Home networks lack the powerful security tools and trained personnel available in enterprise networks. This compli- cates efforts to address security risks in residential settings. While prior efforts explore outsourcing network traffic to cloud or cloudlet services, such an approach exposes that network traffic to a third party, which introduces privacy risks, particularly where traffic is decrypted (e.g., using Transport Layer Security Inspection (TLSI)). To enable security screening locally, home networks could introduce new physical hardware, but the capital and deployment costs may impede deployment.
In this work, we explore a system to leverage existing available devices, such as smartphones, tablets and laptops, already inside a home network to create a platform for traffic inspection. This software-based solution avoids new hardware deployment and allows decryption of traffic without risk of new third parties. Our investigation compares on-router inspection of traffic with an approach using that same router to direct traffic through smartphones in the local network. Our performance evaluation shows that smartphone middleboxes can substantially increase the throughput of communication from around 10 Mbps in the on-router case to around 90 Mbps when smartphones are used. This approach increases CPU usage at the router by around 15%, with a 20% CPU usage increase on a smartphone (with single core processing). The network packet latency increases by about 120 milliseconds.
more »
« less
Traffic Analysis in Support of Hybrid SDN Campus Architectures for Enhanced Cybersecurity
The scale and complexity of campus networks continues to accelerate due to recent paradigms such as the Internet of Things (IoT) resulting in a heightened awareness of the need for enhanced cybersecurity. Traditional cybersecurity approaches such as the placement of firewalls and other policy enforcement mechanisms at strategic choke points effectively divide the network into zones and are unable to regulate intrazone host-to-host communication. This traditional approach introduces significant risk as there is little in place to prevent the horizontal propagation of malware or other unwanted traffic within a given zone. In this paper we explore approaches for improving cybersecurity in campus networks by analyzing contemporary campus traffic patterns and propose several architectural enhancements in light of these patterns which introduce strategically placed hardware or hardware-accelerated software data planes which are evaluated from performance and effectiveness perspectives.
more »
« less
- Award ID(s):
- 1925550
- PAR ID:
- 10298958
- Date Published:
- Journal Name:
- IEEE 2021 24th Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN)
- Page Range / eLocation ID:
- 41 to 48
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic. We show, however, that MitM attacks can be realized without direct tampering of any CAN hardware. Our demonstration leverages how diagnostic applications based on RP1210 are vulnerable to Machine-In-The-Middle attacks. Test results show SAE J1939 communications, including single frame and multi-framed broadcast and on-request messages, are susceptible to data manipulation attacks where a shim DLL is used as a Machine-In-The-Middle. The demonstration shows these attacks can manipulate data that may mislead vehicle operators into taking the wrong actions. A solution is proposed to mitigate these attacks by utilizing machine authentication codes or authenticated encryption with pre-shared keys between the communicating parties. Various tradeoffs, such as communication overhead encryption time and J1939 protocol compliance, are presented while implementing the mitigation strategy. One of our key findings is that the data flowing through RP1210-based diagnostic systems are vulnerable to MitM attacks launched from the host diagnostics computer. Security models should include controls to detect and mitigate these data flows. An example of a cryptographic security control to mitigate the risk of an MitM attack was implemented and demonstrated by using the SAE J1939 DM18 message. This approach, however, utilizes over twice the bandwidth as normal communications. Sensitive data should utilize such a security control.
-
Park, C. (Ed.)The adoption of Internet of Things is growing significantly in recent years both to address sustainability in campus operations and as part of digital twin systems. This study looks at in-depth cases of large university campus owners and the challenges that this IOT introduces for the maintenance and management of these systems and the data they collect. In this ethnography there are three main time orientations related to Campus Infrastructure, Information Technology, and Campus Projects. First, a university campus is like a small city, with buildings, utilities, and transportation systems - taken together we call this campus infrastructure (buildings 50-100, roads and utilities 20-50 years). Second, IT employees think on 2–3-month scale, working through implementing software and hardware upgrades, configurations and patches, at times needing agile operations to deal with emerging cybersecurity threats. Third, in capital projects the design phase can last 9 months, and the construction from 1 - 2 years for a typical project, and this is where IOT technologies are often first introduced into campus. However, while the project teams reflect on the user experience, these teams are often removed from the realities of facilities management and do not understand the time scales or the scope of the work that is required to manage a portfolio of campus infrastructure and IT systems. In this paper, we explore how these time orientations lead to tensions and clashes in the types of technologies owners select to implement, integrating new technologies into existing systems, and the challenges of keeping existing systems up and running for the longer time scales of campus infrastructure life spans. Furthermore, this paper presents a paradox: If they speed up, they lose things, if they slow down, they lose other things, and presents ways that owner organizations manage this paradox.more » « less
-
Encryption is a fundamental security measure to safeguard data during transmission to ensure confidentiality while at the same time posing a great challenge for traditional packet and traffic inspection. In response to the proliferation of diverse network traffic patterns from Internet-of-Things devices, websites, and mobile applications, understanding and classifying encrypted traffic are crucial for network administrators, cybersecurity professionals, and policy enforcement entities. This paper presents a comprehensive survey of recent advancements in machine-learning-driven encrypted traffic analysis and classification. The primary goals of our survey are two-fold: First, we present the overall procedure and provide a detailed explanation of utilizing machine learning in analyzing and classifying encrypted network traffic. Second, we review state-of-the-art techniques and methodologies in traffic analysis. Our aim is to provide insights into current practices and future directions in encrypted traffic analysis and classification, especially machine-learning-based analysis.more » « less
-
null (Ed.)Malicious software, popularly known as malware, is a serious threat to modern computing systems. A comprehensive cybercrime study by Ponemon Institute highlights that malware is the most expensive attack for organizations, with an average revenue loss of $2.6 million per organization in 2018 (11% increase compared to 2017). Recent high-profile malware attacks coupled with serious economic implications have dramatically changed our perception of threat from malware. Software-based solutions, such as anti-virus programs, are not effective since they rely on matching patterns (signatures) that can be easily fooled by carefully crafted malware with obfuscation or other deviation capabilities. Moreover, software-based solutions are not fast enough for real-time malware detection in safety-critical systems. In this paper, we investigate promising approaches for hardware-assisted malware detection using machine learning. Specifically, we explore how machine learning can be effective for malware detection utilizing hardware performance counters, embedded trace buffer as well as on-chip network traffic analysis.more » « less