Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead

Human Crowdsourcing Data for Indoor Location Applied to Ambient Assisted Living Scenarios

In the last decades, the rise of life expectancy has accelerated the demand for new technological solutions to provide a longer life with improved quality. One of the major areas of the Ambient Assisted Living aims to monitor the elderly location indoors. For this purpose, indoor positioning systems are valuable tools and can be classified depending on the need of a supporting infrastructure. Infrastructure-based systems require the investment on expensive equipment and existing infrastructure-free systems, although rely on the pervasively available characteristics of the buildings, present some limitations regarding the extensive process of acquiring and maintaining fingerprints, the maps that store the environmental characteristics to be used in the localisation phase. These problems hinder indoor positioning systems to be deployed in most scenarios. To overcome these limitations, an algorithm for the automatic construction of indoor floor plans and environmental fingerprints is proposed. With the use of crowdsourcing techniques, where the extensiveness of a task is reduced with the help of a large undefined group of users, the algorithm relies on the combination ofmultiple sources of information, collected in a non-annotated way by common smartphones. The crowdsourced data is composed by inertial sensors, responsible for estimating the users’ trajectories, Wi-Fi radio and magnetic field signals. Wi-Fi radio data is used to cluster the trajectories into smaller groups, each corresponding to specific areas of the building. Distance metrics applied to magnetic field signals are used to identify geomagnetic similarities between different users’ trajectories. The building’s floor plan is then automatically created, which results in fingerprints labelled with physical locations. Experimental results show that the proposed algorithm achieved comparable floor plan and fingerprints to those acquired manually, allowing the conclusion that is possible to automate the setup process of infrastructure-free systems. With these results, this solution can be applied in any fingerprinting-based indoor positioning system

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic

Mobile-application fingerprinting of network traffic is valuable for many security solutions as it provides insights into the apps active on a network. Unfortunately, existing techniques require prior knowledge of apps to be able to recognize them. However, mobile environments are constantly evolving, i.e., apps are regularly installed, updated, and uninstalled. Therefore, it is infeasible for existing fingerprinting approaches to cover all apps that may appear on a network. Moreover, most mobile traffic is encrypted, shows similarities with other apps, e.g., due to common libraries or the use of content delivery networks, and depends on user input, further complicating the fingerprinting process.As a solution, we propose FlowPrint, a semi-supervised approach for fingerprinting mobile apps from (encrypted) network traffic.We automatically find temporal correlations among destination-related features of network traffic and use these correlations to generate app fingerprints.Our approach is able to fingerprint previously unseen apps, something that existing techniques fail to achieve.We evaluate our approach for both Android and iOS in the setting of app recognition, where we achieve an accuracy of 89.2%, significantly outperforming state-of-the-art solutions.In addition, we show that our approach can detect previously unseen apps with a precision of 93.5%, detecting 72.3% of apps within the first five minutes of communication