Class Note for EECS 800 at KU
Popular in Course
Popular in Department
This 36 page Class Notes was uploaded by an elite notetaker on Friday February 6, 2015. The Class Notes belongs to a course at Kansas taught by a professor in Fall. Since its upload, it has received 29 views.
Reviews for Class Note for EECS 800 at KU
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 02/06/15
Justin P Rohrer rohreikuedu EECS8oo Wireless Security 20061212 SECURITY IN HETEROGENEOUS NETNQBng GENERIC SECURITY Overview 39 Introduction 39 Background 39 Security Categories 39 Related Work 39 Environmental Model 39 De gn 39 Simulations 39 Results Hi W Overview I Introduction I Background I SecurityCategories I RelatedWork I Environmental Model I De gn I Simulations I Results I COHQIMSiQh iD 4ll Introduction Looking at Heterogeneous networks in the context ofthe nextgeneration Internet Will certainly be more diverse than current Internet Needs a unified approach to security Security policy needs to be communicated beyond trust boundaries Work based on proposed architecture details W Overview Introduction Background Security Categories Related Work Environmental Model De gn Simulations Resuhs lE W Background This work is an extension of Postmodern Internetwork Architecture PoMo I Funded by NSF under NeTSFIND 102006 Unconstrained by backwardcompatibility issues Considers security to be a fundamental requirement for each network component 4iD W Overview Introduction Background Security Categories Related Work Environmental Model De gn Simulations Resuhs 3D lD Security Categories Authentication U Use existing methods Collaboration Incentives U Network access treated as privilege which can be lost due to misbehavior U Current mindset difficult to change I Denial of Service Prevention U Can be malicious or accidental 2 Needs ed resea r ch W Overview Introduction Background Security Categories Related Work Environmental Model De gn Simulations Resuhs lE lD Related Work Two categories of DOS avoidance research U Improved resource management U Attack prevention Each approach addresses a specific scenario U 36 cellular multicast U 36 cellularscheduling U CellularSMS U Cellularisa populartopic W Overview Introduction Background Security Categories Related Work EnvironmentalModeI De gn Simulations Resuhs dmn 3D ll Environmental Model I PoMo consists ofthe basic elements links I Links interconnect nodes I Nodes may be single devices or entire sub networks defined recursively I These virtual nodes are referred to as realms I Realms are separated from oneanother by trustpolicy boundaries I Centralized administration with trusted 4ll resources I rn Overview Introduction Background Security Categories Related Work Environmental Model Deggn Simulations Results W Design Goals Generic Security Protocol GSP 1 Unify policyimplementation Facilitate interdomain policy communication Enhance performance resilience and survivability ofthe network as a whole a ll Design Proposed Solution Protocol which operates within network stack Roughly layer 45 Relies on PoMo Internetwork layer and below Required for all realms but not every individual node B I l Placement comparable to BGP ll Design Framework Security Agent SA run within each realm Security Client SC optionally run on end nodes Security Packets SP carry information between entities c1 ll Design Security Agents Centralized or distributed within realm Run on devices associated with security U Gateways U Firewalls U Intrusion Prevention Systems Policy defined around links glD Policy distributed to all SA in realm Events trigger response based on policy ll Design Security Clients Receives relevant policy info from SA within own realm Communicates upwards with application andor user Optional implementation on given end node a glD Design Security Packets Packet format with fields needed by GSP U Authentication Both source and message contents D GSP code D Content field for user customizable data Encapsulated in PoMo packet which provides source destination and routingforwarding info lD Design Security Domains IntraRealm U Implement unified policy U Coordinate security measures and appliances InterRealm U Communicate policy to other realms on as needed basis D SP s prioritized above other traffic to ensure delivery even in DOS scenario glD Security of GSP GSP has