A framework for system fingerprinting

Radhakrishnan, Sakthi Vignesh

29 March 2013

The primary objective of the proposed research is to develop a framework for smart and robust fingerprinting of networked systems. Many fingerprinting techniques have been proposed in the past, however most of these techniques are designed for a specific purpose, such as Operating System (OS) fingerprinting, Access Point (AP) fingerprinting, etc. Such standalone techniques often have limitations which render them dysfunctional in certain scenarios or against certain counter measures. In order to overcome such limitations, we propose a fingerprinting framework that can combine multiple fingerprinting techniques in a smart manner, using a centralized decision making engine. We believe that any given scenario or a counter measure is less likely to circumvent a group of diverse fingerprinting techniques, which serves as the primary motivation behind the aforementioned method of attack. Another major portion of the thesis concentrates on the design and development of a device and device type fingerprinting sub-module (GTID) that has been integrated into the proposed framework. This sub-module used statistical analysis of packet inter arrival times (IATs) to identify the type of device that is generating the traffic. This work also analyzes the performance of the identification technique on a real campus network and propose modifications that use pattern recognition neural networks to improve the overall performance. Additionally, we impart capabilities to the fingerprinting technique to enable the identification of 'Unknown' devices (i.e., devices for which no signature is stored), and also show that it can be extended to perform both device and device type identification.

Access control

Device type fingerprinting

Device fingerprinting

System Fingerprinting

GTID

Security framework

Computer networks Security measures

Interdependent Response of Networked Systems to Natural Hazards and Intentional Disruptions

Duenas-Osorio, Leonardo Augusto

23 November 2005

Critical infrastructure systems are essential for the continuous functionality of modern global societies. Some examples of these systems include electric energy, potable water, oil and gas, telecommunications, and the internet. Different topologies underline the structure of these networked systems. Each topology (i.e., physical layout) conditions the way in which networks transmit and distribute their flow. Also, their ability to absorb unforeseen natural or intentional disruptions depends on complex relations between network topology and optimal flow patterns. Most of the current research on large networks is focused on understanding their properties using statistical physics, or on developing advanced models to capture network dynamics. Despite these important research efforts, almost all studies concentrate on specific networks. This network-specific approach rules out a fundamental phenomenon that may jeopardize the performance predictions of current sophisticated models: network response is in general interdependent, and its performance is conditioned on the performance of additional interacting networks. Although there are recent conceptual advances in network interdependencies, current studies address the problem from a high-level point of view. For instance, they discuss the problem at the macro-level of interacting industries, or utilize economic input-output models to capture entire infrastructure interactions. This study approaches the problem of network interdependence from a more fundamental level. It focuses on network topology, flow patterns within the networks, and optimal interdependent system performance. This approach also allows for probabilistic response characterization of interdependent networked systems when subjected to disturbances of internal nature (e.g., aging, malfunctioning) or disruptions of external nature (e.g., coordinated attacks, seismic hazards). The methods proposed in this study can identify the role that each network element has in maintaining interdependent network connectivity and optimal flow. This information is used in the selection of effective pre-disaster mitigation and post-disaster recovery actions. Results of this research also provide guides for growth of interacting infrastructure networks and reveal new areas for research on interdependent dynamics. Finally, the algorithmic structure of the proposed methods suggests straightforward implementation of interdependent analysis in advanced computer software applications for multi-hazard loss estimation.

