Network Security in Different Domains

1
Network Security in Different Domains
2
Categorization Based on Different Domains

• Domain Listing
• User Security
• System Security
• E-Commerce
• P2P Systems
• Routing Security
• Application Security
• Ad Hoc Network
• Wireless/Sensor Network
• Security Research in Ad Hoc Network and Wireless
  Sensor Network is growing in recent years!

3
Ad Hoc Network

• MANET
• Mobile Ad-Hoc network
• Self-configuring network of mobile routers (and
  associated hosts) connected by wireless links
• The routers are free to move randomly and
  organize themselves arbitrarily
• Network's wireless topology may change rapidly
  and unpredictably
• Operate in a standalone fashion, OR may be
  connected to the larger Internet

• Paper Topics
• Admission control protocol
• Scalable and distributed protocol
• Ubiquitous security services
• Secure public key authentication
• Trust certificates
• Authentication
• Robustness

4
Paper Review

• Providing Robust and Ubiquitous Security Support
  for MANET, J. Kong, P. Zerfos, H. Luo, S. Lu, L.
  Zhang (UCLA, USA)
• A scalable intrusion-tolerant security solution
• Tolerating intrusions to certain extent
• Certification Authority Functions
• Each entity holds a secret share
• Multiple entities in a local neighborhood jointly
  provide complete services
• Security is NOT compromised as long as there are
  less than K collaborative intruders
• Certificate-related security services to
  accommodate the unique characteristics of ad-hoc
  wireless networks
• Use RSA-based design Alice and Bob

5
Wireless/Sensor Network

• Wireless networks are prone to security attacks
  ranging from passive eavesdropping to active
  interfering

• Paper Topics
• Self-protection problem
• Wireless hops
• Wireless local network
• Mesh network
• Mesh networking is a subclass of MANET
• A way to route data, voice and instructions
  between nodes
• Continuous connections and reconfiguration around
  broken or blocked paths by "hopping" from node to
  node until the destination is reached.
• All nodes are connected to each other
• Flow marking attacks
• Adversary embeds a recognizable pattern of marks
  into wireless traffic flows by electromagnetic
  interference
• Recognize the communication relationship betweens
  hosts by tracking marks
• Sensor routing protocol
• Privacy issues, identity certificate
• Message authentication
• Secure email communication

6
Paper Review

• Defending against Sybil Attacks in Sensor
  Networks. 185-191, Q. Zhang, P. Wang, D. S.
  Reeves, P. Ning Electronic Edition
• Redundancy mechanism used to defeat unauthorized
  sensor nodes and sensor node hacking
• Sybil attack a malicious node illegally forges
  an unbounded number of identities to defeat
  redundancy mechanisms
• A Sybil node is a misbehaving nodes additional
  identity
• Proposed scheme
• Each sensor node is pre-assigned a unique secret
  key to derive one-way key chains
• 2 nodes mutually authenticate each other based on
  one-way key chains
• Identity certificates
• Merkle hash tree, certificate consists label of
  the leaf and AuthenticationPath

7
E-Commerce

• E-Commerce
• Exchange of goods and services over the Internet
• All major retail brands have an online presence,
  and many brands have no associated bricks and
  mortar presence.
• E-Commerce also applies to business to business
  transactions
• Defense
• Education
• Personal firewalls
• SSL
• Server firewall
• Password policies
• Intrusion detection
• Audits of security logs
• Reference IBM developWorks
• Paper Topics
• Quantifiable trust, trust problem
• Attack detection, loss minimization, damage
  control and recovery
• Electronic payment protocol
• Commercial exchange problem

8
Paper Review

• Trust vs. Threats Recovery and Survival in
  Electronic Commerce. 126-133, J. Su, D. Manchala
  Electronic Edition
• Cryptographic protocols
• Anonymity is the major concerns
• How do you build trust while maintain anonymity?
• Anonymous qualifiable signature
• Anonymous accountable receipt
• Security Concerns
• Stolen token identity is stolen
• Contour discovery attack making each
  transaction-processing-time longer
• Bogus payment e-cash
• Bogus goods
• Anonymity based attacks

9
Routing Security

• Paper Topics
• Protecting top-level DNS servers
• Distributed secure multi-path routing
• Routing protocol
• Secure and efficient routing

10
Paper Review

• Protecting BGP Routes to Top Level DNS Servers.
  322-331, L. Wang, X. Zhao, D. Pei, R. Bush, D.
  Massey, A. Mankin, S. F. Wu, L. Zhang Electronic
  Edition
• BGP routes
• The Border Gateway Protocol (BGP) is the core
  routing protocol of the Internet.
• Maintaining a table of IP networks or 'prefixes'
  which designate network reachability between
  autonomous systems
• Makes routing decisions based on path, network
  policies and/or rulesets
• False routing announcement attack Deny access to
  the DNS service or redirect DNS queries to a
  malicious impostor
• Solution Path-filtering approach
• Maintain a set of potentially valid paths for
  each root/gTLD server automatically include new
  valid routes, use both route history and external
  validation mechanism to identify new valid paths
• Design
• A monitoring process
• A verification process
• A filter construction process

11
P2P Systems

• Paper Topics
• Efficient semantic based search for resources
• ID mapping attacks
• In a DHT structure, a node obtain a particular
  identifier, a particular position on the overlay
  network, in order to gain control over certain
  resources. If a node could directly choose its
  own identifier, the attack would be trivial.
• Content protection architecture, operate in
  decentralized peer-to-peer systems

