Certificate revocation list distribution in vehicular ad hoc networks

Nowatkowski, Michael E.

05 April 2010

The objective of this research is to investigate improved methods for distributing certificate revocation lists (CRLs) in vehicular ad hoc networks (VANETs). VANETs are a subset of mobile ad hoc networks composed of network-equipped vehicles and infrastructure points, which will allow vehicles to communicate with other vehicles and with roadside infrastructure points. While sharing some of the same limitations of mobile ad hoc networks, such as lack of infrastructure and limited communications range, VANETs have several dissimilarities that make them a much different research area. The main differences include the size of the network, the speed of the vehicles, and the network security concerns. Confidentiality, authenticity, integrity, and availability are some of the standard goals of network security. While confidentiality and authenticity at times seem in opposition to each other, VANET researchers have developed many methods for enhancing confidentiality while at the same time providing authenticity. The method agreed upon for confidentiality and authenticity by most researchers and the IEEE 1609 working group is a public key infrastructure (PKI) system. An important part of any PKI system is the revocation of certificates. The revocation process, as well as the distribution of revocation information, is an open research problem for VANETs. This research develops new methods of CRL distribution and compares them to existing methods proposed by other researchers. The new methods show improved performance in various vehicle traffic densities.

Network security

Vehicular ad hoc network

Simulation

IEEE 1609

Certificate revocation list

ns-3

Computer networks Security measures

Key Distribution In Wireless Sensor Networks

Gupta, Abhishek

06 1900

In the last few years, wireless sensor networks (WSNs) have become a very actively researched area. The impetus for this spurt of interest were developments in wireless technologies and low-cost VLSI, that made it possible to build inexpensive sensors and actuators. Each such device has limited computational power, memory and energy supply. Nevertheless, because of the low cost, such devices can be deployed in large numbers, and can thereafter form a sensor network. Usually, one or more base stations are also present which act as sink nodes. When sensors are deployed in hostile environments, security becomes an integral part for such type of networks. A first step in this direction is to provide secure communication between any two nodes and between a node and the base station. Since the public key cryptographic techniques are computationally expensive for resource constrained sensors, one need to rely on symmetric key cryptography for secure communication. The distribution and management of cryptographic keys poses a unique challenge in sensor networks. One requires efficient key distribution algorithms for such type of networks. In this thesis, we address the problem of secure path key establishment in wireless sensor networks. We first propose a pairwise key distribution algorithm for probabilistic schemes. Inspired by the recent proxy-based schemes, we introduce a friend-based scheme for establishing pairwise keys securely. We show that the chances of finding friends in a neighbourhood are considerably more than that of finding proxies, leading to lower communication overhead. Further, we prove that the friend-based scheme performs better than the proxy-based scheme both in terms of resilience against node capture as well as in energy consumption for pairwise key establishment. A recent study has shown that the advantages of the probabilistic approach over the deterministic approach, are not as much as people have believed. Thus, we focus our attention on deterministic schemes in which we first discuss why one cannot use the conventional security measure for determining the resilience of a key distribution scheme in case of schemes in which nodes share more than one key. Then, we propose a new and a more general security metric for measuring the resilience of a key distribution scheme in wireless sensor networks. Further, we present a polynomial-based scheme and a novel complete connectivity scheme for distributing keys to sensors and show an analytical comparison, in terms of security and connectivity, between the schemes. Motivated by the schemes, we derive general expressions for the new security measure and the connectivity. A number of conclusions are made using these general expressions. Then, we conclude our work with a number of future directions that can be followed with this piece of work.

