Christopher Mansour

Design of an adaptive security mechanism for modern routers

Modern routers should be able to support many new functions to meet the needs of customers. To achieve such flexibility, programmable packet processors have replaced traditional fixed-function custom logic in the data path of routers. This programmability introduces new vulnerabilities in these systems that can lead to new types of network attacks. We propose a monitoring subsystem which functions in parallel with the processing core of the router and aids in the detection of such attacks. Upon detection, our system has the ability to restore the routers operation to a different, but functionally equivalent state.

Power-aware selective encryption of video transmissions in smart devices

From a user perspective, both security and power consumption during video transmissions are critical. On the one hand, assuming an eavesdropper on the wireless link, the transmitted video should be encrypted so that an unauthorized user is not able to reconstruct it. On the other hand, depending on the strength and the type of cryptographic method used during information exchange, there is a corresponding power consumption overhead. Since encryption protocols are oblivious to the wireless channel conditions, all packets are encrypted regardless of the probability of them getting lost. However, if the application layer protocol received feedback from the link layer on the channel losses between the sender and the receiver, the protocol could decide how much encryption effort is actually needed so that the eavesdropper cannot reconstruct the video clip successfully. To an eavesdropper, packets lost due to interference or encrypted packets do not make any difference; both are invisible to the passive attacker. In this paper, we use a mathematical framework to quantify the effect of lost and encrypted packets on video quality (PSNR), and we design an algorithm that allows the application layer to adjust the amount of encryption performed depending on the channels signal-to-interference-and-noise ratio (SINR).

Simulation of DPCM and ADM Systems

Through years, Digital Communication systems, Pulse Coded Modulation (PCM), Linear Delta Modulation (LDM), Differential Pulse Coded Modulation (DPCM), and Adaptive Delta Modulation (ADM), have proven their unlimited advantages over analog communication systems, in term of error minimization, and distances of transmission enhancement. However two of these systems, the Pulse Coded Modulation and Linear Delta Modulation, still have some weaknesses limiting their advantages, these limitations negatively affect the communication process causing quantization error, slope overload distortion and granular noise. On the other hand, communication engineers have developed two additional digital communication systems which are the Adaptive Delta Modulation (ADM) and the Differential Pulse Coded Modulation (DPCM) in order to solve the aforementioned problems. This paper discusses the implementation and simulation of the aforementioned digital communication systems using Simulink (The Math Works, Inc., Natick, MA, USA) showing the effect of different types of noise when applied to the channel, thus, proving the importance of DPCM and ADM systems in eliminating such effects and ensuring a successful transfer of data.

Power monitoring of highly parallel network processors

High-performance multi-core packet processing systems are the building blocks of every modern router in todays networks. Such multi-core processors are required to implement complex protocols and applications on routers. However, managing such systems and ensuring their correct operation at runtime becomes a difficult problem to solve. It is particularly hard to detect whether a processing core behaves correctly or it has failed due to a system error or an attack. In this paper, we address this problem by proposing a novel approach to verify the correct operation of the network processor. This approach treats the network processor as a black box and monitors its power consumption. We show that by comparing the power consumption with benchmark information, any failure can be detected easily and its origin can be determined.

Selective encryption of video transmissions over multi-hop wireless networks

From a user perspective both security and power consumption during video transmissions are critical. On the one hand, assuming an eavesdropper on the wireless link, the transmitted video should be encrypted so that the unauthorized user is not able to reconstruct it. On the other hand, depending on the strength and the type of cryptographic method used during information exchange, there is a corresponding power consumption overhead. Since encryption protocols are oblivious to the wireless channel conditions, all packets are encrypted regardless of the probability of them getting lost. However, if the application layer protocol received feedback from the link layer on the channel losses, the protocol could decide how much encryption effort is actually needed so that the eavesdropper cannot reconstruct the video clip successfully. To an eavesdropper packets lost due to interference or encrypted packets do not make any difference; both are invisible to the passive attacker. In this paper, we map the percentage of lost/encrypted packets to an objective video quality metric (PSNR). We also create a look-up table through experiments on real multi-hop video transmission traffic, which allows the application layer to adjust the amount of encryption performed.

Real-time application of DPCM and ADM systems

Digital communication techniques make the process of modulating a message feasible for transmission. However, a common problem with commonly used techniques, such as Pulse Coded Modulation (PCM) and Linear Delta Modulation (LDM), is that they negatively affect the communication process by causing quantization error, slope overload distortion, and granular noise. This paper discusses the implementation of two modulation systems, Adaptive Delta Modulation (ADM) and Differential Pulse Coded Modulation (DPCM), in order to solve the aforementioned problems. The latter solves the quantization error faced by the PCM and the former solves the slope overload distortion and granular noise faced by LDM. These two systems are implemented using Simulink (The Math Works, Inc., Natick, MA, USA) on a multithreaded processor computer, are tested in real-time, and are subjected to different kinds of noise.

Multi-layer Security Mechanism for Networked Embedded Devices

Networked embedded systems are impacting the way we interact with the world around us. They are at the core of the advancements in information and communication technologies which have been driving the fourth generation revolution in today’s industry and networks. This technology allows for better integrated communications, integrated local and global control, supervision and maintenance. Billions of smart devices are being implemented - from smart TVs and cars to other smart health monitors and wearable technologies and this resulted in the development of smart interconnected environments. The core vision of the aforementioned smart interconnected environment is the realization of a reliable and secure two way communication between smart devices. However, the high level of heterogeneity, coupled with the wide scale of smart embedded systems, has magnified the security threats. Traditional security countermeasures and privacy cannot be enforced directly on such systems due to their limited computing capabilities and their diverse set of hardware architectures. In this paper we are proposing a multi-level security approach for smart interconnected environments/networks. We address the security at three main pillars: application level, system level, and network level.

Real-time attack and failure detection for next generation networks

In todays modern networks, routers rely on high-performance multi-core packet processing systems to implement a variety of applications and operations required to forward traffic. This leads to an increase in the complexity of such systems and hence the number of processing cores. Managing such processing cores and ensuring their correct operation become a difficult task. In this paper, we address this problem by proposing another novel approach to verify the correct operation of network processor and detect any attack/failure. This approach monitors the power consumption of such cores at the OS level during run-time and correlates it statistically with predetermined benchmark information. We show that based on this correlation, any failure/attack can be detected.

Trust and reliability for next-generation routers

To support the flexibility and the different protocol operations and applications provided by todays internet, modern routers rely on high-performance reliable general-purpose multi-core packet processing systems. Such processing systems are programmable and have replaced the traditional fixed-logic hardware in the data path of such routers. This programmability introduces a lot of vulnerabilities and faults which make such systems susceptible to attacks and failures. Particularly, it is a difficult task to detect whether a processing core behaves correctly or it has a failure resulting from errors or attacks. In this paper, we address this problem by proposing a novel approach to verify the correct operation of the network processor. We propose a secure, fault tolerant and reliable monitoring subsystem which functions in parallel with the processing core of the router and aids in the detection of attacks. We show that our system has the ability to detect the failure and restore securely the routers operation to a different, but functionally equivalent state.