Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Related Research Projects at UCCS Network Research Lab

Published byMay Weaver Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Related Research Projects at UCCS Network Research Lab"— Presentation transcript:

1 Security Related Research Projects at UCCS Network Research Lab
C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs

2 Outline of the Talk Brief Introduction to the Network/Protocol Research Lab at UCCS Network security related research projects at UCCS Network/Protocol Research Lab Autonomous Anti-DDoS Project Secure Collective Defense Project BGP/MPLS based VPN Project Discussion on AFA-UCCS Joint Research/Teaching Projects on Information Assurance Penetration Analysis/Testing exercises? Intrusion Detection/Handling exercises? Other Cyberwarfare related projects? Security Form/Seminar Series

3 UCCS Network Research Lab
Personnel: Director: Dr. C. Edward Chow Graduate students: Chandra Prakash: High Available Linux kernel-based Content Switch Ganesh Godavari: Linux based Secure Web Switch Angela Cearns: Autonomous Anti-DDoS (A2D2) Testbed Longhua Li: IXP-based Content Switch Yu Cai (Ph.D. research assistant): Multipath Routing Jianhua Xie (Ph.D.): Secure Storage Networks Frank Watson: Content Switch for Security Paul Fong: Wireless AODV Routing for sensor networks Nirmala Belusu: Wireless Network Security PEAP vs. TTLS David Wikinson/Sonali Patankar: Secure Collective Defense Murthy Andukuri/Jing Wu: Enhanced BGP/MPLS-based VPN Patricia Ferrao: Web-based Collaborative System Support

4 UCCS Network Lab Setup Gigabit fiber connection to UCCS backbone
Switch/Firewall/Wireless AP: HP 4000 switch; 4 Linksys/Dlink Switches. Sonicwall Pro 300 Firewall 8 Intel 7112 SSL accelerators; XML directors donated by Intel. Cisco 1200 Aironet Dual Band Access Point and 350 client PC/PCI cards (both a and b cards). Intel IXP12EB network processor evaluation board Servers: Two Dell PowerEdge Servers. Workstations/PCs: 8 Dell PCs (3Ghz-500Mhz); 12 HP PCs ( Mhz) 2 laptop PCs with Aironet 350 for mobile wireless OS: Linux Redhat 8.0; Window XP/2000

5 HP4000SW Gigibit Fiber to UCCS Backbone& Workstation Dell Server Intel IXP Network Processor

6 Intel 7110 SSL Accelerators
7280 XML Director

7 DDoS: Distributed Denial of Service Attack
DDoS Victims: Yahoo/Amazon CERT /2001 DNS Root Servers 10/2002 DDoS Tools: Stacheldraht Trinoo Tribal Flood Network (TFN)

8 How wide spread is DDoS? Research by Moore et al of University of California at San Diego, 2001. 12,805 DoS in 3-week period Most of them are Home, small to medium sized organizations

9 Intrusion Related Research Areas
Intrusion Prevention General Security Policy Ingress/Egress Filtering Intrusion Detection Anomaly Detection Misuse Detection Intrusion Response Identification/Traceback/Pushback Intrusion Tolerance

10 Security Related Research Projects
Secure Content Switch Autonomous Anti-DDoS Project Deal with Intrusion Detection and Handling; Techniques: IDS-Firewall Integration Adaptive Firewall Rules Easy to use/manage. Secure Collective Defense Project Deal with Intrusion Tolerance; How to tolerate the attack Techniques (main ideaExplore secure alternate paths for clients to come in) Multiple Path Routing Secure DNS extension: how to inform client DNS servers to add alternate new entries Utilize a consortium of Proxy servers with IDS that hides the IP address of alternate gateways. BGP/MPLS based VPN Project Content Switch for Security.

11 Design of an Autonomous Anti-DDOS Network (A2D2)
Graduate Student: Angela Cearns Goals: Study Linux Snort IDS/Firewall system Develop Snort-Plug-in for Generic Flood Detection Investigate Rate Limiting and Class Based Queueing for Effective Firewall Protection Intrusion Detection automatically trigger adaptive firewall rule update. Study QoS impact with/without A2D2 system.

12

13 A2D2 Multi-Level Adaptive Rate Limiting

14 A2D2 QoS Results - Baseline
Playout Buffering to Avoid Jitter 10-min Video Stream between Real Player & Real Server Packets Received: Around 23,000 (23,445) No DDoS Attack QoS Experienced at A2D2 by Real Player Client with No DDoS

15 A2D2 Results – Non-stop Attack
Packets Received: 8,039 Retransmission Request: 2,592 Retransmission Received: 35 Lost: 2,557 Connection Timed-out Lost of Packets QoS Experienced at A2D2 Client

16 A2D2 Results – UDP Attack Mitigation: Firewall Policy
Packets Received: 23,407 Retransmission Request: 0 Retransmission Received: 0 Lost: 0 Look like we just need plain old Firewall rules, no fancy Rate Limiting/CBQ? QoS Experienced at A2D2 Client

