A Framework for Cyber Vulnerability Assessments of InfiniBand Networks

InfiniBand is a popular Input/Output interconnect technology used in High Performance Computing clusters. It is employed in over a quarter of the world’s 500 fastest computer systems. Although it was created to provide extremely low network latency with a high Quality of Service, the cybersecurity aspects of InfiniBand have yet to be thoroughly investigated. The InfiniBand Architecture was designed as a data center technology, logically separated from the Internet, so defensive mechanisms such as packet encryption were not implemented. Cyber communities do not appear to have taken an interest in InfiniBand, but that is likely to change as attackers branch out from traditional computing devices. This thesis considers the security implications of InfiniBand features and constructs a framework for conducting Cyber Vulnerability Assessments. Several attack primitives are tested and analyzed. Finally, new cyber tools and security devices for InfiniBand are proposed, and changes to existing products are recommended

Security attacks and solutions on SDN control plane: A survey

Sommario Software Defined Networks (SDN) è un modello di rete programmabile aperto promosso da ONF , che è stato un fattore chiave per le recenti tendenze tecnologiche. SDN esplora la separazione dei dati e del piano di controllo . Diversamente dai concetti passati, SDN introduce l’idea di separazione del piano di controllo (decisioni di instradamento e traffico) e piano dati (decisioni di inoltro basate sul piano di controllo) che sfida l’integrazione verticale raggiunta dalle reti tradizionali, in cui dispositivi di rete come router e switch accumulano entrambe le funzioni. SDN presenta alcuni vantaggi come la gestione centralizzata e la possibilità di essere programmato su richiesta. Oltre a questi vantaggi, SDN presenta ancora vulnerabilità di sicurezza e, tra queste,le più letali prendono di mira il piano di controllo. Come i controllers che risiedono sul piano di con- trollo gestiscono l’infrastruttura e i dispositivi di rete sottostanti (es. router/switch), anche qualsiasi insicurezza, minacce, malware o problemi durante lo svolgimento delle attività da parte del controller, possono causare interruzioni dell’intera rete. In particolare, per la sua posizione centralizzata, il con- troller SDN è visto come un punto di fallimento. Di conseguenza, qualsiasi attacco o vulnerabilità che prende di mira il piano di controllo o il controller è considerato fatale al punto da sconvolgere l’intera rete. In questa tesi, le minacce alla sicurezza e gli attacchi mirati al piano di controllo (SDN) sono identificati e classificati in diversi gruppi in base a come causano l’impatto sul piano di controllo. Per ottenere risultati, è stata condotta un’ampia ricerca bibliografica attraverso uno studio appro- fondito degli articoli di ricerca esistenti che discutono di una serie di attacchi e delle relative soluzioni per il piano di controllo SDN. Principalmente, come soluzioni intese a rilevare, mitigare o proteggere il (SDN) sono stati presi in considerazione le potenziali minacce gli attachi al piano di controllo. Sulla base di questo compito, gli articoli selezionati sono stati classificati rispetto al loro impatto potenziale sul piano di controllo (SDN) come diretti e indiretti. Ove applicabile, è stato fornito un confronto tra le soluzioni che affrontano lo stesso attacco. Inoltre, sono stati presentati i vantaggi e gli svantaggi delle soluzioni che affrontano diversi attacchi . Infine, una discussione sui risultati e sui esitti ottenuti durante questo processo di indagine e sono stati affrontatti suggerimenti di lavoro futuri estratti du- rante il processo di revisione. Parole chiave : SDN, Sicurezza, Piano di controllo, Denial of Service, Attacchi alla topologiaAbstract Software Defined Networks (SDN) is an open programmable network model promoted by ONF that has been a key-enabler of recent technology trends. SDN explores the separation of data and control plane. Different from the past concepts, SDN introduces the idea of separation of the control plane (routing and traffic decisions) and data plane (forwarding decisions based on the control plane) that challenges the vertical integration achieved by the traditional networks, in which network devices such as router and switches accumulate both functions. SDN presents some advantages such as centralized management and the ability to be programmed on demand. Apart from these benefits, SDN still presents security vulnerabilities and among them, the most lethal ones are targeting the control plane. As the controllers residing on the control plane manages the underlying networking infrastructure and devices (i.e., routers/switches), any security threat, malware, or issues during the carrying out of activities by the controller can lead to disruption of the entire network. In particular, due to its centralized position, the (SDN) controller is seen as a single point of failure. As a result, any attack or vulnerability targeting the control plane or controller is considered fatal to the point of disrupting the whole network. In this thesis, the security threats and attacks targeting the (SDN) control plane are identified and categorized into different groups by considering how they cause an impact to the control plane. To obtain results, extensive literature research has been carried out by performing an in-depth study of the existing research articles that discusses an array of attacks and their corresponding solutions for the (SDN) control plane. Mainly, the solutions intended to detect, mitigate, or protect the (SDN) control plane against potential threats and attacks have been considered. On basis of this task, the potential articles selected were categorized with respect to their impact to the (SDN) control plane as direct and indirect. Where applicable a comparison of the solutions addressing the same attack has been provided. Moreover, the advantages and disadvantages of the solutions addressing the respective attacks are presented. Finally, a discussion regarding the findings and results obtained during this su- veying process and future work suggestions extracted during the review process have been discussed. Keywords: SDN, Security, Control Plane, Denial of Service, Topology Attacks, Openflo

