30 research outputs found

    Strengthening the security of cognitive packet networks

    Get PDF
    Route selection in cognitive packet networks (CPNs) occurs continuously for active flows and is driven by the users' choice of a quality of service (QoS) goal. Because routing occurs concurrently to packet forwarding, CPN flows are able to better deal with unexpected variations in network status, while still achieving the desired QoS. Random neural networks (RNNs) play a key role in CPN routing and are responsible to the next-hop decision making of CPN packets. By using reinforcement learning, RNNs' weights are continuously updated based on expected QoS goals and information that is collected by packets as they travel on the network experiencing the current network conditions. CPN's QoS performance had been extensively investigated for a variety of operating conditions. Its dynamic and self-adaptive properties make them suitable for withstanding availability attacks, such as those caused by worm propagation and denial-of-service attacks. However, security weaknesses related to confidentiality and integrity attacks have not been previously examined. Here, we look at related network security threats and propose mechanisms that could enhance the resilience of CPN to confidentiality, integrity and availability attacks

    Security Hazards when Law is Code.

    Full text link
    As software continues to eat the world, there is an increasing pressure to automate every aspect of society, from self-driving cars, to algorithmic trading on the stock market. As this pressure manifests into software implementations of everything, there are security concerns to be addressed across many areas. But are there some domains and fields that are distinctly susceptible to attacks, making them difficult to secure? My dissertation argues that one domain in particular—public policy and law— is inherently difficult to automate securely using computers. This is in large part because law and policy are written in a manner that expects them to be flexibly interpreted to be fair or just. Traditionally, this interpreting is done by judges and regulators who are capable of understanding the intent of the laws they are enforcing. However, when these laws are instead written in code, and interpreted by a machine, this capability to understand goes away. Because they blindly fol- low written rules, computers can be tricked to perform actions counter to their intended behavior. This dissertation covers three case studies of law and policy being implemented in code and security vulnerabilities that they introduce in practice. The first study analyzes the security of a previously deployed Internet voting system, showing how attackers could change the outcome of elections carried out online. The second study looks at airport security, investigating how full-body scanners can be defeated in practice, allowing attackers to conceal contraband such as weapons or high explosives past airport checkpoints. Finally, this dissertation also studies how an Internet censorship system such as China’s Great Firewall can be circumvented by techniques that exploit the methods employed by the censors themselves. To address these concerns of securing software implementations of law, a hybrid human-computer approach can be used. In addition, systems should be designed to allow for attacks or mistakes to be retroactively undone or inspected by human auditors. By combining the strengths of computers (speed and cost) and humans (ability to interpret and understand), systems can be made more secure and more efficient than a method employing either alone.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120795/1/ewust_1.pd

    Practical Encryption Gateways to Integrate Legacy Industrial Machinery

    Get PDF
    Future industrial networks will consist of a mixture of old and new components, due to the very long life-cycles of industrial machines on the one hand and the need to change in the face of trends like Industry 4.0 or the industrial Internet of things on the other. These networks will be very heterogeneous and will serve legacy as well as new use cases in parallel. This will result in an increased demand for network security and precisely within this domain, this thesis tries to answer one specific question: how to make it possible for legacy industrial machines to run securely in those future heterogeneous industrial networks. The need for such a solution arises from the fact, that legacy machines are very outdated and hence vulnerable systems, when assessing them from an IT security standpoint. For various reasons, they cannot be easily replaced or upgraded and with the opening up of industrial networks to the Internet, they become prime attack targets. The only way to provide security for them, is by protecting their network traffic. The concept of encryption gateways forms the basis of our solution. These are special network devices, that are put between the legacy machine and the network. The gateways encrypt data traffic from the machine before it is put on the network and decrypt traffic coming from the network accordingly. This results in a separation of the machine from the network by virtue of only decrypting and passing through traffic from other authenticated gateways. In effect, they protect communication data in transit and shield the legacy machines from potential attackers within the rest of the network, while at the same time retaining their functionality. Additionally, through the specific placement of gateways inside the network, fine-grained security policies become possible. This approach can reduce the attack surface of the industrial network as a whole considerably. As a concept, this idea is straight forward and not new. Yet, the devil is in the details and no solution specifically tailored to the needs of the industrial environment and its legacy components existed prior to this work. Therefore, we present in this thesis concrete building blocks in the direction of a generally applicable encryption gateway solution that allows to securely integrate legacy industrial machinery and respects industrial requirements. This not only entails works in the direction of network security, but also includes works in the direction of guaranteeing the availability of the communication links that are protected by the gateways, works to simplify the usability of the gateways as well as the management of industrial data flows by the gateways

    The Cooperative Defense Overlay Network: A Collaborative Automated Threat Information Sharing Framework for a Safer Internet

