68 research outputs found

    Master of Science

    Get PDF
    thesisCurrent approaches to secret key extraction using Received Signal Strength Indicator (RSSI) measurements mainly use the WiFi interface. However, in the presence of jamming adversaries and other interfering devices, the efficiency of RSSI-based secret key extraction using WiFi degrades and sometimes the key extraction may even fail completely. A possible method to overcome this problem is to collect RSSI measurements using the Bluetooth interface. Bluetooth appears to be very promising for secret key extraction since the adaptive frequency hopping technique in Bluetooth automatically detects and avoids the use of bad or interfering channels. In order to collect Bluetooth RSSI values, we design a protocol where Alice and Bob use Google Nexus one phones to exchange L2CAP packets and then we measure the RSSI for each received packet. We use a prequantization interpolation step to reduce the probability of bit mismatches that are caused due to the inabililty to measure the time-duplex channel simultaneously by Alice and Bob. We then use the ASBG quantization scheme followed by information reconciliation and privacy amplification to extract the secret key bits. We conduct numerous experiments to evaluate the efficiency of Bluetooth for secret key extraction under two di↵erent mobile environments - hallways and outdoors. The secret bit rates obtained from these experiments highlight that outdoor settings are better suited for key extraction using Bluetooth when compared to hallway settings. Furthermore, we show that for very small distances such as 2 ft, the number of consecutive "0" RSSI values and bit mismatch is too high to extract any secret key bits under hallway settings. Finally, we also show that Bluetooth key extraction in outdoors achieves secret bit rates that are comparable toWiFi, even when using lower transmit power than WiFi

    Statefull Processing of TCP/IP Flows

    Get PDF
    Bezpečnostní síťová zařízení se stávají nezbytnou součástí mnoha univerzitních nebo komerčních sítí. Pro dosažení potřebné úrovně bezpečnosti však zmíněná zařízení pro svoji činnost vyžadují technologie komplexní analýzy provozu, jako je stavové filtrování nebo rekonstrukce TCP toků. Tato bakalářská práce se zabývá návrhem a implementací flexibilní síťové platformy pro stavové zpracování toků. Umožňuje analyzovat a zpracovávat vstupní data přímo na úrovni datových toků, nejen nad pakety. Navržená architektura je díky své flexibilitě vhodná pro široké spektrum aplikací, zajišťuje rozdělování výkonu a konzistentní zpracování stavové informace. Výhody tohoto přístupu jsou demonstrovány na několika síťových aplikacích.Network security systems become an essential part of many network structures in both company and university domains. These systems however require a~higher semantic level of network traffic analysis like statefull filtration or TCP stream reassembling. This bachelor work deals with an architecture of flexible network platform capable of statefull processing at multigigabit speeds. It allows to analyze and process incoming network traffic with a flow-based approach rather than packet-based one. The proposed architecture is flexible in supporting wide range of applications, allows performance scalability and state information consistency checking. The advantages and flexibility of proposed platform is demonstrated on several network security applications.

    An architecture for exploiting multi-core processors to parallelize network intrusion prevention

    Get PDF

    Attacking and securing Network Time Protocol

    Get PDF
    Network Time Protocol (NTP) is used to synchronize time between computer systems communicating over unreliable, variable-latency, and untrusted network paths. Time is critical for many applications; in particular it is heavily utilized by cryptographic protocols. Despite its importance, the community still lacks visibility into the robustness of the NTP ecosystem itself, the integrity of the timing information transmitted by NTP, and the impact that any error in NTP might have upon the security of other protocols that rely on timing information. In this thesis, we seek to accomplish the following broad goals: 1. Demonstrate that the current design presents a security risk, by showing that network attackers can exploit NTP and then use it to attack other core Internet protocols that rely on time. 2. Improve NTP to make it more robust, and rigorously analyze the security of the improved protocol. 3. Establish formal and precise security requirements that should be satisfied by a network time-synchronization protocol, and prove that these are sufficient for the security of other protocols that rely on time. We take the following approach to achieve our goals incrementally. 1. We begin by (a) scrutinizing NTP's core protocol (RFC 5905) and (b) statically analyzing code of its reference implementation to identify vulnerabilities in protocol design, ambiguities in specifications, and flaws in reference implementations. We then leverage these observations to show several off- and on-path denial-of-service and time-shifting attacks on NTP clients. We then show cache-flushing and cache-sticking attacks on DNS(SEC) that leverage NTP. We quantify the attack surface using Internet measurements, and suggest simple countermeasures that can improve the security of NTP and DNS(SEC). 2. Next we move beyond identifying attacks and leverage ideas from Universal Composability (UC) security framework to develop a cryptographic model for attacks on NTP's datagram protocol. We use this model to prove the security of a new backwards-compatible protocol that correctly synchronizes time in the face of both off- and on-path network attackers. 3. Next, we propose general security notions for network time-synchronization protocols within the UC framework and formulate ideal functionalities that capture a number of prevalent forms of time measurement within existing systems. We show how they can be realized by real-world protocols (including but not limited to NTP), and how they can be used to assert security of time-reliant applications-specifically, cryptographic certificates with revocation and expiration times. Our security framework allows for a clear and modular treatment of the use of time in security-sensitive systems. Our work makes the core NTP protocol and its implementations more robust and secure, thus improving the security of applications and protocols that rely on time

    DPI over commodity hardware: implementation of a scalable framework using FastFlow

    Get PDF
    In the last years we assisted to a large increase of the number of applications running on top of IP networks. Consequently the need to implement very efficient monitoring solutions that can manage these high data rates and that can classify the type of traffic which is traveling over the network has increased. For example, as far as network security is concerned, in the recent years we have seen a shift from so-called "network-level" attacks, which target the network they are transported on (e.g. Denial of Service), to content-based threats which exploit applications vulnerabilities and require sophisticated levels of intelligence to be detected. For some of these threats, it is no more sufficient to have only a software solution on the client side but we also need to run some controls on the network itself. To manage these kinds of scenarios, payload inspection is often required in order to correctly identify the application protocol and to process the data carried over it. This is the reason why, in recent years, Deep Packet Inspection (DPI) technology has emerged. This kind of processing is in many cases implemented, at least in part, through dedicated hardware. However, full software solutions may often be more appealing because they are typically more economical and have, in general, the capability to react faster to protocols evolution and changes. Moreover, software solutions which run over general purpose hardware do not exploit the underlying multiprocessor architecture, providing only the capability to process the incoming packets sequentially. Furthermore, many DPI research works that can be found in literature and which exploits multicore architectures are often characterized by a poor scalability, due to the overhead required for synchronization and to load unbalance among the used cores. In this thesis, we will describe the design and implementation of a DPI framework capable of managing current networks rates using commodity multicore hardware. Our framework provides the possibility to identify the protocol, to specify the kind of data to extract when it has been identified and how these data has to be processed. Differently from existing works, the developed framework has been designed according to the structured parallel programming theory, allowing thus to completely hide to the user the complexity of the management of the problems related to an efficient exploitation of the underlying architecture. These concepts have then been applied using FastFlow, a library for structured parallel programming targeting both shared memory and distributed memory architectures

    Authenticated Encryption in Theory and in Practice

    Get PDF
    corecore