979,286 research outputs found
Cyber situational awareness: from geographical alerts to high-level management
This paper focuses on cyber situational awareness and describes a visual analytics solution for monitoring and putting in tight relation data from network level with the organization business. The goal of the proposed solution is to make different security profiles (network security officer, network security manager, and financial security manager) aware of the actual network state (e.g., risk and attack progress) and the impact it actually has on the business tasks, making clear the relationships that exist between the network level and the business level. The proposed solution is instantiated on the ACEA infrastructure, the Italian company that provides power and water purification services to cities in central Italy (millions of end users
SDNsec: Forwarding Accountability for the SDN Data Plane
SDN promises to make networks more flexible, programmable, and easier to
manage. Inherent security problems in SDN today, however, pose a threat to the
promised benefits. First, the network operator lacks tools to proactively
ensure that policies will be followed or to reactively inspect the behavior of
the network. Second, the distributed nature of state updates at the data plane
leads to inconsistent network behavior during reconfigurations. Third, the
large flow space makes the data plane susceptible to state exhaustion attacks.
This paper presents SDNsec, an SDN security extension that provides
forwarding accountability for the SDN data plane. Forwarding rules are encoded
in the packet, ensuring consistent network behavior during reconfigurations and
limiting state exhaustion attacks due to table lookups. Symmetric-key
cryptography is used to protect the integrity of the forwarding rules and
enforce them at each switch. A complementary path validation mechanism allows
the controller to reactively examine the actual path taken by the packets.
Furthermore, we present mechanisms for secure link-failure recovery and
multicast/broadcast forwarding.Comment: 14 page
A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends
This paper examines the security vulnerabilities and threats imposed by the
inherent open nature of wireless communications and to devise efficient defense
mechanisms for improving the wireless network security. We first summarize the
security requirements of wireless networks, including their authenticity,
confidentiality, integrity and availability issues. Next, a comprehensive
overview of security attacks encountered in wireless networks is presented in
view of the network protocol architecture, where the potential security threats
are discussed at each protocol layer. We also provide a survey of the existing
security protocols and algorithms that are adopted in the existing wireless
network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term
evolution (LTE) systems. Then, we discuss the state-of-the-art in
physical-layer security, which is an emerging technique of securing the open
communications environment against eavesdropping attacks at the physical layer.
We also introduce the family of various jamming attacks and their
counter-measures, including the constant jammer, intermittent jammer, reactive
jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the
integration of physical-layer security into existing authentication and
cryptography mechanisms for further securing wireless networks. Finally, some
technical challenges which remain unresolved at the time of writing are
summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201
State estimation applied to active distribution networks with minimal measurements
Traditionally, state estimation is applied to transmission networks to improve security and redundancy of the measurement system. This paper describes the application of state estimation to distribution networks in order to extend the observability of the network. Key features of this application are that the network is active, minimal real measurements are available and that there is minimal communications infrastructure. this paper presents results ffrom a field trial whihc manages voltages in an 11kV distribution network with distributed generation. The paper highlights the problems associated with this application and presents some solutions
- …