A Secure Gateway Localization and Communication System for Vehicular Ad Hoc Networks

Wang, Yan

January 2013

Intelligent Transport System (ITS) has become a hot research topic over the past decades. ITS is a system that applies the following technologies to the whole transportation management system efficiently, including information technique, wireless communication, sensor networks, control technique, and computer engineering. ITS provides an accurate, real time and synthetically efficient transportation management system. Obviously, Vehicular Ad Hoc NETworks (VANETs) attract growing attention from both the research community and industry all over the world. This is because a large amount of applications are enabled by VANETs, such as safety related applications, traffic management, commercial applications and general applications. When connecting to the internet or communicating with different networks in order to access a variety of services using VANETs, drivers and passengers in different cars need to be able to exchange messages with gateways from their vehicles. A secure gateway discovery process is therefore critical, because vehicles should not be subject to security attacks while they are communicating; however, currently there is no existing protocol focusing on secure gateway discovery. In this thesis, we first analyze and compare current existing secure service discovery protocols and then we propose a Secure Gateway Localization and Communication System for Vehicular Ad Hoc Networks (SEGAL), which concentrates on the security issue in gateway discovery. We focus on the authentication aspect by proposing secure cluster based VANETs, that can ensure the gateway discovery messages exchanged through secure clusters. We present the principle and specific process of our SEGAL protocol and analyze its performance to guarantee its outstanding practical applicability.

VANETs

Secure Gateway Discovery Protocol

Cluster-based Protocol

network security

An audit and risk handling prototype for firewall technology.

Van der Walt, Estee

04 June 2008

Throughout the years, computer networks have grown in size and complexity. This growth attributed to the need for network security. As more and more people use computers and the Internet, more confidential documentation are being kept on computers and sent to other locations over a network. To implement network security, the security administrator should firstly identify all the needs, resources, threats and risks of the organisation to ensure that all areas of the network is included within the network security policy. The network security policy contains, amongst others, the information security services needed within the organisation’s network for security. These information security services can be implemented via many different security mechanisms. Firewalls are but one of these security mechanisms. Today, firewalls are implemented in most organisations for network security purposes. The author, however, feels that the implementation of only a firewall is not enough. Tools such as log file analysers and risk analysers can be added to firewall technology to investigate and analyse the current network security status further for an indication of network failure or attacks not easily detectable by firewalls. Firewalls and these tools do, however, also have their own problems. Firewalls rarely use the information stored within its log files and the risk handling services provided are not very effective. Most analysis tools use only one form of log file as input and therefore report on only one aspect of the network’s security. The output of the firewalls is rarely user-friendly and is often not real-time. The detection of security problems is consequently a very difficult task for any security administrator. To address the problems, the researcher has developed a prototype that improves on these problems. The firewall analyser (FA) is a prototype of an An audit and risk handling prototype for firewall technology Page iii analysis tool that performs log file- and risk analysis of the underlying networks of the organisation. Although the prototype represents only an example of the functionality added to a firewall, it illustrates the concept of the necessity and value of implementing such a tool for network security purposes. The FA solves the problems found in firewalls, log file- and risk analysis tools by reporting on the latest security status of the network through the use of a variety of log files. The FA uses not only the firewall log files as input to cover a greater area of the network in its analysis process, but also Windows NT log files. The real-time reports of the FA are user-friendly and aid the security administrator immensely in the process of implementing and enforcing network security. / Eloff, J.H.P., Prof.

computer networks

firewalls ( computer science )

computer network security

Single-Use Servers: A Generalized Design for Eliminating the Confused Deputy Problem in Networked Services

Lanson, Julian P.

