically, we
assign orthogonal CDMA based signatures to different routers in a
distributed implementation of our methods. As a result of
orthogonality, the performance does not degrade because of cross
interference made by simultaneously testing routers. We have shown
efficacy of our methods through mathematical analysis and
extensive simulation
experiments
Message traceback systems dancing with the devil
The research community has produced a great deal of work in recent years in the areas of IP, layer 2 and connection-chain traceback. We collectively designate these as message traceback systems which, invariably aim to locate the origin of network data, in spite of any alterations effected to that data (whether legitimately or fraudulently). This thesis provides a unifying definition of spoofing and a classification based on this which aims to encompass all streams of message traceback research. The feasibility of this classification is established through its application to our literature review of the numerous known message traceback systems. We propose two layer 2 (L2) traceback systems, switch-SPIE and COTraSE, which adopt different approaches to logging based L2 traceback for switched ethernet. Whilst message traceback in spite of spoofing is interesting and perhaps more challenging than at first seems, one might say that it is rather academic. Logging of network data is a controversial and unpopular notion and network administrators don't want the added installation and maintenance costs. However, European Parliament Directive 2006/24/EC requires that providers of publicly available electronic communications networks retain data in a form similar to mobile telephony call records, from April 2009 and for periods of up to 2 years. This thesis identifies the relevance of work in all areas of message traceback to the European data retention legislation. In the final part of this thesis we apply our experiences with L2 traceback, together with our definitions and classification of spoofing to discuss the issues that EU data retention implementations should consider. It is possible to 'do logging right' and even safeguard user privacy. However this can only occur if we fully understand the technical challenges, requiring much further work in all areas of logging based, message traceback systems. We have no choice but to dance with the devil.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector
The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes