Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation

The Border Gateway Protocol (BGP) that manages inter-domain routing on the Internet lacks security. Protective measures using public key cryptography introduce complexities and costs. To support authentication and other security functionality in large networks, we need public key infrastructures (PKIs). Protocols that distribute and validate certificates introduce additional complexities and costs. The certification path building algorithm that helps users establish trust on certificates in the distributed network environment is particularly complicated. Neither routing security nor PKI come for free. Prior to this work, the research study on performance issues of these large-scale distributed security systems was minimal. In this thesis, we evaluate the performance of BGP security protocols and PKI systems. We answer the questions about how the performance affects protocol behaviors and how we can improve the efficiency of these distributed protocols to bring them one step closer to reality. The complexity of the Internet makes an analytical approach difficult; and the scale of Internet makes empirical approaches also unworkable. Consequently, we take the approach of simulation. We have built the simulation frameworks to model a number of BGP security protocols and the PKI system. We have identified performance problems of Secure BGP (S-BGP), a primary BGP security protocol, and proposed and evaluated Signature Amortization (S-A) and Aggregated Path Authentication (APA) schemes that significantly improve efficiency of S-BGP without compromising security. We have also built a simulation framework for general PKI systems and evaluated certification path building algorithms, a critical part of establishing trust in Internet-scale PKI, and used this framework to improve algorithm performance

Protecting Return Address Integrity for RISC-V via Pointer Authentication

Embedded systems based on lightweight microprocessors are becoming more prevalent in various applications. However, the security of them remains a significant challenge due to the limited resources and exposure to external threats. Especially, some of these devices store sensitive data and control critical devices, making them high-value targets for attackers. Software security is particularly important because attackers can easily access these devices on the internet and obtain control of them by injecting malware. Return address (RA) hijacking is a common software attack technique used to compromise control flow integrity (CFI) by manipulating memory, such as return-to-libc attacks. Several methods have been proposed to protect CFI, including RA authentication, stack canaries, and shadow stack. However, these hardware and software defense mechanisms introduce significant memory overhead and resource consumption, making them unsuitable for IoT devices with limited memory. This thesis investigates the security of embedded systems by focusing on the control flow integrity of the return address for RISC-V. This project asserts the Pointer Authentication Code (PAC) in the return address to protect the CFI by custom instructions. Compared to the previous work, this project introduces a faster cipher to improve the performance of the system. Also, a prediction mechanism is embedded into the system to reduce the latency of the authentication. This project also integrates the PAC generator into the GCC compiler to support automatic PAC generation. The overhead of this project is 4.19\% on TACleBench and 3.25\% on Coremark with the Rocket chip on the Nexys A7 board

Internet of robotic things : converging sensing/actuating, hypoconnectivity, artificial intelligence and IoT Platforms

The Internet of Things (IoT) concept is evolving rapidly and influencing newdevelopments in various application domains, such as the Internet of MobileThings (IoMT), Autonomous Internet of Things (A-IoT), Autonomous Systemof Things (ASoT), Internet of Autonomous Things (IoAT), Internetof Things Clouds (IoT-C) and the Internet of Robotic Things (IoRT) etc.that are progressing/advancing by using IoT technology. The IoT influencerepresents new development and deployment challenges in different areassuch as seamless platform integration, context based cognitive network integration,new mobile sensor/actuator network paradigms, things identification(addressing, naming in IoT) and dynamic things discoverability and manyothers. The IoRT represents new convergence challenges and their need to be addressed, in one side the programmability and the communication ofmultiple heterogeneous mobile/autonomous/robotic things for cooperating,their coordination, configuration, exchange of information, security, safetyand protection. Developments in IoT heterogeneous parallel processing/communication and dynamic systems based on parallelism and concurrencyrequire new ideas for integrating the intelligent “devices”, collaborativerobots (COBOTS), into IoT applications. Dynamic maintainability, selfhealing,self-repair of resources, changing resource state, (re-) configurationand context based IoT systems for service implementation and integrationwith IoT network service composition are of paramount importance whennew “cognitive devices” are becoming active participants in IoT applications.This chapter aims to be an overview of the IoRT concept, technologies,architectures and applications and to provide a comprehensive coverage offuture challenges, developments and applications

Security hardened remote terminal units for SCADA networks.