    Get PDF
    With the ever-growing proliferation of hardware and software-based computer security exploits and the increasing power and prominence of distributed attacks, network and system administrators are often forced to make a difficult decision: expend tremendous resources on defense from sophisticated and continually evolving attacks from an increasingly dangerous Internet with varying levels of success; or expend fewer resources on defending against common attacks on "low hanging fruit," hoping to avoid the less common but incredibly devastating zero-day worm or botnet attack. Home networks and small organizations are usually forced to choose the latter option and in so doing are left vulnerable to all but the simplest of attacks. While automated tools exist for sharing information about network-based attacks, this sharing is typically limited to administrators of large networks and dedicated security-conscious users, to the exclusion of smaller organizations and novice home users. In this thesis we propose a framework for a cooperative defense overlay network (CODON) in which participants with varying technical abilities and resources can contribute to the security and health of the internet via automated crowdsourcing, rapid information sharing, and the principle of collateral defense

    An Accountability Architecture for the Internet

    Get PDF
    In the current Internet, senders are not accountable for the packets they send. As a result, malicious users send unwanted traffic that wastes shared resources and degrades network performance. Stopping such attacks requires identifying the responsible principal and filtering any unwanted traffic it sends. However, senders can obscure their identity: a packet identifies its sender only by the source address, but the Internet Protocol does not enforce that this address be correct. Additionally, affected destinations have no way to prevent the sender from continuing to cause harm. An accountable network binds sender identities to packets they send for the purpose of holding senders responsible for their traffic. In this dissertation, I present an accountable network-level architecture that strongly binds senders to packets and gives receivers control over who can send traffic to them. Holding senders accountable for their actions would prevent many of the attacks that disrupt the Internet today. Previous work in attack prevention proposes methods of binding packets to senders, giving receivers control over who sends what to them, or both. However, they all require trusted elements on the forwarding path, to either assist in identifying the sender or to filter unwanted packets. These elements are often not under the control of the receiver and may become corrupt. This dissertation shows that the Internet architecture can be extended to allow receivers to block traffic from unwanted senders, even in the presence of malicious devices in the forwarding path. This dissertation validates this thesis with three contributions. The first contribution is DNA, a network architecture that strongly binds packets to their sender, allowing routers to reject unaccountable traffic and recipients to block traffic from unwanted senders. Unlike prior work, which trusts on-path devices to behave correctly, the only trusted component in DNA is an identity certification authority. All other entities may misbehave and are either blocked or evicted from the network. The second contribution is NeighborhoodWatch, a secure, distributed, scalable object store that is capable of withstanding misbehavior by its constituent nodes. DNA uses NeighborhoodWatch to store receiver-specific requests block individual senders. The third contribution is VanGuard, an accountable capability architecture. Capabilities are small, receiver-generated tokens that grant the sender permission to send traffic to receiver. Existing capability architectures are not accountable, assume a protected channel for obtaining capabilities, and allow on-path devices to steal capabilities. VanGuard builds a capability architecture on top of DNA, preventing capability theft and protecting the capability request channel by allowing receivers to block senders that flood the channel. Once a sender obtains capabilities, it no longer needs to sign traffic, thus allowing greater efficiency than DNA alone. The DNA architecture demonstrates that it is possible to create an accountable network architecture in which none of the devices on the forwarding path must be trusted. DNA holds senders responsible for their traffic by allowing receivers to block senders; to store this blocking state, DNA relies on the NeighborhoodWatch DHT. VanGuard extends DNA and reduces its overhead by incorporating capabilities, which gives destinations further control over the traffic that sources send to them

    How to accelerate your internet : a practical guide to bandwidth management and optimisation using open source software

    Get PDF
    xiii, 298 p. : ill. ; 24 cm.Libro ElectrĂłnicoAccess to sufficient Internet bandwidth enables worldwide electronic collaboration, access to informational resources, rapid and effective communication, and grants membership to a global community. Therefore, bandwidth is probably the single most critical resource at the disposal of a modern organisation. The goal of this book is to provide practical information on how to gain the largest possible benefit from your connection to the Internet. By applying the monitoring and optimisation techniques discussed here, the effectiveness of your network can be significantly improved

    Architecture, Services and Protocols for CRUTIAL

    Get PDF
    This document describes the complete specification of the architecture, services and protocols of the project CRUTIAL. The CRUTIAL Architecture intends to reply to a grand challenge of computer science and control engineering: how to achieve resilience of critical information infrastructures (CII), in particular in the electrical sector. In general lines, the document starts by presenting the main architectural options and components of the architecture, with a special emphasis on a protection device called the CRUTIAL Information Switch (CIS). Given the various criticality levels of the equipments that have to be protected, and the cost of using a replicated device, we define a hierarchy of CIS designs incrementally more resilient. The different CIS designs offer various trade offs in terms of capabilities to prevent and tolerate intrusions, both in the device itself and in the information infrastructure. The Middleware Services, APIs and Protocols chapter describes our approach to intrusion tolerant middleware. The CRUTIAL middleware comprises several building blocks that are organized on a set of layers. The Multipoint Network layer is the lowest layer of the middleware, and features an abstraction of basic communication services, such as provided by standard protocols, like IP, IPsec, UDP, TCP and SSL/TLS. The Communication Support layer features three important building blocks: the Randomized Intrusion-Tolerant Services (RITAS), the CIS Communication service and the Fosel service for mitigating DoS attacks. The Activity Support layer comprises the CIS Protection service, and the Access Control and Authorization service. The Access Control and Authorization service is implemented through PolyOrBAC, which defines the rules for information exchange and collaboration between sub-modules of the architecture, corresponding in fact to different facilities of the CII’s organizations. The Monitoring and Failure Detection layer contains a definition of the services devoted to monitoring and failure detection activities. The Runtime Support Services, APIs, and Protocols chapter features as a main component the Proactive-Reactive Recovery service, whose aim is to guarantee perpetual correct execution of any components it protects.Project co-funded by the European Commission within the Sixth Frame-work Programme (2002-2006

    Secure Incentives to Cooperate for Wireless Networks

    Get PDF
    The operating principle of certain wireless networks makes essential the cooperation between the mobile nodes. However, if each node is an autonomous selfish entity, cooperation is not guaranteed and therefore we need to use incentive techniques. In this thesis, we study cooperation in three different types of networks: WiFi networks, Wireless Mesh Networks (WMNs), and Hybrid Ad-hoc networks. Cooperation has a different goal for each of these networks, we thus propose incentive mechanisms adapted to each case. In the first chapter of this thesis, we consider WiFi networks whose wide-scale adoption is impeded by two major hurdles: the lack of a seamless roaming scheme and the variable QoS experienced by the users. We devise a reputation-based solution that (i) allows a mobile node to connect to a foreign Wireless ISP in a secure way while preserving his anonymity and (ii) encourages the WISPs to cooperate, i.e., to provide the mobile clients with a good QoS. Cooperation appears here twofold: First, the mobile clients have to collaborate in order to build and maintain the reputation system and second, the use of this reputation system encourages the WISPs to cooperate. We show, by means of simulations, that our reputation model indeed encourages the WISPs to behave correctly and we analyze the robustness of our solution against various attacks. In the second chapter of the thesis, we consider Wireless Mesh Networks (WMNs), a new and promising paradigm that uses multi-hop communications to extend WiFi networks. Indeed, by connecting only one hot spot to the Internet and by deploying several Transit Access Points (TAPs), a WISP can extend its coverage and serve a large number of clients at a very low cost. We analyze the characteristics of WMNs and deduce three fundamental network operations that need to be secured: (i) the routing protocol, (ii) the detection of corrupt TAPs and (iii) the enforcement of a proper fairness metric in WMNs. We focus on the fairness problem and propose FAME, an adaptive max-min fair resource allocation mechanism for WMNs. FAME provides a fair, collision-free capacity use of the WMN and automatically adjusts to the traffic demand fluctuations of the mobile clients. We develop the foundations of the mechanism and demonstrate its efficiency by means of simulations. We also experimentally assess the utility of our solution when TAPs are equipped with directional antennas and distinct sending and receiving interfaces in the Magnets testbed deployed in Berlin. In the third and last chapter of this thesis, we consider Hybrid Ad-hoc networks, i.e., infrastructured networks that are extended using multi-hop communications. We propose a secure set of protocols to encourage the most fundamental operation in these networks, namely packet forwarding. This solution is based on a charging and rewarding system. We use "MAC layering" to reduce the space overhead in the packets and a stream cipher encryption mechanism to provide "implicit authentication" of the nodes involved in the communication. We analyze the robustness of our protocols against rational and malicious attacks. We show that the use of our solution makes cooperation rational for selfish nodes. We also show that our protocols thwart rational attacks and detect malicious attacks

    Quality of Service (QoS) security in mobile ad hoc networks

    Get PDF
    With the rapid proliferation of wireless networks and mobile computing applications, Quality of Service (QoS) for mobile ad hoc networks (MANETs) has received increased attention. Security is a critical aspect of QoS provisioning in the MANET environment. Without protection from a security mechanism, attacks on QoS signaling system could result in QoS routing malfunction, interference of resource reservation, or even failure of QoS provision. Due to the characteristics of the MANETs, such as rapid topology change and limited communication and computation capacity, the conventional security measures cannot be applied and new security techniques are necessary. However, little research has been done on this topic. In this dissertation, the security issues will be addressed for MANET QoS systems. The major contributions of this research are: (a) design of an authentication mechanism for ad hoc networks; (b) design of a security mechanism to prevent and detect attacks on the QoS signaling system; (c) design of an intrusion detection mechanism for bandwidth reservation to detect QoS attacks and Denial of Service (DoS) attacks. These three mechanisms are evaluated through simulation

    Protection Mechanisms for Well-behaved TCP Flows from Tampered-TCP at Edge Routers

    No full text
    corecore