12
Paper Review

• Semantic Small World An Overlay Network for
  Peer-to-Peer Search M. Li, W. Lee, A.
  SivasubramaniamPennsylvania State University ,
  University Park, USA
• Semantic Small World (SSW)
• Applications such a Napster and Gnutella
  Fundamental challenges when searching for
  resources
• Not favorable to key-based serach
• Content/semantic search
• Method
• Each data object is a point in a multidimensional
  semantic space
• Efficient navigation and search in high
  dimensional space -gt dimension reduction

13
Applications for Network Security
14
Categorization of Different Security Applications

• Applications
• VPN
• Security Policy
• Honeypot, Honeynet
• Firewall
• Auditing and Monitoring
• IPSec
• Security Protocol
• Intrusion Detection
• Security Protocol and Intrusion Detection attract
  more researchers attention!

15
Intrusion Detection System

• Paper Topics
• Prefix Hijack Alert System (PHAS)
• Detect remote manipulated destructive system
  calls
• Detect buffer overflow
• Middleware-level intrusion detection
• Spyware detection
• DDoS detection
• Implement intrusion detection system as ID
  wrappers
• Process-based intrusion detection approaches
• Data mining approach
• Traffic anomaly detection
• Detection algorithm
• BRO
• StackGuard
• NetKuang

16
Paper Review

• Bro A System for Detecting Network Intruders in
  Real-Time Vern Paxson, Lawrence Berkeley National
  Laboratory
• Bro
• A stand-alone system for detecting network
  intruders in real-time by pass monitoring a
  network link
• Design
• Libpcap
• Packet-capture library used by tcpdump
• Use OS filter to reduce traffic into Kernel
• Event engine
• Analyze packets and connection
• TCP processing
• UDP processing
• Policy script interpreter
• Event handler
• Generating new events
• Logging real-time notification
• Record data
• Modifying internal state for subsequent event
  handler
• Attack Bro
• Overload attacks

17
IPSec

• IPSec
• Defacto standard protocol for secure Internet
  communications
• Consists of lists of rules that designate the
  traffic to be protected, type of protect,
  protection parameter
• Provide
• Integrity
• Confidentiality
• Authentication
• Security protocol (AH or ESP)
• Mode (tunnel or transport)
• VPN to secure channel

• Paper Topics
• Filtering policy semantics
• Multi-layer security protection scheme
• The Internet Engineering Task Force
• A scalable re-keying scheme
• DNSIBC

18
Paper Review

• Modeling and Verification of IPSec and VPN
  Security Policies H. Hamed, E. Al-Shaer, W.
  Marrero (DePaul University)
• IPSec policy configuration remains a complex and
  error-prone task
• Propose a generic model that capture various
  filtering policy semantics using Boolena
  expressions
• Canonical representation of IPSec using Ordered
  Binary Decision Diagrams
• This Paper
• Modeling of Filtering Security Policies
• Modeling lists of rules
• Accesss_list, map_list, transform
• IPSec intra-policy Analysis
• Identification and classification of IPSec policy
  confilicts

19
Firewall

• Firewall
• Function
• Examine packet that passes through the entrance
  of a network and decide whether to accept or
  discard
• 5 major processing-mode
• packet filtering firewalls
• application gateways
• circuit gateways
• MAC layer firewalls
• Hybrid, adopted in practice
• Structures
• Residential
• Commercial-grade
• Hardware-based
• Software-based
• Appliance-based devices

• Paper Topics
• Firewall design
• Policy anomalies in distributed firewalls
• Transient addressing for related processes
• Backtracking search and set pruning tries
• Examine conception, design, development of,
  AutoHack

20
Paper Review

• Firewall Design Consistency, Completeness, and
  Compactness. 320-327, M. G. Gouda, A. X. Liu
  Electronic Edition
• Decision function
• ltpredicategt ? ltdecisiongt
• Each packet
• Where it reach the firewall
• Packet source
• Packet destination
• Transport protocol
• Firewall decision diagrams (FDDs)
• Packet flow through nodes based on rules,
  decision path
• Design
• Consistency
• Rules are ordered correctly
• Completeness
• Every packet satisfies at least one rule in the
  fiewall
• Compactness
• Iff it has no redundant rules

21
Honeypot

• Honeypot
• A closely monitored network decoy whose value
  lies in being attacked, probed, it serves the
  following purposes
• Functions
• Adverse attacks
• Capture attacks information
• Analyze the attacks

• Paper Topics
• Design framework
• Shadow honeypot
• Collapsar
• A virtual-machine-based architecture for network
  attack detention.
• Hosts and manages a large number of
  high-interaction virtual honeypots in a local
  dedicated network.

22
Paper Review

• A Virtual Honeypot Framework, Niels Provos,
  Google, Inc.
• Physical and virtual honeypots
• Physical honeypot
• High-interaction
• Expensive to install and maitain
• Impossible for large address space
• So? ? virtual honeypot
• Deceive TCP/IP stack fingerprint
• Simulate systems
• Full network mapping tools
• Honeyd
• Open source computer program that allows a user
  to set up and run multiple virtual hosts
• Handle virtual honeypots on multiple IP
  addresses simultaneously
• Architecture
• A configuration database
• A central packet dispatcher
• Protocol handlers
• A personality engine
• An optional routing component