Ben Franklin Center of Excellence
Tech Report Bibtex
Home | Faculty | Events | Publications | Tech Reports | Grants | Contact Us
Tech Reports
@TECHREPORT{IBM-TR01,
AUTHOR = {{Trent Jaeger and Reiner Sailer and Yogesh Sreenivasan}},
TITLE = {{Managing the Risk of Covert Information Flows in Virtual Machine Systems}},
NUMBER = {RC24154},
INSTITUTION = {IBM},
MONTH = January,
YEAR = 2007
}
@TECHREPORT{NAS-0055,
AUTHOR = {Hosam Rowaihy and Sharanya Eswaran and Matthew Johnson and
Dinesh Verma and Amotz Bar-Noy and Theodore Brown and Thomas {La
Porta}},
TITLE = {{A Survey of Sensor Selection Schemes in Wireless Sensor
Networks}},
NUMBER = {NAS-TR-0055-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering,
Pennsylvania State University, University Park, PA, USA},
MONTH = nov,
YEAR = 2006
}
@TECHREPORT{NAS-0054,
AUTHOR = {Sophie Y. Qiu and Patrick D. McDaniel and Fabian Monrose},
TITLE = {{Toward Valley-Free Inter-domain Routing}},
NUMBER = {NAS-TR-0054-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering,
Pennsylvania State University, University Park, PA, USA},
MONTH = oct,
YEAR = 2006
}
@TECHREPORT{NAS-0053,
AUTHOR = {JaeSheung Shin and Raju Kumar and Parthu Kishen and Thomas
F. {La Porta}},
TITLE = {{Channelization for Dynamic Multi-Frequency, Multi-Hop
Wireless Cellular Networks}},
NUMBER = {NAS-TR-0053-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering,
Pennsylvania State University, University Park, PA, USA},
MONTH = oct,
YEAR = 2006
}
@TECHREPORT{NAS-0052,
AUTHOR = {Boniface Hicks and Sandra Rueda and Trent Jaeger and
Patrick McDaniel},
TITLE = {{Integrating SELinux with Security-typed Languages}},
NUMBER = {NAS-TR-0052-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering,
Pennsylvania State University, University Park, PA, USA},
MONTH = oct,
YEAR = 2006
}
@TECHREPORT{NAS-0051,
AUTHOR = {Patrick Traynor and William Enck and Patrick McDaniel and
Thomas La Porta},
TITLE = {{Mitigating Attacks on Open Functionality in SMS-Capable
Networks}},
NUMBER = {NAS-TR-0051-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering,
Pennsylvania State University, University Park, PA, USA},
MONTH = oct,
YEAR = 2006
}
@TECHREPORT{NAS-0050,
AUTHOR = {Azin Neishaboori and George Kesidis},
TITLE = {{A Framework for Integrated Power Control, Routing and Link
Scheduling in Multihop CDMA Networks}},
NUMBER = {NAS-TR-0050-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering,
Pennsylvania State University, University Park, PA, USA},
MONTH = sep,
YEAR = 2006
}
@TECHREPORT{NAS-0047,
AUTHOR = {Heesook Choi and Sencun Zhu and Thomas F. {La Porta}},
TITLE = {{SET: Clone Detection in Sensor Networks}},
NUMBER = {NAS-TR-0047-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = sep,
YEAR = 2006
}
@TECHREPORT{NAS-0046,
AUTHOR = {Wesam Lootah and William Enck and Patrick McDaniel},
TITLE = {{TARP: Ticket-based Address Resolution Protocol}},
NUMBER = {NAS-TR-0046-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = aug,
YEAR = 2006
}
@TECHREPORT{NAS-0045,
AUTHOR = {John J. Metzner},
TITLE = {{Simplification of packet-symbol decoding with deletions, mis-ordering of packets, and no sequence numbers}},
NUMBER = {NAS-TR-0045-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = aug,
YEAR = 2006
}
@TECHREPORT{NAS-0044,
AUTHOR = {Patrick Traynor and Raju Kumar and Heesook Choi and Guohong Cao and Sencun Zhu and Thomas La Porta},
TITLE = {{Efficient Hybrid Security Mechanisms for Heterogeneous Sensor Networks}},
NUMBER = {NAS-TR-0044-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = aug,
YEAR = 2006
}
@TECHREPORT{NAS-0043,
AUTHOR = {Sunam Ryu and Kevin Butler and Patrick Traynor and Patrick McDaniel},
TITLE = {{Leveraging Identity-based Cryptography for Node ID Assignment in Structured P2P Systems}},
NUMBER = {NAS-TR-0043-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = aug,
YEAR = 2006
}
@TECHREPORT{NAS-0042,
AUTHOR = {Patrick McDaniel},
TITLE = {{Understanding Equivalance in High-Level and Information Flow Policy}},
NUMBER = {NAS-TR-0042-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = jul,
YEAR = 2006
}
@TECHREPORT{NAS-0041,
AUTHOR = {John J. Metzner},
TITLE = {{On correcting bursts (and random errors) in vector symbol (n, k) cyclic codes}},
NUMBER = {NAS-TR-0041-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = jun,
YEAR = 2006,
ABSTRACT = {Simple methods are shown for correcting bursts of large size and bursts combined with random errors using vector symbols and primarily vector XOR and feedback shift register operations. One result is that any (n, k) cyclic code with minimum distance > 2 can correct all full error bursts of length n-k-1 or less if the error vectors are linearly independent. If the bursts are not full but contain some error-free components the capability of correcting bursts up to n-k-1 or less is code-dependent. The techniques often work when there is linear dependence. For the case where most errors are in a burst but a small number of errors are outside, the solution, given error-correcting capability, can be broken down into a simple solution for the small number of outside errors, followed by a simple subtraction to reveal all the error values in the burst part.}
}
@TECHREPORT{NAS-0040,