Coupled infrastructure systems

Disaster relief

Electric network topology

Emergency management Planning

Interdependent networks

Natural and man-made hazards

Network resilience

Network topology

Performance of networks

Mobile IPv4 Secure Access to Home Networks

Tang, Jin

29 June 2006

With the fast development of wireless networks and devices, Mobile IP is expected to be used widely so that mobile users can access the Internet anywhere, anytime without interruption. However, some problems, such as firewall traversal and use of private IP addresses, restrict use of Mobile IP. The objective of this thesis is to design original schemes that can enable a mobile node at abroad to access its home network as well as the Internet securely and that can help Mobile IP to be used widely and commercially. Our solutions are secure, efficient, and scalable. They can be implemented and maintained easily. In this thesis, we mainly consider Mobile IPv4, instead of Mobile IPv6. Three research topics are discussed. In each topic, the challenges are investigated and the new solutions are presented. The first research topic solves the firewall traversal problems in Mobile IP. A mobile node cannot access its firewall-protected home network if it fails the authentication by the firewall. We propose that an IPsec tunnel be established between the firewall and the foreign agent for firewall traversal and that an IPsec transport security association be shared by the mobile node and a correspondent node for end-to-end security. The second topic researches further on firewall traversal problems and investigates the way of establishing security associations among network entities. A new security model and a new key distribution method are developed. With the help of the security model and keys, the firewall and the relevant network entities set up IPsec security associations to achieve firewall traversal. A mobile node from a private home network cannot communicate with other hosts with its private home address when it is visiting a public foreign network. A novel and useful solution is presented in the third research topic. We suggest that the mobile node use its Network Access Identifier (NAI) as its identification and obtain a public home address from its home agent. In addition, a new tunnel between the mobile node and its home agent is proposed.

Private addresses

AAA

IPsec

Firewall

Network security

Mobile IP

Wireless Internet

Computer networks Security measures

Firewalls (Computer security)

Mobile agents (Computer software)

RADAR: compiler and architecture supported intrusion prevention, detection, analysis and recovery

Zhang, Tao

25 August 2006

In this dissertation, we propose RADAR - compileR and micro-Architecture supported intrusion prevention, Detection, Analysis and Recovery. RADAR is an infrastructure to help prevent, detect and even recover from attacks to critical software. Our approach emphasizes collaborations between compiler and micro-architecture to avoid the problems of purely software or hardware based approaches. With hardware support for cryptographic operations, our infrastructure can achieve strong process isolation to prevent attacks from other processes and to prevent certain types of hardware attacks. Moreover, we show that an unprotected system address bus leaks critical control flow information of the protected software but has never been carefully addressed previously. To enhance intrusion prevention capability of our infrastructure further, we present a scheme with both innovative hardware modification and extensive compiler support to eliminate most of the information leakage on system address bus. However, no security system is able to prevent all attacks. In general, we have to assume that certain attacks will get through our intrusion prevention mechanisms. To protect software from those attacks, we build a second line of defense consisted of intrusion detection and intrusion recovery mechanisms. Our intrusion detection mechanisms are based on anomaly detection. In this dissertation, we propose three anomaly detection schemes. We demonstrate the effectiveness of our anomaly detection schemes thus the great potential of what compiler and micro-architecture can do for software security. The ability to recover from an attack is very important for systems providing critical services. Thus, intrusion recoverability is an important goal of our infrastructure. We focus on recovery of memory state in this dissertation, since most attacks break into a system by memory tampering. We propose two schemes for intrusion analysis. The execution logging based scheme incurs little performance overhead but has higher demand for storage and memory bandwidth. The external input points tagging based scheme is much more space and memory bandwidth efficient, but leads to significant performance degradation. After intrusion analysis is done and tampered memory state is identified, tampered memory state can be easily recovered through memory updates logging or memory state checkpointing.