Wireless Communication Networks

Sensors

Detectors

Sensor Network Security

Wireless Sensor Networks (WSNs)

Key Distribution Algorithms

Pairwise Keys

Key Management

Key Distribution

Communciation Engineering

Μοντέλα ασυνήθους δικτυακής κυκλοφορίας σε TCP/IP δικτυακά υπολογιστικά περιβάλλοντα / Models of abnormal network traffic in TCP/IP networking computer environments

Κομνηνός, Θεόδωρος

16 March 2009

Στην διδακτορική διατριβή αναπτύξαμε μοντέλα για την ασυνήθη δικτυακή κυκλοφορία βασισμένη σε χαρακτηριστικά της TCP/IP επικοινωνίας ανάμεσα σε υπολογιστικά συστήματα, αλλά και στην συμπεριφορά συστημάτων και χρηστών κάτω από επιθέσεις ιών και δικτυακών σκουληκιών. Για την ανάπτυξη συνδυάσαμε το μαθηματικό φορμαλισμό πάνω σε πραγματικά χαρακτηριστικά που εντοπίσαμε πως υπάρχουν σχεδόν σε όλες τις προσπάθειες επίθεσης προς υπολογιστικά και δικτυακά συστήματα από προσπάθειες επιτιθέμενων, αλλά και με αυτοματοποιημένα συστήματα μετάδοσης ιών. Υλοποιήσαμε ένα πραγματικό κατανεμημένο σύστημα έγκαιρης και έγκυρης προειδοποίησης και λήψης άμεσων μέτρων για την προστασία δικτύων υπολογιστών από τη διάδοση των ιών και από τις διαρκώς εξελισσόμενες επιθέσεις των hackers. Τέλος η αυξανόμενη παρουσία δυνατοτήτων για fast worms μας παρακίνησε να μοντελοποιήσουμε την συμπεριφορά ιών που μεταδίδονται μέσα από τα κοινωνικά δίκτυα που σχηματίζονται από τον κατάλογο που έχουν οι χρήστες για γνωστούς και φίλους σε e-mail και Instant Messaging. Προτείνουμε λοιπόν δύο μοντέλα: ένα μοντέλο που περιγράφει την συμπεριφορά fast worms βασισμένα σε κοινωνικά δίκτυα στηριζόμενοι στο μαθηματικό μοντέλο σε Constraint Satisfaction Problems (CSP), αλλά και ένα μοντέλο για τη μετάδοση ιών και την εξουδετέρωσή τους, που λαμβάνει υπόψη την δικτυακή κίνηση και την λειτουργία των εξυπηρετητών βασισμένοι στο M/M/1 μοντέλο ουρών. Στην διατριβή προτείνουμε ένα είδος διαδραστικότητας ανάμεσα στους antivirus Agents και τους ιούς και αναλύουμε ένα μαθηματικό μοντέλο για την διάδοση πληθυσμού ιών και antivirus βασισμένα σε θεωρίες ουρών. / In this PhD Thesis we developed models for the abnormal network traffic based on TCP/IP communication protocol of computer systems, and the behavior of systems and users under viruses and worms attacks. For the development we combined mathematical formalism on real attributes that characterize almost all attacking efforts of hackers, virus and worms against computers and networking systems. Our main goal was based upon the theoretic models we proposed, to provide a useful tool to deal with intrusions. Thus we developed a Software Tool for Distributed Intrusion Detection in Computer Networks. Based on an improved model we produced a real time distributed detection system for early warning administrators of worm and virus propagation and hackers’ attacks. Also in this work we propose a discrete worm rapid propagation model based on social networks that are built using the address book of e-mail and instant messaging clients using the mathematic formalism of Constraint Satisfaction Problems (CSP). The address book, which reflects the acquaintance profiles of people, is used as a “hit-list”, to which the worm can send itself in order to spread fast. We also model user reaction against infected email as well as the rate at which antivirus software is installed. We then propose a worm propagation formulation based on a token propagation algorithm, further analyzed with a use of a system of continuous differential equations, as dictated by Wormald’s theorem on approximating “well-behaving” random processes with deterministic functions. Finally in this work we present a virus propagation and elimination model that takes into account the traffic and server characteristics of the network computers. This model partitions the network nodes into perimeter and non-perimeter nodes. Incoming/outgoing traffic of the network passes through the perimeter of the network, where the perimeter is defined as the set of the servers which are connected directly to the internet. All network nodes are assumed to process tasks based on the M/M/1 queuing model. We study burst intrusions (e.g. Denial of Service Attacks) at the network perimeter and we propose a kind of interaction between these agents that results using the formalism of distribution of network tasks for Jackson open networks of queues.

