Techniques for the dynamic randomization of network attributes

Critical infrastructure control systems continue to foster predictable communication paths and static configurations that allow easy access to our networked critical infrastructure around the world. This makes them attractive and easy targets for cyber-attack. We have developed technologies that address these attack vectors by automatically reconfiguring network settings. Applying these protective measures will convert control systems into «moving targets» that proactively defend themselves against attack. This «Moving Target Defense» (MTD) revolves about the movement of network reconfiguration, securely communicating reconfiguration specifications to other network nodes as required, and ensuring that connectivity between nodes is uninterrupted. Software-defined Networking (SDN) is leveraged to meet many of these goals. Our MTD approach eliminates adversaries targeting known static attributes of network devices and systems, and consists of the following three techniques: (1) Network Randomization for TCP/UDP Ports; (2) Network Randomization for IP Addresses; (3) Network Randomization for Network Paths In this paper, we describe the implementation of the aforementioned technologies. We also discuss the individual and collective successes for the techniques, challenges for deployment, constraints and assumptions, and the performance implications for each technique

An Iterative and Toolchain-Based Approach to Automate Scanning and Mapping Computer Networks

As today's organizational computer networks are ever evolving and becoming more and more complex, finding potential vulnerabilities and conducting security audits has become a crucial element in securing these networks. The first step in auditing a network is reconnaissance by mapping it to get a comprehensive overview over its structure. The growing complexity, however, makes this task increasingly effortful, even more as mapping (instead of plain scanning), presently, still involves a lot of manual work. Therefore, the concept proposed in this paper automates the scanning and mapping of unknown and non-cooperative computer networks in order to find security weaknesses or verify access controls. It further helps to conduct audits by allowing comparing documented with actual networks and finding unauthorized network devices, as well as evaluating access control methods by conducting delta scans. It uses a novel approach of augmenting data from iteratively chained existing scanning tools with context, using genuine analytics modules to allow assessing a network's topology instead of just generating a list of scanned devices. It further contains a visualization model that provides a clear, lucid topology map and a special graph for comparative analysis. The goal is to provide maximum insight with a minimum of a priori knowledge.Comment: 7 pages, 6 figure

Securing Real-Time Internet-of-Things

Modern embedded and cyber-physical systems are ubiquitous. A large number of critical cyber-physical systems have real-time requirements (e.g., avionics, automobiles, power grids, manufacturing systems, industrial control systems, etc.). Recent developments and new functionality requires real-time embedded devices to be connected to the Internet. This gives rise to the real-time Internet-of-things (RT-IoT) that promises a better user experience through stronger connectivity and efficient use of next-generation embedded devices. However RT- IoT are also increasingly becoming targets for cyber-attacks which is exacerbated by this increased connectivity. This paper gives an introduction to RT-IoT systems, an outlook of current approaches and possible research challenges towards secure RT- IoT frameworks

Moving target defense for securing smart grid communications: Architectural design, implementation and evaluation

Supervisory Control And Data Acquisition (SCADA) communications are often subjected to various kinds of sophisticated cyber-attacks which can have a serious impact on the Critical Infrastructure such as the power grid. Most of the time, the success of the attack is based on the static characteristics of the system, thereby enabling an easier profiling of the target system(s) by the adversary and consequently exploiting their limited resources. In this thesis, a novel approach to mitigate such static vulnerabilities is proposed by implementing a Moving Target Defense (MTD) strategy in a power grid SCADA environment, which leverages the existing communication network with an end-to-end IP Hopping technique among the trusted peer devices. This offers a proactive L3 layer network defense, minimizing IP-specific threats and thwarting worm propagation, APTs, etc., which utilize the cyber kill chain for attacking the system through the SCADA network. The main contribution of this thesis is to show how MTD concepts provide proactive defense against targeted cyber-attacks, and a dynamic attack surface to adversaries without compromising the availability of a SCADA system. Specifically, the thesis presents a brief overview of the different type of MTD designs, the proposed MTD architecture and its implementation with IP hopping technique over a Control Center–Substation network link along with a 3-way handshake protocol for synchronization on the Iowa State’s Power Cyber testbed. The thesis further investigates the delay and throughput characteristics of the entire system with and without the MTD to choose the best hopping rate for the given link. It also includes additional contributions for making the testbed scenarios more realistic to real world scenarios with multi-hop, multi-path WAN. Using that and studying a specific attack model, the thesis analyses the best ranges of IP address for different hopping rate and different number of interfaces. Finally, the thesis describes two case studies to explore and identify potential weaknesses of the proposed mechanism, and also experimentally validate the proposed mitigation alterations to resolve the discovered vulnerabilities. As part of future work, we plan to extend this work by optimizing the MTD algorithm to be more resilient by incorporating other techniques like network port mutation to further increase the attack complexity and cost

Exploring Host-based Software Defined Networking and its Applications

Network operators need detailed understanding of their networks in order to ensure functionality and to mitigate security risks. Unfortunately, legacy networks are poorly suited to providing this understanding. While the software-defined networking paradigm has the potential to, existing switch-based implementations are unable to scale sufficiently to provide information in a fine-grained. Furthermore, as switches are inherently blind to the inner workings of hosts, significantly hindering an operator\u27s ability to understand the true context behind network traffic. In this work, we explore a host-based software-defined networking implementation. We evaluation our implementation, showing that it is able to scale beyond the capabilities of a switch-based implementation. Furthermore, we discuss various detailed network policies that network operators can write and enforce which are impossible in a switch-based implementation. We also implement and discuss an anti-reconnaissance system that can be deployed without any additional components