Towards a Secure and Resilient Vehicle Design: Methodologies, Principles and Guidelines

The advent of autonomous and connected vehicles has brought new cyber security challenges to the automotive industry. It requires vehicles to be designed to remain dependable in the occurrence of cyber-attacks. A modern vehicle can contain over 150 computers, over 100 million lines of code, and various connection interfaces such as USB ports, WiFi, Bluetooth, and 4G/5G. The continuous technological advancements within the automotive industry allow safety enhancements due to increased control of, e.g., brakes, steering, and the engine. Although the technology is beneficial, its complexity has the side-effect to give rise to a multitude of vulnerabilities that might leverage the potential for cyber-attacks. Consequently, there is an increase in regulations that demand compliance with vehicle cyber security and resilience requirements that state vehicles should be designed to be resilient to cyber-attacks with the capability to detect and appropriately respond to these attacks. Moreover, increasing requirements for automotive digital forensic capabilities are beginning to emerge. Failures in automated driving functions can be caused by hardware and software failures as well as cyber security issues. It is imperative to investigate the cause of these failures. However, there is currently no clear guidance on how to comply with these regulations from a technical perspective.In this thesis, we propose a methodology to predict and mitigate vulnerabilities in vehicles using a systematic approach for security analysis; a methodology further used to develop a framework ensuring a resilient and secure vehicle design concerning a multitude of analyzed vehicle cyber-attacks. Moreover, we review and analyze scientific literature on resilience techniques, fault tolerance, and dependability for attack detection, mitigation, recovery, and resilience endurance. These techniques are then further incorporated into the above-mentioned framework. Finally, to meet requirements to hastily and securely patch the increasing number of bugs in vehicle software, we propose a versatile framework for vehicle software updates

Security Risk Management for the Internet of Things

In recent years, the rising complexity of Internet of Things (IoT) systems has increased their potential vulnerabilities and introduced new cybersecurity challenges. In this context, state of the art methods and technologies for security risk assessment have prominent limitations when it comes to large scale, cyber-physical and interconnected IoT systems. Risk assessments for modern IoT systems must be frequent, dynamic and driven by knowledge about both cyber and physical assets. Furthermore, they should be more proactive, more automated, and able to leverage information shared across IoT value chains. This book introduces a set of novel risk assessment techniques and their role in the IoT Security risk management process. Specifically, it presents architectures and platforms for end-to-end security, including their implementation based on the edge/fog computing paradigm. It also highlights machine learning techniques that boost the automation and proactiveness of IoT security risk assessments. Furthermore, blockchain solutions for open and transparent sharing of IoT security information across the supply chain are introduced. Frameworks for privacy awareness, along with technical measures that enable privacy risk assessment and boost GDPR compliance are also presented. Likewise, the book illustrates novel solutions for security certification of IoT systems, along with techniques for IoT security interoperability. In the coming years, IoT security will be a challenging, yet very exciting journey for IoT stakeholders, including security experts, consultants, security research organizations and IoT solution providers. The book provides knowledge and insights about where we stand on this journey. It also attempts to develop a vision for the future and to help readers start their IoT Security efforts on the right foot

Conserve and Protect Resources in Software-Defined Networking via the Traffic Engineering Approach