Ασφάλεια υπολογιστών

Ασφάλεια δικτύων

Ασυνήθη κυκλοφορία

Διάδοση ιών

Μοντελοποίηση

TCP/IP

005.84

Computer security

Network security

Abnormal behavior

Virus propagation

Modelling

TCP/IP

Detection of malicious user communities in data networks

Moghaddam, Amir

04 April 2011

Malicious users in data networks may form social interactions to create communities in abnormal fashions that deviate from the communication standards of a network. As a community, these users may perform many illegal tasks such as spamming, denial-of-service attacks, spreading confidential information, or sharing illegal contents. They may use different methods to evade existing security systems such as session splicing, polymorphic shell code, changing port numbers, and basic string manipulation. One way to masquerade the traffic is by changing the data rate patterns or use very low (trickle) data rates for communication purposes, the latter is focus of this research. Network administrators consider these communities of users as a serious threat. In this research, we propose a framework that not only detects the abnormal data rate patterns in a stream of traffic by using a type of neural network, Self-organizing Maps (SOM), but also detect and reveal the community structure of these users for further decisions. Through a set of comprehensive simulations, it is shown in this research that the suggested framework is able to detect these malicious user communities with a low false negative rate and false positive rate. We further discuss ways of improving the performance of the neural network by studying the size of SOM's.

Malicious users

Self organizing maps

Community detection

Network security

Neural networks

Network data management

Peer-to-peer network communications

Correlation-based Botnet Detection in Enterprise Networks

Gu, Guofei

07 July 2008

Most of the attacks and fraudulent activities on the Internet are carried out by malware. In particular, botnets, as state-of-the-art malware, are now considered as the largest threat to Internet security. In this thesis, we focus on addressing the botnet detection problem in an enterprise-like network environment. We present a comprehensive correlation-based framework for multi-perspective botnet detection consisting of detection technologies demonstrated in four complementary systems: BotHunter, BotSniffer, BotMiner, and BotProbe. The common thread of these systems is correlation analysis, i.e., vertical correlation (dialog correlation), horizontal correlation, and cause-effect correlation. All these Bot* systems have been evaluated in live networks and/or real-world network traces. The evaluation results show that they can accurately detect real-world botnets for their desired detection purposes with a very low false positive rate. We find that correlation analysis techniques are of particular value for detecting advanced malware such as botnets. Dialog correlation can be effective as long as malware infections need multiple stages. Horizontal correlation can be effective as long as malware tends to be distributed and coordinated. In addition, active techniques can greatly complement passive approaches, if carefully used. We believe our experience and lessons are of great benefit to future malware detection.

Malware detection

Network security

Anomaly detection

Intrusion detection

Local area networks (Computer networks)

Computer networks Security measures

Computer crimes

Correlation (Statistics)

Ontology mapping: a logic-based approach with applications in selected domains

Wong, Alfred Ka Yiu, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2008

In advent of the Semantic Web and recent standardization efforts, Ontology has quickly become a popular and core semantic technology. Ontology is seen as a solution provider to knowledge based systems. It facilitates tasks such as knowledge sharing, reuse and intelligent processing by computer agents. A key problem addressed by Ontology is the semantic interoperability problem. Interoperability in general is a common problem in different domain applications and semantic interoperability is the hardest and an ongoing research problem. It is required for systems to exchange knowledge and having the meaning of the knowledge accurately and automatically interpreted by the receiving systems. The innovation is to allow knowledge to be consumed and used accurately in a way that is not foreseen by the original creator. While Ontology promotes semantic interoperability across systems by unifying their knowledge bases through consensual understanding, common engineering and processing practices, it does not solve the semantic interoperability problem at the global level. As individuals are increasingly empowered with tools, ontologies will eventually be created more easily and rapidly at a near individual scale. Global semantic interoperability between heterogeneous ontologies created by small groups of individuals will then be required. Ontology mapping is a mechanism for providing semantic bridges between ontologies. While ontology mapping promotes semantic interoperability across ontologies, it is seen as the solution provider to the global semantic interoperability problem. However, there is no single ontology mapping solution that caters for all problem scenarios. Different applications would require different mapping techniques. In this thesis, we analyze the relations between ontology, semantic interoperability and ontology mapping, and promote an ontology-based semantic interoperability solution. We propose a novel ontology mapping approach namely, OntoMogic. It is based on first order logic and model theory. OntoMogic supports approximate mapping and produces structures (approximate entity correspondence) that represent alignment results between concepts. OntoMogic has been implemented as a coherent system and is applied in different application scenarios. We present case studies in the network configuration, security intrusion detection and IT governance & compliance management domain. The full process of ontology engineering to mapping has been demonstrated to promote ontology-based semantic interoperability.

