Network Security

Malware Threats

by Sandeep Kumar Seeram

As the number and severity of cyber-crimes continues to grow, it’s important to understand the various types of... more As the number and severity of cyber-crimes continues to grow, it’s important to understand the various types of malware involved and how they work. This applies especially to small and medium businesses that are not likely to have IT personnel whose sole focus is network security. This paper examines the current drivers of malware development, details the characteristics of each, discusses how they manifest themselves on the network, and points to how each can be remedied.

While the names of many forms of malware might be familiar, they continue to evolve as counter measures to eliminate them force adaptation. Today, the adaptation is driven by professional criminals. Yes, there are still amateurs out there who try to impress their friends or just act out by coding and releasing malware of various kinds. But far more dangerous are the organized, transnational criminal gangs who distribute malware for profit. These schemes include:

Extortion: Locking up or disrupting computers, then charging money to have the disruption undone. Often, these attacks take the form of a worthless computer scan and the sale of equally worthless “antivirus” software. This technique can be used to harvest credit card information. Sometimes the purchased software is “scare-ware” which drives additional purchases or continues to exact “subscription” payments.

Theft: Stealing electronic assets. These can include: personally identifiable information (identity theft) from employee or customer records; financial account information and passwords; proprietary trade and business assets which can be sold to competitors; email accounts, including address books, to be used for spam mailings (from seemingly trusted sources); and even computer resources themselves (zombies) which are controlled by the criminals for everything from spam mailing to hosting pornography.

The software which enables these crimes is categorized as malware. As worrisome as malware is—and it continues to get worse—there are straightforward and extremely effective ways to address it. But first, know your enemy. Typical malware consists of six main types—viruses, worms, Trojans, spyware, adware and rootkits.

A Formally Verified Device Authentication Protocol Using Casper/FDR

by Mahdi Aiash

TrustCom 2012- International Symposium on Advances in Trusted and Secure Information Systems (TSIS)

For communication in Next Generation Networks,
highly-developed mobile devices will enable users to store andmore For communication in Next Generation Networks,
highly-developed mobile devices will enable users to store and
manage a lot of credentials on their terminals. Furthermore,
these terminals will represent and act on behalf of users when
accessing different networks and connecting to a wide variety
of services. In this situation, it is essential for users to trust
their terminals and for all transactions using them to be
secure. This paper analyses a number of the Authentication
and Key Agreement protocols between the users and mobile
terminals, then proposes a novel device authentication protocol.
The proposed protocol is analysed and verified using a formal
methods approach based on Casper/FDR compiler.

Ensuring Data Confidentiality And Privacy In Mobile Ad hoc Networks

by Hamza Aldabbas

Mobile ad hoc networks (MANETs) are autonomous systems which are comprised of a number of mobile nodes that... more Mobile ad hoc networks (MANETs) are autonomous systems which are comprised of a number of mobile nodes that communicate between themselves by wireless communication in a peer-to-peer basis. They are self-organized, self-configured and self-controlled infrastructure-less networks. Nodes can communicate with each other without any pre-planned or a base station. Disseminating information securely between these nodes in such networks however is a challenging task, particularly when the information is confidential. Revealing such information to anyone else other than the intended nodes could be highly damaging, especially in military applications where keeping the message secret from adversaries is essential. In this paper we present our novel framework for privacy control in mobile ad hoc networks in which privacy policies are attached to messages as they are send between peers. We evaluate our framework using the Network Simulator (NS-2) to provide and check whether the privacy and confidentiality of the originator are met. For this we implemented the privacy enforcement as an NS2 agent that manages and enforces the policies attached to packets at every node in the MANET.

Multi-Organization Policy-based Monitoring

by Mirko Montanari

co-authored with Lucas T. Cook, Roy Campbell. Published in IEEE POLICY 2012

The monitoring of modern large scale infrastructure systems often relies on complex event processing (CEP) rules to... more The monitoring of modern large scale infrastructure systems often relies on complex event processing (CEP) rules to detect security and performance problems. For example, the continuous monitoring of compliance to regulatory requirements such as PCI-DSS and NERC CIP requires analyzing events to identify if specific conditions over the configurations of devices occur. In multi-organization systems, detecting these problems often requires integrating events generated by different organi- zations. As events provide information about the infrastructure’ internal structure, organizations are interested in reducing the amount of information shared with external entities.

