Secrecy Preserving Signatures Filtering Packets without Learning the Filtering Rules.

Slides:



Advertisements
Similar presentations
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Advertisements

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Middleware for Building Adaptive Systems Via Configuration An SAIC Company S. Narain R. Vaidyanathan S. Moyer A. Shareef K. Parmeswaran Internet Architecture.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Lesson 19: Configuring Windows Firewall
MIGRATION FROM SCREENOS TO JUNOS based firewall
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
Department Of Computer Engineering
Automatic Generation and Analysis of NIDS Attacks Shai Rubin Somesh Jha Barton P. Miller University of Wisconsin, Madison.
A Survey on Interfaces to Network Security
Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
ICS-FORTH WISDOM Workpackage 3: New security algorithm design FORTH-ICS The next six months Cork, 29 January 2007.
Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.
Module 13: Network Load Balancing Fundamentals. Server Availability and Scalability Overview Windows Network Load Balancing Configuring Windows Network.
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
COEN 252 Computer Forensics Collecting Network-based Evidence.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
AWS Cloud Firewall Review Architecture Decision Group October 6, 2015 – HUIT-Holyoke-CR 561.
Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.
APM for Security Forensics ENHANCING IT SECURITY WITH POST-EVENT INTRUSION RESOLUTION Lakshya Labs.
Denial-of-Service, Address Ownership,and,Early Authentication in IPv6 World (An Approach) Aditya Vutukuri From article by Pekka Nikander Ericsson Research.
McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.
1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.
Intro to Firewalls. A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
© 2009 WatchGuard Technologies WatchGuard ReputationAuthority Rejecting Unwanted & Web Traffic at the Perimeter.
TCAM –BASED REGULAR EXPRESSION MATCHING SOLUTION IN NETWORK Phase-I Review Supervised By, Presented By, MRS. SHARMILA,M.E., M.ARULMOZHI, AP/CSE.
Sky Advanced Threat Prevention
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
Firewall in the Internet Security By Dou Wang, Ying Chen, Jiaying Shi School of Computer Science University of Windsor November 2007.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
AQA A2 COMP 3: Internet Security. Lesson Aim By the end of the lesson: By the end of the lesson: Describe different security issues and recommend tools/techniques.
Yanfei Fan, Yixin Jiang, Haojin Zhu, Xuemin Shen, Jiming Chen.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
A presentation by John Rowley for IUP COSC 356 Dr. William Oblitey Faculty member in attendance.
FIREWALLS Created and Presented by: Dawn Blitch & Fredda Hutchinson.
Lecture 18 Page 1 CS 236 Online Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
NPM and Security Forensics Mark Cromley Solutions Engineer Viavi Solutions, Inc.
أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)
Snort – IDS / IPS.
100% Exam Passing Guarantee & Money Back Assurance
All You Need to Know About Firewall
Network Security Marshall Leitem 11/30/04
Prepared By : Pina Chhatrala
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
Firewalls.
James Logan CS526 Dr. Chow April 29, 2009
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
Network Security: IP Spoofing and Firewall
Firewalls Purpose of a Firewall Characteristic of a firewall
Detecting Targeted Attacks Using Shadow Honeypots
FIREWALL.
Firewall Installation
Outline The concept of perimeter defense and networks Firewalls.
Presentation transcript:

Secrecy Preserving Signatures Filtering Packets without Learning the Filtering Rules

2 Preventing Attacks with Filtering Inbound Traffic Filtered Traffic Blocked Traffic Commodity FW Threat Signatures

3 Problem: Protecting IP Inbound Traffic Filtered Traffic Blocked Traffic Commodity FW Threat Signatures Valuable/Sensitive Information

4 Solutions Inbound Traffic Filtered Traffic Blocked Traffic Commodity FW Threat Signatures Valuable/Sensitive Information Option #1: “Lock the Door” The signature owner performs all filtering. The third-party network operators improve their physical security. We encase the hardware in tamper-resistant cases.

5 Solutions Option #2: Distribute the Signature Information No single machine knows the signatures or can, by itself, determine whether a packet would be filtered. Compromising all machines would still not yield the full signature list, though it would allow for an attacker to test packets to see if they would be filtered. Filtered Traffic Third Party Signature Owner Garbler Third Party

6 Solutions Option #2: Distribute the Signature Information System should be capable of deep packet inspection. Performance must be practical. (If possible, make use of commodity FW technology.) Filtered Traffic Third Party Signature Owner Garbler Third Party

7 Project Goals To formally model our system and adversary and understand fundamental limits of what is possible. To seek new algorithms with provable correctness, performance, and security guarantees. (The ability to perform regular expression string matching in a secrecy preserving, and reasonably efficient manner, will likely require new crypto.) To use prototype-driven performance evaluation to validate the practicality of our most efficient solutions.

8 Project Schedule & Budget Phase 1 (formal model & fundamental limits): 4 months, $134,000 Phase 2 (algorithms & proofs): 5 months, $152,000 Phase 3 (system designs & prototypes): 6 months, $221,000 Total Budget: $507,000

9 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.