AUTHOR = {Lisa Johansen and Kevin Butler and Michael Rowell and Patrick McDaniel},
TITLE = {{Email Communities of Interest}},
NUMBER = {NAS-TR-0040-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = may,
YEAR = 2006
}
@TECHREPORT{NAS-0039,
AUTHOR = {JaeSheung Shin and Parthu Kishen and Thomas F. La Porta},
TITLE = {{Dynamic Multi-Frequency, Multi-Hop Wireless Cellular Networks}},
NUMBER = {NAS-TR-0039-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = apr,
YEAR = 2006
}
@TECHREPORT{NAS-0038,
AUTHOR = {Kameswari Kotapati and Peng Liu and Thomas F. {La Porta}},
TITLE = {{3GPP Specification Aided Discovery of Cascading Attacks}},
NUMBER = {NAS-TR-0038-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = apr,
YEAR = 2006
}
@TECHREPORT{NAS-0037,
AUTHOR = {Trent Jaeger and David King and Kevin Butler and Jonathan McCune and Ram\'{o}n C\'{a}ceres and Serge Hallyn and Joy Latten and Reiner Sailer and Xiolan Zhang},
TITLE = {{Leveraging IPsec for Distributed Authorization}},
NUMBER = {NAS-TR-0037-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = apr,
YEAR = 2006
}
@TECHREPORT{NAS-0036,
AUTHOR = {Raju Kumar and Hosam Rowaihy and Guohong Cao and Farooq Anjum and Aylin Yener and Thomas La Porta},
TITLE = {{Congestion Aware Routing in Sensor Networks}},
NUMBER = {NAS-TR-0036-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = apr,
YEAR = 2006
}
@TECHREPORT{NAS-0035,
AUTHOR = {Boniface Hicks and Kiyan Ahmadizadeh and Patrick McDaniel},
TITLE = {{From Languages to Systems: Understanding Practical Application Development in Security-typed Languages}},
NUMBER = {NAS-TR-0035-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = apr,
YEAR = 2006
}
@TECHREPORT{NAS-0034,
AUTHOR = {Heesook Choi and William Enck and Jaesheung Shin and Patrick McDaniel and Tom LaPorta},
TITLE = {{ASR: Anonymous and Secure Reporting of Traffic Forwarding Activity in Mobile Ad Hoc Networks}},
NUMBER = {NAS-TR-0034-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = mar,
YEAR = 2006
}
@TECHREPORT{NAS-0033,
AUTHOR = {Boniface Hicks and Dave King and Patrick McDaniel and Michael
Hicks},
TITLE = {{Trusted Declassification: High-level policy for a security-typed language}},
NUMBER = {NAS-TR-0033-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = mar,
YEAR = 2006
}
@TECHREPORT{NAS-0031,
AUTHOR = {Heesook Choi and Patrick McDaniel and Thomas F. La Porta},
TITLE = {{Privacy Preserving Communication in MANETs}},
NUMBER = {NAS-TR-0031-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = dec,
YEAR = 2005
}
@TECHREPORT{NAS-0030,
AUTHOR = {Luke {St. Clair} and Lisa Johansen and William Enck and Matthew Pirretti and Patrick Traynor and Patrick McDaniel and Trent Jaeger},
TITLE = {{Password Exhaustion: Predicting the End of Password Usefulness}},
NUMBER = {NAS-TR-0030-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {February},
YEAR = 2006
}
@TECHREPORT{NAS-0029,
AUTHOR = {William Enck and Kevin Butler and Thomas Richardson and Patrick McDaniel},
TITLE = {{Securing Non-Volatile Main Memory}},
NUMBER = {NAS-TR-0029-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {February},
YEAR = 2006,
}
@TECHREPORT{NAS-0028,
AUTHOR = {Matthew Pirretti and Patrick Traynor and Patrick McDaniel and Brent Waters},
TITLE = {{Secure Attribute-Based Systems}},
NUMBER = {NAS-TR-0028-2006},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {February},
YEAR = 2006
}
@TECHREPORT{NAS-0027,
AUTHOR = {John J. Metzner},
TITLE = {{Vector Symbol Concatenated Code Decoding with Symbol Erasures , Errors and List Decisions}},
NUMBER = {NAS-TR-0027-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {October},
YEAR = {2005}
}
@TECHREPORT{NAS-0026,
AUTHOR = {Patrick Traynor and JaeSheung Shin and Bharat Madan and Shashi Phoha and Thomas La Porta},
TITLE = {{Efficient Group Mobility for Heterogeneous Sensor Networks}},
NUMBER = {NAS-TR-0026-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {September},
YEAR = {2005}
}
@TECHREPORT{NAS-0025,
AUTHOR = {Patrick Traynor and Michael Chien and Scott Weaver and Boniface Hicks and Patrick McDaniel},
TITLE = {{Non-Invasive Methods for Host Certification}},
NUMBER = {NAS-TR-0025-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {September},
YEAR = {2005}
}
@TECHREPORT{NAS-0024,
AUTHOR = {Matthew Pirretti and Vijaykrishnan Narayanan and Patrick McDaniel and Bharat Madan},
TITLE = {{SLAT: Secure Localization with Attack Tolerance}},
NUMBER = {NAS-TR-0024-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {August},
YEAR = {2005}
}
@TECHREPORT{NAS-0023,
PDF = {/tech_report/NAS-TR-0023-2005.pdf},
AUTHOR = {Jisheng Wang and David J. Miller and George Kesidis},
TITLE = {Efficient Mining of the Multidimensional Traffic Cluster Hierarchy for Digesting, Visualization, and Anomaly Identification},
NUMBER = {NAS-TR-0023-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {August},
YEAR = {2005},
