230 research outputs found

    Deployable filtering architectures against large denial-of-service attacks

    Get PDF
    Denial-of-Service attacks continue to grow in size and frequency despite serious underreporting. While several research solutions have been proposed over the years, they have had important deployment hurdles that have prevented them from seeing any significant level of deployment on the Internet. Commercial solutions exist, but they are costly and generally are not meant to scale to Internet-wide levels. In this thesis we present three filtering architectures against large Denial-of-Service attacks. Their emphasis is in providing an effective solution against such attacks while using simple mechanisms in order to overcome the deployment hurdles faced by other solutions. While these are well-suited to being implemented in fast routing hardware, in the early stages of deployment this is unlikely to be the case. Because of this, we implemented them on low-cost off-the-shelf hardware and evaluated their performance on a network testbed. The results are very encouraging: this setup allows us to forward traffic on a single PC at rates of millions of packets per second even for minimum-sized packets, while at the same time processing as many as one million filters; this gives us confidence that the architecture as a whole could combat even the large botnets currently being reported. Better yet, we show that this single-PC performance scales well with the number of CPU cores and network interfaces, which is promising for our solutions if we consider the current trend in processor design. In addition to using simple mechanisms, we discuss how the architectures provide clear incentives for ISPs that adopt them early, both at the destination as well as at the sources of attacks. The hope is that these will be sufficient to achieve some level of initial deployment. The larger goal is to have an architectural solution against large DoS deployed in place before even more harmful attacks take place; this thesis is hopefully a step in that direction

    A Trustful Routing Protocol for Ad-hoc Network

    Get PDF
    Mobile Ad-hoc Network (MANET) is a wireless system that comprises mobile nodes. It is usually referred to a decentralized autonomous system. Self configurability and easy deployment feature of the MANET resulted in numerous applications in this modern era. Its routing protocol has to be able to cope with the new challenges that a MANET creates such as nodes mobility, security maintenance, and quality of service, limited bandwidth and limited power supply. These challenges set new demands on MANET routing protocols. With the increasing interest in MANETs, there has been a greater focus on the subject of securing such networks. However, the majority of these MANET secure routing protocols did not provide a complete solution for all the MANETs2019; attacks and assumed that any node participating in the MANET is not selfish and that it will cooperate to support different network functionalities. My thesis strategy is to choose one of the secure routing protocols According to its security-effectiveness, study it and analyze its functionality and performance. The authenticated routing for ad hoc networks (ARAN) secure routing protocol was chosen for analysis. Then, the different existing cooperation enforcement schemes were surveyed so that to come up with a reputation-based scheme to integrate with the ARAN protocol. The result of that integration is called: Trustful-ARAN. Consequently, the ARAN is capable of handling both selfish and malicious nodes2019; attacks. The improvement is obtained at the cost of a higher overhead percentage with minimal increase in the average number of hops. The Trustful-ARAN proves to be more efficient and more secure than normal ARAN secure routing protocol in defending against both malicious and authenticated selfish nodes

    ALGORITHMIZATION, REQUIREMENTS ANALYSIS AND ARCHITECTURAL CHALLENGES OF TRACONDA

    Get PDF
    Globally, there are so much information security threats on Internet that even when data is encrypted, there is no guarantee that copy would not be available to third-party, and eventually be decrypted. Thus, trusted routing mechanism that inhibits availability of (encrypted or not) data being transferred to third-party is proposed in this paper. Algorithmization, requirements analysis and architectural challenges for its development are presented

