nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Malware Tolerant (Mesh-)Networks

verfasst von : Michael Denzel, Mark Dermot Ryan

Erschienen in: Cryptology and Network Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Mesh networks, like e.g. smart-homes, are networks where every node has routing capabilities. These networks are usually flat, which means that one compromised device can potentially overtake the whole infrastructure, especially considering clone attacks.

To counter attacks, we propose a network architecture which enhances flat networks, especially mesh networks, with isolation and automatic containment of malicious devices. Our approach consists of unprivileged devices, clustered into groups, and privileged “bridge” devices which can cooperatively apply filter rules like a distributed firewall. Since there is no ultimate authority (not even bridges) to control the whole network, our approach has no single point-of-failure – so-called intrusion or malware tolerance. That means, attacks on a single device will not compromise the whole infrastructure and are tolerated. Previous research on mesh networks [3, 8‐10] relied on a single point-of-failure and is, thus, not intrusion or malware tolerant.

Our architecture is dynamic in the sense that bridge devices can change, misbehaving devices can be isolated by outvoting them, and cryptographic keys evolve. This effectively turns the entire network into a moving target.

We used the protocol verifier ProVerif to prove the security properties of our network architecture.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Towards Video Compression in the Encrypted Domain: A Case-Study on the H264 and HEVC Macroblock Processing Pipeline

Nächstes Kapitel Inside GandCrab Ransomware

https://nest.com/uk/about/.

http://www.samsung.com/uk/smartthings/.

http://www2.meethue.com/.

https://www.amazon.co.uk/Amazon-SK705DI-Echo-Black/dp/B01GAGVIE4.

https://madeby.google.com/wifi/.

http://proverif.inria.fr.

https://github.com/mdenzel/malware-tolerant_mesh_network_proofs.

Amir, Y., Kim, Y., Nita-Rotaru, C., Tsudik, G.: On the performance of group key agreement protocols. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(3), 457–488 (2004)CrossRef

Bessani, A.N., Sousa, P., Correia, M., Neves, N.F., Verissimo, P.: The crutial way of critical infrastructure protection. IEEE Secur. Priv. 6(6), 44–51 (2008)CrossRef

Bokareva, T., Bulusu, N., Jha, S.: SASHA: toward a self-healing hybrid sensor network architecture. In: The Second IEEE Workshop on Embedded Networked Sensors, pp. 71–78. Citeseer (2005)

Boneh, D., Ding, X., Tsudik, G.: Identity-based mediated RSA. In: 3rd Workshop on Information Security Application [5]

Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: USENIX Security Symposium (2001)

Davis, D.: Defective sign & encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML. In: USENIX Annual Technical Conf., General Track, pp. 65–78 (2001)

Denzel, M., Ryan, M., Ritter, E.: A malware-tolerant, self-healing industrial control system framework. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 46–60. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_4CrossRef

Di Pietro, R., Ma, D., Soriente, C., Tsudik, G.: POSH: proactive co-operative self-healing in unattended wireless sensor networks. In: IEEE Symposium on Reliable Distributed Systems, pp. 185–194. IEEE (2008)

Di Pietro, R., Mancini, L.V., Soriente, C., Spognardi, A., Tsudik, G.: Playing hide-and-seek with a focused mobile adversary in unattended wireless sensor networks. Ad Hoc Netw. 7(8), 1463–1475 (2009)CrossRef

10.

Diop, A., Qi, Y., Wang, Q.: Efficient group key management using symmetric key and threshold cryptography for cluster based wireless sensor networks. Int. J. Comput. Netw. Inf. Secur. 6(8), 9 (2014)

11.

Dodis, Y., Franklin, M., Katz, J., Miyaji, A., Yung, M.: Intrusion-resilient public-key encryption. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 19–32. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36563-X_2CrossRef

12.

Dodis, Y., Franklin, M., Katz, J., Miyaji, A., Yung, M.: A generic construction for intrusion-resilient public-key encryption. In: Cryptographers’ Track at the RSA Conference [11], pp. 81–988

13.

Franklin, M.: A survey of key evolving cryptosystems. Int. J. Secur. Netw. 1(1–2), 46–53 (2006)CrossRef

14.

Hu, Y.C., Perrig, A.: A survey of secure wireless ad hoc routing. IEEE Secur. Priv. 2(3), 28–39 (2004)CrossRef

15.

Itkis, G.: Intrusion-resilient signatures: generic constructions, or defeating strong adversary with minimal assumptions. In: International Conference on Security in Communication Networks [16], pp. 102–118

16.

Itkis, G., Reyzin, L.: Sibir: signer-base intrusion-resilient signatures. Adv. Cryptol.-Crypto 2002, 101–116 (2002)MATH

17.

Parno, B., Perrig, A., Gligor, V.: Distributed detection of node replication attacks in sensor networks. In: IEEE Symposium on Security and Privacy, pp. 49–63. IEEE (2005)

18.

Sousa, P., Bessani, A.N., Correia, M., Neves, N.F., Verissimo, P.: Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Trans. Parallel Distrib. Syst. 21(4), 452–465 (2010)CrossRef

19.

Veríssimo, P.E., Neves, N.F., Correia, M.P.: Intrusion-tolerant architectures: concepts and design. In: de Lemos, R., Gacek, C., Romanovsky, A. (eds.) WADS 2002. LNCS, vol. 2677, pp. 3–36. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-45177-3_1CrossRef

Titel: Malware Tolerant (Mesh-)Networks
verfasst von: Michael Denzel
Mark Dermot Ryan
Verlag: Springer International Publishing
Buch: Cryptology and Network Security
Print ISBN: 978-3-030-00433-0

Electronic ISBN: 978-3-030-00434-7

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-00434-7_7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"