ABSTRACT = {Mining traffic traces to identify the dominant flows sent over a given link, over a specified time interval, is a valuable capability with applications to traffic auditing, simulation, and visualization of unexpected phenomena. Recently, Estan et al. advanced a comprehensive data mining structure tailored for networking data a parsimonious, multidimensional flow hierarchy, along with an algorithm for its construction. While they primarily targeted off-line auditing, interactive visualization of current traffic or of network simulations in progress will require real-time data mining. We suggest several improvements to Estan et al.'s algorithm that substantially reduce the computational complexity of multidimensional flow mining. We also propose computational and memory-efficient approaches for unidimensional clustering of the IP address spaces. For baseline implementations, evaluated on the New Zealand (NZIX) trace data, our method reduced CPU execution times of the Estan el al. method by a factor of more than eight. We also demonstrate the usefulness of our approach for anomaly and attack identification, based on traces from the Slammer and Code Red worms and the MIT Lincoln Labs DDoS data.}
}
@TECHREPORT{NAS-0022,
PDF = {/tech_report/NAS-TR-0022-2005.pdf},
AUTHOR = {Bita Mortazavi and George Kesidis},
TITLE = {A Model of a Reputation Service for Incentive Engineering},
NUMBER = {NAS-TR-0022-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {July},
YEAR = {2005},
ABSTRACT = {Reputation systems are used to provide incentives for cooperation among participants of, and generally help to secure, peer-to-peer networks. In this paper, a survey of such systems is provided followed by the description of a model of a reputation framework that can capture the phenomenon of peer nodes misrepresenting reputations for malicious or selfish reasons. For special case, the model is shown to converge in mean to reputations that "reveal" the true propensity of peer nodes to cooperate. The paper concludes with a simulation study that considers weighted voting, hierarchical trust groups and misrepresentations.}
}
@TECHREPORT{NAS-0021,
PDF = {/tech_report/NAS-TR-0021-2005.pdf},
AUTHOR = {Kameswari Kotapati and Peng Liu and Yan Sun and Thomas F. {La Porta}},
TITLE = {{A Taxonomy of Cyber Attacks on {3G} Networks}},
NUMBER = {NAS-TR-0021-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {January},
YEAR = {2005},
ABSTRACT = {Cross Network Services are a new breed of services that have spawned from the merger of the Internet and the previously isolated wireless telecommunication network. These services act as a launching pad for a new type of security threat - the Cross Infrastructure Cyber Attack. This paper is the first to propose attack taxonomy for 3G networks. The uniqueness of this taxonomy is the inclusion of Cross Infrastructure Cyber Attacks in addition to the standard Single Infrastructure attacks. This paper also proposes an abstract model of the 3G network entities. This abstract model has been a vehicle in the development of the attack taxonomy, detection of vulnerable points in the network and validating 3G network vulnerability assessment tools. This paper examines the threats and vulnerabilities in a 3G network with special examination of the security threats and vulnerabilities introduced by the merger of the 3G and the Internet. The abstract model aids this comprehensive study of security threats and vulnerabilities on 3G networks.}
}
@TECHREPORT{NAS-0020,
PDF = {/tech_report/NAS-TR-0020-2005.pdf},
AUTHOR = {Jing Zhao and Guohong Cao},
TITLE = {{VADD}: Vehicle-Assisted Data Delivery in Vehicular Ad Hoc Networks},
NUMBER = {NAS-TR-0020-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {July},
YEAR = {2005},
ABSTRACT = {Multi-hop data delivery through vehicular ad hoc networks is complicated by the fact that vehicular networks are highly mobile and frequently disconnected. To address this issue, we adopt the idea of carry and forward, where a moving vehicle carries the packet until a new vehicle moves into its vicinity and forwards the packet. Different from existing carry and forward solutions, we make use of the predicable vehicle mobility, which is limited by the traffic pattern and road layout. Based on the existing traffic pattern, a vehicle can find the next road to forward the packet to reduce the delay. We propose several vehicle-assisted data delivery (VADD) protocols to forward the packet to the best road with the lowest data delivery delay. Experimental results are used to evaluate the proposed solutions. Results show that the proposed VADD protocols outperform existing solutions in terms of packet delivery ratio, data packet delay and protocol overhead. Among the proposed VADD protocols, the H-VADD protocol has much better performance.}
}
@TECHREPORT{NAS-0019,
PDF = {/tech_report/NAS-TR-0019-2005.pdf},
AUTHOR = {Kameswari Kotapati and Peng Liu and Thomas F. {La Porta}},
TITLE = {{CAT} -- A Practical {SDL} Based Attack Attribution Toolkit for {3G} Networks},
NUMBER = {NAS-TR-0019-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {June},
YEAR = {2005},
ABSTRACT = {This paper presents the Cross Infrastructure Attack Attribution Toolkit (CAT), which is a utility to analyze the vulnerability of 3G networks using telecommunication specifications. CAT analyzes vulnerabilities by generating attack graphs, which show the global view of the network in the event of an attack. The uniqueness of CAT is as follows: (1) usage of telecommunication specification written in Specification and Description Language (SDL) to derive attack graphs, (2) implementation of simple algorithms that output attack graphs irrespective of intruder profile and network configuration, and (3) generation of attack graphs that are exhaustive, succinct and loop free with low redundancy.}
