Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using an “Angel in the Box” to Secure MANETs

Published byAugustus Carr Modified over 6 years ago

Similar presentations

Presentation on theme: "Using an “Angel in the Box” to Secure MANETs"— Presentation transcript:

1 Using an “Angel in the Box” to Secure MANETs
Wu-chang Feng, Ed Kaiser Nirupama Bulusu, Wu-chi Feng Jesse Walker, Erik Johnson

2 Angel in the Box A trusted, tamper-resistant processor that is hidden from the applications and operating system running on the host Ring “–1” Only runs code signed by appropriate authority Intel, DARPA, IETF Has access to key components of running system Paradigm Run anything you want on the untrusted part of the box, but the angel is watching Angel in the Box - Halevi 2004 DIMACS

3 Stopping unwanted traffic Authentic measurements
Platform integrity Fail-safe operation Angel disables host when applications and/or OS are in an unknown state Adversary injects malware into application or disables security Angel quarantines entire system when integrity check fails Angel disables host when “captured” Adversary removes node from network to reverse engineer it Angel disables system upon losing contact with rest of network or when moved outside allowable geographic locations Stopping unwanted traffic Authentic measurements Angel provides data integrity for remote measurements Adversary modifies measurements sent in MANET Angel verifies and certifies data integrity for mission-critical measurements Angel drops unwanted traffic before it reaches the network Adversary floods network Angel tracks public proof-of-work in protocols, verifies that each request contains valid work, and drops those that do not Angel watches over host 2) Angel will self-destruct in 5 seconds 3) Angel will not talk when no one is listening (shade of gray access control) 4) Angel will tell no lies

4 Angel in the Box example
Intel’s Active Management Technology platform Tamper-proof network access control at ingress based on security “posture” (i.e. hardware/software inventory)

5 Good hammer, looking for nails
Detect cheating in online games Similar platform integrity issues as MANETs Adversary has physical control over target machine Extensions to AMTv2 to solve cheating problem Detect software injection of keyboard/mouse input IAMANETs Use existing AMTv2 to solve IAMANET problem Intel’s DTK Work on platform additions to AMTv2 to support new requirements Intel CTG

Download ppt "Using an “Angel in the Box” to Secure MANETs"

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
Vpn-info.com.

Vpn-info.com.
1 Planetary Network Testbed Larry Peterson Princeton University.

1 Planetary Network Testbed Larry Peterson Princeton University.
Stealth Measurements for Cheat Detection in On-line Games Ed Kaiser Wu-chang Feng Travis Schluessler.

Stealth Measurements for Cheat Detection in On-line Games Ed Kaiser Wu-chang Feng Travis Schluessler.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.

The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Moving Target Defense in Cyber Security

Moving Target Defense in Cyber Security
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
The Case for Network Witnesses Wu-chang Feng Travis Schluessler Supported by:

The Case for Network Witnesses Wu-chang Feng Travis Schluessler Supported by:
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology

Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.

Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely John Deere presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely John Deere presents:
Achieving Qualities 1 Võ Đình Hiếu. Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2.

Achieving Qualities 1 Võ Đình Hiếu. Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2.
TUTORIAL # 2 INFORMATION SECURITY 493. LAB # 4 (ROUTING TABLE & FIREWALLS) Routing tables is an electronic table (file) or database type object It is.

TUTORIAL # 2 INFORMATION SECURITY 493. LAB # 4 (ROUTING TABLE & FIREWALLS) Routing tables is an electronic table (file) or database type object It is.
Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.

Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.

Similar presentations

Ads by Google