Software protection

Compiler support

Microarchitecture support

Information leakage prevention

Anomaly detection

Intrusion recovery

Computer networks Security measures

Computer architecture

Computer network protocols

Flexible access control for campus and enterprise networks

Nayak, Ankur Kumar

07 April 2010

We consider the problem of designing enterprise network security systems which are easy to manage, robust and flexible. This problem is challenging. Today, most approaches rely on host security, middleboxes, and complex interactions between many protocols. To solve this problem, we explore how new programmable networking paradigms can facilitate fine-grained network control. We present Resonance, a system for securing enterprise networks , where the network elements themselves en- force dynamic access control policies through state changes based on both flow-level information and real-time alerts. Resonance uses programmable switches to manipulate traffic at lower layers; these switches take actions (e.g., dropping or redirecting traffic) to enforce high-level security policies based on input from both higher-level security boxes and distributed monitoring and inference systems. Using our approach, administrators can create security applications by first identifying a state machine to represent different policy changes and then, translating these states into actual network policies. Earlier approaches in this direction (e.g., Ethane, Sane) have remained low-level requiring policies to be written in languages which are too detailed and are difficult for regular users and administrators to comprehend. As a result, significant effort is needed to package policies, events and network devices into a high-level application. Resonance abstracts out all the details through its state-machine based policy specification framework and presents security functions which are close to the end system and hence, more tractable. To demonstrate how well Resonance can be applied to existing systems, we consider two use cases. First relates to "Network Admission Control" problem. Georgia Tech dormitories currently use a system called START (Scanning Technology for Automated Registration, Repair, and Response Tasks) to authenticate and secure new hosts entering the network [23]. START uses a VLAN-based approach to isolate new hosts from authenticated hosts, along with a series of network device interactions. VLANs are notoriously difficult to use, requiring much hand-holding and manual configuration. Our interactions with the dorm network administrators have revealed that this existing system is not only difficult to manage and scale but also inflexible, allowing only coarse-grained access control. We implemented START by expressing its functions in the Resonance framework. The current system is deployed across three buildings in Georgia Tech with both wired as well as wireless connectivities. We present an evaluation of our system's scalability and performance. We consider dynamic rate limiting as the second use case for Resonance. We show how a network policy that relies on rate limiting and traffic shaping can easily be implemented using only a few state transitions. We plan to expand our deployment to more users and buildings and support more complex policies as an extension to our ongoing work. Main contributions of this thesis include design and implementation of a flexible access control model, evaluation studies of our system's scalability and performance, and a campus-wide testbed setup with a working version of Resonance running. Our preliminary evaluations suggest that Resonance is scalable and can be potentially deployed in production networks. Our work can provide a good platform for more advanced and powerful security techniques for enterprise networks.

Access control

Security

Enterprise networks

Programmable networks

Computer networks Security measures

Computer networks Management

Computer networks

Local area networks (Computer networks)

Certificate revocation list distribution in vehicular ad hoc networks

Nowatkowski, Michael E.

05 April 2010

The objective of this research is to investigate improved methods for distributing certificate revocation lists (CRLs) in vehicular ad hoc networks (VANETs). VANETs are a subset of mobile ad hoc networks composed of network-equipped vehicles and infrastructure points, which will allow vehicles to communicate with other vehicles and with roadside infrastructure points. While sharing some of the same limitations of mobile ad hoc networks, such as lack of infrastructure and limited communications range, VANETs have several dissimilarities that make them a much different research area. The main differences include the size of the network, the speed of the vehicles, and the network security concerns. Confidentiality, authenticity, integrity, and availability are some of the standard goals of network security. While confidentiality and authenticity at times seem in opposition to each other, VANET researchers have developed many methods for enhancing confidentiality while at the same time providing authenticity. The method agreed upon for confidentiality and authenticity by most researchers and the IEEE 1609 working group is a public key infrastructure (PKI) system. An important part of any PKI system is the revocation of certificates. The revocation process, as well as the distribution of revocation information, is an open research problem for VANETs. This research develops new methods of CRL distribution and compares them to existing methods proposed by other researchers. The new methods show improved performance in various vehicle traffic densities.

Network security

Vehicular ad hoc network

Simulation

IEEE 1609

Certificate revocation list

ns-3

Computer networks Security measures

Cooperative communication in wireless networks: algorithms, protocols and systems

Lakshmanan, Sriram

28 July 2011

Current wireless network solutions are based on a link abstraction where a single co-channel transmitter transmits in any time duration. This model severely limits the performance that can be obtained from the network. Being inherently an extension of a wired network model, this model is also incapable of handling the unique challenges that arise in a wireless medium. The prevailing theme of this research is to explore wireless link abstractions that incorporate the broadcast and space-time varying nature of the wireless channel. Recently, a new paradigm for wireless networks which uses the idea of 'cooperative transmissions' (CT) has garnered significant attention. Unlike current approaches where a single transmitter transmits at a time in any channel, with CT, multiple transmitters transmit concurrently after appropriately encoding their transmissions. While the physical layer mechanisms for CT have been well studied, the higher layer applicability of CT has been relatively unexplored. In this work, we show that when wireless links use CT, several network performance metrics such as aggregate throughput, security and spatial reuse can be improved significantly compared to the current state of the art. In this context, our first contribution is Aegis, a framework for securing wireless networks against eavesdropping which uses CT with intelligent scheduling and coding in Wireless Local Area networks. The second contribution is Symbiotic Coding, an approach to encode information such that successful reception is possible even upon collisions. The third contribution is Proteus, a routing protocol that improves aggregate throughput in multi-hop networks by leveraging CT to adapt the rate and range of links in a flow. Finally, we also explore the practical aspects of realizing CT using real systems.