}
@TECHREPORT{NAS-0018,
PDF = {/tech_report/NAS-TR-0018-2005.pdf},
AUTHOR = {Sophie Y. Qiu and Patrick D. McDaniel and Fabian Monrose and Aviel D. Rubin},
TITLE = {Characterizing Address Use Structure and Stability of Origin Advertisement in Inter-domain Routing},
NUMBER = {NAS-TR-0018-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {July},
YEAR = {2005},
ABSTRACT = {The stability and robustness of BGP remains one of the most critical elements in sustaining today's Internet. In this paper, we study the structure and stability of origin advertisements in inter-domain routing. Using our q-chart IP address advertisement visualization tool, we explore the gross structure of IP address advertisements and show that it exhibits considerably consistent structure. We further quantitatively characterize the stability of origin advertisements by analyzing real-world BGP updates for a period of one year from multiple vantage points. We show that while repetitive prefix re-additions and subsequent withdrawals constitute a major volume of BGP updates -- due in part to a number of frequently flapping prefixes with short up-and-down cycles -- a significant portion of prefixes have high origin stability. In particular, origin changes account for less than 2\% of the BGP update traffic, with more than 90\% of the prefixes being consistently originated by the same AS for an entire year. For those prefixes involved in origin changes, approximately 57\% have only one change across the year, implying that these changes are indeed permanent. We also show that most ASes are involved in few, if any, prefix movement events, while a small number of ASes are responsible for most of the advertisement churn. Additionally, we find that a high volume of new prefixes can be attributed to actively evolving countries, that some abnormal prefix flapping is most likely due to misconfiguration, and that most of the origin changes are a result of multi-homed prefixes oscillating between their origins. This work not only contributes to a better understanding of BGP dynamics, but also provides insights for other research areas such as BGP security that rely on key assumptions pertaining to origin stability.}
}
@TECHREPORT{NAS-0017,
PDF = {/tech_report/NAS-TR-0017-2005.pdf},
AUTHOR = {Hosam Rowaihy and William Enck and Patrick McDaniel and Thomas {La Porta}},
TITLE = {Limiting {Sybil} Attacks in Structured Peer-to-Peer Networks},
NUMBER = {NAS-TR-0017-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {July},
YEAR = {2005},
ABSTRACT = {Structured peer-to-peer networks are highly scalable, efficient, and reliable. These characteristics are achieved by deterministically replicating and recalling content within a widely distributed and decentralized network. One practical limitation of these networks is that they are frequently subject to Sybil attacks: malicious parties can compromise the network by generating and controlling large numbers of shadow identities. In this paper, we propose an admission control system that mitigates Sybil attacks by adaptively constructing a hierarchy of cooperative admission control nodes. Implemented by the peer-to-peer nodes, the admission control system vets joining nodes via client puzzles. A node wishing to join the network is serially challenged by the nodes from a leaf to the root of the hierarchy. Nodes completing the puzzles of all nodes in the chain are provided a cryptographic proof of the vetted identity. In this way, we exploit the structure of hierarchy to distribute load and increase resilience to targeted attacks on the admission control system. We evaluate the security, fairness, and efficiency of our scheme analytically and via simulation. Centrally, we show that an adversary must perform days or weeks of effort to obtain even a small percentage of nodes in small peer-to-peer networks, and that this effort increases linearly with the size of the network. We further show that we can place a ceiling on the number of IDs any adversary may obtain by requiring periodic reassertion of the an IDs continued validity. Finally, we show that participation in the admission control system does not interfere with a node?s use of the peer-to-peer system: the loads placed on the nodes participating in admission control are vanishingly small.}
}
@TECHREPORT{NAS-0016,
PDF = {/tech_report/NAS-TR-0016-2005.pdf},
AUTHOR = {Hui Song and Sencun Zhu and Guohong Cao},
TITLE = {Attack-Resilient Time Synchronization for Wireless Sensor Networks},
NUMBER = {NAS-TR-0016-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {May},
YEAR = {2005},