17 A2D2 Results – ICMP Attack Mitigation: Firewall Policy
Packets Received: 7,127 Retransmission Request: 2,105 Retransmission Received: 4 Lost: 2,101 Connection Timed-out Just plain old firewall rule is not good enough! Packet/Connection Loss QoS Experienced at A2D2 Client

18 A2D2 Results – TCP Attack Mitigation: Policy+CBQ
Turn on CBQ Packets Received: 22,179 Retransmission Request: 4,090 Retransmission Received: 2,641 Lost: 1,449 Screen Quality Impact! Look OK But Quality Degrade QoS Experienced at A2D2 Client

19 A2D2 Results – TCP Attack Mitigation: Policy+CBQ+RateLimiting
Turn on Both CBQ & Rate Limiting Packets Received: 23,444 Retransmission Request: 49 – 1,376 Retransmission Received: 40 – 776 Lost: 9 – 600 No image quality degradation QoS Experienced at A2D2 Client

20 A2D2 Future Works Extend to include IDIP/Pushback Anomaly Detection
Improve Firewall/IDS Processing Speed Scalability Issues Tests with More Services Types Tests with Heavy Client Traffic Volume Fault Tolerant (Multiple Firewall Devices) Alternate Routing

21 Wouldn’t it be Nice to Have Alternate Routes?
net-a.com net-b.com net-c.com ... ... ... ... A A A A A A A A DNS3 DNS1 DNS2 R R R How to reroute clients traffic through R1-R3? R DNS R2 R1 R3 Alternate Gateways DDoS Attack Traffic Client Traffic Victim

22 Implement Alternate Routes
net-a.com net-b.com net-c.com ... ... ... ... A A A A A A A A DNS3 DNS1 DNS2 R R R Need to Inform Clients or Client DNS servers! But how to tell which Clients are not compromised? How to hide IP addresses of Alternate Gateways? R DNS R2 R1 R3 Alternate Gateways DDoS Attack Traffic Client Traffic Victim

23 Possible Solution for Alternate Routes
DNS1 ... Victim A net-a.com net-b.com net-c.com DNS2 DNS3 R Sends Reroute Command with DNS/IP Addr. Of Proxy and Victim distress call Proxy1 Proxy2 Proxy3 Blocked by IDS R2 R1 R3 block Attack msgs blocked by IDS New route via Proxy3 to R3

24 Secure Collective Defense
Main IdeaExplore secure alternate paths for clients to come in; Utilize geographically separated proxy servers. Goal: Provide secure alternate routes Hide IP addresses of alternate gateways Techniques: Multiple Path Routing Secure DNS extension: how to inform client DNS servers to add alternate new entries (Not your normal DNS name/IP address mapping entry). Utilize a consortium of Proxy servers with IDS that hides the IP address of alternate gateways. How to partition clients to come at different proxy servers?  may help identify the attacker! How clients use the new DNS entries and route traffic through proxy server?  Use Sock protocol, modify resolver library?

25 New UCCS IA Degree/Certificate
Master of Engineering Degree in Information Assurance Certificate in Information Assurance (offered to Peterson AFB through NISSC) Computer Networks; Fundamental of Security; Cryptography; Advanced System Security Design

26 New CS691 Course on Advanced System Security Design
Use Matt Bishop new Computer Security Text Spring 2003: With one class at UCCS; one at Peterson AFB. Potential use/cooperation with Distribute Security Lab of Ratheon? Integrate security research results into course material such as A2D2, Secure Collective Defense, MPLS-VPN projects. Invite speakers from Industry such as Innerwall and AFA? Looking for potential joint exercises with other institutions such as AFA.

27 Joint Research/Teaching Effort on Information Assurance
Penetration Analysis/Testing exercises? Intrusion Detection/Handling exercises? Other Cyberwarfare related projects? Security Forum organized by Dean Haefner/Dr. Ayen Security Seminar Series with CITTI funding support Look for Speakers (suggestion?)

Download ppt "Security Related Research Projects at UCCS Network Research Lab"

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
9/26/2001Godavari Thesis Proposal SSL Proxy1 The Design and Implementation of a SSL Proxy for Content Switch Thesis Proposal by Ganesh Kumar Godavari Department.

9/26/2001Godavari Thesis Proposal SSL Proxy1 The Design and Implementation of a SSL Proxy for Content Switch Thesis Proposal by Ganesh Kumar Godavari Department.
Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.

Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.
Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.

Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs.

On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
1 TPAC 10/10/2003 chow C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs C. Edward Chow Department of Computer Science.

1 TPAC 10/10/2003 chow C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs C. Edward Chow Department of Computer Science.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
Multipath Routing: Proxy Selection By Joseph A LaConte CS 591 – Semester Project December 07, 2005.

Multipath Routing: Proxy Selection By Joseph A LaConte CS 591 – Semester Project December 07, 2005.
1 Pfleeger Visit 4/13/2004 UCCS Network/System Security C. Edward Chow Xiaobo Joe Zhou Yu Cai Ganesh Godavari Department of Computer Science University.

1 Pfleeger Visit 4/13/2004 UCCS Network/System Security C. Edward Chow Xiaobo Joe Zhou Yu Cai Ganesh Godavari Department of Computer Science University.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Similar presentations

Ads by Google