Wireless LANs

Routing

Cooperative communication

Smart antennas

Wireless networks

Security

Computer network protocols

Wireless communication systems

Computer network architectures

Computer networks Security measures

Entwurf und Beschreibung wesentlicher Komponenten einer Sicherheitsarchitektur für medizinische Forschungsnetze / Design and Description of Major Components in Security Architecture for Medical Research Networks

Grenz, Michael

20 June 2012

No description available.

004 Informatik

AHK 650

MED 250

Mathematics and Computer Science

Datenschutz

Datensicherheit

Sicherheitsmaßnahmen

Medizinische Forschung

Information Protection

Computer Security

Security Measures

Medical Research

54.38

44.32

Passengers' protection and rights in international civil aviation

Balasubramaniam, Usha.

January 2007

Air transport is of critical importance to move passengers and cargo from one place to another on a global scale. Subsistence, sustenance, growth and profitability of the air transport industry are dependent on the demand for transport from passengers and cargo as the main sources of revenue of the airline industry. The forces of globalization and liberalization, coupled with the very rapid development of low-cost operators, have tempered the growth and profitability of the aviation industry whilst, at the same time, greatly increasing the consumer (passenger and air freight user) advantages in terms of expanding the gamut of their choices, better quality and lower prices. The ever-expanding markets in the Asia and Pacific region hold great promise for a rapid growth of the aviation industry in years to come. / Currently, the international civil aviation community is faced with many challenges evolving from globalization, liberalization of economic regulations, privatization of airlines and airports, commercialization of government services providers, increasing environmental controls, and the emerge of new technologies. To deal effectively with these challenges and issues will require a high level of cooperation among civil aviation authorities, airlines, airports, and providers of air services and products. Airlines under the new free trade regimes have been exposed to many changes and although GATS has an important role to play in this important field, the convergence of economic, safety, security and environmental issues makes a strong case for keeping regulation in these critical issues under the ICAO aviation umbrella. / As air transport experiences structural, policy and regulatory environment changes, in the era of free trade it would be interesting to critically examine the impact of the aforementioned changes on the rights and protection of passengers. In this relation, it becomes very important to review the international, regional, and national efforts which have been made to enhance consumer protection and also have an important bearing on the rights of airline passengers. The thesis also addresses some emerging, non-traditional consumer protection issues, such as health, racial discrimination and the rights of disabled passengers. / In view of the above, the well-developed consumer protection regimes in the United States and the European Union (EU) would be examined in depth and the results of its analysis would be used to develop a suitable model airline passenger protection in the rapidly expending economies of the Asia and Pacific Region.

Airlines -- Customer services.

Consumer protection.

Airline passenger security screening.

People with disabilities -- Travel.

Correlation-based Botnet Detection in Enterprise Networks

Gu, Guofei

07 July 2008

Most of the attacks and fraudulent activities on the Internet are carried out by malware. In particular, botnets, as state-of-the-art malware, are now considered as the largest threat to Internet security. In this thesis, we focus on addressing the botnet detection problem in an enterprise-like network environment. We present a comprehensive correlation-based framework for multi-perspective botnet detection consisting of detection technologies demonstrated in four complementary systems: BotHunter, BotSniffer, BotMiner, and BotProbe. The common thread of these systems is correlation analysis, i.e., vertical correlation (dialog correlation), horizontal correlation, and cause-effect correlation. All these Bot* systems have been evaluated in live networks and/or real-world network traces. The evaluation results show that they can accurately detect real-world botnets for their desired detection purposes with a very low false positive rate. We find that correlation analysis techniques are of particular value for detecting advanced malware such as botnets. Dialog correlation can be effective as long as malware infections need multiple stages. Horizontal correlation can be effective as long as malware tends to be distributed and coordinated. In addition, active techniques can greatly complement passive approaches, if carefully used. We believe our experience and lessons are of great benefit to future malware detection.

Malware detection

Network security

Anomaly detection

Intrusion detection

Local area networks (Computer networks)

Computer networks Security measures

Computer crimes

Correlation (Statistics)