ABSTRACT = {The existing time synchronization schemes in sensor networks were not designed with security in mind, thus leaving them vulnerable to security attacks. In this paper, we first identify various attacks that are effective to several representative time synchronization schemes, and then focus on a specific type of attack called delay attack, which cannot be addressed by cryptographic techniques. Then, we propose two approaches to detect and accommodate the delay attacks. Our first approach uses the generalized extreme studentized deviate (GESD) algorithm to detect multiple outliers introduced by the compromised nodes; our second approach uses a threshold derived using a time transformation technique to filter out the outliers. Finally, we show the effectiveness of these two schemes through extensive simulations.}
}
@TECHREPORT{NAS-0015,
PDF = {/tech_report/NAS-TR-0015-2005.pdf},
AUTHOR = {Hungyuan Hsu and Sencun Zhu and Ali Hurson},
TITLE = {{LIP:} A Lightweight Inter-layer Protocol for Network Access Control in Mobile Ad-Hoc Networks},
NUMBER = {NAS-TR-0015-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {May},
YEAR = {2005},
ABSTRACT = {Most ad hoc networks do not implement any network access control, leaving these networks vulnerable to packet injection attacks where a malicious node injects a large number of packets into the network with the goal of depleting the resources of the nodes relaying the packets. To prevent such attacks, it is necessary to employ authentication mechanisms that ensure that only authorized nodes can inject traffic into the network. We design a Lightweight Inter-layer Protocol (LIP) for network access control based on efficient local broadcast authentication mechanisms. In addition to preventing attacks by unauthorized nodes, LIP can also detect and minimize the impersonation attacks by compromised insider nodes. Through detailed simulation study, we show that LIP incurs small bandwidth overhead and has little impact on the traffic delivery ratio even in the case of high node mobility. Moreover, the transparency and independence properties of LIP allows it to be turned on/off as desired and to be integrated seamlessly with secure routing protocols, providing stronger security services for ad hoc networks.}
}
@TECHREPORT{NAS-0014,
PDF = {/tech_report/NAS-TR-0014-2005.pdf},
AUTHOR = {John J. Metzner},
TITLE = {Burst Erasure Correction to Improve the Efficiency of Broadband {CSMA/CD}},
NUMBER = {NAS-TR-0014-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {June},
YEAR = {2004},
ABSTRACT = {Assume a broadcast network with a central station. All senders send to the central station, and the central station rebroadcasts all receptions on a different band. In standard CSMA/CD, all senders stop when a collision is detected. In the suggested modified algorithm, exactly one continues to send. A colliding sender can know if it was the first to arrive at the central station. If so, it continues to send, else it stops. The one that continues to send incurs an observable-length erasure burst, and appends a redundant part to its frame to allow filling in the burst erasure. Also, a collision resolution-like algorithm is introduced which improves fairness and performance.}
}
@TECHREPORT{NAS-0013,
PDF = {/tech_report/NAS-TR-0013-2005.pdf},
AUTHOR = {John J. Metzner and Jade Bissat and Yuexin Liu},
TITLE = {Efficient, Secure and Reliable Ring Multicast in Wired or Wireless Networks},
NUMBER = {NAS-TR-0013-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {June},
YEAR = {2005},
ABSTRACT = {A multicast scheme is described which merges the key distribution and acknowledgment tasks, allowing simple acknowledgment and frequent key changing, if desired. The scheme, denoted SAM for Secure Acknowledging Multicast, requires a ring organization. The key change requires only slightly more than one ring revolution, and need not interrupt data flow. Leaving and joining key changes are similarly easy to handle. Any group member can be the source, and the same acknowledgment policy can be used for reliable communication. The new key is encrypted by the old key, and only new messages use the new key. The joining and leaving methods are somewhat like the ?CLIQUES? strategy, but SAM is more symmetrical, and directly incorporates acknowledgments as an added bonus. It can be applied to virtual rings in switched networks, or to rings in wireless networks. The basic ring procedure is?stop and wait?, but in a modified method, denoted MSAM, channels can be interlaced for near continuous transmission or simultaneous many-to-many communication. For some wireless networks, average transmitted power is a more severe limitation on average bit rate than bandwidth, and stop-and-wait transmission is practical. Broadcast information can be combined with ring acknowledgment for further efficiency reduction.}
}
@TECHREPORT{NAS-0012,
PDF = {/tech_report/NAS-TR-0012-2005.pdf},
AUTHOR = {John J. Metzner},
TITLE = {Pulsed {ALOHA} -- a Form of Multiaccess {UWB} Communications},
NUMBER = {NAS-TR-0012-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {May},
YEAR = {2005},
ABSTRACT = {Pulsed ALOHA is a form of impulse Ultra-Wideband communication where a bit is carried with each pulse, rather than using a time spreading code. Pulsed ALOHA and Wideband ALOHA are perfect fits to low energy wide-bandwidth communication. They permit energy-efficient higher data rates. Pulsed ALOHA has some unique advantages in collision avoidance and collision tolerance over Wideband ALOHA, when used with multi-receiver diversity reception. Both systems have substantial advantages in rate, energy efficiency, and simplicity over using spreading codes. A one-dimensional network example is given, which could be a model for a system along auto roadways.}
