Path Hopping: An MTD Strategy for Long-Term Quantum-Safe Communication

Poostindouz, Alireza; Lisý, Viliam

doi:10.1155/2018/8475818

Cited by 4 publications

(7 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To further improve security and efficiency of the system against a dynamic adversary that changes the set of their eavesdropped paths over time, a Moving Target Defence (MTD) approach to SMT systems was proposed [17].…”

Section: Moving Target Defence (Mtd)mentioning

confidence: 99%

“…The system is proved to provide post-quantum security without relying on a secret key or intractability assumption. The system was published in [17] and used an evaluation framework for the MTD strategy that was proposed in [1,9]. We motivate the need for implementation and experiments to (i) understand the cost of employing the system in practice to refine the model and make the results closer to a real-life implementation, and (ii) to validate the assumptions and evaluate performance of the system in practice.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On Randomization in MTD Systems

Ghaderi

Jero

Nita-Rotaru

2022

Proceedings of the 9th ACM Workshop on Moving Target Defense

View full text Add to dashboard Cite

Randomization is one of the main strategies in providing security in moving-target-defense (MTD) systems. However, randomization has an associated cost and estimating this cost and its impact on the overall system is crucial to ensure adoption of the MTD strategy. In this paper we discuss our experience in attempting to estimate the cost of path randomization in a message transmission system that used randomization of paths in the network. Our conclusions are (i) the cost crucially depends on the underlying network control technology, (ii) one can reduce this cost by better implementation, and (iii) reducing one type of cost may result in increased costs of a different type, for example a higher device cost. These suggest that estimating the cost of randomization is a multivariable optimization problem that requires a full understanding of the system components. CCS CONCEPTS• Security and privacy → Network security.

show abstract

Section: Moving Target Defence (Mtd)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

On Randomization in MTD Systems

Ghaderi

Jero

Nita-Rotaru

2022

Proceedings of the 9th ACM Workshop on Moving Target Defense

View full text Add to dashboard Cite

show abstract

“…By now, the researchers have put more emphasis on changing static parameters of the data flow on the fly [16,17,18,19,20]. The IP address [21], the port [22], and the routing path of a flow [11,19,20,23,24,25] are the main objects of dynamic configuration.…”

Section: Related Workmentioning

confidence: 99%

Polymorphic Path Transferring for Secure Flow Delivery

2021

KSII TIIS

View full text Add to dashboard Cite

In most cases, the routing policy of networks shows a preference for a static one-to-one mapping of communication pairs to routing paths, which offers adversaries a great advantage to conduct thorough reconnaissance and organize an effective attack in a stress-free manner. With the evolution of network intelligence, some flexible and adaptive routing policies have already proposed to intensify the network defender to turn the situation. Routing mutation is an effective strategy that can invalidate the unvarying nature of routing information that attackers have collected from exploiting the static configuration of the network. However, three constraints execute press on routing mutation deployment in practical: insufficient route mutation space, expensive control costs, and incompatibility. To enhance the availability of route mutation, we propose an OpenFlow-based route mutation technique called Polymorphic Path Transferring (PPT), which adopts a physical and virtual path segment mixed construction technique to enlarge the routing path space for elevating the security of communication. Based on the Markov Decision Process, with considering flows distribution in the network, the PPT adopts an evolution routing path scheduling algorithm with a segment path update strategy, which relieves the press on the overhead of control and incompatibility. Our analysis demonstrates that PPT can secure data delivery in the worst network environment while countering sophisticated attacks in an evasion-free manner (e.g., advanced persistent threat). Case study and experiment results show its effectiveness in proactively defending against targeted attacks and its advantage compared with previous route mutation methods.

show abstract

“…Dolev and Tzur-David [13] propose a secret sharing scheme over multiple network paths to mitigate the problem of stolen or short keys (i.e., implementation vulnerabilities). Ahmadi et al [1] and later Safavi-Naini et al [30] considered models where shares of the message are sent over multiple paths that are changing (switching) in each time interval, and proved that the system provides information theoretic security and so stays secure against a quantum computer. Applications on real networks for such schemes, which combine secret sharing with multi-path switching, have also started to be proposed, including [10], which applies secret sharing to provide security for controller and switch communication in the face of an adversary with quantum computing capabilities in Software-Defined Networks (SDNs).…”

Section: Introductionmentioning

confidence: 99%

“…In this work, our goal is to examine the real-world security of schemes that combine secret sharing with multipath switching. We consider the scheme in [30] (referred to in the rest of this paper as Multi-path Switching with Secret Sharing or, for short, MSSS) because it was shown to have perfect information theoretic security. The security of MSSS relies on the assumptions that paths are atomic and packets travel on such paths with the same delay.…”

Section: Introductionmentioning

confidence: 99%

More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes

Rashidi

Kostecki²,

James

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

With progress toward a practical quantum computer has come an increasingly rapid search for quantum-safe, secure communication schemes that do not rely on discrete logarithm or factorization problems. One such encryption scheme, Multi-path Switching with Secret Sharing (MSSS), combines secret sharing with multi-path switching to achieve security as long as the adversary does not have global observability of all paths and thus cannot capture enough shares to reconstruct messages. MSSS assumes that sending a share on a path is an atomic operation and all paths have the same delay. We identify a side-channel vulnerability for MSSS, created by the fact that in real networks, sending a share is not an atomic operation as paths have multiple hops and different delays. This channel, referred to as Network Data Remanence (NDR), is present in all schemes like MSSS whose security relies on transfer atomicity and all paths having the same delay. We demonstrate the presence of NDR in a physical testbed. We then identify two new attacks that aim to exploit the side-channel, referred to as NDR Blind and NDR Planned, propose an analytical model to analyze the attacks, and demonstrate them using an implementation of MSSS based on the ONOS SDN controller. Finally, we present a countermeasure for the attacks and show its effectiveness in simulations and Mininet experiments. DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.

show abstract

Path Hopping: An MTD Strategy for Long-Term Quantum-Safe Communication

Cited by 4 publications

References 20 publications

On Randomization in MTD Systems

On Randomization in MTD Systems

Polymorphic Path Transferring for Secure Flow Delivery

More than a Fair Share: Network Data Remanence Attacks against Secret Sharing-based Schemes

Contact Info

Product

Resources

About