Open Research Problems in Network Security

The number of users of the Internet, in whatever way, is growing at an explosive rate. More and more companies are rolling out new applications based on the Internet, forcing more and more users to leverage these systems and therefore become Internet users. Social networking sites and applications are also growing at alarming rates, getting more and more users, whom we can call home or private users, involved and active on the Internet. Corporate companies are now also integrating social networking as part of their way of doing business, and governments are implementing Internet based systems ranging from medical applications to critical IT infrastructure protection.

Event-scheduling applications like Doodle have the problem of privacy relevant information leakage. A simple idea to prevent this would be to use an e-voting scheme instead.

However, this solution is not sufficient as we will show within this paper. Additionally we come up with requirements and several research questions related to privacy-enhanced event scheduling. These address privacy, security as well as usability of privacy-enhanced event scheduling.

The open nature of communications in Wireless Sensor Networks (WSNs) makes it easy for an adversary to trace all the communications within the network. If techniques such as encryption may be employed to protect data privacy (i.e. the content of a message), countermeasures to deceive context privacy (e.g. the source of a message) are much less straightforward. In recent years, the research community addressed the problem of context privacy. Some work aimed to hide the position of the collecting node. Other work investigated on hiding the position of an event—sensed by the WSN. However, the solutions proposed for events hiding either: (i) considered only static events; (ii) are not efficient. In this work, we describe open issues that we identified in the current research. In particular, we consider the problem of efficiently hiding mobile events.

This paper discusses the emerging and future cyber threats to critical systems identified during the EU/FP7 project ICT-FORWARD. Threats were identified after extensive discussions with both domain experts and IT security professionals from academia, industry, and government organizations. The ultimate goal of the work was to identify the areas in which cyber threats could occur and cause serious and undesirable consequences, based on the characteristics of critical systems. A model of a critical system is suggested and used to distill a list of cyber threats specific to such systems. The impact of the identified threats is illustrated by an example scenario in order to stress the risks and consequences that the materialization of such threats could entail. Finally, we discuss possible solutions and security measures that could be developed and implemented to mitigate the situation.

This paper revisits the conventional notion of security, and champions a paradigm shift in the way that security should be viewed: we argue that the fundamental notion of security should naturally be one that actively aims for the root of the security problem: the malicious (human-terminated) adversary. To that end, we propose the notion of adversarial security where non-malicious parties and the security mechanism are allowed more activeness; we discuss framework ideas based on factors affecting the (human) adversary, and motivate approaches to designing adversarial security systems. Indeed, while security research has in recent years begun to focus on human elements of the legitimate user as part of the security system’s design e.g. the notion of ceremonies; our adversarial security notion approaches general security design by considering the human elements of the malicious adversary.

This paper introduces Purenet, which is a self-learning malware detection system aimed at avoiding zero-day attacks and other delays in patching application systems when attacks are identified. The concept and architecture of Purenet are described, specifically positioning anomaly detection as the system enabler. Deployment of the system in an operational environment is discussed, and associated recommendations and findings are presented based on this. Findings from the prototype include various considerations which should influence the design of such security software including latency considerations, multi protocol support, cloud anti-malware integration, resource requirement issues, reporting, base platform hardening and SIEM integration.

Cybercriminals are constantly prowling the depths of cyberspace in search of victims to attack. The motives for their attacks vary: some cybercriminals deface government websites to make political statements; others spread malicious software to do large-scale harm; and others still are monetary motivated. In this paper we will concentrate on “cyber fraudsters”. At the time of this writing, a prime hunting ground for fraudsters is online banking. Millions of people worldwide use online banking to quickly and conveniently do their regular bank-related transactions. Unfortunately, this convenience comes at a price. By doing their banking online, they are vulnerable to falling prey to fraud scams such as SIM swap fraud. This paper explains what SIM swap fraud is and how it works. We will analyze the online banking payment transaction process to discover what vulnerabilities fraudsters exploit via SIM swap fraud, and then introduce a computer-based security system which has been developed to help combat it.

The BGP protocol is at the core of the routing infrastructure of the Internet. Across years, BGP has proved to be very stable for its purpose. However, there have been some catastrophic incidents in the past, due to relatively simple router misconfigurations. In addition, unused network addresses are being silently stolen for spamming purposes. A relevant corpus of literature investigated threats in which a trusted BGP router injects malicious or wrong routes and some security improvement to the BGP protocol have also being proposed to make these attacks more difficult to perform. In this work, we perform a large-scale study to explore the validity of the hypothesis that it is possible to mount attacks against the BGP infrastructure without already having the control of a “trusted” BGP router. Even though we found no real immediate threat, we observed a large number of BGP routers that are available to engage in BGP communication, exposing themselves to potential Denial-of-Service attacks.