11 May 2020

Internet application servers are currently designed to maximize resource efficiency by servicing many thousands of users that may fall within disparate privilege classes. Pooling users into a shared execution context in this way enables adversaries not only to laterally propagate attacks against other clients, but also to use the application server as a "confused deputy" to gain escalated privileges against sensitive backend data. In this work, we present the Single-use Server (SuS) model, which detects and defeats these attacks by separating users into isolated, containerized application servers with tailored backend permissions. In this model, exploited servers no longer have unfettered access to the backend data or other users. We create a prototype implementation of the SuS model for the WordPress content management system and demonstrate our model's ability to neutralize real-world exploits against vulnerable WordPress versions. We find that the SuS model achieves a high level of security while minimizing the amount of code modification required for porting an application server. In our performance evaluation, we find that the CPU and latency overheads of the SuS model are very low, and memory consumption scales linearly. We generalize the SuS model to be applicable to a wide range of application server and backend resource pairs. With our modularized codebase, we port IMAP, a widely-used mail retrieval protocol, to the SuS model and find that doing so requires minimal effort.

network security

containerization

privilege escalation

confused deputy

user isolation

Bezpečnost 5G - Případová studie sekuritizace švédských 5G sítí / 5G Security - A Case Study on the Securitisation of Sweden's 5G Networks

Ekfeldt, Therese

January 2021

Over the last couple of years, the world has witnessed an intensifying competition over 5G networks, triggered to a large extent but not exclusively by the geopolitical rivalry between the United States and China. To the backdrop of allegations that the Chinese government could force Chinese telecom company Huawei and ZTE to spy, sabotage or take other action's on Beijing's behalf, Washington ordered prompt restrictions on products from Huawei and pressured its allies to do the same. From a European perspective, Sweden stood out early as a country with a strong stance on 5G security by outright banning Chinese telecom providers Huawei and ZTE from taking part in Sweden's 5G frequency auction. This thesis seeks to understand how the securitising process of Sweden's 5G networks was initiated and evolved, through a comparative case study of the four main securitising actors' official discourses. Derived from previous studies on cybersecurity and securitisation, this thesis constructed an analytical framework tailored for the securitisation of 5G networks. The thesis is carried out as an idea analysis, looking for articulated threats pertaining to three distinct threat dimensions: 'network security', 'data and information protection' and 'China's assertiveness'. The analysis showed that all four...

Aplikace pro monitorování a kontrolu zabezpečení rozsáhlých počítačových sítí LAN a WAN / Application for monitoring and controlling the security of large LAN and WAN computer networks

Maloušek, Zdeněk

January 2008

Computer networks are used in much wider extent than 20 years ago. People use the computer mainly for communication, entertainment and data storage. Information is often stored only in electronic devices and that is why the security of the data is so important. The objective of my thesis is to describe network security problems and their solutions. First chapter deals with the network security, security checks and attacks. It describes procedures used in practise. First part deals with traffic scanning and filtering at various layers of the TCP/IP model. Second part presents the types of proxy and its pros and cons. Network Address Translation (NAT) is a favourite technique of managing IP addresses of inside and outside network which helps to improve the security and lower the costs paid for IP addresses. NAT description, IPSec, VPN and basic attacks are described in this section. The second chapter of the thesis presents set of Perl scripts for network security checking. The purpose of the project is not to check the whole network security. It is designed for contemporary needs of IBM Global Services Delivery Centrum Brno. The first script checks running applications on target object. The aim is to detect services that are not necessary to run or that are not updated. The second one checks the security of the Cisco device configuration. There is a list of rules that has to be kept. The third script inspects the Nokia firewall configuration which is on the border of IBM network. If some of the rule is broken, it shows the command that has to be proceeded at the particular device. The output of the first and the second script is an HTML file. The third script uses the command line for the final report. The last part of this chapter gives advice to configure Cisco devices. It is a list of security recommendations that can be used by configuring e.g. routers. The appendix presents two laboratory exercises. The aim is to give students an opportunity to learn something about programs and technologies which are used in practise by IT experts to check the weaknesses of their networks.

