On the Design of an Immersive Environment for Security-Related Studies

The Internet has become an essential part of normal operations of both public and private sectors. Many security issues are not addressed in the original Internet design, and security now has become a large concern for networking research and study. There is an imperative need to have an simulation environment that can be used to help study security-related research problems. In the thesis we present our effort to build such an environment: Real-time Immersive Network Simulation Environment (RINSE). RINSE features flexible configuration of models using various networking protocols and real-time user interaction. We also present the Estimate Next Infection (ENI) model we developed for Internet scanning worms using RINSE, and the effort of combining multiple resolutions in worm modeling

Web Spoofing Revisited: SSL and Beyond

Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not to trust a server based on browser cues such as location bar information, SSL icons, SSL warnings, certificate information, and response time. In their seminal work on Web spoofing, Felten et al showed how, in 1996, a malicious server could forge some of these cues. However, this work used genuine SSL sessions, and Web technology has evolved much since 1996. The Web has since become the pre-eminent medium for electronic service delivery to remote users, and the security of many commerce, government, and academic network applications critically rests on the assumption that users can authenticate the servers with which they interact. This situation raises the question: is the browser-user communication model today secure enough to warrant this assumption? In this paper, we answer this question by systematically showing how a malicious server can forge every one of the above cues. Our work extends the prior results by examining contemporary browsers, and by forging all of the SSL information a client sees, including the very existence of an SSL session (thus providing a cautionary tale about the security of one of the most common applications of PKI). We have made these techniques available for public demonstration, because anything less than working code would not convincingly answer the question. We also discuss implications and potential countermeasures, both short-term and long-term

Web Spoofing 2001

The Web is currently the pre-eminent medium for electronic service delivery to remote users. As a consequence, authentication of servers is more important than ever. Even sophisticated users base their decision whether or not to trust a site on browser cues---such as location bar information, SSL icons, SSL warnings, certificate information, response time, etc. In their seminal work on web spoofing, Felten et al showed how a malicious server could forge some of these cues---but using approaches that are no longer reproducible. However, subsequent evolution of Web tools has not only patched security holes---it has also added new technology to make pages more interactive and vivid. In this paper, we explore the feasibility of web spoofing using this new technology---and we show how, in many cases, every one of the above cues can be forged. In particular, we show how a malicious server can forge all the SSL information a client sees---thus providing a cautionary tale about the security of one of the most common applications of PKI. We stress that these techniques have been implemented, and are available for public demonstration

Experimental Evaluation of Wireless Simulation Assumptions

All analytical and simulation research on ad hoc wireless networks must necessarily model radio propagation using simplifying assumptions. We provide a comprehensive review of six assumptions that are still part of many ad hoc network simulation studies, despite increasing awareness of the need to represent more realistic features, including hills, obstacles, link asymmetries, and unpredictable fading. We use an extensive set of measurements from a large outdoor routing experiment to demonstrate the weakness of these assumptions, and show how these assumptions cause simulation results to differ significantly from experimental results. We close with a series of recommendations for researchers, whether they develop protocols, analytic models, or simulators for ad hoc wireless networks

MODELING AND SIMULATION BEST PRACTICES FOR WIRELESS AD HOC NETWORKS

ABSTRACT This paper calls attention to important practices in the modeling and the simulation of wireless ad hoc networks. We present three case studies to highlight the importance of following well-established simulation techniques, of carefully describing experimental study scenarios, and, finally, of understanding assumptions sometimes unstated in the framework of a simulator. The first case addresses the initial transient problem inherent to mobility and traffic generation sub-models. We quantitatively demonstrate how these transients can affect the simulation. Our second case illustrates the fact that strong scientific contributions can only be made via simulation studies when the models used are unambiguously specified. The example we use are simulations with and without a model for the ARP protocol. Finally, our third case discusses the importance of understanding the simulation tool and any default values used for model parameters. The example used relates to the use of the limited interference model

Abstract

Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not to trust a server based on browser cues such as location bar information, SSL icons, SSL warnings, certificate information, and response time. In their seminal work on Web spoofing, Felten et al [10] showed how, in 1996, a malicious server could forge some of these cues. However, this work used genuine SSL sessions, and Web technology has evolved much since 1996. The Web has since become the pre-eminent medium for electronic service delivery to remote users, and the security of many commerce, government, and academic network applications critically rests on the assumption that users can authenticate the servers with which they interact. This situation raises the question: is the browser-user communcation model today secure enough to warrant this assumption? In this paper, we answer this question by systematically showing how a malicious server can forge every one of the above cues. Our work extends the prior results by examining contemporary browsers, and by forging all of the SSL information a client sees, including the very existence of an SSL session (thus providing a cautionary tale about the security of one of the most common applications of PKI). We have made these techniques available for public demonstration, because anything less than working code would not convincingly answer the question. We also discuss implications and potential countermeasures, both short-term and long-term.

Rinse: the real-time immersive network simulation environment for network security exercises

The RINSE simulator is being developed to support large-scale network security preparedness and training exercises, involving hundreds of players and a modeled network composed of hundreds of LANs. The simulator must be able to present a realistic rendering of network behavior as attacks are launched and players diagnose events and try counter measures to keep network services operating. We describe the architecture and function of RINSE and outline how techniques like multiresolution traffic modeling and new routing simulation methods are used to address the scalability challenges of this application. We also describe in more detail new work on CPU/memory models necessary for the exercise scenarios and a latency absorption technique that will help when extending the range of client tools usable by the players. 1

Experimental evaluation of wireless simulation assumptions

On behalf of