    TORKAMELEON. IMPROVING TOR’S CENSORSHIP RESISTANCE WITH K-ANONYMIZATION MEDIA MORPHING COVERT INPUT CHANNELS

    Get PDF
    Anonymity networks such as Tor and other related tools are powerful means of increas- ing the anonymity and privacy of Internet users’ communications. Tor is currently the most widely used solution by whistleblowers to disclose confidential information and denounce censorship measures, including violations of civil rights, freedom of expres- sion, or guarantees of free access to information. However, recent research studies have shown that Tor is vulnerable to so-called powerful correlation attacks carried out by global adversaries or collaborative Internet censorship parties. In the Tor ”arms race” scenario, we can see that as new censorship, surveillance, and deep correlation tools have been researched, new, improved solutions for preserving anonymity have also emerged. In recent research proposals, unobservable encapsulation of IP packets in covert media channels is one of the most promising defenses against such threat models. They leverage WebRTC-based covert channels as a robust and practical approach against powerful traf- fic correlation analysis. At the same time, these solutions are difficult to combat through the traffic-blocking measures commonly used by censorship authorities. In this dissertation, we propose TorKameleon, a censorship evasion solution de- signed to protect Tor users with increased censorship resistance against powerful traffic correlation attacks executed by global adversaries. The system is based on flexible K- anonymization input circuits that can support TLS tunneling and WebRTC-based covert channels before forwarding users’ original input traffic to the Tor network. Our goal is to protect users from machine and deep learning correlation attacks between incom- ing user traffic and observed traffic at different Tor network relays, such as middle and egress relays. TorKameleon is the first system to implement a Tor pluggable transport based on parameterizable TLS tunneling and WebRTC-based covert channels. We have implemented the TorKameleon prototype and performed extensive validations to ob- serve the correctness and experimental performance of the proposed solution in the Tor environment. With these evaluations, we analyze the necessary tradeoffs between the performance of the standard Tor network and the achieved effectiveness and performance of TorKameleon, capable of preserving the required unobservability properties.Redes de anonimização como o Tor e soluções ou ferramentas semelhantes são meios poderosos de aumentar a anonimidade e a privacidade das comunicações de utilizadores da Internet . O Tor é atualmente a rede de anonimato mais utilizada por delatores para divulgar informações confidenciais e denunciar medidas de censura tais como violações de direitos civis e da liberdade de expressão, ou falhas nas garantias de livre acesso à informação. No entanto, estudos recentes mostram que o Tor é vulnerável a adversários globais ou a entidades que colaboram entre si para garantir a censura online. Neste cenário competitivo e de jogo do “gato e do rato”, é possível verificar que à medida que novas soluções de censura e vigilância são investigadas, novos sistemas melhorados para a preservação de anonimato são também apresentados e refinados. O encapsulamento de pacotes IP em túneis encapsulados em protocolos de media são uma das mais promissoras soluções contra os novos modelos de ataque à anonimidade. Estas soluções alavancam canais encobertos em protocolos de media baseados em WebRTC para resistir a poderosos ataques de correlação de tráfego e a medidas de bloqueios normalmente usadas pelos censores. Nesta dissertação propomos o TorKameleon, uma solução desenhada para protoger os utilizadores da rede Tor contra os mais recentes ataques de correlação feitos por um modelo de adversário global. O sistema é baseado em estratégias de anonimização e reencaminhamento do tráfego do utilizador através de K nós, utilizando também encap- sulamento do tráfego em canais encobertos em túneis TLS ou WebRTC. O nosso objetivo é proteger os utilizadores da rede Tor de ataques de correlação implementados através de modelos de aprendizagem automática feitos entre o tráfego do utilizador que entra na rede Tor e esse mesmo tráfego noutro segmento da rede, como por exemplo nos nós de saída da rede. O TorKameleon é o primeiro sistema a implementar um Tor pluggable transport parametrizável, baseado em túneis TLS ou em canais encobertos em protocolos media. Implementamos um protótipo do sistema e realizamos uma extensa avalição expe- rimental, inserindo a solução no ambiente da rede Tor. Com base nestas avaliações, anali- zamos o tradeoff necessário entre a performance da rede Tor e a eficácia e a performance obtida do TorKameleon, que garante as propriedades de preservação de anonimato

    Moving Target Defense for Securing SCADA Communications

    Get PDF
    In this paper, we introduce a framework for building a secure and private peer to peer communication used in supervisory control and data acquisition networks with a novel Mobile IPv6-based moving target defense strategy. Our approach aids in combating remote cyber-attacks against peer hosts by thwarting any potential attacks at their reconnaissance stage. The IP address of each host is randomly changed at a certain interval creating a moving target to make it difficult for an attacker to find the host. At the same time, the peer host is updated through the use of the binding update procedure (standard Mobile IPv6 protocol). Compared with existing results that can incur significant packet-loss during address rotations, the proposed solution is loss-less. Improving privacy and anonymity for communicating hosts by removing permanent IP addresses from all packets is also one of the major contributions of this paper. Another contribution is preventing black hole attacks and bandwidth depletion DDoS attacks through the use of extra paths between the peer hosts. Recovering the communication after rebooting a host is also a new contribution of this paper. Lab-based simulation results are presented to demonstrate the performance of the method in action, including its overheads. The testbed experiments show zero packet-loss rate during handoff delay

    Security Mechanisms to Decrease Vulnerability of Ad-hoc Routing Protocols

    Full text link

    Securing Weight-Based AODV (WBAODV) Routing Protocol in MANETs: Towards Efficient and Secure Routing Protocol

    Get PDF
    An ad hoc network is a collection of wireless mobile nodes dynamically forming a temporary network without the use of any existing network infrastructure or centralized administration. There are number of routing protocols developed by researchers. Due to the nature of ad hoc networks, secure routing is an important area of research in developing secured routing protocols. Although researchers have proposed several secure routing protocols, their resistance towards various types of security attacks and efficiency are primary points of concern in implementing these protocols. After the evaluation of these protocols the results refer that they do not give complete protection against possible attacks and have some disadvantages on their performance. In this research, we examined a new routing protocol called Weight-Based Ad hoc On-demand Distance Vector (WBAODV) routing protocol which is efficient and superior of the standard Ad hoc On-demand Distance Vector (AODV) routing protocol in performance, but is not secure. So we proposed a new secure routing protocol based on WBAODV which will be efficient and also immune against the most commonly possible routing attacks. Finally we analyzed the proposed protocol against many attacks to ensure its security and also subject it to extensive simulation tests using JiST/SWAN simulation tool with the most commonly well-known ad hoc performance metrics to ensure its efficiency
    corecore