semantic interoperability

ontology

ontology mapping

compliance management

network management

network security intrusion detection

network configuration management

integrated network management

Mappings (Mathematics)

Segurança em gerenciamento de redes baseado em web services / Security in web services-based network management

Rohr, Estêvão Miguel Zanette

January 2009

A área de gerência de redes encontra uma série de desafios desde seu príncipio. O protocolo que surgiu como padrão para gerência de redes, o SNMP, possui uma série de limitações, por exemplo, no tocante à segurança, configuração de equipamentos e composição de serviços. Por essa razão, tecnologias alternativas para o gerenciamento de redes têm sido pesquisadas. A tecnologia de Web Services surgiu como forte alternativa, por características como o uso de padrões amplamente suportados (HTTP e XML) e modelo de desenvolvimento orientado a serviços. Pesquisas iniciais demonstraram que os Web Services são uma alternativa viável em termos de desempenho. Assim, o uso de Web Services em áreas específicas de gerência de redes, como notificações e gerência por delegação, tem sido pesquisado. Porém, há carência de estudos sobre o uso de segurança no gerenciamento de redes via Web Services. Os Web Services trazem facilidade para uso de segurança, que é vital para a gerência de redes, e este é o foco deste trabalho. É proposta uma arquitetura de integração de segurança à comunicação de mensagens de gerenciamento de redes via Web Services. Para isso, foram utilizados o padrão WS-Security, para segurança em Web Services, e o padrão WS-Management, para gerenciamento de redes via Web Services. Também foi integrado controle de acesso à arquitetura, com uso do padrão XACML. Uma avaliação de desempenho foi realizada para verificar o impacto do uso de segurança, e comparações com SNMPv3 foram realizadas na solução de controle de acesso via XACML. Os testes mostram que, como é tradicional, a segurança tem impacto considerável no tempo de processamento e tráfego na rede. Porém, a arquitetura e implementação realizadas comprovam que, também na área de segurança, a tecnologia de Web Services tem aplicação eficaz para o gerenciamento de redes. / The network management field has several challenges since its beginning. The standard protocol for network management, SNMP, has many drawbacks, related to security, device configuration, and service composition. For these reason, alternative technologies for network management have been investigated. Web Services technology emerged as a strong solution, due to advantages such as employing widely supported standards (HTTP and XML) and service-oriented development model. The first performed investigations in the area showed that Web Services are a valid alternative to SNMP in terms of performance. Thus, Web Services usage in specific areas of network management, such as notifications and management by delegation, have been researched. However, there are currently no studies on security aspects of Web Services-based network management. Web Services enable easy integration of security, which is mandatory for network management, and this is the main goal of this work. An architecture is proposed for security integration in a network management message communication using Web Services. The standards used in this architecture were WSSecurity, which enables security in Web Services, and WS-Management, which targets Web Services-based network management. Access control integration was also developed, using XACML standard. A performance evaluation was carried out in order to verify security usage impact, and comparisons with SNMPv3 were performed in XACML access control solution. Tests showed that, as expected, security has a considerable impact in processing time and network traffic. However, the architecture and implementation show that, also in the security area, the Web Services technology has effective aplication in network management.

