dartmouth internet security testbed dist building a
play

Dartmouth Internet Security Testbed (DIST): building a campus-wide - PowerPoint PPT Presentation

Sep 15, 2022 •571 likes •1.13k views

DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Dartmouth Internet Security Testbed (DIST): building a campus-wide wireless testbed Sergey Bratus David Kotz Keren Tan William Taylor Bennet Vance 1 Anna

  1. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Dartmouth Internet Security Testbed (DIST): building a campus-wide wireless testbed Sergey Bratus David Kotz Keren Tan William Taylor Bennet Vance 1 Anna Shubina Michael E. Locasto 2 1 Dartmouth College, Hanover, New Hampshire 2 George Mason University, Fairfax, Virginia 2nd Workshop on Cyber Security Experimentation and Test, 2009 Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  2. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Outline DIST Architecture and Operation 1 Data Protection and Sanitization 2 3 Harsh Realities Convincing Organizations Convincing Humans Technical Issues Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  3. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Outline DIST Architecture and Operation 1 Data Protection and Sanitization 2 3 Harsh Realities Convincing Organizations Convincing Humans Technical Issues Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  4. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities DIST Architecture and Operation Covered in this talk: Dartmouth Internet Security Testbed (wireless) DIST wireless in short Over 200 wireless Air Monitors capturing 802.11 frames Aruba AP70 access points reflashed with OpenWRT firmware DIST servers processing the captured frames and storing sanitized data Launchpad, a DIST server that alone may launch experiments using the Air Monitors Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  5. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities DIST Architecture and Operation Covered in this talk: Dartmouth Internet Security Testbed (wireless) DIST wireless in short Over 200 wireless Air Monitors capturing 802.11 frames Aruba AP70 access points reflashed with OpenWRT firmware DIST servers processing the captured frames and storing sanitized data Launchpad, a DIST server that alone may launch experiments using the Air Monitors Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  6. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities DIST Architecture and Operation Covered in this talk: Dartmouth Internet Security Testbed (wireless) DIST wireless in short Over 200 wireless Air Monitors capturing 802.11 frames Aruba AP70 access points reflashed with OpenWRT firmware DIST servers processing the captured frames and storing sanitized data Launchpad, a DIST server that alone may launch experiments using the Air Monitors Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  7. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities DIST at a glance Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  8. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities DIST Architecture and Operation Red arrows show sensitive traffic. Green arrows show frames that are encrypted or sanitized. Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  9. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Outline DIST Architecture and Operation 1 Data Protection and Sanitization 2 3 Harsh Realities Convincing Organizations Convincing Humans Technical Issues Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  10. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Data Protection and Sanitization Why? “Human layers of the OSI networking model” We discard all but the MAC layer. We encrypt every packet before sending it to the server. The server sanitizes every 802.11 frame header just after decryption. Sanitization key is generated anew for every experiment, using a random seed, which is discarded after use. Why sanitize on the server, not on the AMs? - Sanitization on AMs would be too CPU-intensive. - Sharing the sanitization key securely is hard. Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  11. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Data Protection and Sanitization Why? “Human layers of the OSI networking model” We discard all but the MAC layer. We encrypt every packet before sending it to the server. The server sanitizes every 802.11 frame header just after decryption. Sanitization key is generated anew for every experiment, using a random seed, which is discarded after use. Why sanitize on the server, not on the AMs? - Sanitization on AMs would be too CPU-intensive. - Sharing the sanitization key securely is hard. Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  12. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Data Protection and Sanitization Why? “Human layers of the OSI networking model” We discard all but the MAC layer. We encrypt every packet before sending it to the server. The server sanitizes every 802.11 frame header just after decryption. Sanitization key is generated anew for every experiment, using a random seed, which is discarded after use. Why sanitize on the server, not on the AMs? - Sanitization on AMs would be too CPU-intensive. - Sharing the sanitization key securely is hard. Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  13. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Data Protection and Sanitization Why? “Human layers of the OSI networking model” We discard all but the MAC layer. We encrypt every packet before sending it to the server. The server sanitizes every 802.11 frame header just after decryption. Sanitization key is generated anew for every experiment, using a random seed, which is discarded after use. Why sanitize on the server, not on the AMs? - Sanitization on AMs would be too CPU-intensive. - Sharing the sanitization key securely is hard. Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  14. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Data Protection and Sanitization Why? “Human layers of the OSI networking model” We discard all but the MAC layer. We encrypt every packet before sending it to the server. The server sanitizes every 802.11 frame header just after decryption. Sanitization key is generated anew for every experiment, using a random seed, which is discarded after use. Why sanitize on the server, not on the AMs? - Sanitization on AMs would be too CPU-intensive. - Sharing the sanitization key securely is hard. Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  15. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Encryption Task Encrypting a continuous stream of frames. Cipher Stream cipher Rabbit, optimized for the MIPS 4Kc processor. Stream ciphers vs block ciphers. A block cipher is easier to attack by enumerating inputs. (This could be fatal for DIST’s easily predictable data) A stream cipher might be faster. Rabbit won on AP70s over other eStream ciphers and SNOW2. (Perhaps due to optimized implementation.) Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  16. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Encryption Task Encrypting a continuous stream of frames. Cipher Stream cipher Rabbit, optimized for the MIPS 4Kc processor. Stream ciphers vs block ciphers. A block cipher is easier to attack by enumerating inputs. (This could be fatal for DIST’s easily predictable data) A stream cipher might be faster. Rabbit won on AP70s over other eStream ciphers and SNOW2. (Perhaps due to optimized implementation.) Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  17. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Encryption Task Encrypting a continuous stream of frames. Cipher Stream cipher Rabbit, optimized for the MIPS 4Kc processor. Stream ciphers vs block ciphers. A block cipher is easier to attack by enumerating inputs. (This could be fatal for DIST’s easily predictable data) A stream cipher might be faster. Rabbit won on AP70s over other eStream ciphers and SNOW2. (Perhaps due to optimized implementation.) Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