Remote terminal units (RTUs) are perimeter supervisory control and data acquisition (SCADA) devices that measure and control actual physical devices. Cyber security was largely ignored in SCADA for many years, and the cyber security issues that now face SCADA and DCS, specifically RTU security, are investigated in this research. This dissertation presents a new role based access control model designed specifically for RTUs and process control. The model is developed around the process control specific data element called a point, and point operations. The model includes: assignment constraints that limit the RTU operations that a specific role can be assigned and activation constraints that allow a security administrator to specify conditions when specific RTU roles or RTU permissions cannot be used. RTU enforcement of the new access control model depends on, and is supported by, the protection provided by an RTU\u27s operating system. This dissertation investigates two approaches for using minimal kernels to reduce potential vulnerabilities in RTU protection enforcement and create a security hardened RTU capable of supporting the new RTU access control model. The first approach is to reduce a commercial OS kernel to only those components needed by the RTU, removing any known or unknown vulnerabilities contained in the eliminated code and significantly reducing the size of the kernel. The second approach proposes using a microkernel that supports partitioning as the basis for an RTU specific operating system which isolates network related RTU software, the RTU attack surface, from critical RTU operational software such as control algorithms and analog and digital input and output. In experimental analysis of a prototype hardened RTU connected to real SCADA hardware, a reduction of over 50% was obtained in reducing a 2.4 Linux kernel to run on actual RTU hardware. Functional testing demonstrated that different users were able to carryout assigned tasks with the limited set of permissions provided by the security hardened RTU and a series of simulated insider attacks were prevented by the RTU role based access control system. Analysis of communication times indicated response times would be acceptable for many SCADA and DCS application areas. Investigation of a partitioning microkernel for an RTU identified the L4 microkernel as an excellent candidate. Experimental evaluation of L4 on real hardware found the IPC overhead for simulated critical RTU operations protected by L4 partitioning to be sufficiently small to warrant continued investigation of the approach

EFFICIENT SECURITY IN EMERGING MEMORIES

The wide adoption of cloud computing has established integrity and confidentiality of data in memory as a first order design concern in modern computing systems. Data integrity is ensured by Merkle Tree (MT) memory authentication. However, in the context of emerging non-volatile memories (NVMs), the MT memory authentication related increase in cell writes and memory accesses impose significant energy, lifetime, and performance overheads. This dissertation presents ASSURE, an Authentication Scheme for SecURE (ASSURE) energy efficient NVMs. ASSURE integrates (i) smart message authentication codes with (ii) multi-root MTs to decrease MT reads and writes, while also reducing the number of cell writes on each MT write. Whereas data confidentiality is effectively ensured by encryption, the memory access patterns can be exploited as a side-channel to obtain confidential data. Oblivious RAM (ORAM) is a secure cryptographic construct that effectively thwarts access-pattern-based attacks. However, in Path ORAM (state-of-the-art efficient ORAM for main memories) and its variants, each last-level cache miss (read or write) is transformed to a sequence of memory reads and writes (collectively termed read phase and write phase, respectively), increasing the number of memory writes due to data re-encryption, increasing effective latency of the memory accesses, and degrading system performance. This dissertation efficiently addresses the challenges of both read and write phase operations during an ORAM access. First, it presents ReadPRO (Read Promotion), which is an efficient ORAM scheduler that leverages runtime identification of read accesses to effectively prioritize the service of critical-path-bound read access read phase operations, while preserving all data dependencies. Second, it presents LEO (Low overhead Encryption ORAM) that reduces cell writes by opportunistically decreasing the number of block encryptions, while preserving the security guarantees of the baseline Path ORAM. This dissertation therefore addresses the core chal- lenges of read/write energy and latency, endurance, and system performance for integration of essential security primitives in emerging memory architectures. Future research directions will focus on (i) exploring efficient solutions for ORAM read phase optimization and secure ORAM resizing, (ii) investigating the security challenges of emerging processing-in-memory architectures, and (iii) investigating the interplay of security primitives with reliability enhancing architectures