Redes : Computadores

Gerencia : Redes : Computadores

Serviços Web

Network management

SNMP

Web services

Security

Network security

Web services security

Access control

WS-security

XACML

WS-management

VACM

Mecanismo de autenticação baseado na localização de estações sem fios padrão IEEE 802.11 / IEEE 802.11 authentication mechanism based on wireless station location

Peres, Andre

January 2010

A vantagem das redes locais sem fios, as quais permitem que uma estação móvel possa deslocar-se livremente dentro da área de abrangência da rede, possui uma contrapartida em termos de segurança. A possibilidade dos sinais de microondas atravessarem paredes e sofrerem atenuação, reflexão, refração, difração e dispersão, dependendo dos obstáculos, torna a definição dos limites da área de abrangência da rede sem fios uma tarefa difícil. Sem o conhecimento dos limites de abrangência, o administrador não tem como delimitar fisicamente o acesso à rede. Além disso, o padrão IEEE 802.11 não define um mecanismo capaz de localizar a posição física de estações móveis. Sem a possibilidade de localização de estações, é impossível restringir o acesso à rede baseando-se em limitações físicas definidas pelo administrador. Quando a rede sem fios é utilizada em ambientes internos, os diversos obstáculos e seu comportamento dinâmico (como pessoas em movimento, por exemplo), fazem com que os sinais de microondas alterem as características da área de abrangência da rede. Este trabalho propõe uma nova abordagem para localização de estações sem fios em ambientes internos, baseada no comportamento dinâmico dos obstáculos e conseqüentes alterações na rede, e, de acordo com este comportamento, tenta ampliar a eficiência da localização de estações. Por fim, é proposto um novo sistema de autenticação de estações baseado na sua localização. / The advantage of wireless local area networks, giving the mobile stations the possibility of moving free inside the network access range comes with a security drawback. The fact that microwave signals can cross walls and behave with attenuation, reflections, refraction, diffraction and dispersion, depending of the obstacles, makes very difficult to define the network access range. Without the knowledge of the network boundaries, the network administrator cannot define a physical delimiter to network access. Besides this issue, there is no default user-location mechanism in the IEEE 802.11 standard. Without the user-location, it is impossible to restrict the network access based on the physical access boundaries defined by the administrator. When the wireless network operates indoor the many obstacles and the dynamic behavior of these obstacles (some people moving around, for instance) make the microwave signal behavior change the range and aspect of the network. This work proposes a new approach to indoor user-location mechanism, based on the dynamic behavior of the obstacles and consequent changes on network range. This approach focus on the dynamic obstacles behavior analysis and according to this behavior tries to increase the user-location system efficiency. Finally a new authentication system based on the user location is proposed.

Redes : Computadores

Redes locais : Computadores

IEEE 802.11

Seguranca : Redes : Computadores

Wireless local area networks IEEE 802.11

Wireless location

Network security

Network authentication

Segurança em gerenciamento de redes baseado em web services / Security in web services-based network management

Rohr, Estêvão Miguel Zanette

January 2009

A área de gerência de redes encontra uma série de desafios desde seu príncipio. O protocolo que surgiu como padrão para gerência de redes, o SNMP, possui uma série de limitações, por exemplo, no tocante à segurança, configuração de equipamentos e composição de serviços. Por essa razão, tecnologias alternativas para o gerenciamento de redes têm sido pesquisadas. A tecnologia de Web Services surgiu como forte alternativa, por características como o uso de padrões amplamente suportados (HTTP e XML) e modelo de desenvolvimento orientado a serviços. Pesquisas iniciais demonstraram que os Web Services são uma alternativa viável em termos de desempenho. Assim, o uso de Web Services em áreas específicas de gerência de redes, como notificações e gerência por delegação, tem sido pesquisado. Porém, há carência de estudos sobre o uso de segurança no gerenciamento de redes via Web Services. Os Web Services trazem facilidade para uso de segurança, que é vital para a gerência de redes, e este é o foco deste trabalho. É proposta uma arquitetura de integração de segurança à comunicação de mensagens de gerenciamento de redes via Web Services. Para isso, foram utilizados o padrão WS-Security, para segurança em Web Services, e o padrão WS-Management, para gerenciamento de redes via Web Services. Também foi integrado controle de acesso à arquitetura, com uso do padrão XACML. Uma avaliação de desempenho foi realizada para verificar o impacto do uso de segurança, e comparações com SNMPv3 foram realizadas na solução de controle de acesso via XACML. Os testes mostram que, como é tradicional, a segurança tem impacto considerável no tempo de processamento e tráfego na rede. Porém, a arquitetura e implementação realizadas comprovam que, também na área de segurança, a tecnologia de Web Services tem aplicação eficaz para o gerenciamento de redes. / The network management field has several challenges since its beginning. The standard protocol for network management, SNMP, has many drawbacks, related to security, device configuration, and service composition. For these reason, alternative technologies for network management have been investigated. Web Services technology emerged as a strong solution, due to advantages such as employing widely supported standards (HTTP and XML) and service-oriented development model. The first performed investigations in the area showed that Web Services are a valid alternative to SNMP in terms of performance. Thus, Web Services usage in specific areas of network management, such as notifications and management by delegation, have been researched. However, there are currently no studies on security aspects of Web Services-based network management. Web Services enable easy integration of security, which is mandatory for network management, and this is the main goal of this work. An architecture is proposed for security integration in a network management message communication using Web Services. The standards used in this architecture were WSSecurity, which enables security in Web Services, and WS-Management, which targets Web Services-based network management. Access control integration was also developed, using XACML standard. A performance evaluation was carried out in order to verify security usage impact, and comparisons with SNMPv3 were performed in XACML access control solution. Tests showed that, as expected, security has a considerable impact in processing time and network traffic. However, the architecture and implementation show that, also in the security area, the Web Services technology has effective aplication in network management.

