An Inter-domain Collaboration Scheme to Remedy DDoS Attacks in Computer Networks

Distributed Denial-of-Service (DDoS) attacks continue to trouble network operators and service providers, and with increasing intensity. Effective response to DDoS can be slow (because of manual diagnosis and interaction) and potentially self-defeating (as indiscriminate filtering accomplishes a likely goal of the attacker), and this is the result of the discrepancy between the service provider's flow-based, application-level view of traffic and the network operator's packet-based, network-level view and limited functionality. Furthermore, a network required to take action may be in an Autonomous System (AS) several AS-hops away from the service, so it has no direct relationship with the service on whose behalf it acts. This paper presents Antidose, a means of interaction between a vulnerable peripheral service and an indirectly related AS that allows the AS to confidently deploy local filtering with discrimination under the control of the remote service. We implement the core filtering mechanism of Antidose, and provide an analysis of it to demonstrate that conscious attacks against the mechanism will not expose the AS to additional attacks. We present a performance evaluation to show that the mechanism is operationally feasible in the emerging trend of operators' willingness to increase the programmability of their hardware with SDN technologies such as OpenFlow, as well as to act to mitigate attacks on downstream customers

Securing GSM voice through scrambling

GSM is the most widely used mobile communication system, which provides authenticity, confidentiality and integrity. The encryption however is for air interface only which means that it secures channel till the BTS. This air interface encryption has been cracked and other vulnerabilities like replay and man in the middle attacks have put all the personal and confidential communications at stake. A lot of work has been done on voice encryption over GSM's Circuit Switched Data (CSD) channel. But CSD channel impairments and quality issues have been prohibitive in the realization of a reliable and acceptable solution. In this paper, we propose voice scrambling technique which not only is hard to break but also will be in subscriber's control. We further discuss its performance over the GSM network

MPLS unleashed:remedy using IPSEC over MPLS VPN

As a result of globalization, companies are striving to reach out to their customers, suppliers and partners thus extending their enterprise to provide access to critical information and offer their services upon whom their business is dependent. The bedrock of far reaching enterprise is IP network. Researchers have developed core network technology like MPLS with promising features of flexibility, scalability and security to enable enterprises to extend their businesses and transact successfully. As a result, MPLS is widely used in supporting applications like data, voice and video on the internet. It has been highly competitive from its predecessors Frame relay and ATM in terms of providing supports services. Notwithstanding its attributes, there are vulnerabilities and risks associated with MPLS. Recent papers and research reports have highlighted such issues. This paper represents a further contribution in identifying MPLS vulnerabilities and risks. In addition to discussing conventional approach of mitigating those risks, the paper also proposes IPSEC over MPLS VPN and its benefit over conventional approach

Secure messaging and real time media streaming using enterprise PKI and ECC based certificates

Traditionally SSL/TLS protocol is used to provide secure and trusted communication by implementing public key cryptographic algorithms such as RSA, DSA and DH. These algorithms have several performance and scalability issues for real time (audio, video, instant messaging) streaming and messaging. Against large sized RSA keys, ECC based public key cryptography offers equivalent security with smaller key length, entailing high performance, efficiency and low bandwidth requirement. Therefore, in this paper we provide an enterprise level distributed architecture based on PKI, ECC based digital certificates and LDAP based single sign-on for HTTPS (secure web), S/MIME (signed messages), and RTMPS (Secure Real time audio, video conferencing and chat streaming) protocol over standard SSL/TLS

Evading virus detection using code obfuscation

The conflict between malware authors and analysts is heating up as both are coming up with new armaments in their armory. Malware authors are employing novel sophisticated techniques like metamorphosis to thwart detection mechanisms while security professionals are budding new ways to confront them. In this paper we formally treat diverse mechanisms of making malware undetectable in general and code mutation techniques in particular. We also supported our argument where possible, through different tools and have revealed their outcome. In the end we give our methodology to make any virus undetectable using amalgamation of hex editing and metamorphic techniques

Towards Resilience Metrics for Future Cloud Applications

An analysis of new technologies can yield insight into the way these technologies will be used. Inevitably,new technologies and their uses are likely to result in new security issues regarding threats, vulnerabilities andattack vectors. In this paper, we investigate and analyse technological and security trends and their potentialto become future threats by systematically examining industry reports on existing technologies. Using a cloudcomputing use case we identify potential resilience metrics that can shed light on the security properties of thesystem.SECCRIT - Secure Cloud Computing for Critical Infrastructure I