This paper analyses the problem of detecting policy violations in network infrastructure systems managed by two organizations (e.g., a cloud user and a cloud provider). We focus on CEP monitoring systems and we introduce two protocols for selecting the events to share between the two organizations to ensure the detection of all possible policy violations. Our experimental evaluation shows that reciprocal information sharing between the two organizations significantly reduces the amount of information to transfer. In our SNMP monitoring test case, we obtain a 80% reduction in the information shared by any single organization.

Security and Risks in the Current Multicast Group Key Distribution Protocols

by Moutasem Shafa'amry

This paper is presented and published on the proceeding ofThe 1st International Symposium on Computing in Science & Engineering, June 3-5, 2010, Kusadasi Turkey

ABSTRACT –Multicast communications seem particularly well adapted for large scale commercial distribution... more ABSTRACT –Multicast communications seem particularly well adapted for large scale commercial distribution applica-tions, for example interactive distance-learning, the pay TV channels, board-meetings, group discussions, publish-subscribe systems, and secure videoconferencing.
The security for this type of applications is essential for data transmission through an insecure network. A more difficult and challenging issue arises due to the multicast group membership being dynamic. Users can leave and join the groups, thus making the issue of group management more difficult in large-scale systems. Therefore, one of the most important issues in multicast security is the group key management. Key management mainly has to do with the distribution and update of keying material during the group life.
Several approaches have been proposed by various authors to create and distribute the multicast group key in effective manner. There are different key management algorithms that facilitate efficient distribution and rekeying of the group key. These protocols normally add communication overhead as well as computation overhead at the both sides, the group key controller and the group members. Those schemes can be generally classified into three basic types, the centralized scheme, decentralized scheme and the distributed scheme.
In this paper, we investigate the-state-of-art multicast group key management algorithms and protocols. We also provide the comparative analysis of the various algorithms, evaluating their features based on criteria containing the following elements: The algorithm properties, the type of costs, the secrecy, and the amount of storage. Additionally, the study explores the pros and cons of each scheme, providing conclusions and a guideline for a future development and work in securing multicast group communication.

DoS and DDoS Attacks: Analysis and Prevention

by Ghulam Mubashar Hassan

1st National Conference on Security, Computing & Communication, May 23-25, 2008, Page 22-27, Kohat, Pakistan

Improving Network Security through Traffic Log Anomaly Detection Using Time Series Analysis

by Aitor Corchero

Modeling Interdependent Network Security from a Quantitative and Qualitative Perspective

by Alan Nochenson

Co-authored w/ C. F. Larry Heimann

This paper looks at network security from a game-theoretic point of view. Through the formulation and examination of... more This paper looks at network security from a game-theoretic point of view. Through the formulation and examination of increasingly complex scenarios, we formulate a model for utility-based security decisions. We look at the decision for one person to connect to the internet, to buy security software for herself, and to buy security software in the context of two or more people. By modeling security as a public good, we examine externalities that players impose upon each other. We then examine Olson’s theory of groups in a network security context to evaluate the effect of network size on optimal decision-making. Network topologies are also discussed briefly to investigate the limitations of the models proposed here. We conclude that these models work well for small to medium-sized networks with fairly randomly-distributed topologies.

The Effects of Loss Profiles in Interdependent Network Security

by Alan Nochenson

Co-authored w/ C. F. Larry Heimann

Although system administrators are frequently urged to protect the machines in their network, the fact remains that... more Although system administrators are frequently urged to protect the machines in their network, the fact remains that the decision to mandate protection is far from universal. To better understand this decision, we formulate a model of interdependent network security where there is a system administrator responsible for a network of size n against autonomous attackers attempting to penetrate the network and infect the machines with viruses or other exploits. We introduce the concept of a loss profile, which encapsulates the idea of variable loss due to infection. Through the application of a simple loss profile to this interdependent network security scenario, we conclude that the decision is dependent upon a number of factors including external and internal vulnerabilities, the types and likelihoods of different amounts of loss, and the interaction of all of these effects. Through this analysis, we form a model for decisionmaking that is simple to understand and applicable to many other interdependent security scenarios.

