An integrated approach to QoS and security in future mobile networks using the Y-Comm framework

Future networks will comprise a wide variety of wireless networks. Users will expect to be always connected from anywhere and at any time as connections will be switched to available networks using vertical handover techniques. However, different networks have different Qualities-of-Service (QoS) so a QoS framework is needed to help applications and services deal with this new environment. In addition, since these networks must work together, future mobile systems will have an open, instead of the currently closed, architecture. Therefore new mechanisms will be needed to protect users, servers and network infrastructure. This means that future mobile networks will have to integrate communications, mobility, quality-of-service and security. However, in order to achieve this integration without affecting the flexibility of future networks, there is a need for novel methods that address QoS and security in a targeted manner within specific situations. Also, there is a need for a communication framework wherein these methods along with the communication and handover mechanisms could be integrated together. Therefore, this research uses the Y-Comm framework, which is a communication architecture to support vertical handover in Next Generations Networks, as an example of future communication frameworks that integrate QoS, security, communication and mobility mechanisms. Within the context of Y-Comm, research has been conducted to address QoS and security in heterogeneous networks. To preserve the flexibility of future network, the research in this thesis proposes the concept of Targeted Models to address security and QoS in specific scenarios: to address the QoS issue, a new QoS framework is introduced in this thesis, which will define targeted QoS models that will provide QoS in different situations such as connection initiation and in the case of handover. Similarly, to deal with the security side, targeted security models are proposed to address security in situations like connection initiation and handover. To define the targeted models and map them to actual network entities, research has been conducted to define a potential structure for future networks along with the main operational entities. The cooperation among these entities will define the targeted models. Furthermore, in order to specify the security protocols used by the targeted security models, an Authentication and Key Agreement framework is introduced to address security at different levels such as network and service levels. The underlying protocols of the Authentication and Key Agreement protocol are verified using Casper/FDR, which is a well-known, formal methods- based tool. The research also investigates potential methods to implement the proposed security protocols. To enable the implementation of some of the targeted security models, the research also proposes major enhancements to the current addressing, naming and location systems

A novel security protocol for resolving addresses in the location/ID split architecture

The Locator/ID Separation Protocol (LISP) is a routing architecture that provides new semantics for IP addressing. In order to simplify routing operations and improve scalability in future Internet, the LISP uses two different numbering spaces to separate the device identifier from its location. In other words, the LISP separates the 'where' and the 'who' in networking and uses a mapping system to couple the location and identifier. This paper analyses the security and functionality of the LISP mapping procedure using a formal methods approach based on Casper/FDR tool. The analysis points out several security issues in the protocol such as the lack of data confidentiality and mutual authentication. The paper addresses these issues and proposes changes that are compatible with the implementation of the LISP

An integrated authentication and authorization approach for the network of information architecture

Several projects propose an information centric approach to the network of the future. Such an approach makes efficient content distribution possible by making information retrieval host-independent and integration into the network storage for caching information. Requests for particular content can, thus, be satisfied by any host or server holding a copy. One well-established approach of information centric networks is the Network of Information (NetInf) architecture, developed as part of the EU FP7 project SAIL. The approach is based on the Publish/Subscribe model, where hosts can join a network, publish data, and subscribe to publications. The NetInf introduces two main stages namely, the Publication and Data Retrieval through which hosts publish and retrieve data. Also, a distributed Name Resolution System (NRS) has been introduced to map the data to its publishers. The NRS is vulnerable to masquerading and content poisoning attacks through invalid data registration. Therefore, the paper proposes a Registration stage to take place before the publication and data retrieval stage. This new stage will identify and authenticate hosts before being able to access the NetInf system. Furthermore, the Registration stage uses (cap)abilities-based access policy to mitigate the issue of unauthorized access to data objects. The proposed solutions have been formally verified using formal methods approac

Challenges and solutions for secure information centric networks: a case study of the NetInf architecture

A large number of emerging Internet applications require information dissemination across different organizational boundaries, heterogeneous platforms, and a large, dynamic population of publishers and subscribers. A new information-centric network architecture called Network of Information (NetInf) has been developed in the context of the FP7 EU-funded 4WARD project. This architecture can significantly improve large scale information distribution. Furthermore, it supports future mobile networks in situations with intermittent and heterogeneous connectivity and connects the digital with the physical world to enable better user experience. However, NetInf is still in an early stage of implementation and its security is yet to be evaluated. The security concern of NetInf is a major factor for its wide-scale adoption. Therefore, this paper uses the X.805 security standard to analyse the security of the NetInf architecture. The analysis highlights the main source of threats and potential security services to tackle them. The paper also defines a threat model in the form of possible attacks against the NetInf architecture

Toward an efficient ontology-based event correlation in SIEM

Cooperative intrusion detection use several intrusion detection systems (IDS) and analyzers in order to build a reliable overview of the monitored system trough a central security information and event management system (SIEM). In such environment, the definition of a shared vocabulary describing the exchanged information between tools is prominent. Since these pieces of information are structured, we propose in this paper to use an ontological representation based on Description Logics (DLs) which is a powerful tool for knowledge representation. Moreover, DLs are able to ensure a decidable reasoning. An alert correlation prototype is presented using this ontology, and an illustrative attack scenario is carried out to show the usefulness of the proposed ontolog