Data aggregation using homomorphic encryption in wireless sensor networks

Ramotsoela, Tsotsope Daniel

January 2015

Wireless sensor networks have become increasingly popular in many applications such as environment monitoring and law enforcement. Data aggregation is a method used to reduce network traffic but cannot be used together with conventional encryption schemes because it is not secure and introduces extra overhead. Homomorphic encryption is an encryption scheme that allows data processing on encrypted data as opposed to plaintext. It has the benefit that each intermediate node does not have to decrypt each packet, but the resulting cyphertext is usually much larger than the original plaintext. This could negatively affect system performance because the energy consumption of each node is directly proportional to the amount of data it transmits. This study investigates the benefits and drawback of using homomorphic encryption in the aggregation process particularly in the context of scalable networks. It was found that conventional encryption outperforms the homomorphic encryption for smaller networks, but as the network size grows, homomorphic encryption starts outperforming conventional encryption. It was also found that the homomorphic encryption scheme does significantly reduce the performance of plaintext aggregation. This performance reduction will however be acceptable for most applications where security is a concern. / Draadlose sensornetwerke raak toenemend meer gewild vir heelwat verskillende toepassings, soos byvoorbeeld opgewingsmonitering en wetstoepassing. Data-aggregasie is n metode wat gebruik word om netwerkverkeer te verminder, maar kan nie gebruik word saam met konvensionele enkripsie-skemas nie, omdat dit nie veilig is nie en oorhoofse koste verhoog. Homomorfiese enkripsie is n enkripsie-skema wat dataverwerking toelaat op geënkripteerde in teenstelling met gewone-teks. Dit het die voordeel dat elke intermediêre nie nodig het om elke pakkie te dekripteer nie, maar die resulterende kodeteks is gewoonlik heelwat groter as die gewone-teks. Dit kan die stelselgedrag negatief beÏnvloed omdat die energieverbruik van elke node eweredig is aan die hoeveelheid data wat dit versend. Hierdie studie ondersoek die voor- en nadele van homomorfiese enkripsie in die aggregasieproses, veral in die konteks van skaleerbare netwerke. Daar is gevind dat konvensionele enkripsie beter vaar as homomorfies enkripsie in kleiner netwerke. Die omgekeerde is waar vir groter netwerke. Dit is ook gevind dat homomorfiese enkripsie gewone-teks-aggregasie negatief beÏnvloed, maar dit word as aanvaarbaar beskou vir toepassings waar sekuriteit belangrik is. / Dissertation (MEng)--University of Pretoria, 2015. / Electrical, Electronic and Computer Engineering / Meng / Unrestricted

UCTD

Wireless sensor networks

Homomorphic encryption

Network security

Aggregation

Autonomic Zero Trust Framework for Network Protection

Durflinger, James

05 1900

With the technological improvements, the number of Internet connected devices is increasing tremendously. We also observe an increase in cyberattacks since the attackers want to use all these interconnected devices for malicious intention. Even though there exist many proactive security solutions, it is not practical to run all the security solutions on them as they have limited computational resources and even battery operated. As an alternative, Zero Trust Architecture (ZTA) has become popular is because it defines boundaries and requires to monitor all events, configurations, and connections and evaluate them to enforce rejecting by default and accepting only if they are known and accepted as well as applies a continuous trust evaluation. In addition, we need to be able to respond as quickly as possible, which cannot be managed by human interaction but through autonomous computing paradigm. Therefore, in this work, we propose a framework that would implement ZTA using autonomous computing paradigm. The proposed solution, Autonomic ZTA Management Engine (AZME) framework, focusing on enforcing ZTA on network, uses a set of sensors to monitor a network, a set of user-defined policies to define which actions to be taken (through controller). We have implemented a Python prototype as a proof-of-concept that checks network packets and enforce ZTA by checking the individual source and destination based on the given policies and continuously evaluate the trust of connections. If an unaccepted connection is made, it can block the connection by creating firewall rule at runtime.

