Practically Useful Network Security

Chin-Tser Huanghuangct@cse.sc.edu

University of South Carolina

1/8/2010 2

Security Services Confidentiality Integrity Authentication Anti-replay

…

Availability Access control Non-repudiation Anonymity

1/8/2010 3

Network Security Always Good?

What if security mechanism is not applied correctly?

1/8/2010 4

Network Security Always Good?

What if security mechanism is not applied appropriately?

x y

AESk3(3DESk1,k2(m, ts))

AESk3(3DESk1,k2(m, ts))

AESk3(3DESk1,k2(m, ts))

3DESk1,k2(m, ts)m, ts

1/8/2010 5

Practically Useful Network Security

To make network security practically useful, we need to Verify the correctness of security

mechanism Consider the efficiency of security

mechanism

1/8/2010 6

Protocol Design and Verification

Correctness is essential for secure protocols

Two steps to verify correctness of protocols First specify protocols using a formal

and scalable notation Then verify correctness of protocol

using state transition diagram

1/8/2010 7

Abstract Protocol Notation

1/8/2010 8

State Transition Diagram

1/8/2010 9

Botnet Detection and Mitigation Supported by NSF and AFRL Ongoing collaboration with Dr. Han at AFRL Botnet is a distributed network of a large

number of bots, which are machines infected with malware and under the control of a botmaster

1/8/2010 10

Botnet Detection and Mitigation Aim to mitigate the problem of botnets by

filtering their malicious packets and command and control (C&C) packets early

Successful implementation on Quagga routing software

Currently developing Tcl/Tk scripts for automated rule dissemination between routers

With Prasanth Kalakota, Mohamed Sharaf and Dr. Matthews

1/8/2010 11

Early Filtering Testbed Four Cisco 2811 routers Dell PowerEdge R410 server

1/8/2010 12

Intrusion Detection Supported by a DARPA/AFRL grant Microscope

View network as a collection of individual hosts Charge individual host for anomalous behavior With Jeff Janies

0

0.5

1

1.5

2

2.5

3

A B C D

TCP

UDP

malicious

A

B C

D

1/8/2010 13

Intrusion Detection Macroscope

View network traffic as time-series signal Use wavelets to capture different types of anomalies With Sachin Thareja

1/8/2010 14

Authentication in Wireless Networks

Design secure unicasting protocol to counter routing level attacks in ad hoc sensor networks

Develop dual authentication protocol against rogue access points for 802.11 WLANs

Discover and fix security problems in 802.16 WiMAX PKM protocols

With Jeff Janies, Sen Xu, and Prof. Matthews

K5({auth5}.K3({auth3}.K2({auth2}.ID2.MSG)))

K3({auth3}. K2({auth2}.ID2.MSG))

K2({auth2}.ID2.MSG)

Privacy-Preserving Multi-Dimensional Credentialing

Organizations often use common personal identifiers (PIs) to satisfy reporting obligations and uniquely identify the same individuals, thereby making it possible to cross-link and aggregate the transactions of the same person from multiple sources

Introduce the veiled certificate (VC) which allows individuals to maintain control over their personal information while satisfying the regulatory and reporting needs of today’s security conscious environment

With Prof. Gerdes

1/8/2010 15

1/8/2010 16

More Information Secure Protocol Implementation &

Development (SPID) Group Website: http://spid.cse.sc.edu