Software Defined Networking (SDN) is revolutionizing the architecture and operation of computer networks and promises a more agile and cost-efficient network management. SDN centralizes the network control logic and separates the control plane from the data plane, thus enabling flexible management of networks. A network based on SDN consists of a data plane and a control plane. To assist management of devices and data flows, a network also has an independent monitoring plane. These coexisting network planes have various types of resources, such as bandwidth utilized to transmit monitoring data, energy spent to power data forwarding devices and computational resources to control a network. Unwise management, even abusive utilization of these resources lead to the degradation of the network performance and increase the Operating Expenditure (Opex) of the network owner. Conserving and protecting limited network resources is thus among the key requirements for efficient networking. However, the heterogeneity of the network hardware and network traffic workloads expands the configuration space of SDN, making it a challenging task to operate a network efficiently. Furthermore, the existing approaches usually lack the capability to automatically adapt network configurations to handle network dynamics and diverse optimization requirements. Addtionally, a centralized SDN controller has to run in a protected environment against certain attacks. This thesis builds upon the centralized management capability of SDN, and uses cross-layer network optimizations to perform joint traffic engineering, e.g., routing, hardware and software configurations. The overall goal is to overcome the management complexities in conserving and protecting resources in multiple functional planes in SDN when facing network heterogeneities and system dynamics. This thesis presents four contributions: (1) resource-efficient network monitoring, (2) resource-efficient data forwarding, (3) using self-adaptive algorithms to improve network resource efficiency, and (4) mitigating abusive usage of resources for network controlling. The first contribution of this thesis is a resource-efficient network monitoring solution. In this thesis, we consider one specific type of virtual network management function: flow packet inspection. This type of the network monitoring application requires to duplicate packets of target flows and send them to packet monitors for in-depth analysis. To avoid the competition for resources between the original data and duplicated data, the network operators can transmit the data flows through physically (e.g., different communication mediums) or virtually (e.g., distinguished network slices) separated channels having different resource consumption properties. We propose the REMO solution, namely Resource Efficient distributed Monitoring, to reduce the overall network resource consumption incurred by both types of data, via jointly considering the locations of the packet monitors, the selection of devices forking the data packets, and flow path scheduling strategies. In the second contribution of this thesis, we investigate the resource efficiency problem in hybrid, server-centric data center networks equipped with both traditional wired connections (e.g., InfiniBand or Ethernet) and advanced high-data-rate wireless links (e.g., directional 60GHz wireless technology). The configuration space of hybrid SDN equipped with both wired and wireless communication technologies is massively large due to the complexity brought by the device heterogeneity. To tackle this problem, we present the ECAS framework to reduce the power consumption and maintain the network performance. The approaches based on the optimization models and heuristic algorithms are considered as the traditional way to reduce the operation and facility resource consumption in SDN. These approaches are either difficult to directly solve or specific for a particular problem space. As the third contribution of this thesis, we investigates the approach of using Deep Reinforcement Learning (DRL) to improve the adaptivity of the management modules for network resource and data flow scheduling. The goal of the DRL agent in the SDN network is to reduce the power consumption of SDN networks without severely degrading the network performance. The fourth contribution of this thesis is a protection mechanism based upon flow rate limiting to mitigate abusive usage of the SDN control plane resource. Due to the centralized architecture of SDN and its handling mechanism for new data flows, the network controller can be the failure point due to the crafted cyber-attacks, especially the Control-Plane- Saturation (CPS) attack. We proposes an In-Network Flow mAnagement Scheme (INFAS) to effectively reduce the generation of malicious control packets depending on the parameters configured for the proposed mitigation algorithm. In summary, the contributions of this thesis address various unique challenges to construct resource-efficient and secure SDN. This is achieved by designing and implementing novel and intelligent models and algorithms to configure networks and perform network traffic engineering, in the protected centralized network controller