In the paper are presented solutions for securing the core University Business Processes. A Method for identification which Business processes are critical for security point of view, on which is required to pay more attention for its securing. For securing of the elected Business processes is developed a new security system – Extended Certification Authority. Special Secure eDocument Management Architecture is developed, on which base are developed the solutions for securing the following University Business processes - Delegation of exam permissions to lecturers, Recording exam marks, and Exchange management documents.

The users of eGovernment services start exchanging documents with administrative authorities, making ePayments, and in such communications the risks of confidential information disclosure and direct financial losses are growing up. The computer systems of these users are weak-controlled and are outside of sphere of well-defined information security protection decisions. The technologies for data protection in case of theft or loss of computers and data devices and in case of data leakage are very important for eGovernment services users and must have appropriate properties to be useful for their security needs. A model of anti-theft technology implementation, which disables stolen computers and can send them data-destructive commands to erase sensitive data, is presented. The technologies for control over the channels which can lead to data leakage protect data by whitelisting or blacklisting some devices or ports, by prohibit and allow some actions and operations, or by transparent encryption of outbound data. Some technologies for control over the leaving data use pre-defined set of sensitive data type definitions. Users can select definitions to apply or can customize some of them according specific conditions or regulations. At the end some conclusions about applicability of anti-theft and sensitive data leakage prevention technologies for protection of information security of eGovernment users was done.

The report examines the possibility of establishing of real-time system for analysis and assessment of information security of computers, systems and networks in Internet/Intranet/Extranet environment, using TCP/IP protocols. In the paper are presented known information attacks. Separate classes of malicious software investigations are considered concerning different work platforms (produced by different Computing Systems), work environments (produced by different Browser Systems) and work places (produced by different Antimalware Systems). Methods that can be used to implement the systems are suggested. The capabilities of real-time systems are commented at the end of the paper.

For security-emphasizing fields that deal with evidential data acquisition, processing, communication, storage and presentation, for instance network forensics, border security and enforcement surveillance, ultimately the outcome is not the technical output but rather physical prosecutions in court (e.g. of hackers, terrorists, law offenders) or counter-attack measures against the malicious adversaries.

The aim of this paper is to motivate the research direction of formally linking these technical fields with the legal field. Notably, deriving technical representations of evidential data such that they are useful as evidences in court; while aiming that the legal parties understand the technical representations in better light. More precisely, we design the security notions of evidence processing and acquisition, guided by the evidential requirements from the legal perspective; and discuss example relations to forensics investigations.

Cloud computing can help companies accomplish more by eliminating the physical bonds between an IT infrastructure and its users. Users can purchase services from a cloud environment that could allow them to save money and focus on their core business. At the same time certain concerns have emerged as potential barriers to rapid adoption of cloud services such as security, privacy and reliability. Usually the information security professionals define the security rules, guidelines and best practices of the IT infrastructure of a given organization at the network, host and application levels. The current paper discusses miscellaneous problems of providing the infrastructure security. The different aspects of data security are given a special attention, especially data and its security. The main components of cloud infrastructure security are defined and the corresponding issues and recommendations are given.

Cloud computing - the new paradigm, the future for IT consumer utility, the economy of scale approach, the illusion of un infinite resources availability, yet the debate over security and privacy issues is still undergoing and a common policy framework is missing. Research confirms that users are concern when presented with scenarios in which companies may put their data to uses of which they may not be aware. Therefore, privacy and security should be considered at every stage of a system design whereas advantages and disadvantages should be rated and compared to internal and external factors once a company or a person decides to go into the business of cloud computing or become just an user.

Nowadays more and more Internet applications install reputation systems to collect opinions users have about some reputation objects. The opinions are usually formalized in the form of ratings the reputation system can use to build overall reputation profiles of the reputation objects. Reputation objects might be other users, products, web content and anything else that can be rated. Users may investigate the reputation object’s reputation profile to estimate its quality resp. trustworthiness. As there are currently many providers of reputation systems it would be desirable to make reputation information in different systems interoperable or to establish meta reputation systems that collect information from various applications resp. their reputation systems. This process should consider both interoperability of reputation systems themselves and their interoperability with applications, trust and identity management systems as we will discuss in this paper.