Add to collection(s) Add to saved
  1. Math
  2. Statistics And Probability
  3. Biostatistics

Summary of “CLIQUES: A New Approach to Group Key Agreement”

advertisement 
EECS 598–2 Computer & Network Security
Paper summary of
“Inferring Internet Denial-of-Service Activity”
&
“ZIA: Zero-Interaction Authentication”
Name: Dong Kwan Lee
UMID: 6225-5694
Summary of “Inferring Internet Denial-of-Service Activity”
Most attackers use spoofed IP address to conceal their location and identity. Consequently, the
packets appear to the victim to be arriving from one or more third parties. Moreover, attackers
can launch more powerful DoS attacks by compromising a set of internet hosts and use them to
attack another victim machine. Because there is no simple way to distinguish the good request
from the bad, it can be difficult to defend against DoS flooding attacks. Hence a reasonable
quantitative foundation of estimating the amount of DoS attacks may be necessary to understand
the nature of DoS attacks.
In this paper, D. Moore introduced the concept of “backscatter analysis” to estimate the number
denial-of-service (DoS) activities on the internet. The key observation behind the proposed
technique is that most DoS packets select its source address at random in the 32-bit IP address
space. By monitoring the number of suspicious packets (unsolicited response, which may be
generated by DoS victim machines) targeted to a subset of internet machines, one can estimate
the number of total DoS attacks on the internet.
Several important assumptions were made by the author. First, he assumed the randomness of
spoofed IP address, which seems reasonable. However ingress filtering and distributed DoS
attacks can impair this assumption. It may cause underestimation of the total number of DoS
attacks. Second, he assumed reliable delivery of attack and backscatter packets to their
destinations. This assumption may also cause underestimation, because during a large attack it is
likely that attack packets (or even scatter packets) may be queued and dropped by some
narrowband links. Firewall or intrusion detection system may drop those packets on purpose.
Third assumption is that the unsolicited packets observed by the monitor represent backscatters.
However some unsolicited packets is not related with attacks (for example random port scan)
Overall the author argues that backscattering analysis may cause us to underestimate the total
number of DoS attacks but this approach is sound and at worst provides a conservative estimate
of current DoS activities. However more refined method which consider above limitations may be
necessary.
Summary of “Zero-Interaction Authentication”
To protect data in a laptop, encryption is necessary wile the user absence. The goal of ZeroInteraction Authentication (ZIA) is to provide effective file encryption and decryption without
reducing performance or usability. To achieve this goal, each on-disk file is encrypted by some
symmetric key for safety, but all cached files are decrypted for performance when the laptop is
under administration of authenticated users.
In ZIA, file keys are stored on the laptop’s disk, encrypted by a key encrypting key. A token,
which can be worn by a user, holds the key encrypting key and it communicates with a laptop
over a short-range wireless link which is also encrypted. When the token is out of range, ZIA
encrypts cached objects for safety. The cache retains these encrypted pages to minimize recovery
time when the user returns. To prevent the disclosure of the key-encrypting keys, periodic rebinding between the user and token and between token and laptop shall be necessary, which can
be performed infrequently. Binding between tokens and laptops shall be accomplished by mutual
authentication and session key establishment using public key scheme. Time costing jobs of ZIA
such as key acquisition and file decryption can be overlapped by disk access which also requires
quite long time. Key caching and pre-fetching can also greatly reduce the need for laptop/token
interaction. By this way the performance degradation by ZIA can be significantly reduced.
This paper improves the limit of previous cryptographic file systems, which do not offer
protection against physical attacks (vulnerable to the theft of laptop). Another advantage of ZIA
is that it does not incur too much interference to the usability and its performance penalty under
normal workloads is not severe (about 9% overhead above local file system). With moderate
amount of overhead, ZIA can secure quite well the data stored in a laptop, but ZIA may limit
background operations when the user is out of the laptop’s radio range.
Related documents
dos_nanog
dos_nanog
How to Efficiently Communicate When Your Network is Under Attack
How to Efficiently Communicate When Your Network is Under Attack
- Krest Technology
- Krest Technology
A System for Denial-of-Service Attack Detection Based on
A System for Denial-of-Service Attack Detection Based on
Dos and Don`ts of Giving Formal 20 Minute Talks
Dos and Don`ts of Giving Formal 20 Minute Talks
BASIC ENGLISH FOR COMPUTING
BASIC ENGLISH FOR COMPUTING
Slides
Slides
sequence authentication
sequence authentication
Detection and Prevention of Denial of Service Attacks Using
Detection and Prevention of Denial of Service Attacks Using
Download
advertisement