Redes : Computadores

Gerencia : Redes : Computadores

Serviços Web

Network management

SNMP

Web services

Security

Network security

Web services security

Access control

WS-security

XACML

WS-management

VACM

Mecanismo de autenticação baseado na localização de estações sem fios padrão IEEE 802.11 / IEEE 802.11 authentication mechanism based on wireless station location

Peres, Andre

January 2010

A vantagem das redes locais sem fios, as quais permitem que uma estação móvel possa deslocar-se livremente dentro da área de abrangência da rede, possui uma contrapartida em termos de segurança. A possibilidade dos sinais de microondas atravessarem paredes e sofrerem atenuação, reflexão, refração, difração e dispersão, dependendo dos obstáculos, torna a definição dos limites da área de abrangência da rede sem fios uma tarefa difícil. Sem o conhecimento dos limites de abrangência, o administrador não tem como delimitar fisicamente o acesso à rede. Além disso, o padrão IEEE 802.11 não define um mecanismo capaz de localizar a posição física de estações móveis. Sem a possibilidade de localização de estações, é impossível restringir o acesso à rede baseando-se em limitações físicas definidas pelo administrador. Quando a rede sem fios é utilizada em ambientes internos, os diversos obstáculos e seu comportamento dinâmico (como pessoas em movimento, por exemplo), fazem com que os sinais de microondas alterem as características da área de abrangência da rede. Este trabalho propõe uma nova abordagem para localização de estações sem fios em ambientes internos, baseada no comportamento dinâmico dos obstáculos e conseqüentes alterações na rede, e, de acordo com este comportamento, tenta ampliar a eficiência da localização de estações. Por fim, é proposto um novo sistema de autenticação de estações baseado na sua localização. / The advantage of wireless local area networks, giving the mobile stations the possibility of moving free inside the network access range comes with a security drawback. The fact that microwave signals can cross walls and behave with attenuation, reflections, refraction, diffraction and dispersion, depending of the obstacles, makes very difficult to define the network access range. Without the knowledge of the network boundaries, the network administrator cannot define a physical delimiter to network access. Besides this issue, there is no default user-location mechanism in the IEEE 802.11 standard. Without the user-location, it is impossible to restrict the network access based on the physical access boundaries defined by the administrator. When the wireless network operates indoor the many obstacles and the dynamic behavior of these obstacles (some people moving around, for instance) make the microwave signal behavior change the range and aspect of the network. This work proposes a new approach to indoor user-location mechanism, based on the dynamic behavior of the obstacles and consequent changes on network range. This approach focus on the dynamic obstacles behavior analysis and according to this behavior tries to increase the user-location system efficiency. Finally a new authentication system based on the user location is proposed.

Redes : Computadores

Redes locais : Computadores

IEEE 802.11

Seguranca : Redes : Computadores

Wireless local area networks IEEE 802.11

Wireless location

Network security

Network authentication