Ludus project: Securing your router with GT Kalin Ivanov & - - PowerPoint PPT Presentation

ludus project
SMART_READER_LITE
LIVE PREVIEW

Ludus project: Securing your router with GT Kalin Ivanov & - - PowerPoint PPT Presentation

Dec 18, 2022 464 likes •708 views

Ludus project: Securing your router with GT Kalin Ivanov & Ondej Luk www.stratosphereips.org/ludus Stratosphere Lab Cybersecurity Part of AIC https://www.stratosphereips.org/ @StratosphereIPS @ondrej_lukas @StratoLudus

slide-1
SLIDE 1

Ludus project:

Securing your router with GT

Kalin Ivanov & Ondřej Lukáš

www.stratosphereips.org/ludus

slide-2
SLIDE 2

Stratosphere Lab

  • Cybersecurity Part of AIC
  • https://www.stratosphereips.org/

@StratosphereIPS @StratoLudus

  • ludus@aic.fel.cvut.cz - Offjcial Ludus

contact

  • www.stratosphereips.org/ludus

@ondrej_lukas @RealKalin

slide-3
SLIDE 3

Plan

  • Why Ludus?
  • Defense as a game
  • Collaborative defense
  • External Security Metric
  • Ludus tool
slide-4
SLIDE 4

Motivation and Goals of Ludus

  • Collaboration with

and TAČR

  • Model attackers´ behaviour and use it to create better

defense

  • Protect users against attacks from the Internet
  • Use honeypots in smart way
  • Design External Metrics to capture the Security level of

devices

slide-5
SLIDE 5

Honeypots in Ludus

  • TARPIT - iptables module
  • Honeypot as a Service*
  • Minipot (Telnet)
  • Extendable!

* More infotion at https://haas.nic.cz/

slide-6
SLIDE 6

Troubles with Honeypots

  • Where to put them?!
  • Static and predictable
  • How to use the data?
  • Bringing your device in the spotlight?!
slide-7
SLIDE 7
slide-8
SLIDE 8
slide-9
SLIDE 9

Troubles with Honeypots

  • Where to put them?!
  • Static and predictable
  • How to use the data?
  • Bringing your device in the spotlight?!
slide-10
SLIDE 10

Do you want to play a game?

slide-11
SLIDE 11

Model of Attackers’ behaviour

Change

  • nly IPs

Change only ports Change either port

  • r IP

Change both 95% of points

slide-12
SLIDE 12

Game-Theoretical Approach

  • Model attacks as a game
  • Find the optimal strategy
  • Minimize attacker’s utility
  • Save resources
slide-13
SLIDE 13

Joining Forces with Others

  • Information Sets ⇒ less information for ⇒

lower utility

  • Constraints in number of honeypots
slide-14
SLIDE 14

Solving the game

  • 265536 actions per router
  • Finding equilibria in full game: NP-hard
  • Simplification:

○ Zero-sum game(uattacker = -udefender) ○ Limited number of port combinations (+ Nearest neighbour) ⇒ Linear program (solvable in P w.r.t. game tree size)

slide-15
SLIDE 15

You can’t manage what you can’t measure

slide-16
SLIDE 16

Data

2 Types: 1. Packet metadata 2. Suricata alert data

Suricata signatures 1| Not Suspicious Traffic 2| Unknown Traffic 3| Potentially Bad Traffic 4| Attempted Information Leak 5| Information Leak 6| Large Scale Information Leak 7| Attempted Denial of Service 8| Denial of Service

slide-17
SLIDE 17

Dashboards

Local dashboard for each user Publicly AAA Data (Anonymized, Aggregated, Available)

Check out the public Kibana visualizations:

slide-18
SLIDE 18

Metrics

  • Overall Security
  • Honeypots/Production Ports
  • Entropy of attack
slide-19
SLIDE 19

Example

slide-20
SLIDE 20

Example

slide-21
SLIDE 21

Example

https://www.shodan.io/

slide-22
SLIDE 22

Ludus tool

slide-23
SLIDE 23

Ludus tool

  • fully automated
  • adapts and updates strategies
  • anonymizes and visualizes data
  • turris package: ludus

https://doc.turris.cz/doc/cs/howto/installation https://github.com/stratosphereips/Ludus

slide-24
SLIDE 24

Q&A

Thanks for your attention!

@ondrej_lukas @RealKalin lukasond@fel.cvut.cz ivanokal@fel.cvut.cz https://www.stratosphereips.org/ludus