  18. DIST Architecture and Operation Data Protection and Sanitization Harsh Realities Encryption Task Encrypting a continuous stream of frames. Cipher Stream cipher Rabbit, optimized for the MIPS 4Kc processor. Stream ciphers vs block ciphers. A block cipher is easier to attack by enumerating inputs. (This could be fatal for DIST’s easily predictable data) A stream cipher might be faster. Rabbit won on AP70s over other eStream ciphers and SNOW2. (Perhaps due to optimized implementation.) Bratus, Kotz, Tan, Taylor, Shubina, Vance, Locasto Dartmouth Internet Security Testbed (DIST)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building Hardened Implementations of SCADA/ICS Protocols Using Language-Theoretic Security

Building Hardened Implementations of SCADA/ICS Protocols Using Language-Theoretic Security

Building Hardened Implementations of SCADA/ICS Protocols Using Language-Theoretic Security Prashant Anantharaman, Dartmouth College pa@cs.dartmouth.edu http://cs.dartmouth.edu/~pa CREDC Industry Workshop March 27-29, 2017 Funded by the U.S.

583 views • 36 slides
ICS Testbed Tetris: Practical Building Blocks Towards a Cyber Security Resource CSET 20 - Long

ICS Testbed Tetris: Practical Building Blocks Towards a Cyber Security Resource CSET 20 - Long

ICS Testbed Tetris: Practical Building Blocks Towards a Cyber Security Resource CSET 20 - Long Preliminary Work Paper 13 th USENIX Workshop on Cyber Security Experimentation and Test August 10, 2020 Benjamin Green Richard Derbyshire William

418 views • 12 slides
FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in

FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in

FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in TWAREN HPDMnet Multicast Streaming with OpenFlow Future Work 2 Future Internet There are many serious limitations in current Internet.

