Security Related Research Projects at UCCS Network Research
- Slides: 31
Security Related Research Projects at UCCS Network Research Lab C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs Security Research 2/7/2003 1 chow
Outline of the Talk n Brief Introduction to the Network/Protocol Research Lab at UCCS n Network security related research projects at UCCS Network/Protocol Research Lab n l Autonomous Anti-DDo. S Project l Secure Collective Defense Project l BGP/MPLS based VPN Project Discussion on Innerwall-UCCS Joint Research Project l STTR N 03 -T 010 TITLE: Intrusion Monitoring, Detection and Reporting Security Research 2/7/2003 2 chow
UCCS Network Research Lab n n Director: Dr. C. Edward Chow Graduate students: – John Bicknell/Steve Mc. Caughey/Anders Hansmat: Distributed Network Restoration/Network Survivability – Hekki Julkunen: Dynamic Packet Filter – Chandra Prakash: High Available Linux kernel-based Content Switch – Ganesh Godavari: Linux based Secure Web Switch – Angela Cearns: Autonomous Anti-DDo. S (A 2 D 2) Testbed – Longhua Li: IXP-based Content Switch – Yu Cai (Ph. D. research assistant): Multipath Routing – Jianhua Xie (Ph. D. ): Secure Storage Networks – Frank Watson: Content Switch for Email Security – Paul Fong: Wireless AODV Routing for sensor networks – Nirmala Belusu: Wireless Network Security PEAP vs. TTLS – David Wikinson/Sonali Patankar: Secure Collective Defense – Murthy Andukuri/Jing Wu: Enhanced BGP/MPLS-based VPN – Patricia Ferrao/Merlin Vincnet: Web-based Collaborative System Support Security Research 2/7/2003 3 chow
UCCS Network Lab Setup Gigabit fiber connection to UCCS backbone Switch/Firewall/Wireless AP: l HP 4000 switch; 4 Linksys/Dlink Switches. l Sonicwall Pro 300 Firewall l 8 Intel 7112 SSL accelerators; 4 7820 XML directors donated by Intel. l Cisco 1200 Aironet Dual Band Access Point and 350 client PC/PCI cards (both 802. 11 a and 802. 11 b cards). l Intel IXP 12 EB network processor evaluation board n Servers: Two Dell Power. Edge Servers. n Workstations/PCs: l 8 Dell PCs (3 Ghz-500 Mhz); 12 HP PCs (500 -233 Mhz) l 2 laptop PCs with Aironet 350 for mobile wireless l OS: Linux Redhat 8. 0; Window XP/2000 n n Security Research 2/7/2003 4 chow
HP 4000 SW Gigibit Fiber to UCCS Backbone& Workstation Dell Server Intel IXP Network Processor Security Research 2/7/2003 5 chow
Intel 7110 SSL Accelerators n 7280 XML Director n Security Research 2/7/2003 6 chow
DDo. S: Distributed Denial of Service Attack DDo. S Victims: Yahoo/Amazon 2000 CERT 5/2001 DNS Root Servers 10/2002 DDo. S Tools: Stacheldraht Trinoo Tribal Flood Network (TFN) Security Research 2/7/2003 7 chow
How wide spread is DDo. S? n Research by Moore et al of University of California at San Diego, 2001. l 12, 805 Do. S in 3 -week period l Most of them are Home, small to medium sized organizations Security Research 2/7/2003 8 chow
Intrusion Related Research Areas Intrusion Prevention l General Security Policy l Ingress/Egress Filtering n Intrusion Detection l Anomaly Detection l Misuse Detection n Intrusion Response l Identification/Traceback/Pushback l Intrusion Tolerance n Security Research 2/7/2003 9 chow
Security Related Research Projects n Secure Content Switch n Autonomous Anti-DDo. S Project l Deal with Intrusion Detection and Handling; l Techniques: – IDS-Firewall Integration – Adaptive Firewall Rules – Easy to use/manage. n Secure Collective Defense Project l Deal with Intrusion Tolerance; How to tolerate the attack l Techniques (main idea Explore secure alternate paths for clients to come in) – Multiple Path Routing – Secure DNS extension: how to inform client DNS servers to add alternate new entries – Utilize a consortium of Proxy servers with IDS that hides the IP address of alternate gateways. n BGP/MPLS based VPN Project n Content Switch for Email Security Research 2/7/2003 10 chow
Design of an Autonomous Anti-DDOS Network (A 2 D 2) Graduate Student: Angela Cearns n Goals: l Study Linux Snort IDS/Firewall system l Develop Snort-Plug-in for Generic Flood Detection l Investigate Rate Limiting and Class Based Queueing for Effective Firewall Protection l Intrusion Detection automatically triggers adaptive firewall rule update. l Study Qo. S impact with/without A 2 D 2 system. n http: //cs. uccs. edu/~chow/pub/master/acearns/doc/ n Security Research 2/7/2003 11 chow