A formally verified access control mechanism for information centric networks

Communications in Information-Centric Networking place more attention on WHAT data are being exchanged rather than WHO are exchanging them. A well-established approach of information centric networks is the Network of Information (NetInf) architecture, developed as part of the EU FP7 project SAIL. The security of NetInf has been fairly analysed in the literature. In particular, research efforts have been focusing on achieving data integrity and confidentially, source or publisher authenticity and authorization. This paper analyses some work in the literature to enforce authorized access to data in NetInf, highlights a potential security threat and proposes an enhancement to address the discovered threat. The new enhancement has been formally verified using formal method approach based on the Casper/FDR tool

Introducing a novel authentication protocol for secure services in heterogeneous environments using Casper/FDR

Next Generation Networks is a convergence of networks such as 2G/3G, WLAN as well as the recently implemented Long Term Evolution (LTE) networks. Future mobile devices will switch between these different networks to maintain the connectivity with end servers. However, to support these heterogeneous environments, there is a need to consider a new design of the network infrastructure, where currently closed systems such as 3G will have to operate in an open environment. Security is a key issue in this open environment; after authenticating the mobile terminal to access the network, there is a requirement for service-level mechanisms to protect the session between the mobile terminal and the remote service provider. Furthermore, since mobile terminals switch between networks of different characteristics in terms of coverage, Quality of Service and security, there is a need for re-assessing the security of the same session over the different networks to comply with the changes at the network level due to the mobility. Therefore, this paper introduces a Service-Level Authentication and Key Agreement protocol to secure the session between the mobile terminal and the end server. The proposed protocol considers user mobilities in an heterogeneous environment and reassesses the session's security level in case of handover. The proposed protocol has been verified using formal methods approach based on the well-established Casper/FDR compilers

Supporting communication in information centric networks using the location/ID split protocol and time released caching

The vast majority of current Internet usage is data retrieval and information exchange. As a result, the focus has been shifted from the current location-based system to an Information-Centric system, where information can be cached and accessed from anywhere within the network rather than from the end hosts only. To support this functionality, data must be uniquely identified regardless of the location. Current research efforts in the area of Information-Centric Networks presume the existence of a Convergence Layer protocol that facilitates the functionalities of forwarding, while data caching takes place on a higher-plane. Therefore, this paper proposes a convergence layer protocol, based on the Location/ID Separation Protocol which uses two numbering spaces for data. Unlike other Information Centric architectures in the literature, the proposed approach introduces new procedures to deal with in-network data caching and forwarding separately

Machine learning based botnet identification traffic

The continued growth of the Internet has resulted in the increasing sophistication of toolkit and methods to conduct computer attacks and intrusions that are easy to use and publicly available to download, such as Zeus botnet toolkit. Botnets are responsible for many cyber-attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of existence botnet toolkits release updates for new features, development and support. This presents challenges in the detection and prevention of bots. Current botnet detection approaches mostly ineffective as botnets change their Command and Control (C&C) server structures, centralized (e.g., IRC, HTTP), distributed (e.g., P2P), and encryption deterrent. In this paper, based on real world data sets we present our preliminary research on predicting the new bots before they launch their attack. We propose a rich set of features of network traffic using Classification of Network Information Flow Analysis (CONIFA) framework to capture regularities in C&C communication channels and malicious traffic. We present a case study of applying the approach to a popular botnet toolkit, Zeus. The experimental evaluation suggest that it is possible to detect effectively botnets during the botnet C&C communication generated from new updated Zeus botnet toolkit by building the classifier using machine learning from an earlier version and before they launch their attacks using traffic behaviors. Also, show that there is similarity in C&C structures various Botnet toolkit versions and that the network characteristics of botnet C&C traffic is different from legitimate network traffic. Such methods could reduce many different resources needed to identify C&C communication channels and malicious traffic

Security and QoS integration for protecting service providers in hterogeneous environments

Similar to the Internet, connectivity in Next Generation Networks such as 4G will be IP-Based. This implies that they inherit all the security problems of the current Internet. Amongst these numerous threats, compromise and resource exhaustion threats which come in the form of Denial of Service attacks, are very common and particularly serious. The severity of such attacks will be fuelled by the development of heterogeneous devices which have several wireless interfaces, as multi-homed devices will be able to send multiple connection requests to the server and thus launch attacks over different access networks. This paper details a new model to address the problem of Denial of Service attacks against the current Internet which limit the accessibility of a server based on its operational scope such that the solution will work effectively in heterogeneous, multi-homed environments. However, Denial of service attacks target the system resources and degrade their performance thus, affecting the Quality of Service’s delivery to the subscribed users. Therefore, the proposed model suggests dealing with security and QoS in an integrated manner by using the concept of Quality of Security Service where security is considered as a Quality of Service’ parameter. This paper furthermore shows how security can be integrated into the infrastructure of future network systems. However, in order to implement the proposed model, it is necessary to enhance current networking infrastructure by extending current services such as the Domain Naming Service and evolving new services such as a Master Locator to support user mobility