potential to become liability if exploited Public key encryption used for authentication SP s examined at injection and every trust boundary Details left to future work must be bulletproof prior to mass deployment W Overview Introduction Background Security Categories Related Work Environmental Model De gn Simulations Resuhs lE W Simulations ns2 three realms with different bandwidth links duplex links with droptail queuing Legitimate traffic simulated with PackMime traffic generator Misbehaving traffic simulated using single CBR stream lD Simulations Green nodes on low bandwidth network Blue nodes high bandwidth core Red nodes server fa rm Well behaved HTTP 11 traffic generated at rate of1 request per node per second Justin P Rohrer 20061212 24 Overview Introduction Background Security Categories Related Work Environmental Model De gn Simulations Results Results Without GSP Node 15 acts as ordinary firewall G p h s h g 0 p Throughput of forw ing bits at current node Xttime TIL1 CN 39 Throu h ut offorwardin bits at current node thime TL1 CN12 Pthc ack o n IIn k 215 9 P 9 P CBR stream starts at about 165 Poor performance due to both DOS and TCP backoff E 39I a N u 39u o lt6 u 1 o m E E E 395 E 539 o m 1 2 5 15 simulation time sec Justin P Rohrer 20061212 26 Results With GSP Node 15 is a firewall with a SA Signals node 7 when CBR stream is detected Misbehaving traffic blocked at source Goodput returns to normal after brief downward spike E t 2 E N m 5 o U m 2 5 D E 39E E 5 V 2 o 5 a or 3 E 395 15 simulation time sec Justin P Rohrer 20061212 27 W Conclusions Simulation limited in scope intended to show power and flexibility of approach Could have been a spam flood or SSH brute force attack being block Many more scenarios to simulate whole PoMo project in infancy 4ll Most difficult aspect will be ensuring that GSP cannot be exploited M Questions W References 1 Evans JB Wang W and Ewy BJ 2006 Wireless networking security open issues in trust management interoperation and measurement Int J Security and Networks Vol 1 Nos 12 pp 8494 2 Bhattacharjee B Calvert K Griffioen J Spring N and Sterbenz J 2006 NeTSFIND Postmodern Internetwork Architecture NSF Proposal Funded 102006 LgiD References Cont I 3 Durst RC Miller GJTravis EJ TCP Extensions for Space Communications Proceedings of the 2nd annual international conference on Mobile computing and Networking pp 15 26 ACM Press November 1996 SBNo 89791872X I 4 Burleigh S Hooke A Torgerson L Fall K Cerf V Durst B Scott K Weiss H Delay Tolerant Networking An Approach to Interplanetary Internet Communications Magazine IEEE Volume 41 Issue 6 June 2003 pp 128 136 1 References Cont I 5 Bhargava 8 Wu X LuY and Wang W 2004 Integrating heterogeneous wireless technologies a cellularassisted mobile ad hoc networks Mobile Network and Applications Vol 9 NO 4 pp393408 I 6 Wang W Liang W and Agarwal A 2005 Integration ofauthentication and mobility management in third generation and WLAN data networks Journal of Wireless Communications and W References Cont I 7 Yang H and Lu S 2002 SeIforganized network layer security in mobile ad hoc networks Proceedings of the First ACM Workshop on Wireless Security WISE pp1120 8 Lamparter B Paul K and Westhoff D 2003 Charging support for ad hoc stub networks Journal of Computer Communication Vol 26 N0 13 pp 1504 4iC 1515 1 References Cont I 9 Ben Salem N Buttyan L Hubaux JP and Jakobsson M 2003 A charging and rewarding scheme for packet forwarding in multihop cellular networks Proceedings of Forth ACM International Symposium on Mobile Ad Hoc Networking and Computing MobiHoc pp1324 10 Bhatia R Li LE Luo H and Ramjee R 2006 ICAM integrated cellular and adhoc multica st IEEE Transactions on Mobile Computing Vol V 130041015 W References Cont I 11 Soahant Bali All Hands Meeting Presentation at ITTC 20061109 12 Traynor P EnckW McDaniel P and La Porta T 2006 Mitigating attacks on open functionality in SMScapable cellular networks Proceedings of the 12th Annual international Conference on Mobile Computing and Networking MobiCom pp 182193 4lCl D l References Cont I 13 Enckl WTraynorl P McDaniell P and La Porta T 2005 Exploiting open functionality in SMScapable cellular networks Proceedings of the 12th ACM Conference on Computer and Communications Security CCS pp 393404
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'