Security Research 2/7/2003 12 chow
A 2 D 2 Multi-Level Adaptive Rate Limiting Security Research 2/7/2003 13 chow
A 2 D 2 Qo. S Results - Baseline Playout Buffering to Avoid Jitter n 10 -min Video Stream between Real Player & Real Server n Packets Received: l Around 23, 000 (23, 445) n No DDo. S Attack Qo. S Experienced at A 2 D 2 by Real Player Client with No DDo. S Security Research 2/7/2003 14 chow
A 2 D 2 Results – Non-stop Attack n Packets Received: 8, 039 Retransmission Request: 2, 592 n Retransmission Received: 35 n Lost: 2, 557 n n Lost of Packets Connection Timed-out Qo. S Experienced at A 2 D 2 Client Security Research 2/7/2003 15 chow
A 2 D 2 Results – UDP Attack Mitigation: Firewall Policy n Packets Received: 23, 407 Retransmission Request: 0 n Retransmission Received: 0 n Lost: 0 n n Look like we just need plain old Firewall rules, no fancy Rate Limiting/CBQ? Qo. S Experienced at A 2 D 2 Client Security Research 2/7/2003 16 chow
A 2 D 2 Results – ICMP Attack Mitigation: Firewall Policy n Packets Received: 7, 127 Retransmission Request: 2, 105 n Retransmission Received: 4 n Lost: 2, 101 n n Connection Timed-out n Just plain old firewall rule is not good enough! Packet/Connection Loss Qo. S Experienced at A 2 D 2 Client Security Research 2/7/2003 17 chow
A 2 D 2 Results – TCP Attack Mitigation: Policy+CBQ Turn on CBQ n Packets Received: 22, 179 n Retransmission Request: 4, 090 n Retransmission Received: 2, 641 n Lost: 1, 449 n n Look OK But Quality Degrade Screen Quality Impact! Qo. S Experienced at A 2 D 2 Client Security Research 2/7/2003 18 chow
A 2 D 2 Results – TCP Attack Mitigation: Policy+CBQ+Rate. Limiting n Turn on Both CBQ & Rate Limiting n Packets Received: 23, 444 Retransmission Request: 49 – 1, 376 n Retransmission Received: 40 – 776 n Lost: 9 – 600 n n No image quality degradation Qo. S Experienced at A 2 D 2 Client Security Research 2/7/2003 19 chow
A 2 D 2 Future Works n n n Extend to include IDIP/Pushback Precise Anomaly Detection Improve Firewall/IDS Processing Speed Scalability Issues l Tests with More Services Types l Tests with Heavy Client Traffic Volume Fault Tolerant (Multiple Firewall Devices) Alternate Routing Security Research 2/7/2003 20 chow
Wouldn’t it be Nice to Have Alternate Routes? net-a. com A A net-b. com A. . . A . . . DNS 1 R net-c. com A Client Traffic Security Research 2/7/2003 R How to reroute clients traffic through R 1 -R 3? R R 3 DDo. S Attack Traffic Victim A. . . A DNS 3 DNS 2 R DNS A . . . R 2 R 1 Alternate Gateways 21 chow
Implement Alternate Routes net-a. com A A net-b. com A. . . A . . . DNS 1 R net-c. com A A A. . . A . . . DNS 3 DNS 2 R R Need to Inform Clients or Client DNS servers! DNS R R 3 DDo. S Attack Traffic Client Traffic Security Research 2/7/2003 Victim R 2 Alternate Gateways 22 R 1 But how to tell which Clients are not compromised? How to hide IP addresses of Alternate Gateways? chow
net-b. com net-a. com net-c. com. . . A A A . . . A SCOD Victim Security Research 2/7/2003 A Proxy 3 Proxy 1 Attack Traffic Client Traffic . . . R Proxy 2 block A DNS 3 R R 1 A DNS 2 DNS 1 R A block R 2 R R 3 Reroute Coordinator 1. IDS detects intrusion Blocks Attack Traffic Sends distress call to Reroute Coordinator 23 chow
net-b. com net-a. com net-c. com. . . A A A . . . A SCOD Proxy 1 block Victim Security Research 2/7/2003 . . . A R Proxy 2 Attack Traffic Client Traffic A DNS 3 R R 1 A DNS 2 DNS 1 R A R 2 R Proxy 3 2. Sends Reroute Command with (DNS Name, IP Addr. Of victim, Proxy Server(s)) to DNS R 3 Reroute Coordinator 1. IDS detects intrusion Blocks Attack Traffic Sends distress call to Reroute Coordinator 24 chow
net-b. com net-a. com net-c. com. . . A A A . . . A 3. New route via Proxy 1 to R 1 R A . . . A DNS 3 DNS 2 R R Proxy 2 Proxy 3 Proxy 1 block R 1 A 3. New route via Proxy 3 to R 3 3. New route via Proxy 2 to R 2 DNS 1 SCOD A R 2 R Attack Traffic Client Traffic R 3 2. Sends Reroute Command with (DNS Name, IP Addr. Of victim, Proxy Server(s)) to DNS Reroute Coordinator Victim Security Research 2/7/2003 25 chow
