Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Overview Carl A. Gunter University of Pennsylvania.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Research Overview Carl A. Gunter University of Pennsylvania."— Presentation transcript:

1 Research Overview Carl A. Gunter University of Pennsylvania

2 Projects Authenticated Traversal : L3A : Goodloe, Gunter, Stehr DoS : Selective Verification : Gunter, Khanna, Venkatesh OpEm : PPC : Alur, Gunter PISCES FUNDING SOURCES Army Research Office National Science Foundation Office of Naval Research PROFESSORS Rajeev Alur Michael Greenwald Carl A. Gunter Sanjeev Khanna Jose Meseguer Andre Scedrov Santosh Venkatesh Steve Zdancewic RESEARCH STAFF Mark-Oliver Stehr Kaijun Tan PHD STUDENTS Margaret Delap Matthew Jacobs Alwyn Goodloe Michael McDougall Peng Li Gaurav Shah Raman Sharykin Jason Simas Ying Xu RESEARCH PROGRAMMERS Sumeet Bedi Watee Arsjamat

3 Wireless Security Why is wireless security any different from wired security? –Resource constraints. –Value of the network link. –Increased risk to confidentiality.

4 Wireless Security Efforts Layer 1 (Physical) –Spread spectrum Layer 2 (Link) –802.11x – 802.11(b) WEP, 802.11(g) –GPRS –CDMA 2000

5 Network Layer Wireless Security Advantages –Independent of underlying link layer. –Overcomes the challenges addressed by layer 2 mechanisms for most cases. –Leverages extensive experience, s/w, and h/w support from Ipsec for VPNs. Disadvantage –Need set up protocols.

6 Basic Challenge CSNAS LAN Internet

7 L3A Architecture L3ASIKESAM SPDSAD IP Ipsec

8 Protocol Messages and Tunnels CSNAS SIKE SIKE w/ delegation SIKE

9 Research Directions Build on sectrace experience. Formal simulation of SIKE and L3A in Maude in parallel with design. Implementation on BSD with X.509 certs. Develop requirements for accounting and prove correctness.

10 DoS Models and Protection Measures Shared Channel Model Selective Verification Bin Verification Current Directions

11 Shared Channel Model Adversary can replay and insert packets. Legitimate sender sends packets with a maximum and minimum bandwidth. Legitimate sender experiences loss, but not deliberate modification.

12 Shared Channel Model Example S1A1S2S3S4A2A3S5A4A5 Model is a four-tuple (W 0, W 1, A, p). W 0, W 1 min and max sender b/w A attacker max b/w p loss rate of sender Sender PacketDropped Sender PacketAttacker Packet

13 Signature Flooding Attack factor R = A / W 1. Proportionate attack R = 1. Disproportionate attack R > 1. Stock PC can handle about 8000 PKC/sec. 10Mbps link sends about 900 pkt/sec, 100Mbps link sends about 9000 pkt/sec. Budget: no more that 5% of processor on PKCs.

14 Selective Sequential Verification Adversary can devote his entire channel to fake signature packets. Countermeasure: –Valid sender sends multiple copies of the signature packet. –Receiver checks each incoming signature packet with some probability (say, 25% or 1%).

15 Attack Profile R S requires low b/w channel with high processing cost at R A loads this channel with bad packets S A

16 Selective Verification RA S

17 R R makes channels lossy S adds redundancy A gets reduced channel Tradeoff: bandwidth vs. processing S A

18 Bin Verification 1 1 1 1 22 34 4123

19 Current Research Develop a unified theory with Dolev Yao A  B : M Investigate general protocol analysis techniques. Analysis of TCP. t

Download ppt "Research Overview Carl A. Gunter University of Pennsylvania."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.

1 Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories Gul Agha Michael Greenwald Carl Gunter Sanjeev Khanna Jose Meseguer Koushik.
TCP and FTP Internet Engineering. 1 Protocol of transport layer Reliability ( guarantee packet arrives to destination ) –Retransmission control Use for.

TCP and FTP Internet Engineering. 1 Protocol of transport layer Reliability ( guarantee packet arrives to destination ) –Retransmission control Use for.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)

Formal Models of Availability Carl A. Gunter University of Pennsylvania (Soon to be the University of Illinois)
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Symbolic Simulation of Tunneling Protocols Carl A. Gunter, Matthew Jacobs, Gaurav Shah, Mark-Oliver Stehr (UIUC), and Alwyn Goodloe Alwyn Goodloe HCES.

Symbolic Simulation of Tunneling Protocols Carl A. Gunter, Matthew Jacobs, Gaurav Shah, Mark-Oliver Stehr (UIUC), and Alwyn Goodloe Alwyn Goodloe HCES.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
Discovery and Traversal of Security Gateways Alwyn E. Goodloe University of Pennsylvania Contessa NS Protocol eXchange June 10, 2005.

Discovery and Traversal of Security Gateways Alwyn E. Goodloe University of Pennsylvania Contessa NS Protocol eXchange June 10, 2005.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

Similar presentations

Ads by Google