}
@TECHREPORT{NAS-0011,
PDF = {/tech_report/NAS-TR-0011-2005.pdf},
AUTHOR = {Boniface Hicks and Patrick McDaniel and Ali Hurson},
TITLE = {Information Flow Control in Database Security: A Case Study for Secure Programming with {Jif}},
NUMBER = {NAS-TR-0011-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {April},
YEAR = {2005},
ABSTRACT = {Because of the increasing demands for privacy and integrity guarantees in applications that handle sensitive, electronic data, there is a need for automated software development tools and techniques for enforcing this security. Although there have been many attempts to apply security to existing systems after the fact, manifold failures indicate that this approach should be revisited. To the contrary, experience indicates that secure systems must be designed with explicit policies from the beginning and that there should be some automated, mathematically-verifiable mechanism to aid programmers in doing this correctly. Recent research in language-based security has made great strides towards the development of sophisticated and robust languages for programming with explicit security policies. Insufficient experience with these languages, however, has left them untested and impractical for writing real, distributed applications. In this paper, we present our experiences of working with Jif, a Java-based, security-typed language, in building a distributed, database application. Our experience has indicated the current impracticality of programming in Jif, but has helped us to identify language development tools and automation algorithms that could aid in making Jif more practical for developing real, distributed applications.}
}
@TECHREPORT{NAS-0010,
PDF = {/tech_report/NAS-TR-0010-2005.pdf},
AUTHOR = {Wesam Lootah and William Enck and Patrick McDaniel},
TITLE = {{TARP}: Ticket-Based Address Resolution Protocol},
NUMBER = {NAS-TR-0010-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {June},
YEAR = {2005},
ABSTRACT = {IP networks fundamentally rely on the Address Resolution Protocol (ARP) for proper operation. Unfortunately, vulnerabilities in the ARP protocol enable a raft of IP-based impersonation, man-in-the-middle, or DoS attacks. Proposed countermeasures to these vulnerabilities have yet to simultaneously address backward compatibility and cost requirements. This paper introduces the {\it Ticket-based Address Resolution Protocol} (TARP). TARP implements security by distributing centrally issued secure MAC/IP address mapping attestations through existing ARP messages. We detail the TARP protocol and its implementation within the Linux operating system. Our experimental analysis shows that TARP improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols. We conclude by exploring a range of operational issues associated with deploying and administering ARP security.}
}
@TECHREPORT{NAS-0009,
PDF = {/tech_report/NAS-TR-0009-2005.pdf},
AUTHOR = {Patrick Traynor and Kevin Butler and William Enck and Jennifer Plasterr and Scott Weaver and John van Bramer and Patrick McDaniel},
TITLE = {Privacy-Preserving Web-Based Email},
NUMBER = {NAS-TR-0009-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {June},
YEAR = {2005},
ABSTRACT = {The Internet is hemorrhaging unimaginable amounts of user data. In addition to information leaked through tracking cookies and spyware, users are often required to allow the providers of online services such as web-based email access to their data. We argue that it is possible to protect this informationfrom the dangers of data mining by external sources regardless of the arbitrary privacy policies imposed by these services. As an existence proof, we present Ketu -- an open-source, extensible tool that provides or message privacy and integrity while assuring plausible deniability for both the sender andreceiver.}
}
@TECHREPORT{NAS-0008,
PDF = {/tech_report/NAS-TR-0008-2005.pdf},
AUTHOR = {Patrick Traynor and Raju Kumar and Hussain Bin Saad and Guohong Cao and Thomas F. La Porta},
TITLE = {{LIGER}: Implementing Efficient Hybrid Security Mechanisms for Heterogeneous Sensor Networks},
NUMBER = {NAS-TR-0008-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {May},
YEAR = {2005},
NOTE = {Updated July 5, 2005},
ABSTRACT = {The majority of security schemes available for sensor networks assume deployment in areas without access to a wired infrastructure. More specifically, nodes in these networks are unable to leverage key distribution centers (KDCs) to assist them with key management. In networks with a heterogeneous mix of nodes, however, it is not unrealistic to assume that some more powerful nodes have at least intermittent contact with a backbone network. For instance, an air-deployed battlefield network may have to operate securely for some time until uplinked friendly forces move through the area. We therefore propose LIGER, a hybrid key management scheme for heterogeneous sensor networks that allows systems to operate in both the presence and absence of a KDC. Specifically, when no KDC is available, nodes communicate securely with each other based upon a probabilistic unbalanced method of key management. The ability to access a KDC allows nodes to probabilistically authenticate neighboring devices with which they are communicating. We also demonstrate that this scheme is robust to the compromise of both low and high capability nodes and that the same keys can be used for both modes of operation. Detailed experiments and simulations are used to show that LIGER is a highly practical solution for the current generation of sensors and the unbalanced approach can significantly reduce the network initialization time.}