505 views • 28 slides
Utilization of DCN/ION for Infrastructure of Future Internet Testbed Jin Tanaka KDDI/NICT

Utilization of DCN/ION for Infrastructure of Future Internet Testbed Jin Tanaka KDDI/NICT

Utilization of DCN/ION for Infrastructure of Future Internet Testbed Jin Tanaka KDDI/NICT APAN-JP/JGN2plus/TEIN3-JP NOCs Aug. 11 2010 APII / Future Internet Testbed WG in 30th APAN Meeting Hanoi, Vietnam 1 Outline 1. DCN Overview

508 views • 34 slides
Future Internet Testbed and Future Internet Testbed and Multi-Domain OpenFlow M Management in

Future Internet Testbed and Future Internet Testbed and Multi-Domain OpenFlow M Management in

Future Internet Testbed and Future Internet Testbed and Multi-Domain OpenFlow M Management in TWAREN t i TWAREN Dr. Te-Lung Liu NCHC,Taiwan Overview TWAREN FI Testbed Multi-Domain OpenFlow Management 2 TWAREN OpenFlow Testbed

337 views • 12 slides
OFELIA Pan European OpenFlow Testbed OFELIA Pan European OpenFlow Testbed Hagen Woesner

OFELIA Pan European OpenFlow Testbed OFELIA Pan European OpenFlow Testbed Hagen Woesner

OFELIA Pan European OpenFlow Testbed OFELIA Pan European OpenFlow Testbed Hagen Woesner EICT GmbH Coordinator, OFELIA project APAN meeting 32st New Delhi APAN meeting 32st New Delhi (Future Internet Testbed Workshop) Agenda Future Internet

416 views • 18 slides
Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH

Do we need a new Internet? Part 1: Basic Issues Adrian Perrig Network Security Group, ETH Zrich Imagine a building or structure that represents the Internet The Internet The Internet is perceived to be like the pyramids: monumental

776 views • 19 slides
Future Internet Research Activities and Testbed Experiences in Korea

Future Internet Research Activities and Testbed Experiences in Korea

Future Internet Research Activities and Testbed Experiences in Korea Future Infrastructure Team Sun-Moo Kang Contents FI Activities in Korea FI Activities in Korea FN Testbed (Current)

424 views • 18 slides
P EERING : An AS for Us (and You) 1 We are building a BGP testbed called P EERING Exchange

P EERING : An AS for Us (and You) 1 We are building a BGP testbed called P EERING Exchange

P EERING : An AS for Us (and You) 1 We are building a BGP testbed called P EERING Exchange routes and traffic with real ISPs Expanding and adding functionality Weve found it useful ( bold =required PEERING) L IFEGUARD : route

60 views • 4 slides
The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with Carnegie Mellon University. It is a cross-sector, internationally- based trade association devoted to cyber security. ISA has individual corporate

349 views • 30 slides
No Free Lunch in Cyber Security George Cybenko gvc@dartmouth.edu Jeff Hughes

No Free Lunch in Cyber Security George Cybenko gvc@dartmouth.edu Jeff Hughes

No Free Lunch in Cyber Security George Cybenko gvc@dartmouth.edu Jeff Hughes jeff.hughes@tenet3.com MTD Workshop Scottsdale AZ November 3, 2014 Acknowledgements Kate Farris, Ph.D. Student, Dartmouth Dr. Gabriel Stocco*, Microsoft

640 views • 24 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment

TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment

TCIPG Testbed Overview David M. Nicol and Tim Yardley | 1 Testbed Overview Testbed equipment and simulators span the grid system Generation Power system modeling, RTDS Transmission & Distribution Relays, Substation

309 views • 13 slides
Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

450 views • 25 slides
Background Dist r ibut ed f ile syst em (DFS) a dist r ibut ed implement at ion of t he

Background Dist r ibut ed f ile syst em (DFS) a dist r ibut ed implement at ion of t he

Background Dist r ibut ed f ile syst em (DFS) a dist r ibut ed implement at ion of t he classical t ime-shar ing model 20: Dist ribut ed File Syst ems of a f ile syst em, wher e mult iple user s shar e f iles and st or age r esour ces.