Issues in Modeling Military Space

Fighter Pilots students undertake an intense 120-day training program. New classes of students enter the training program at regular interval. Students endured rigorous academic, simulator, and aircraft training throughout the program. Squadron schedulers ensure the multiple classes and students are scheduled for the activities. Simulator and aircraft training are scheduled individual for each student. Academic training are taught to the class. Aircraft utilization must also be considered. Aircraft Sortie training are also constrained by daylight hours. Additionally, students are limited to a maximum of three training events in a given day. Squadron schedulers must balance these requirements to ensure students meet their training requirements and successfully graduate. The dynamic training environment requires advanced robust schedules with flexibility to accommodate changes. A Visual Interactive Modeling approach is used to generate schedules. Current schedules are being generated manually with an Excel spreadsheet. Taking advantage of Excel\u27s Visual Basic Programming language, the Excel tool is modified in several ways. Scheduling Dispatch rules are implemented to automatically generate feasible schedules. Graphical User Interfaces are used to create a user-friendly environment. Schedulers guide the schedule building process to produce a robust schedule. An attrition environment is created to simulate attrition probabilities of aircraft sortie training due to operations, maintenance, weather, and other cancellations. Analysis of dispatch rules are analyzed

National Security Space Launch

The United States Space Force’s National Security Space Launch (NSSL) program, formerly known as the Evolved Expendable Launch Vehicle (EELV) program, was first established in 1994 by President William J. Clinton’s National Space Transportation Policy. The policy assigned the responsibility for expendable launch vehicles to the Department of Defense (DoD), with the goals of lowering launch costs and ensuring national security access to space. As such, the United States Air Force Space and Missile Systems Center (SMC) started the EELV program to acquire more affordable and reliable launch capability for valuable U.S. military satellites, such as national reconnaissance satellites that cost billions per satellite. In March 2019, the program name was changed from EELV to NSSL, which reflected several important features: 1.) The emphasis on “assured access to space,” 2.) transition from the Russian-made RD-180 rocket engine used on the Atlas V to a US-sourced engine (now scheduled to be complete by 2022), 3.) adaptation to manifest changes (such as enabling satellite swaps and return of manifest to normal operations both within 12 months of a need or an anomaly), and 4.) potential use of reusable launch vehicles. As of August 2019, Blue Origin, Northrop Grumman Innovation Systems, SpaceX, and United Launch Alliance (ULA) have all submitted proposals. From these, the U.S. Air Force will be selecting two companies to fulfill approximately 34 launches over a period of five years, beginning in 2022. This paper will therefore first examine the objectives for the NSSL as presented in the 2017 National Security Strategy, Fiscal Year 2019, Fiscal Year 2020, and Fiscal Year 2021 National Defense Authorization Acts (NDAA), and National Presidential Directive No. 40. The paper will then identify areas of potential weakness and gaps that exist in space launch programs as a whole and explore the security implications that impact the NSSL specifically. Finally, the paper will examine how the trajectory of the NSSL program could be adjusted in order to facilitate a smooth transition into new launch vehicles, while maintaining mission success, minimizing national security vulnerabilities, and clarifying the defense acquisition process.No embargoAcademic Major: EnglishAcademic Major: International Studie

Space as a New Sphere of Future Information Warfare

Air power has seen constant development from the Wright Flyer’s first flight at Kitty Hawk on December 17, 1903 via the advent of the jet age with the service entry of the Messerschmitt Me 262 in 1942, to today’s multirole fighters (F-35 Joint Strike Fighter) and stealth aircraft (B-2 Spirit multi-role bomber). As a result of this evolution of one hundred years air power has emerged as a central component in power projection. As General William Mitchell said: ”Neither armies nor navies can exist unless the air is controlled over them.” (Mitchell 1925, xv)We have witnessed a corresponding development in space, albeit with a lag of nearly sixty years. The first satellite, the Sputnik, went in orbit on October 4, 1957 and the first manned spaceflight was accomplished on April 12, 1961 (by Yuri Gagarin). July 20, 1969 saw the first landing of man on the moon by Neil Armstrong; the first Space Shuttle launch was on April 12, 1981; and the International Space Station (ISS) has remained manned since November 2, 2000. Since 1961, more than 400 men and women have visited the realm of space. General Tommy Franks said:”The pieces of this operation (Iraqi Freedom) which have been successful would not have been so without space-based assets … it’s just simply a fact.”A major ingredient of success in modern warfare is the capability to collect and analyze information and then use it for the execution of command and control. Intelligence, surveillance, command and control, positioning, and targeting systems along with increasingly technical fire systems will have a key role in this area. Deliberate information warfare operations are conducted during times of crisis and war. They are planned based on of information obtained from intelligence and surveillance assets. The aim of the attacker in information operations is to produce a desired effect on targets by means of psychological warfare such as dissemination of information and other psychological operations; by using network attacks and deception along with other forms of information systems warfare; and by employing electronic warfare assets for jamming, and weapons to suppress the enemy’s intelligence, surveillance, and command and control systems.Space, the electromagnetic spectrum, virtual networks, the psychological domain, and media will occupy central roles in any future information warfare, and all these can be used in both defensive and offensive modes. The foregoing sums up as a concept of global information warfare. We already have space-based C4ISR, targeting, and positioning systems. The successful execution of operations in future wars depends on the gaining and maintaining of space supremacy. Space is in the process of becoming a new dimension in information warfare