Zero Trust

Autonomous Computing

IoT

Network Security

Cyber Security

Transfer Learning for Network Traffic Anomaly Detection

Shreya Ghosh (10724433)

30 April 2021

Statistics reveal a huge increase in cyberattacks making technology businesses more susceptible to data loss. With increasing application of machine learning in different domains, studies have been focused on building cognitive models for traffic anomaly detection in a communication network. These studies have led to generation of datasets containing network traffic data packets, usually captured using softwares like Wireshark. These datasets contain high dimensional data corresponding to benign data packets and attack data packets of known attacks. Recent research has mainly focused on developing machine learning architectures that are able to extract useful information from high dimensional datasets to detect attack data packets in a network. In addition, machine learning algorithms are currently trained to detect only documented attacks with available training data. However, with the proliferation of new cyberattacks and zero-day attacks with little to no training data available, current employed algorithms have little to no success in detecting new attacks. In this thesis, we focus on detecting rare attacks using transfer learning from a dataset containing information pertaining to known attacks.<div><br></div><div>In the literature, there is proof of concept for both classical machine learning and deep learning approaches for anomaly detection. We show that a deep learning approach outperforms explicit statistical modeling based approaches by at least 21% for the used dataset. We perform a preliminary survey of candidate deep learning architectures before testing for transferability and propose a Convolutional Neural Network architecture that is 99.65% accurate in classifying attack data packets.<br></div><div><br></div><div>To test for transferability, we train this proposed CNN architecture with a known attack and test it's performance on attacks that are unknown to the network. For this model to extract adequate information for transferability, the model requires a higher representation of attack data in the training dataset with the current attack data comprising only 20% of the dataset. To overcome the problem of small training sets, several techniques to boost the number of attack data packets are employed like a novel synthetic dataset based training and bootstrapped dataset training.<br></div><div><br></div><div>Our study results in identification of training-testing attack pairs that show high learning transferability. Most of the strong and consistent correlations are observed among Denial of Service(DoS) training-testing attack pairs. Furthermore, we propose hypotheses for model generalization. Our results are validated by a study of dataset features and attack characteristics using the Recursive Feature Elimination(RFE) algorithm. <br></div>

Computer Engineering

Machine Learning

Network Security

Transfer Learning

Game Theory and Algorithm Design in Network Security and Smart Grid

Zhang, Ming

January 2018

No description available.

Computer Science

Game theory

Algorithm Design

Network Security

Smart Grid

Cyberthreats, Attacks and Intrusion Detection in Supervisory Control and Data Acquisition Networks

Gao, Wei

14 December 2013

Supervisory Control and Data Acquisition (SCADA) systems are computer-based process control systems that interconnect and monitor remote physical processes. There have been many real world documented incidents and cyber-attacks affecting SCADA systems, which clearly illustrate critical infrastructure vulnerabilities. These reported incidents demonstrate that cyber-attacks against SCADA systems might produce a variety of financial damage and harmful events to humans and their environment. This dissertation documents four contributions towards increased security for SCADA systems. First, a set of cyber-attacks was developed. Second, each attack was executed against two fully functional SCADA systems in a laboratory environment; a gas pipeline and a water storage tank. Third, signature based intrusion detection system rules were developed and tested which can be used to generate alerts when the aforementioned attacks are executed against a SCADA system. Fourth, a set of features was developed for a decision tree based anomaly based intrusion detection system. The features were tested using the datasets developed for this work. This dissertation documents cyber-attacks on both serial based and Ethernet based SCADA networks. Four categories of attacks against SCADA systems are discussed: reconnaissance, malicious response injection, malicious command injection and denial of service. In order to evaluate performance of data mining and machine learning algorithms for intrusion detection systems in SCADA systems, a network dataset to be used for benchmarking intrusion detection systemswas generated. This network dataset includes different classes of attacks that simulate different attack scenarios on process control systems. This dissertation describes four SCADA network intrusion detection datasets; a full and abbreviated dataset for both the gas pipeline and water storage tank systems. Each feature in the dataset is captured from network flow records. This dataset groups two different categories of features that can be used as input to an intrusion detection system. First, network traffic features describe the communication patterns in a SCADA system. This research developed both signature based IDS and anomaly based IDS for the gas pipeline and water storage tank serial based SCADA systems. The performance of both types of IDS were evaluates by measuring detection rate and the prevalence of false positives.

Network Security

Dataset

Vulnerability

SCADA

: Intrusion detection system