Barry E. Mullins

An analysis of XML compression efficiency

XML simplifies data exchange among heterogeneous computers, but it is notoriously verbose and has spawned the development of many XML-specific compressors and binary formats. We present an XML test corpus and a combined efficiency metric integrating compression ratio and execution speed. We use this corpus and linear regression to assess 14 general-purpose and XML-specific compressors relative to the proposed metric. We also identify key factors when selecting a compressor. Our results show, XMill or WBXML may be useful in some instances, but a general-purpose compressor is often the best choice.

Using Relocatable Bitstreams for Fault Tolerance

The regular structure and addressing scheme for the Virtex-IIfamily of field programmable gate arrays (FPGAs) allows the relocation of partial bitstreams through direct bitstream manipulation. Our bitstream translation program relocates modules on an FPGA by changing the partial bitstream of the module. To take advantage of relocatable modules, three fault tolerant circuit designs are developed and tested. While operating through a fault, these designs provide support for efficient and transparent replacement of the faulty module with a relocated fault-free module. The architecture of the FPGA and static logic significantly constrain the placement of relocatable modules, especially when a microprocessor is placed on the FPGA.

Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices

Abstract The Shodan computer search engine has received significant attention due to its ability to identify and index Internet-facing industrial control system components. Industrial control systems are employed in numerous critical infrastructure assets, including oil and gas pipelines, water distribution systems, electrical power grids, nuclear plants and manufacturing facilities. The ability of malicious actors to identify industrial control devices that are accessible over the Internet is cause for alarm. Indeed, Shodan provides attackers with a powerful reconnaissance tool for targeting industrial control systems. This paper investigates the functionality of the Shodan computer search engine. In the experiments, four Allen-Bradley ControlLogix programmable logic controllers were deployed in an Internet-facing configuration to evaluate the indexing and querying capabilities of Shodan: all four programmable logic controllers were indexed and identified by Shodan within 19 days. This paper also describes a potential mitigation strategy that employs service banner manipulation to limit the exposure to Shodan queries.

Toward finding an universal search algorithm for swarm robots

We present a novel cooperative search algorithm for distributed, independent swarm robots. The focus of this paper is three fold: (1) identify fundamental issues associated with searching an area by multiple robots; (2) design a metric to measure the cooperation among multiple robots to complete a search; and (3) propose an effective search algorithm for swarm robots.

How the Cyber Defense Exercise Shaped an Information-Assurance Curriculum

In this article, we provide a brief history of the Cyber Defense Exercise (CDX), describe Air Force Institute of Technology (AFITs) participation in it, and explain how the experience shaped the information-assurance curriculum and course format at AFIT. The CDX is an annual competition designed to give students the opportunity to learn and demonstrate best practices in defensive information assurance. The CDXs fundamental objective is to design and implement a network that provides specified IT services and defend it against an onslaught of cyberattacks and natural events. CDX participants included blue forces (students), red forces (attacker) and a white cell.

Cryptanalysis of an elliptic curve cryptosystem for wireless sensor networks

We present a brute-force attack on an elliptic curve cryptosystem implemented on UC Berkleys TinyOS operating system for Wireless Sensor Networks (WSNs). The attack exploits the short period of the Pseudorandom Number Generator (PRNG) used by the cryptosystem to generate private keys. In order to define failure in the event a brute-force attack takes too long to execute, we create a metric that relates the duty cycle of the mote to the compromise rate and the period of the key generation algorithm. Experimental results show that roughly 50% of the motes address space leads to a private key compromise in 25 min on average. Furthermore, approximately 32% of the mote address space leads to a compromise in 17 min on average, 11% in 6 min and the remaining 7% in 2 min or less. We examine two alternatives to the PRNG our own design modified from a published algorithm and the new PRNG distributed with the beta release of TinyOS 2.0. Our design executes 12.47 times faster than the other alternative and requires 50 CPU cycles more than the original PRNG. In addition, our design is 6.3 times smaller than the other alternative and requires 106 additional bytes of memory. The period of our PRNG is uniform for all mote addresses and requires 6.6 years on average for a key compromise with the attack presented in this paper.

A survey of state-of-the-art in anonymity metrics

Anonymization enables organizations to protect their data and systems from a diverse set of attacks and preserve privacy; however, in the area of anonymized network data, few, if any, are able to precisely quantify how anonymized their information is for any particular dataset. Indeed, recent research indicates that many anonymization techniques leak some information. An ability to confidently measure this information leakage and any changes in anonymity levels plays a crucial role in facilitating the free-flow of cross-organizational network data sharing and promoting wider adoption of anonyimzation techniques. Fortunately, multiple methods of analyzing anonymity exist. Typical approaches use simple quantifications and probabilistic models; however, to the best of our knowledge, only one network data anonymization metric has been proposed. More importantly, no one-stop-shop paper exists that comprehensively surveys this area for other candidate measures; therefore, this paper explores the state-of-the-art of anonymity metrics. The objective is to provide a macro-level view of the systematic analysis of anonymity preservation, degradation, or elimination for data anonymization as well as network communciations anonymization.

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, the authors introduce new evasion methods, present test results for confirming attack outcomes based on server responses, and propose a methodology for confirming response validity

Program Fragmentation as a Metamorphic Software Protection

This paper proposes a Distributed Intrusion Prevention System (DIPS), which consists of several IPS over a large network (s), all of which communicate with each other or with a central server, that facilitates advanced network monitoring. A Hidden Markov Model is proposed for sensing intrusions in a distributed environment and to make a one step ahead prediction against possible serious intrusions. DIPS is activated based on the predicted threat level and risk assessment of the protected assets. Intrusions attempts are blocked based on (1) a serious attack that has already occurred (2) rate of packet flow (3) prediction of possible serious intrusions and (4) online risk assessment of the assets possibly available to the intruder. The focus of this paper is on the distributed monitoring of intrusion attempts, the one step ahead prediction of such attempts and online risk assessment using fuzzy inference systems. Preliminary experiment results indicate that the proposed framework is efficient for real time distributed intrusion monitoring and prevention.

A novel communications protocol using geographic routing for swarming UAVs performing a Search Mission

This paper develops a novel communications protocol for autonomous swarms of unmanned aerial vehicles (UAVs) searching a 2-dimensional grid. The search protocol, the UAV Search Mission Protocol (USMP), combines inter-UAV communication with geographic routing to improve search efficiency in terms of total searches, distance traveled by UAVs, and the minimization of UAV direction changes. By determining where search state updates impact search decisions, messages are geographically routed to improve search efficiency. USMP and the geographic greedy perimeter stateless routing (GPSR) protocol are studied via simulation using OPNET Modeler 12.0. Geographic routing degrades performance by at least 20% in total searches and distance traveled, but improves direction changes by 6.7%. Overall, USMP improves performance by as much as 188% compared to scenarios without inter-UAV communication.