142 research outputs found
Evaluation of Anonymized ONS Queries
Electronic Product Code (EPC) is the basis of a pervasive infrastructure for
the automatic identification of objects on supply chain applications (e.g.,
pharmaceutical or military applications). This infrastructure relies on the use
of the (1) Radio Frequency Identification (RFID) technology to tag objects in
motion and (2) distributed services providing information about objects via the
Internet. A lookup service, called the Object Name Service (ONS) and based on
the use of the Domain Name System (DNS), can be publicly accessed by EPC
applications looking for information associated with tagged objects. Privacy
issues may affect corporate infrastructures based on EPC technologies if their
lookup service is not properly protected. A possible solution to mitigate these
issues is the use of online anonymity. We present an evaluation experiment that
compares the of use of Tor (The second generation Onion Router) on a global
ONS/DNS setup, with respect to benefits, limitations, and latency.Comment: 14 page
Aggregating and Deploying Network Access Control Policies
The existence of errors or inconsistencies in the configuration of security
components, such as filtering routers and/or firewalls, may lead to weak access
control policies -- potentially easy to be evaded by unauthorized parties. We
present in this paper a proposal to create, manage, and deploy consistent
policies in those components in an efficient way. To do so, we combine two main
approaches. The first approach is the use of an aggregation mechanism that
yields consistent configurations or signals inconsistencies. Through this
mechanism we can fold existing policies of a given system and create a
consistent and global set of access control rules -- easy to maintain and
manage by using a single syntax. The second approach is the use of a refinement
mechanism that guarantees the proper deployment of such a global set of rules
into the system, yet free of inconsistencies.Comment: 9 page
Misconfiguration Management of Network Security Components
Many companies and organizations use firewalls to control the access to their
network infrastructure. Firewalls are network security components which provide
means to filter traffic within corporate networks, as well as to police
incoming and outcoming interaction with the Internet. For this purpose, it is
necessary to configure firewalls with a set of filtering rules. Nevertheless,
the existence of errors in a set of filtering rules is very likely to degrade
the network security policy. The discovering and removal of these configuration
errors is a serious and complex problem to solve. In this paper, we present a
set of algorithms for such a management. Our approach is based on the analysis
of relationships between the set of filtering rules. Then, a subsequent
rewriting of rules will derive from an initial firewall setup -- potentially
misconfigured -- to an equivalent one completely free of errors. At the same
time, the algorithms will detect useless rules in the initial firewall
configuration.Comment: 9 pages, 4 figures, 10 references, 7th International Symposium on
System and Information Security (SSI), Sao Paulo, Brazi
Simulaciones software para el estudio de amenazas contra sistemas SCADA
El objetivo de las tecnologĂas SCADA (acrĂłnimo de Supervisory Control And Data Acquisition), es proporcionar control remoto para la supervisiĂłn de infraestructuras crĂticas. Ataques contra tales sistemas suponen un riesgo importante. Nuestro interĂ©s en la temática es poder investigar mejoras en la seguridad de los sistemas SCADA, usando abstracciones a nivel de software, herramientas de simulaciĂłn, dispositivos fĂsicos y trazas de datos a partir de sistemas reales. Este artĂculo presenta, de manera general, algunas construcciones básicas de lo que son las tecnologĂas SCADA y sus componentes. Introduce, tambiĂ©n, caracterĂsticas generales de algunos simuladores open source disponibles. Por Ăşltimo, detalla limitaciones y mejoras potenciales, orientadas a completar el estudio de tĂ©cnicas de detecciĂłn de anomalĂas a nivel de señales fĂsicas entre los componentes de sistemas SCADA
Multiple-polynomial LFSR based pseudorandom number generator for EPC Gen2 RFID tags
International audienceWe present a lightweight pseudorandom number generator (PRNG) design for EPC Gen2 RFID tags. It is based on a linear feedback shift register (LFSR) configured with multiple feedback polynomials that are selected by a physical source of randomness. The proposal successfully handles the inherent linearity of LFSR based PRNGs and satisfies the statistical requirements imposed by the EPC Gen2 standard. Statistical analysis of the sequences generated by our generator confirms the validity of the proposed technique.We show that our proposal has, moreover, a simpler hardware implementation and energy consumption than previous designs reported in the literature
QoS and security in Link State Routing protocols for MANETs
Abstract—We study security issues in the Optimized Link State Routing (OLSR) protocol with Quality-of-Service (QoS). We propose the function k-robust-QANS, to construct a Quality Advertisement Neighbor Set (QANS). Given a node v, the one-hop nodes selected as part of its QANS generate routing information to advertise, when possible, a set with k+1 links to reach any two-hop neighbor. Several approaches have been proposed to construct a QANS. However, none of them guarantees that the best links are advertised. A mechanism is presented for QANS construction with guarantee that the best links are advertised with respect to a given routing metric. We present the unadvertised quality links problem when QoS is considered. We also address the slanderer attack, i.e., a misbehaving node that advertises incomplete routing information. Our goal is to find a tradeoff between security and amount of information disseminated. We conduct simulations that confirm our claims
- …