Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Research Overview Carl A. Gunter University of Pennsylvania

advertisement 
Research Overview
Carl A. Gunter
University of Pennsylvania
FUNDING SOURCES
Projects
• Authenticated Traversal :
L3A : Goodloe, Gunter,
Stehr
• DoS : Selective
Verification : Gunter,
Khanna, Venkatesh
• OpEm : PPC : Alur,
Gunter
• PISCES
Army Research Office
National Science Foundation
Office of Naval Research
PROFESSORS
Rajeev Alur
Michael Greenwald
Carl A. Gunter
Sanjeev Khanna
Jose Meseguer
Andre Scedrov
Santosh Venkatesh
Steve Zdancewic
RESEARCH STAFF
Mark-Oliver Stehr
Kaijun Tan
PHD STUDENTS
Margaret Delap
Wireless Security
• Why is wireless security any different from
wired security?
– Resource constraints.
– Value of the network link.
– Increased risk to confidentiality.
Wireless Security Efforts
• Layer 1 (Physical)
– Spread spectrum
• Layer 2 (Link)
– 802.11x – 802.11(b) WEP, 802.11(g)
– GPRS
– CDMA 2000
Network Layer Wireless Security
• Advantages
– Independent of underlying link layer.
– Overcomes the challenges addressed by
layer 2 mechanisms for most cases.
– Leverages extensive experience, s/w, and h/w
support from Ipsec for VPNs.
• Disadvantage
– Need set up protocols.
Basic Challenge
Internet
LAN
C
NAS
S
L3A Architecture
L3A
SAM
SPD
Ipsec
IP
SAD
SIKE
Protocol Messages and Tunnels
C
NAS
S
SIKE w/ delegation
SIKE w/ delegation
SIKE
SIKE
Research Directions
• Build on sectrace experience.
• Formal simulation of SIKE and L3A in
Maude in parallel with design.
• Implementation on BSD with X.509 certs.
• Develop requirements for accounting and
prove correctness.
DoS Models and Protection
Measures
•
•
•
•
Shared Channel Model
Selective Verification
Bin Verification
Current Directions
Shared Channel Model
• Adversary can replay and insert packets.
• Legitimate sender sends packets with a
maximum and minimum bandwidth.
• Legitimate sender experiences loss, but
not deliberate modification.
Shared Channel Model
Example
Sender Packet
S1
A1
Dropped Sender Packet
S2
S3
S4
A2
Attacker Packet
A3
S5
A4
Model is a four-tuple (W0, W1, A, p).
• W0, W1 min and max sender b/w
• A attacker max b/w
• p loss rate of sender
A5
Signature Flooding
• Attack factor R = A / W1. Proportionate attack R
= 1. Disproportionate attack R > 1.
• Stock PC can handle about 8000 PKC/sec.
• 10Mbps link sends about 900 pkt/sec, 100Mbps
link sends about 9000 pkt/sec.
• Budget: no more that 5% of processor on PKCs.
Selective Sequential Verification
• Adversary can devote his entire channel to
fake signature packets.
• Countermeasure:
– Valid sender sends multiple copies of the
signature packet.
– Receiver checks each incoming signature
packet with some probability (say, 25% or
1%).
Attack Profile
A
R
A loads
this channel
with bad packets
S requires
low b/w
channel with
high processing
cost at R
S
Selective Verification
A
R
S
Selective Verification
A gets
reduced
channel
A
R
R makes
channels
lossy
Tradeoff:
bandwidth vs. processing
S
S adds
redundancy
Bin Verification
1
1
1
1
1
2
2
2
3
4
3
4
Current Research
• Develop a unified theory with Dolev Yao
AB:M
t
• Investigate general protocol analysis
techniques.
• Analysis of TCP.
Related documents
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
FEDEX NON‐CHEMICAL SHIPMENT 1 DAY
FEDEX NON‐CHEMICAL SHIPMENT 1 DAY
J. Nelson Rushton, Ph.D. Title -- Circuitbot: crowd source program verification
J. Nelson Rushton, Ph.D. Title -- Circuitbot: crowd source program verification
Algebra 1 Preparing for Success Packet
Algebra 1 Preparing for Success Packet
Download
advertisement