Modelling Denial of Service Attacks on JFK with Meadow's Cost-Based Framework

We present the first detailed application of Meadows’s cost-based modelling framework to the analysis of JFK, an Internet key agreement protocol. The analysis identifies two denial of service attacks against the protocol that are possible when an attacker is willing to reveal the source IP address. The first attack was identified through direct application of a cost-based modelling framework, while the second was only identified after considering coordinated attackers. Finally, we demonstrate how the inclusion of client puzzles in the protocol can improve denial of service resistance against both identified attacks.

Protocol engineering for protection against denial-of-service attacks

Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service un- availability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries °ood a large amount of bogus data to interfere or disrupt the service on the server. The attack can be either a single-source attack, which originates at only one host, or a multi-source attack, in which multiple hosts coordinate to °ood a large number of packets to the server. Cryptographic mechanisms in authentication schemes are an example ap- proach to help the server to validate malicious tra±c. Since authentication in key establishment protocols requires the veri¯er to spend some resources before successfully detecting the bogus messages, adversaries might be able to exploit this °aw to mount an attack to overwhelm the server resources. The attacker is able to perform this kind of attack because many key establishment protocols incorporate strong authentication at the beginning phase before they can iden- tify the attacks. This is an example of DoS threats in most key establishment protocols because they have been implemented to support con¯dentiality and data integrity, but do not carefully consider other security objectives, such as availability. The main objective of this research is to design denial-of-service resistant mechanisms in key establishment protocols. In particular, we focus on the design of cryptographic protocols related to key establishment protocols that implement client puzzles to protect the server against resource exhaustion attacks. Another objective is to extend formal analysis techniques to include DoS- resistance. Basically, the formal analysis approach is used not only to analyse and verify the security of a cryptographic scheme carefully but also to help in the design stage of new protocols with a high level of security guarantee. In this research, we focus on an analysis technique of Meadows' cost-based framework, and we implement DoS-resistant model using Coloured Petri Nets. Meadows' cost-based framework is directly proposed to assess denial-of-service vulnerabil- ities in the cryptographic protocols using mathematical proof, while Coloured Petri Nets is used to model and verify the communication protocols using inter- active simulations. In addition, Coloured Petri Nets are able to help the protocol designer to clarify and reduce some inconsistency of the protocol speci¯cation. Therefore, the second objective of this research is to explore vulnerabilities in existing DoS-resistant protocols, as well as extend a formal analysis approach to our new framework for improving DoS-resistance and evaluating the performance of the new proposed mechanism. In summary, the speci¯c outcomes of this research include following results; 1. A taxonomy of denial-of-service resistant strategies and techniques used in key establishment protocols; 2. A critical analysis of existing DoS-resistant key exchange and key estab- lishment protocols; 3. An implementation of Meadows's cost-based framework using Coloured Petri Nets for modelling and evaluating DoS-resistant protocols; and 4. A development of new e±cient and practical DoS-resistant mechanisms to improve the resistance to denial-of-service attacks in key establishment protocols.

An institutional understanding of triple bottom line evaluations and the use of social and environmental metrics

Measuring social and environmental metrics of property is necessary for meaningful triple bottom line (TBL) assessments. This paper demonstrates how relevant indicators derived from environmental rating systems provide for reasonably straightforward collations of performance scores that support adjustments based on a sliding scale. It also highlights the absence of a corresponding consensus of important social metrics representing the third leg of the TBL tripod. Assessing TBL may be unavoidably imprecise, but if valuers and managers continue to ignore TBL concerns, their assessments may soon be less relevant given the emerging institutional milieu informing and reflecting business practices and society expectations.

Sex offenders in denial : a study into a group of forensic psychologists' attitudes regarding the corresponding impact upon risk assessment calculations and parole eligibility

A considerable proportion of convicted sex offenders maintain a stance of innocence and thus do not engage in recommended treatment programs. As a result, such offenders are often deemed to have outstanding criminogenic needs which may negatively impact upon risk assessment procedures and parole eligibility. This paper reports on a study that aimed to investigate a group of forensic psychologists’ attitudes regarding the impact of denial on risk assessment ratings as well as parole eligibility. Participants completed a confidential open-ended questionnaire. Analysis indicated that considerable variability exists among forensic psychologists in regards to their beliefs about the origins of denial and what impact such denial should have on post-prison release eligibility. In contrast, there was less disparity regarding beliefs about the percentage of innocent yet incarcerated sex offenders. This paper also reviews current understanding regarding the impact of denial on recidivism as well as upon general forensic assessments.

Detection and prevention of distributed denial of services attacks by collaborative effort of software agents, first prototype implementation

Distributed Denial of Services DDoS, attacks has become one of the biggest threats for resources over Internet. Purpose of these attacks is to make servers deny from providing services to legitimate users. These attacks are also used for occupying media bandwidth. Currently intrusion detection systems can just detect the attacks but cannot prevent / track the location of intruders. Some schemes also prevent the attacks by simply discarding attack packets, which saves victim from attack, but still network bandwidth is wasted. In our opinion, DDoS requires a distributed solution to save wastage of resources. The paper, presents a system that helps us not only in detecting such attacks but also helps in tracing and blocking (to save the bandwidth as well) the multiple intruders using Intelligent Software Agents. The system gives dynamic response and can be integrated with the existing network defense systems without disturbing existing Internet model. We have implemented an agent based networking monitoring system in this regard.

The importance of a triple bottom line approach for safeguarding urban water quality

Water environments are greatly valued in urban areas as ecological and aesthetic assets. However, it is the water environment that is most adversely affected by urbanisation. Urban land use coupled with anthropogenic activities alters the stream flow regime and degrade water quality with urban stormwater being a significant source of pollutants. Unfortunately, urban water pollution is difficult to evaluate in terms of conventional monetary measures. True costs extend beyond immediate human or the physical boundaries of the urban area and affect the function of surrounding ecosystems. Current approaches for handling stormwater pollution and water quality issues in urban landscapes are limited as these are primarily focused on ‘end-of-pipe’ solutions. The approaches are commonly based either on, insufficient design knowledge, faulty value judgements or inadequate consideration of full life cycle costs. It is in this context that the adoption of a triple bottom line approach is advocated to safeguard urban water quality. The problem of degradation of urban water environments can only be remedied through innovative planning, water sensitive engineering design and the foresight to implement sustainable practices. Sustainable urban landscapes must be designed to match the triple bottom line needs of the community, starting with ecosystem services first such as the water cycle, then addressing the social and immediate ecosystem health needs, and finally the economic performance of the catchment. This calls for a cultural change towards urban water resources rather than the current piecemeal and single issue focus approach. This paper discusses the challenges in safeguarding urban water environments and the limitations of current approaches. It then explores the opportunities offered by integrating innovative planning practices with water engineering concepts into a single cohesive framework to protect valuable urban ecosystem assets. Finally, a series of recommendations are proposed for protecting urban water resources within the context of a triple bottom line approach.