Automating Security Risk and Requirements Management for Cyber-Physical Systems

Cyber-physische Systeme ermöglichen zahlreiche moderne Anwendungsfälle und Geschäftsmodelle wie vernetzte Fahrzeuge, das intelligente Stromnetz (Smart Grid) oder das industrielle Internet der Dinge. Ihre Schlüsselmerkmale Komplexität, Heterogenität und Langlebigkeit machen den langfristigen Schutz dieser Systeme zu einer anspruchsvollen, aber unverzichtbaren Aufgabe. In der physischen Welt stellen die Gesetze der Physik einen festen Rahmen für Risiken und deren Behandlung dar. Im Cyberspace gibt es dagegen keine vergleichbare Konstante, die der Erosion von Sicherheitsmerkmalen entgegenwirkt. Hierdurch können sich bestehende Sicherheitsrisiken laufend ändern und neue entstehen. Um Schäden durch böswillige Handlungen zu verhindern, ist es notwendig, hohe und unbekannte Risiken frühzeitig zu erkennen und ihnen angemessen zu begegnen. Die Berücksichtigung der zahlreichen dynamischen sicherheitsrelevanten Faktoren erfordert einen neuen Automatisierungsgrad im Management von Sicherheitsrisiken und -anforderungen, der über den aktuellen Stand der Wissenschaft und Technik hinausgeht. Nur so kann langfristig ein angemessenes, umfassendes und konsistentes Sicherheitsniveau erreicht werden. Diese Arbeit adressiert den dringenden Bedarf an einer Automatisierungsmethodik bei der Analyse von Sicherheitsrisiken sowie der Erzeugung und dem Management von Sicherheitsanforderungen für Cyber-physische Systeme. Das dazu vorgestellte Rahmenwerk umfasst drei Komponenten: (1) eine modelbasierte Methodik zur Ermittlung und Bewertung von Sicherheitsrisiken; (2) Methoden zur Vereinheitlichung, Ableitung und Verwaltung von Sicherheitsanforderungen sowie (3) eine Reihe von Werkzeugen und Verfahren zur Erkennung und Reaktion auf sicherheitsrelevante Situationen. Der Schutzbedarf und die angemessene Stringenz werden durch die Sicherheitsrisikobewertung mit Hilfe von Graphen und einer sicherheitsspezifischen Modellierung ermittelt und bewertet. Basierend auf dem Modell und den bewerteten Risiken werden anschließend fundierte Sicherheitsanforderungen zum Schutz des Gesamtsystems und seiner Funktionalität systematisch abgeleitet und in einer einheitlichen, maschinenlesbaren Struktur formuliert. Diese maschinenlesbare Struktur ermöglicht es, Sicherheitsanforderungen automatisiert entlang der Lieferkette zu propagieren. Ebenso ermöglicht sie den effizienten Abgleich der vorhandenen Fähigkeiten mit externen Sicherheitsanforderungen aus Vorschriften, Prozessen und von Geschäftspartnern. Trotz aller getroffenen Maßnahmen verbleibt immer ein gewisses Restrisiko einer Kompromittierung, worauf angemessen reagiert werden muss. Dieses Restrisiko wird durch Werkzeuge und Prozesse adressiert, die sowohl die lokale und als auch die großräumige Erkennung, Klassifizierung und Korrelation von Vorfällen verbessern. Die Integration der Erkenntnisse aus solchen Vorfällen in das Modell führt häufig zu aktualisierten Bewertungen, neuen Anforderungen und verbessert weitere Analysen. Abschließend wird das vorgestellte Rahmenwerk anhand eines aktuellen Anwendungsfalls aus dem Automobilbereich demonstriert.Cyber-Physical Systems enable various modern use cases and business models such as connected vehicles, the Smart (power) Grid, or the Industrial Internet of Things. Their key characteristics, complexity, heterogeneity, and longevity make the long-term protection of these systems a demanding but indispensable task. In the physical world, the laws of physics provide a constant scope for risks and their treatment. In cyberspace, on the other hand, there is no such constant to counteract the erosion of security features. As a result, existing security risks can constantly change and new ones can arise. To prevent damage caused by malicious acts, it is necessary to identify high and unknown risks early and counter them appropriately. Considering the numerous dynamic security-relevant factors requires a new level of automation in the management of security risks and requirements, which goes beyond the current state of the art. Only in this way can an appropriate, comprehensive, and consistent level of security be achieved in the long term. This work addresses the pressing lack of an automation methodology for the security-risk assessment as well as the generation and management of security requirements for Cyber-Physical Systems. The presented framework accordingly comprises three components: (1) a model-based security risk assessment methodology, (2) methods to unify, deduce and manage security requirements, and (3) a set of tools and procedures to detect and respond to security-relevant situations. The need for protection and the appropriate rigor are determined and evaluated by the security risk assessment using graphs and a security-specific modeling. Based on the model and the assessed risks, well-founded security requirements for protecting the overall system and its functionality are systematically derived and formulated in a uniform, machine-readable structure. This machine-readable structure makes it possible to propagate security requirements automatically along the supply chain. Furthermore, they enable the efficient reconciliation of present capabilities with external security requirements from regulations, processes, and business partners. Despite all measures taken, there is always a slight risk of compromise, which requires an appropriate response. This residual risk is addressed by tools and processes that improve the local and large-scale detection, classification, and correlation of incidents. Integrating the findings from such incidents into the model often leads to updated assessments, new requirements, and improves further analyses. Finally, the presented framework is demonstrated by a recent application example from the automotive domain