Moving target defense for securing smart grid communications: Architectural design, implementation and evaluation

Supervisory Control And Data Acquisition (SCADA) communications are often subjected to various kinds of sophisticated cyber-attacks which can have a serious impact on the Critical Infrastructure such as the power grid. Most of the time, the success of the attack is based on the static characteristics of the system, thereby enabling an easier profiling of the target system(s) by the adversary and consequently exploiting their limited resources. In this thesis, a novel approach to mitigate such static vulnerabilities is proposed by implementing a Moving Target Defense (MTD) strategy in a power grid SCADA environment, which leverages the existing communication network with an end-to-end IP Hopping technique among the trusted peer devices. This offers a proactive L3 layer network defense, minimizing IP-specific threats and thwarting worm propagation, APTs, etc., which utilize the cyber kill chain for attacking the system through the SCADA network. The main contribution of this thesis is to show how MTD concepts provide proactive defense against targeted cyber-attacks, and a dynamic attack surface to adversaries without compromising the availability of a SCADA system. Specifically, the thesis presents a brief overview of the different type of MTD designs, the proposed MTD architecture and its implementation with IP hopping technique over a Control Center–Substation network link along with a 3-way handshake protocol for synchronization on the Iowa State’s Power Cyber testbed. The thesis further investigates the delay and throughput characteristics of the entire system with and without the MTD to choose the best hopping rate for the given link. It also includes additional contributions for making the testbed scenarios more realistic to real world scenarios with multi-hop, multi-path WAN. Using that and studying a specific attack model, the thesis analyses the best ranges of IP address for different hopping rate and different number of interfaces. Finally, the thesis describes two case studies to explore and identify potential weaknesses of the proposed mechanism, and also experimentally validate the proposed mitigation alterations to resolve the discovered vulnerabilities. As part of future work, we plan to extend this work by optimizing the MTD algorithm to be more resilient by incorporating other techniques like network port mutation to further increase the attack complexity and cost

IP-based virtual private networks and proportional quality of service differentiation

IP-based virtual private networks (VPNs) have the potential of delivering cost-effective, secure, and private network-like services. Having surveyed current enabling techniques, an overall picture of IP VPN implementations is presented. In order to provision the equivalent quality of service (QoS) of legacy connection-oriented layer 2 VPNs (e.g., Frame Relay and ATM), IP VPNs have to overcome the intrinsically best effort characteristics of the Internet. Subsequently, a hierarchical QoS guarantee framework for IP VPNs is proposed, stitching together development progresses from recent research and engineering work. To differentiate IP VPN QoS, the proportional QoS differentiation model, whose QoS specification granularity compromises that of IntServ and Diffserv, emerges as a potential solution. The investigation of its claimed capability of providing the predictable and controllable QoS differentiation is then conducted. With respect to the loss rate differentiation, the packet shortage phenomenon shown in two classical proportional loss rate (PLR) dropping schemes is studied. On the pursuit of a feasible solution, the potential of compromising the system resource, that is, the buffer, is ruled out; instead, an enhanced debt-aware mechanism is suggested to relieve the negative effects of packet shortage. Simulation results show that debt-aware partially curbs the biased loss rate ratios, and improves the queueing delay performance as well. With respect to the delay differentiation, the dynamic behavior of the average delay difference between successive classes is first analyzed, aiming to gain insights of system dynamics. Then, two classical delay differentiation mechanisms, that is,proportional average delay (PAD) and waiting time priority (WTP), are simulated and discussed. Based on observations on their differentiation performances over both short and long time periods, a combined delay differentiation (CDD) scheme is introduced. Simulations are utilized to validate this method. Both loss and delay differentiations are based on a series of differentiation parameters. Though previous work on the selection of delay differentiation parameters has been presented, that of loss differentiation parameters mostly relied on network operators\u27 experience. A quantitative guideline, based on the principles of queueing and optimization, is then proposed to compute loss differentiation parameters. Aside from analysis, the new approach is substantiated by numerical results