net-b. com net-a. com net-c. com. . . A A A . . . A 3. New route via Proxy 1 to R 1 R R . . . A R Proxy 3 Proxy 1 block R 1 A DNS 3 DNS 2 Proxy 2 4 a. Attack traffic detected by IDS block by Firewall A 3. New route via Proxy 3 to R 3 3. New route via Proxy 2 to R 2 DNS 1 SCOD A R 2 R Attack Traffic Client Traffic R 3 4. Attack traffic detected by IDS block by Firewall Reroute Coordinator Victim Security Research 2/7/2003 26 chow
net-b. com net-a. com net-c. com. . . A A A . . . A 3. New route via Proxy 1 to R 1 R R block R 2 R 4 b. Client traffic Attack Traffic comes in via Client Traffic alternate route Victim Security Research 2/7/2003 . . . A R Proxy 1 R 1 A DNS 3 DNS 2 Proxy 2 4 a. Attack traffic detected by IDS block by Firewall A 3. New route via Proxy 3 to R 3 3. New route via Proxy 2 to R 2 DNS 1 SCOD A 27 R 3 1. distress call Proxy 3 4. Attack traffic detected by IDS block by Firewall Reroute Coordinator 2. Sends Reroute Command with (DNS Name, IP Addr. Of victim, Proxy Server(s)) chow
Secure Collective Defense n Main Idea Explore secure alternate paths for clients to come in; Utilize geographically separated proxy servers. n Goal: n l Provide secure alternate routes l Hide IP addresses of alternate gateways Techniques: l Multiple Path Routing l Secure DNS extension: how to inform client DNS servers to add alternate new entries (Not your normal DNS name/IP address mapping entry). l Utilize a consortium of Proxy servers with IDS that hides the IP address of alternate gateways. l How to partition clients to come at different proxy servers? may help identify the attacker! l How clients use the new DNS entries and route traffic through proxy server? Use Sock protocol, modify resolver library? Security Research 2/7/2003 28 chow
New UCCS IA Degree/Certificate Master of Engineering Degree in Information Assurance n Certificate in Information Assurance (offered to Peterson AFB through NISSC) l Computer Networks; Fundamental of Security; Cryptography; Advanced System Security Design n Security Research 2/7/2003 29 chow
New CS 691 Course on Advanced System Security Design n n n Use Matt Bishop new Computer Security Text Spring 2003: With one class at UCCS; one at Peterson AFB. Enhanced by Demo/Hand-on exercises at Distribute Security Lab of Northorp Grumman. Integrate security research results into course material such as A 2 D 2, Secure Collective Defense, MPLS-VPN projects. Invite speakers from Industry such as Innerwall and AFA? Looking for potential joint exercises with other institutions such as AFA, Northorp Grumman, Innerwall. Security Research 2/7/2003 30 chow
Joint Research/Development Effort n STTR N 03 -T 010 TITLE: Intrusion Monitoring, Detection and Reporting n Penetration Analysis/Testing projects? n Intrusion Detection/Handling projects? n Other Cyberwarfare related projects? n Security Forum organized by Dean Haefner/Dr. Ayen n Security Seminar Series with CITTI funding support l Look for Speakers (suggestion? ) Security Research 2/7/2003 31 chow
Homeland security advanced research projects agency
Homeland security advanced research projects agency
A series of coordinated related multiple projects
A series of coordinated related multiple projects
Modern project management
A series of coordinated related multiple projects
A series of coordinated related multiple projects
A series of coordinated related multiple projects
Private securty
Osi security services
Security guide to network security fundamentals
Wireless security in cryptography
Electronic mail security in network security
Security guide to network security fundamentals
Security guide to network security fundamentals
Uccs wellness center
The integration of eye, hand, and foot movements
Health vs skill related fitness
Database security architecture
Most projects have one path through a network diagram
Intelligence advanced research projects activity
Module 3 subfields in psychology
Explain about visa international security mode
Cnss security model 27 cells example
E commerce security policy
Software security building security in
5g americas
Wlan network
Pearson vue pcnse
Network security protocols
William stallings network security essentials 5th edition
Intruders in cryptography and network security
