Intrusion Detection System for Network Security in Synchrophasor Systems

Synchrophasor systems will play a crucial role in next generation Smart Grid monitoring, protection and control. However these systems also introduce a multitude of potential vulnerabilities from malicious and inadvertent attacks, which may render erroneous operation or severe damage. This paper proposes a Synchrophasor Specific Intrusion Detection System (SSIDS) for malicious cyber attack and unintended misuse. The SSIDS comprises a heterogeneous whitelist and behavior-based approach to detect known attack types and unknown and so-called ‘zero-day’ vulnerabilities and attacks. The paper describes reconnaissance, Man-in-the-Middle (MITM) and Denial-of-Service (DoS) attack types executed against a practical synchrophasor system which are used to validate the real-time effectiveness of the proposed SSIDS cyber detection method.

Effective network security monitoring: from attribution to target-centric monitoring

Network security monitoring remains a challenge. As global networks scale up, in terms of traffic, volume and speed, effective attribution of cyber attacks is increasingly difficult. The problem is compounded by a combination of other factors, including the architecture of the Internet, multi-stage attacks and increasing volumes of nonproductive traffic. This paper proposes to shift the focus of security monitoring from the source to the target. Simply put, resources devoted to detection and attribution should be redeployed to efficiently monitor for targeting and prevention of attacks. The effort of detection should aim to determine whether a node is under attack, and if so, effectively prevent the attack. This paper contributes by systematically reviewing the structural, operational and legal reasons underlying this argument, and presents empirical evidence to support a shift away from attribution to favour of a target-centric monitoring approach. A carefully deployed set of experiments are presented and a detailed analysis of the results is achieved.

Exploring Technology Related Design-Space Limitations of High Performance Network Processing

This paper summarizes numerous research activities in high-performance networks and network security processing, and explores technology related performance constraints such as critical performance limitations of circuit architectures, which are set by the semiconductor technologies.

A Survey of Security in Software Defined Networks

The proposition of increased innovation in network applications and reduced cost for network operators has won over the networking world to the vision of Software-Defined Networking (SDN). With the excitement of holistic visibility across the network and the ability to program network devices, developers have rushed to present a range of new SDN-compliant hardware, software and services. However, amidst this frenzy of activity, one key element has only recently entered the debate: Network Security. In this article, security in SDN is surveyed presenting both the research community and industry advances in this area. The challenges to securing the network from the persistent attacker are discussed and the holistic approach to the security architecture that is required for SDN is described. Future research directions that will be key to providing network security in SDN are identified.

Tools for Finding Inconsistencies in Real-world Logic-based Systems

Currently there is extensive theoretical work on inconsistencies in logic-based systems. Recently, algorithms for identifying inconsistent clauses in a single conjunctive formula have demonstrated that practical application of this work is possible. However, these algorithms have not been extended for full knowledge base systems and have not been applied to real-world knowledge. To address these issues, we propose a new algorithm for finding the inconsistencies in a knowledge base using existing algorithms for finding inconsistent clauses in a formula. An implementation of this algorithm is then presented as an automated tool for finding inconsistencies in a knowledge base and measuring the inconsistency of formulae. Finally, we look at a case study of a network security rule set for exploit detection (QRadar) and suggest how these automated tools can be applied.

Secure Multiuser Multiple Amplify-and-Forward Relay Networks in Presence of Multiple Eavesdroppers

In this paper, we study the information-theoretical security of a downlink multiuser cooperative relaying network with multiple intermediate amplify-and-forward (AF) relays, where there exist multiple eavesdroppers which can overhear the message. To prevent the wiretap and strength the network security, we select one best relay and user pair, so that the selected user can receive the message from the base station assisted by the selected relay. The relay and user selection is performed by maximizing the ratio of the received signal-to-noise ratio (SNR) at the user to the eavesdroppers, which is based on both the main and eavesdropper links. For the considered system, we derive the closed-form expression of the secrecy outage probability, and provide the asymptotic expression in high main-to-eavesdropper ratio (MER) region. From the asymptotic analysis, we can find that the system diversity order is equivalent to the number of relays regardless of the number of users and eavesdroppers.

Investigation of secure wireless regions using configurable beamforming on WARP

In this paper, we examine a novel approach to network security against passive eavesdroppers in a ray-tracing model and implement it on a hardware platform. By configuring antenna array beam patterns to transmit the data to specific regions, it is possible to create defined regions of coverage for targeted users. By adapting the antenna configuration according to the intended user’s channel state information, this allows the vulnerability of the physical regions to eavesdropping to be reduced. We present the application of our concept to 802.11n networks where an antenna array is employed at the access point. A range of antenna array configurations are examined by simulation and then realized using the Wireless Open-Access Research Platform(WARP)

Creating secure wireless regions using configurable beamforming

We present a novel approach to network security against passive eavesdroppers by employing a configurable beam-forming technique to create tightly defined regions of coverage for targeted users. In contrast to conventional encryption methods, our security scheme is developed at the physical layer by configuring antenna array beam patterns to transmit the data to specific regions. It is shown that this technique can effectively reduce vulnerability of the physical regions to eavesdropping by adapting the antenna configuration according to the intended user's channel state information. In this paper we present the application of our concept to 802.11n networks where an antenna array is employed at the access point, and consider the issue of minimizing the coverage area of the region surrounding the targeted user. A metric termed the exposure region is formally defined and used to evaluate the level of security offered by this technique. A range of antenna array configurations are examined through analysis and simulation, and these are subsequently used to obtain the optimum array configuration for a user traversing a coverage area.