A Machine Learning Approach for Intrusion Detection

Master's thesis in Information- and communication technology (IKT590)Securing networks and their confidentiality from intrusions is crucial, and for this rea-son, Intrusion Detection Systems have to be employed. The main goal of this thesis is to achieve a proper detection performance of a Network Intrusion Detection System (NIDS). In this thesis, we have examined the detection efficiency of machine learning algorithms such as Neural Network, Convolutional Neural Network, Random Forestand Long Short-Term Memory. We have constructed our models so that they can detect different types of attacks utilizing the CICIDS2017 dataset. We have worked on identifying 15 various attacks present in CICIDS2017, instead of merely identifying normal-abnormal traffic. We have also discussed the reason why to use precisely this dataset, and why should one classify by attack to enhance the detection. Previous works based on benchmark datasets such as NSL-KDD and KDD99 are discussed. Also, how to address and solve these issues. The thesis also shows how the results are effected using different machine learning algorithms. As the research will demon-strate, the Neural Network, Convulotional Neural Network, Random Forest and Long Short-Term Memory are evaluated by conducting cross validation; the average score across five folds of each model is at 92.30%, 87.73%, 94.42% and 87.94%, respectively. Nevertheless, the confusion metrics was also a crucial measurement to evaluate the models, as we shall see. Keywords: Information security, NIDS, Machine Learning, Neural Network, Convolutional Neural Network, Random Forest, Long Short-Term Memory, CICIDS2017

Towards smarter SDN switches:revisiting the balance of intelligence in SDN networks

Software Defined Networks (SDNs) represent a new model for building networks, in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts. While SDN has been shown to be highly beneficial, some of its core features (e.g separation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks. We investigate in this thesis, the opportunity for such Denial of Service attacks in more recent versions of SDN and extensively evaluate its effect on a legitimate user’s throughput. In light of the potential for such DoS attacks which specifically target the SDN infrastructure (controller, switch flow table etc), we propose that increasing the intelligence of SDN switches can increase the resilience of the SDN network by preventing attack traffic from entering the network at its source. To demonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks

Spartan Daily, February 9, 1977

Volume 68, Issue 6https://scholarworks.sjsu.edu/spartandaily/6160/thumbnail.jp

An architectural approach for mitigating next-generation denial of service attacks

It is well known that distributed denial of service attacks are a major threat to the Internet today. Surveys of network operators repeatedly show that the Internet's stakeholders are concerned, and the reasons for this are clear: the frequency, magnitude, and complexity of attacks are growing, and show no signs of slowing down. With the emergence of the Internet of Things, fifth-generation mobile networks, and IPv6, the Internet may soon be exposed to a new generation of sophisticated and powerful DDoS attacks. But how did we get here? In one view, the potency of DDoS attacks is owed to a set of underlying architectural issues at the heart of the Internet. Guiding principles such as simplicity, openness, and autonomy have driven the Internet to be tremendously successful, but have the side effects of making it difficult to verify source addresses, classify unwanted packets, and forge cooperation between networks to stop traffic. These architectural issues make mitigating DDoS attacks a costly, uphill battle for victims, who have been left without an adequate defense. Such a circumstance requires a solution that is aware of, and addresses, the architectural issues at play. Fueled by over 20 years worth of lessons learned from the industry and academic literature, Gatekeeper is a mitigation system that neutralizes the issues that make DDoS attacks so powerful. It does so by enforcing a connection-oriented network layer and by leveraging a global distribution of upstream vantage points. Gatekeeper further distinguishes itself from previous solutions because it circumvents the necessity of mutual deployment between networks, allowing deployers to reap the full benefits alone and on day one. Gatekeeper is an open-source, production-quality DDoS mitigation system. It is modular, scalable, and built using the latest advances in packet processing techniques. It implements the operational features required by today's network administrators, including support for bonded network devices, VLAN tagging, and control plane tools, and has been chosen for deployment by multiple networks. However, an effective Gatekeeper deployment can only be achieved by writing and enforcing fine-grained and accurate network policies. While the basic function of such policies is to simply govern the sending ability of clients, Gatekeeper is capable of much more: multiple bandwidth limits, punishing flows for misbehavior, attack detection via machine learning, and the flexibility to support new protocols. Therefore, we provide a view into the richness and power of Gatekeeper policies in the form of a policy toolkit for network operators. Finally, we must look to the future, and prepare for a potential next generation of powerful and costly DDoS attacks to grace our infrastructure. In particular, link flooding attacks such as Crossfire use massive, distributed sets of bots with low-rate, legitimate-looking traffic to attack upstream links outside of the victim's control. A new generation of these attacks could soon be realized as IoT devices, 5G networks, and IPv6 simultaneously enter the network landscape. Gatekeeper is able to hinder the architectural advantages that fuel link flooding attacks, bounding their effectiveness