Abstract-Joint analysis of security and routing protocols in wireless networks reveals vulnerabilities of secure network traffic that remain undetected when security and routing protocols are analyzed independently. We formulate a class of continuous metrics to evaluate the vulnerability of network traffic as a function of security and routing protocols used in wireless networks. We develop two complementary vulnerability definitions using set theoretic and circuit theoretic interpretations of the security of network traffic, allowing a network analyst or an adversary to determine weaknesses in the secure network. We formalize node capture attacks using the vulnerability metric as a nonlinear integer programming minimization problem and propose the GNAVE algorithm, a Greedy Node capture Approximation using Vulnerability Evaluation. We discuss the availability of security parameters to the adversary and show that unknown parameters can be estimated using probabilistic analysis. We demonstrate vulnerability evaluation using the proposed metrics and node capture attacks using the GNAVE algorithm through detailed examples and simulation.
As antivirus and network intrusion detection systems have increasingly proven insufficient to detect advanced threats, large security operations centers have moved to deploy endpoint-based sensors that provide deeper visibility into lowlevel events across their enterprises. Unfortunately, for many organizations in government and industry, the installation, maintenance, and resource requirements of these newer solutions pose barriers to adoption and are perceived as risks to organizations' missions.To mitigate this problem we investigated the utility of agentless detection of malicious endpoint behavior, using only the standard build-in Windows audit logging facility as our signal. We found that Windows audit logs, while emitting manageable sized data streams on the endpoints, provide enough information to allow robust detection of malicious behavior. Audit logs provide an effective, low-cost alternative to deploying additional expensive agent-based breach detection systems in many government and industrial settings, and can be used to detect, in our tests, 83% percent of malware samples with a 0.1% false positive rate. They can also supplement already existing host signaturebased antivirus solutions, like Kaspersky, Symantec, and McAfee, detecting, in our testing environment, 78% of malware missed by those antivirus systems.
Abstract-We investigate the impact of node capture attacks on the confidentiality and integrity of network traffic. We map the compromise of network traffic to the flow of current through an electric circuit and propose a metric for quantifying the vulnerability of the traffic using the circuit mapping. We compute the vulnerability metric as a function of the routing and the cryptographic protocols used to secure the network traffic. We formulate the minimum cost node capture attack problem as a nonlinear integer programming problem. Due to the NP-hardness of the minimization problem, we provide a greedy heuristic that approximates the minimum cost attack. We provide examples of node capture attacks using our vulnerability metric and show that the adversary can expend significantly less resources to compromise target traffic by exploiting information leakage from the routing and cryptographic protocols.
We address the problem of allowing authorized users, who have yet to establish a secret key, to securely and efficiently exchange key establishment messages over an insecure channel in the presence of jamming and message insertion attacks. This problem was first introduced by Strasser, Pöp-per,Čapkun, andČagalj in their recent work, leaving joint consideration of security and efficiency as an open problem. In this paper, we present three approaches based on coding theory which reduce the overall time required to verify the packets and reconstruct the original message in the presence of jamming and malicious insertion. We first present the Hashcluster scheme which reduces the total overhead included in the short packets. We next present the Merkleleaf scheme which uses erasure coding to reduce the average number of packet receptions required to reconstruct the message. We then present the Witnesscode scheme which uses one-way accumulators to individually verify packets and reduce redundancy. We demonstrate through analysis and simulation that our candidate protocols can significantly decrease the amount of time required for key establishment in comparison to existing approaches without degrading the guaranteed level of security.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.