A Host Based Kernel Level Rootkit Detection Mechanism Using Clustering Technique

by Jestin Joy

A formally verified AKA protocol for vertical handover in heterogeneous environments using Casper/FDR

by Mahdi Aiash

Mahdi Aiash, Glenford Mapp, Aboubaker Lasebae, Raphael Phan, Jonathan Loo

EURASIP Journal on Wireless Communications and Networking.

Next generation networks will comprise di®erent wireless networks including cellular technologies, WLAN and indoor... more Next generation networks will comprise di®erent wireless networks including cellular technologies, WLAN and indoor technologies. To support these heterogeneous environments, there is a need to consider a new design of the network infrastructure. Furthermore, this heterogeneous environment implies that future devices will need to roam between di®erent networks using vertical handover techniques. When a mobile user moves into a new foreign network, data con¯dentiality and mutual authentication between the user and the network are vital issues in this heterogeneous environment. This article deals with these issues by ¯rst examining the implication of moving towards an open architecture, and then looking at how current approaches such as the 3GPP, HOKEY and mobile ethernet respond to the new environment while trying to address the security issue. The results indicate that a new authentication and key agreement protocol is required to secure handover in this environment. Casper/FDR, is used in the analysis and development of the protocol. The proposed protocol has been proven to be successful in this heterogeneous environment. Keywords: authentication and key agreement protocol; secure vertical handover; heterogeneous environments; Casper/FDR.

Stealing Reality: When Criminals Become Data Scientists (or Vice Versa)

by Yaniv Altshuler

Published in IEEE Journal of Intelligent Systems

In this paper we discuss the threat of malware targeted at extracting information about the relationships in a... more In this paper we discuss the threat of malware targeted at extracting information about the relationships in a real-world social network as well as characteristic information about the individuals in the network, which we dub \emph{Stealing Reality}. We explain why \emph{Stealing Reality} attacks differ from traditional types of attacks against individuals' privacy, and discuss why their impact is significantly more dangerous than other attacks such as identity theft. We then analyze this new attack and show what an optimal attack strategy would look like. Surprisingly, it differs significantly from many conventional network attacks, as it involves extremely slow spreading patterns. We point out that besides yielding the best outcome for the attackers, such an attack may also deceive existing monitoring tools, due to its low traffic volumes and the fact that it imitates natural end-user communication patterns.

Vulnerability Assessment Through Attack Injection

by João Antunes

Using Attack Injection on Closed Protocols

by João Antunes

Title of Presentation:Evaluation of UK Government Led Prevent Programme, Processes to Radicalisation in Local Communities in UK & Europe and Trans-National Network Connections of Faith-Based Radicalisation

by Owais Rajput

OBJECTIVE OF THE STUDY:

To evaluate the prevent programme within the contest of UK’s effort at Global Counter Terrorism.  
Prevent... more To evaluate the prevent programme within the contest of UK’s effort at Global Counter Terrorism.  
Prevent Programme and Locality issue in UK & Europe.
Issue of Home-Grown Radicalisation
Processes to Radicalisation.
Social and Political Processes leads towards to Home-Grown Radicalisation and on later stage towards to Terrorism.

LiMA: Lightweight Multicast Authentication

by Stefan Karpinski

Key management systems for sensor networks in the context of the Internet of Things

by Rodrigo Roman

If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things... more If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.

Do Wireless Sensor Networks Need to be Completely Integrated into the Internet?

by Rodrigo Roman

Integrating wireless sensor networks and the internet: a security analysis

by Rodrigo Roman

On the security of wireless sensor networks

by Rodrigo Roman