You are here: Home Research topics Security

Security

Security is challenge to computer networks. Threats like sniffing, denial of service, virtual plagues, phishing, spam, etc reduce the confidence of the users in the network, especially in the Internet.

For many enterprises, Internet is a business tool and well-succeed attacks represent great financial losses. Internet is also used for government services, which also require a high trust in the network. Besides, users demand that network services are always available and that data confidentiality and the user privacy are assured. In this research theme, we work to develop security solutions to guarantee data integrity, authentication, confidentiality, access control and availability for wired and wireless networks.

Research Topics


IP Traceback

The current Internet routing infrastructure is vulnerable to anonymous denial-of-service (DoS) attacks. These attacks are generally conducted by sending packets to the victim at a higher rate than they can be served, causing the denial of legitimate service requests. Recently, the number of attacks against famous websites is alarming and the results are financially devastating. A defense strategy is to trace attack packets back to their actual source in order to make the attacker accountable and isolate him from the network. To date, the proposed traceback systems require either large amounts of storage space on router-connected devices or a sufficient number of received attack packets. GTA/UFRJ has developed a system capable of determining the source of every packet received by the victim without storing state in the network infrastructure. The proposed traceback system is based on the packet-marking approach to avoid state storage at routers. A Bloom Filter is employed to reduce the amount of information inserted into the packet. In addition, the use of a Generalized Bloom Filter prevents "signature" forgery by the attacker and therefore backtracing failures. Experimental results show that the system can trace in less than one second the real source of a single IP packet without any storage in the network infrastructure. Recent researches have been made in order to develop marking structures even more robust. The result is the so-called Concatenated Bloom Filter, which can provide robustness even to smart attackers interference without the limitation of legitimate information loss.

Selected Publications

  • Laufer, R. P., Moraes, I. M., Velloso, P. B., Bicudo, M. D. D., Campista, M. E. M., Cunha, D. O., Costa, L. H. M. K., Duarte, O. C. M. B. - "Negação de Serviço: Ataques e Contramedidas", in Minicursos do Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais - SBSeg'2005. Florianópolis, Brazil, pp. 1-63, September 2005 (GTA-05-48).
  • Laufer, R. P., Velloso, P. B., Cunha, D. O., Moraes, I. M., Bicudo, M. D. D., Moreira, M. D. D., and Duarte, O. C. M. B. - ``Towards Stateless Single-Packet IP Traceback'', in 32nd IEEE Conference on Local Computer Networks - LCN'2007, pp. 458-555, Dublin, Ireland, October 2007 (GTA-06-38).
  • Moreira, M. D. D., Laufer, R. P., Velloso, P. B., and Duarte, O. C. M. B. - ``Uma Proposta de Marcação de Pacotes para Rastreamento Robusto a Ataques'', in Anais do Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais - SBSeg'2007, Rio de Janeiro, RJ, Brazil, August 2007 (GTA-07-14).


Fighting SPAM

The number of spams is constantly rising and the losses caused by it reach billions of dollars per year. Anti-spam mechanisms are used in order to reduce the number of spams that reaches users' mailboxes. However these mechanisms can cause false-positives, when legitimate messages are classified as spams. False-positives can cause many losses, including financial losses due to delays and lost opportunities. This way, a mechanism to reduce false-positives can be very beneficial for users and its organizations. Common anti-spam mechanisms currently used don't take into consideration the users' behavior history when they analyze the users' messages. For a legitimate user, each message is analyzed without taking into consideration if the user has already sent many legitimate messages. A user that has a history of sending legitimate messages will probably continue to send legitimate messages. We are currently working on an anti-spam system which takes into account the history of messages sent by the user to decide if a new message is spam or not. A simple authentication system is used to authenticate the users, so we can keep a track of the users' behavior. To improve the performance, a reputation system is used to exchange information about the users' behavior history with other servers, so more information about the users' behavior is available to take the decision.

Selected Publications

  • Taveira, D. M., and Duarte, O. C. M. B. - "A Monitor Tool for Anti-spam Mechanisms and Spammers Behavior", in 6th IEEE International Workshop on End-to-End Monitoring Techniques and Services - E2EMON 2008, Salvador, BA, Brazil, April 2008 (GTA-08-07).
  • Taveira, D. M. and Duarte, O. C. M. B. - "Mecanismo Anti-Spam Baseado em Autenticação e Reputação", in XXVI Simpósio Brasileiro de Redes de Computadores - SBRC'2008, pp. 861-874, Rio de Janeiro, RJ, Brazil, May 2008 (GTA-07-27).

Security in Ad Hoc Networks

Network security is an important problem, mainly in wireless environments because the medium can be easily sniffed or jammed. Ad hoc networks are low-cost wireless networks, because they do not require fixed infrastructure and are based on wireless multihop communications to attain a large range. Despite of being less expensive, ad hoc networks have more vulnerabilities than infrastructured wireless networks because of the collaborative routing. In ad hoc routing, one single malicious node may prejudice all nodes. For this reason, many secure routing protocols were proposed, based mainly on cryptographic operations. Nevertheless, these protocols are not enough to provide security due to its dependency on key distribution and access control mechanisms. We are working to provide solutions to support secure ad hoc routing protocols. We have proposed a group key distribution protocol that works with Secure Optimized Link State Routing protocol (SOLSR) and that simplifies the detection and exclusion of non-authorized nodes in the network. Besides, we have proposed on address distribution and access control protocols controlled in a distributive way, avoiding the need of an infrastructure available all the time to all nodes. We aim to develop a complete solution for access control and secure communications in ad hoc networks.

Selected Publications

  • Fernandes, N. C. and Duarte, O. C. M. B. - "Controle de Acesso Auto-Organizável e Robusto Baseado em Nós Delegados para Redes Ad Hoc", to appear in 8th Brazilian Symposium on Information and Computer System Security (SBSEG'08), Gramado, RS, Brazil, September, 2008 (GTA-08-23).
  • Fernandes, N. C. and Duarte, O. C. M. B. - "An Efficient Group Key Management for Secure Routing in Ad Hoc Networks", to appear in IEEE Globecom 2008 Computer and Communications Network Security Symposium (GC'08 CCNS), New Orleans, LA, USA, December, 2008 (GTA-08-24)
   
© ALLROUNDER