60 views • 5 slides
Diabetic foot wounds/ulcers Soft Tissue Coverage for the Neuropathy Diabetic Foot

Diabetic foot wounds/ulcers Soft Tissue Coverage for the Neuropathy Diabetic Foot

4/5/2014 Hansen 2014 Diabetic foot wounds/ulcers Soft Tissue Coverage for the Neuropathy Diabetic Foot Sensory: loss of protective sensation Motor: alteration in foot mechanics Scott L. Hansen, M.D. Autonomic: dry, cracked

496 views • 17 slides
Background Background Text Complexity Text Complexity Text Complexity Sowmya V.B., Sowmya

Background Background Text Complexity Text Complexity Text Complexity Sowmya V.B., Sowmya

On Measures of On Measures of On Measures of Background Background Text Complexity Text Complexity Text Complexity Sowmya V.B., Sowmya V.B., Sowmya V.B., What do we mean by measures of text complexity ? Why would anyone want to do

40 views • 3 slides
Full Year 2015 Financial Results March 4, 2016 1 Forward Looking Statements Certain information

Full Year 2015 Financial Results March 4, 2016 1 Forward Looking Statements Certain information

TSX:NMI Full Year 2015 Financial Results March 4, 2016 1 Forward Looking Statements Certain information set forth in this presentation contains forward -looking statements, and forward -looking information under applicable securities

482 views • 27 slides
Russian olive invasion study: final results Michael L. Scott, Utah State University Lindsay V.

Russian olive invasion study: final results Michael L. Scott, Utah State University Lindsay V.

Russian olive invasion study: final results Michael L. Scott, Utah State University Lindsay V. Reynolds, US Forest Service Patrick B. Shafroth, US Geological Survey John R. Spence, National Park Service Funding support: The Walton Family

260 views • 11 slides
Chapter 12 Design of Control Surfaces From: Aircraft Design: A Systems Engineering Approach

Chapter 12 Design of Control Surfaces From: Aircraft Design: A Systems Engineering Approach

Aileron Design Chapter 12 Design of Control Surfaces From: Aircraft Design: A Systems Engineering Approach Mohammad Sadraey 792 pages September 2012, Hardcover Wiley Publications 12.4.1. Introduction The primary function of an aileron is the

703 views • 25 slides
Transitional Delayed Detached Tr Ed Eddy Simulation of Mu Multi tielement, , High-Li Lift

Transitional Delayed Detached Tr Ed Eddy Simulation of Mu Multi tielement, , High-Li Lift

Transitional Delayed Detached Tr Ed Eddy Simulation of Mu Multi tielement, , High-Li Lift Airfoils Dr. Jim Coder volAIR Assistant Professor revolutionary Hector D. Ortiz-Melendez Graduate Research Assistant Aerodynamics Innovation

1.06k views • 26 slides
Contributions to HiLiftPW-3 Using Structured, Overset Grid Methods Presented at AIAA SciTech 2018

Contributions to HiLiftPW-3 Using Structured, Overset Grid Methods Presented at AIAA SciTech 2018

Contributions to HiLiftPW-3 Using Structured, Overset Grid Methods Presented at AIAA SciTech 2018 Kissimmee, FL January 10, 2018 Jim Coder University of Tennessee, Knoxville Tom Pulliam and James Jensen NASA Ames Research Center 1 Ou

871 views • 36 slides
Flow Control: Repe..on with Loops (Alice In Ac.on, Ch 4)

Flow Control: Repe..on with Loops (Alice In Ac.on, Ch 4)

CS 101 Lecture 26 Flow Control: Repe..on with Loops (Alice In Ac.on, Ch 4) Slides Credit: Joel Adams, Alice in Action Objectives Review using the if statement to perform some statements while

404 views • 26 slides

More recommend