}
@TECHREPORT{NAS-0007,
PDF = {/tech_report/NAS-TR-0007-2005.pdf},
AUTHOR = {William Enck and Patrick Traynor and Patrick McDaniel and Thomas F. {La Porta}},
TITLE = {Exploiting Open Functionality in {SMS}-Capable Cellular Networks},
NUMBER = {NAS-TR-0007-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {May},
YEAR = {2005},
ABSTRACT = {Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of
wireless subscribers. To encourage the expansion of this new service, telecommunications companies offer connections between their networks and the Internet. The ramifications of such connections, however, have not been fully recognized. In this paper, we evaluate the security impact of the SMS interface on the availability of the cellular phone network. Specifically, we demonstrate the ability to deny voice service to cities the size of Washington D.C. and Manhattan with little more than a cable modem. Moreover, attacks targeting the entire United States are feasible with resources available at most medium-sized organizations. This analysis begins with an exploration of the structure of cellular networks. We then characterize network behavior and explore a number of reconnaissance techniques aimed at effectively targeting attacks on these systems. We conclude by discussing countermeasures that mitigate or eliminate the threats introduced by these attacks.}
}
@TECHREPORT{NAS-0006,
PDF = {/tech_report/NAS-TR-0006-2005.pdf},
AUTHOR = {{JaeSheung} Shin and {KyoungHwan} Lee and Aylin Yener and Thomas F. {La Porta}},
TITLE = {On-Demand Diversity Wireless Relay Networks},
NUMBER = {NAS-TR-0006-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {April},
YEAR = {2005},
ABSTRACT = {There has been much recent attention on using wireless relay networks to forward data from mobile nodes to a base station. This network architecture is motivated by performance improvements obtained by leveraging the highest quality links to a base station for data transfer. With the advent of agile radios it is possible to improve the performance of relay networks through intelligent frequency assignments. First, it is beneficial if the links of the relay network are orthogonal with respect to each other so that simultaneous transmission on all links is possible. Second, diversity can be added to hops in the relay network to reduce error rates. In this paper we present algorithms for forming such relay networks dynamically. The formation algorithms support intelligent frequency assignments. Our results show that algorithms that order the sequence in which nodes join a relay network carefully achieve the highest amount of diversity and hence best performance.}
}
@TECHREPORT{NAS-0005,
PDF = {/tech_report/NAS-TR-0005-2005.pdf},
AUTHOR = {{JaeSheung} Shin and {HeeSook} Choi and Patrick Traynor and Thomas F. {La Porta}},
TITLE = {Network Formation Schemes for Dynamic Multi-Radio, Multi-Hop Cellular Networks},
NUMBER = {NAS-TR-0005-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {April},
YEAR = {2005},
NOTE = {Updated July 6, 2005},
ABSTRACT = {Multi-hop relaying in cellular networks can greatly increase capacity and performance by exploiting the best available links to a base station. We envision an environment in which relay networks are dynamically formed in different frequency bands in response to the degradation of network performance. Nodes experiencing poor service may use their agile radios to join one of the available, non-interfering relay networks. We propose and evaluate a set of algorithms used to form such relay networks on-demand. Each of the algorithms begins by designating the nodes best suited for acting as gateways between the relay and cellular networks. Each scheme then determines the order of route request initiations. These algorithms are evaluated for latency, signaling overhead and gateway load during the network formation process, and average path length and amount of link sharing in the resulting relay networks. The evaluation leads us to conclude that having nodes furthest from the BS initiate route discovery first is the best approach for reducing the formation overhead and building efficient relay networks. To our knowledge, we are the first to propose and evaluate algorithms for the on-demand formation of multi-hop relay networks. }
}
@TECHREPORT{NAS-0004,
PDF = {/tech_report/NAS-TR-0004-2005.pdf},
AUTHOR = {Boniface Hicks and David King and Patrick McDaniel},
TITLE = {Declassification with Cryptographic Functions in a Security-Typed Language},
NUMBER = {NAS-TR-0004-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {May},