Secure Multiuser Communications in Multiple Amplify-and-Forward Relay Networks

This paper proposes relay selection in order to increase the physical layer security in multiuser cooperative relay networks with multiple amplify-and-forward (AF) relays, in the presence of multiple eavesdroppers. To strengthen the network security against eavesdropping attack, we present three criteria to select the best relay and user pair. Specifically, criterion I and II study the received signal-to-noise ratio (SNR) at the receivers, and perform the selection by maximizing the SNR ratio of the user to the eavesdroppers. To this end, criterion I relies on both the main and eavesdropper links, while criterion II relies on the main links only. Criterion III is the standard max-min selection criterion,
which maximizes the minimum of the dual-hop channel gains of main links. For the three selection criteria, we examine the system secrecy performance by deriving the analytical expressions for the secrecy outage probability. We also derive the asymptotic analysis for the secrecy outage probability with high main-to eavesdropper ratio (MER). From the asymptotic analysis, an interesting observation is reached: for each criterion, the system diversity order is equivalent to the number of relays regardless of the number of users and eavesdroppers.

Implementation of Selective Packet Destruction on Wireless Open-Access Research Platform

Interesting wireless networking scenarios exist wherein network services must be guaranteed in a dynamic fashion for some priority users. For example, in disaster recovery, members need to be able to quickly block other users in order to gain sole use of the radio channel. As it is not always feasible to physically switch off other users, we propose a new approach, termed selective packet destruction (SPD) to ensure service for priority users. A testbed for SPD has been created, based on the Rice University Wireless open-Access Research Platform and been used to examine the feasibility of our approach. Results from the testbed are presented to demonstrate the feasibility of SPD and show how a balance between performance and acknowledgement destruction rate can be achieved. A 90% reduction in TCP & UDP traffic is achieved for a 75% MAC ACK destruction rate.

Early warning systems for cyber defence

Cybercriminals ramp up their efforts with sophisticated techniques while defenders gradually update their typical security measures. Attackers often have a long-term interest in their targets. Due to a number of factors such as scale, architecture and nonproductive traffic however it makes difficult to detect them using typical intrusion detection techniques. Cyber early warning systems (CEWS) aim at alerting such attempts in their nascent stages using preliminary indicators. Design and implementation of such systems involves numerous research challenges such as generic set of indicators, intelligence gathering, uncertainty reasoning and information fusion. This paper discusses such challenges and presents the reader with compelling motivation. A carefully deployed empirical analysis using a real world attack scenario and a real network traffic capture is also presented.

Towards groundwater security in coastal East Africa: initiating a regional research network and integrated hydrogeologic, climatic & socio-economic observatories in coastal aquifers of the Comoros Islands, Kenya and Tanzania

African coastal regions are expected to experience the highest rates of population growth in coming decades. Fresh groundwater resources in the coastal zone of East Africa (EA) are highly vulnerable to seawater intrusion. Increasing water demand is leading to unsustainable and ill-planned well drilling and abstraction. Wells supplying domestic, industrial and agricultural needs are or have become, in many areas, too saline for use. Climate change, including weather changes and sea level rise, is expected to exacerbate this problem. The multiplicity of physical, demographic and socio-economic driving factors makes this a very challenging issue for management. At present the state and probable evolution of coastal aquifers in EA are not well documented. The UPGro project 'Towards groundwater security in coastal East Africa' brings together teams from Kenya, Tanzania, Comoros Islands and Europe to address this knowledge gap. An integrative multidisciplinary approach, combining the expertise of hydrogeologists, hydrologists and social scientists, is investigating selected sites along the coastal zone in each country. Hydrogeologic observatories have been established in different geologic and climatic settings representative of the coastal EA region, where focussed research will identify the current status of groundwater and identify future threats based on projected demographic and climate change scenarios. Researchers are also engaging with end users as well as local community and stakeholder groups in each area in order to understanding the issues most affecting the communities and searching sustainable strategies for addressing these.

WLAN Security Processor

A novel wireless local area network (WLAN) security processor is described in this paper. It is designed to offload security encapsulation processing from the host microprocessor in an IEEE 802.11i compliant medium access control layer to a programmable hardware accelerator. The unique design, which comprises dedicated cryptographic instructions and hardware coprocessors, is capable of performing wired equivalent privacy, temporal key integrity protocol, counter mode with cipher block chaining message authentication code protocol, and wireless robust authentication protocol. Existing solutions to wireless security have been implemented on hardware devices and target specific WLAN protocols whereas the programmable security processor proposed in this paper provides support for all WLAN protocols and thus, can offer backwards compatibility as well as future upgrade ability as standards evolve. It provides this additional functionality while still achieving equivalent throughput rates to existing architectures. © 2006 IEEE.