PR SM A Secure Code Deployment Scheme for Active Networks Amdjed Mokhtari Leïla Kloul 22 November 2005.

Slides:

Advertisements

Similar presentations

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Advertisements

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Streaming Video over the Internet: Approaches and Directions Dapeng Wu, Yiwei Thomas Hou et al. Presented by: Abhishek Gupta

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Defense by Amit Saha March 25 th, 2004, Rice University ANTS : A Toolkit for Building and Dynamically Deploying Network Protocols David Wetherall, John.

Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao.

Sensor Network Security: Survey Team Members Pardeep Kumar Md. Iftekhar Salam Ah. Galib Reza 110/28/2015.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.

Databases Illuminated

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

Secure and efficient key management in mobile ad hoc networks Authors: Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, and Spyros Magliveras Sources:

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine.

Introduction to Active Network Technology Bernhard Plattner Computer Engineering and Networks Laboratory ETH Zurich, Switzerland.

1 Defense Strategies for DDoS Attacks Steven M. Bellovin

作者 :Satyajeet Ahuja and Marwan Krunz 出處 :IEEE TRANSACTIONS ON MULTIMEDIA, VOL. 10, NO. 7, NOVEMBER 2008 報告者 : 黃群凱 1.

Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)

Institute for Visualization and Perception Research 1 © Copyright 1999 Haim Levkowitz Java-based mobile agents.

1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.

A Scalable High-Performance Active Network Node Dan S. Decasper and Bernhard Plattner, EETH Zurich Guru M. Parulkar, Sumi Chai, John D. Dehart, and Tilman.

多媒體網路安全實驗室 A Secure Privacy-Preserving Roaming Protocol Based on Hierarchical Identity-Based Encryption for mobile Networks 作者 :Zhiguo Wan,Kui Ren,Bart.

Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.

WAN Technologies. 2 Large Spans and Wide Area Networks MAN networks: Have not been commercially successful.

1 Scalability and Accuracy in a Large-Scale Network Emulator Nov. 12, 2003 Byung-Gon Chun.

Munix Bus WiFi Authentication, Log Management, Internet Security, Content Filter & VPN Service Internet Gateway & Business Intelligence

Presented by Edith Ngai MPhil Term 3 Presentation

Grid Computing Security Mechanisms: the state-of-the-art

Zueyong Zhu† and J. William Atwood‡

ANTS Goals Today’s networks lack flexibility …

Defending Against DDoS

Azure AD Application Proxy

Defending Against DDoS

7.1. CONSISTENCY AND REPLICATION INTRODUCTION

You Lu, Zhiyang Wang, Yu-Ting Yu, Mario Gerla

2018/7/28 GridMonitoring: Secured Sovereign Blockchain based Monitoring on Smart Grid Authors: Jian-Bin Gao, Kwame Omono Asamoah, Emmanuel Boateng Sifah,

Firewalls Jiang Long Spring 2002.

DDoS Attack and Its Defense

Trust-based Privacy Preservation for Peer-to-peer Data Sharing

Presentation transcript:

PR SM A Secure Code Deployment Scheme for Active Networks Amdjed Mokhtari Leïla Kloul 22 November 2005

2 PR SM Outline Introduction & Motivation Code distribution mechanisms Security mechanisms Conclusions and future works

3 PR SM Code distribution Code identification address Filter …) and type (TCP, …) limited to one user class Identifier : hash code (MD5, …) links an identifier to its developer Code deployment In band persistence and sharing of codes Out band pre-selection of nodes, multiple path

4 PR SM Publication phase Deployment phase 1 – Active code sending 1 2- identifier sending 2 Code developer CISS Active Node Publication Web Site User 4 4-Consultation of the application service and recuperation of the identifier 3 3- Publication on the web site 6- Request of referenced code 6 7– Active code sending Active data packets and reference sending Referencing phase Code distribution CISS Approach (Code Identification and Storage Server)

5 PR SM Code distribution Approach multi CISS Repartition of CISS Placed at the edge of the network Code base management Distributed code bases Replicated code bases Guarantee the uniqueness of the identifier Distributed code bases management

6 PR SM Injection phaseMigration Phase User CISS Passive node A B C Active node D 1 1- Code request 2 2 – Active code sending 3 3- Code request Active code sending 4 Code distribution Mixed Approach : combines CISS approach and Hop by Hop approach (Node by Node defined in ANTS) Packet header A - Previous node

7 PR SM Security mechanisms Security in code distribution Authentication CAAN (Certificate Authority for Active Network) Key for each entity : CISS, nodes, developers, users and also the code Execution authorization Utilization of a temporary keys Adaptation of ROSA technique [BAGNULO et al 02]

8 PR SM Security mechanisms Publication phase Deployment phase Certificate authentication request 7- Request of code and its key 7 8– Active code and its key sending Active data packets with reference sending and temporary key Referencing phase 1 – Certificate sending with code publication request 1 2- Code reception acceptation – Active code sending Code developer CISS Active node CAAN User 4- Certificate sending with a temporary key request Temporary key sending after verification Certificate authentication request Security in code distribution

9 PR SM Conclusions & Future works Conclusions Global scheme for code distribution based on A Code Identification and Storage Server (CISS) A Publication Site Web of the CISS code base Global scheme for the security based on Utilization temporary keys for the code deployment A certification authority (CAAN) Future works Performance analysis of the defined techniques in large scale network Evaluate the cost of the developed security mechanisms in terms of execution times