YEAR = {2005},
ABSTRACT = {Security-typed languages are powerful tools for provably enforcing noninterference. Real computing systems, however, often intentionally violate noninterference by deliberately releasing (or declassifying) sensitive information. These systems frequently trust cryptographic functions to achieve declassification while still maintaining confidentiality. We introduce the notion of trusted functions that implicitly act as declassifiers within a security-typed language. Proofs of the new language's soundness and its enforcement of a weakened form of noninterference are given. Additionally, we implement trusted functions used for declassification in the Jif language. This represents a step forward in making security-typed languages more practical for use in real systems.}
}
@TECHREPORT{NAS-0003,
PDF = {/tech_report/NAS-TR-0003-2005.pdf},
AUTHOR = {Patrick Traynor and Guohong Cao and Thomas F. La Porta},
TITLE = {The Effects of Probabilistic Key Management on Secure Routing in Sensor Networks},
NUMBER = {NAS-TR-0003-2005},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {January},
YEAR = {2005},
ABSTRACT = {Secure data dissemination is a necessary and an extremely important component of ad hoc sensor networks and has been the topic of a large body of literature over the past few years. A variety of schemes have been proposed in order to ensure that data is delivered through these networks while maintaining message authenticity, integrity and, if so desired, privacy. The majority approaches applied to ad hoc networks assume the presence of either public or pre-established symmetric keys. This assumption, however, is not realistic for sensor networks. In this paper, we discuss the use of probabilistic symmetric-key management schemes and the ways in which their deployment specifically affects the ability of sensor nodes to optimally route packets in a secure setting. While numerous papers have advocated such an approach, none have investigated the details of such an implementation. Specifically, we contrast pre-establishing symmetric keys with neighboring nodes to a completely reactive approach of instituting secure relationships. Through simulation, we quantify the consequences of the application of these two methods on a number of scenarios requiring secure hop-by-hop routing in sensor networks.}
}
@TECHREPORT{NAS-0002,
PDF = {/tech_report/NAS-TR-0002-2004.pdf},
AUTHOR = {William Aiello and Kevin Butler and Patrick McDaniel},
TITLE = {Path Authentication in Interdomain Routing},
NUMBER = {NAS-TR-0002-2004},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
NOTE = {Revised May 2005},
MONTH = {December},
YEAR = {2004},
ABSTRACT = {Interdomain routing is implemented on the Internet through the Border Gateway Protocol (BGP). Many approaches have been proposed to mitigate or solve the many problems of BGP security; yet, none of the proposed solutions have been widely deployed. The lack of adoption is largely caused by a failure to find an acceptable balance between deployability, cost, and security. In this paper, we study one aspect of the BGP security puzzle: path validation. Unlike many previous works in this area, we develop a formal model of path authentication in BGP. We define and prove the security of our novel and efficient solutions under this model. We further analyze the security relevant stability of paths in the Internet and profile resource consumption of the proposed constructions via trace-based simulations. Our constructions are shown to reduce signature validation costs by as much as 97.3\% over existing proposals while requiring nominal storage resources. We conclude by considering how our solution can be deployed in the Internet.}
}
@TECHREPORT{NAS-0001,
PDF = {/tech_report/NAS-TR-0001-2004.pdf},
AUTHOR = {Patrick Traynor and Heesook Choi and Guohong Cao and Sencun Zhu and Thomas F. La Porta},
TITLE = {Establishing Pair-Wise Keys in Heterogeneous Sensor Networks},
NUMBER = {NAS-TR-0001-2004},
INSTITUTION = {Network and Security Research Center},
ADDRESS = {Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA},
MONTH = {December},
YEAR = {2004},
NOTE = {Updated July 6, 2005},
ABSTRACT = {Many applications that make use of sensor networks require secure communication. Because asymmetric-key approaches to security are impossible to implement in such a resource-constrained environment, symmetric-key methods coupled with clever a priori key distribution schemes have been proposed to achieve the goals of data secrecy and integrity. These approaches typically assume that all sensors are similar in terms of capabilities, and hence deploy the same number of keys in all sensors in a network to provide the aforementioned protections. In this paper we demonstrate that a probabilistic unbalanced distribution of keys throughout the network that leverages the existence of a small percentage of more capable sensor nodes can not only provide an equal level of security but also reduce the consequences of node compromise. We demonstrate the effectiveness of this approach on small networks using a variety of trust models and then demonstrate the application of this method to very large systems. }
}