Curtis R. Taylor

On building inexpensive network capabilities

There are many deployed approaches for blocking unwanted traffic, either once it reaches the recipients network, or closer to its point of origin. One of these schemes is based on the notion of traffic carrying capabilities that grant access to a network and/or end host. However, leveraging capabilities results in added complexity and additional steps in the communication process: Before communication starts a remote host must be vetted and given a capability to use in the subsequent communication. In this paper, we propose a lightweight mechanism that turns the answers provided by DNS name resolution - which Internet communication broadly depends on anyway - into capabilities. While not achieving an ideal capability system, we show the mechanism can be built from commodity technology and is therefore a pragmatic way to gain some of the key benefits of capabilities without requiring new infrastructure.

Understanding the security of interoperable medical devices using attack graphs

Medical device interoperability is an increasingly prevalent example of how computing and information technology will revolutionize and streamline medical care. The overarching goal of interoperable medical devices (IMDs) is increased safety, usability, decision support, and a decrease in false alarms and clinician cognitive workload. One aspect that has not been considered thus far is ensuring IMDs do not inadvertently harm patients in the presence of malicious adversaries. Security for medical devices has gained some traction in the recent years following some well-publicized attacks on individual devices, such as pacemakers and insulin pumps. This has resulted in solutions being proposed for securing these devices, usually in stand-alone mode. However, the introduction of interoperability makes medical devices increasingly connected and dependent on each other. Therefore, security attacks on IMDs becomes easier to mount in a stealthy manner with potentially devastating consequences. This work outlines our effort in understanding the threats faced by IMDs, an important first step in eventually designing secure interoperability architectures. In this regard, we present: (1) a detailed attack graph-based analysis of threats on a specific interoperability environment based on providing a patient pain medication (PCA), under various levels of interoperability from simple data aggregation to fully closed-loop control; (2) a description of the mitigation approaches possible for each of class of attack vectors identified; and (3) lessons learned from this experience which can be leveraged for improving existing IMD architectures from a security point-of-view. Our analysis demonstrates that em even if we use provably safe medical systems in an interoperable setting with a safe interoperability engine, the presence of malicious behavior may render the entire setup unsafe for the patients, unless security is explicitly considered}

Whole home proxies: Bringing enterprise-grade security to residential networks

While enterprise networks follow best practices and security measures, residential networks often lack these protections. Home networks have constrained resources and lack a dedicated IT staff that can secure and manage the network and systems. At the same time, homes must tackle the same challenges of securing heterogeneous devices when communicating to the Internet. In this work, we explore combining software-defined networking and proxies with commodity residential Internet routers. We evaluate a “whole home” proxy solution for the Skype video conferencing application to determine the viability of the approach in practice. We find that we are able to automatically detect when a device is about to use Skype and dynamically intercept all of the Skype communication and route it through a proxy while not disturbing unrelated network flows. Our approach works across multiple operating systems, form factors, and versions of Skype.

Contextual, flow-based access control with scalable host-based SDN techniques

Network operators can better understand their networks when armed with a detailed understanding of the network traffic and host activities. Software-defined networking (SDN) techniques have the potential to improve enterprise security, but the current techniques have well-known data plane scalability concerns and limited visibility into the hosts operating context. In this work, we provide both detailed host-based context and fine-grained control of network flows by shifting the SDN agent functionality from the network infrastructure into the end-hosts. We allow network operators to write detailed network policy that can discriminate based on user and program information associated with network flows. In doing so, we find our approach scales far beyond the capabilities of OpenFlow switching hardware, allowing each host to create over 25 new flows per second with no practical bound on the number of established flows in the network.

Validating security protocols with cloud-based middleboxes

Residential networks pose a unique challenge for security since they are operated by end-users that may not have security expertise. Residential networks are also home to devices that may have lackluster security protections, such as Internet of Things (IoT) devices, which may introduce vulnerabilities. In this work, we introduce TLSDeputy, a middlebox-based system to protect residential networks from connections to inauthentic TLS servers. By combining the approach with OpenFlow, a popular software-defined networking protocol, we show that we can effectively provide residential network-wide protections across diverse devices with minimal performance overheads.

A deployable SCADA authentication technique for modern power grids

The modern power grid makes extensive use of automated data collection and control. These supervisory control and data acquisition (SCADA) systems often use communication protocols that were developed for isolated networks. However, the underlying SCADA systems often use the Internet for data transit, exposing these SCADA devices to remote, malicious adversaries. Unfortunately, these protocols are often vulnerable to impersonation attacks, and the devices can be susceptible to cryptographic key compromise. This allows adversaries to pollute the protocols with misinformation. In this paper, we propose an approach to authenticate the underlying SCADA protocols that combines a different approach to data authenticity and hardware-protected key distribution approach. Unlike prior work, our approach does not require modification to the SCADA end-points themselves, allowing the technique to be combined with legacy devices.

On the feasibility of cloud-based SDN controllers for residential networks

Residential networks are home to increasingly diverse devices, including embedded devices that are part of the Internet of Things phenomenon, leading to new management and security challenges. However, current residential solutions that rely on customer premises equipment (CPE), which often remains deployed in homes for years without updates or maintenance, are not evolving to keep up with these emerging demands. Recently, researchers have proposed to outsource the tasks of managing and securing residential networks to cloud-based security services by leveraging software-de ned networking (SDN). However, the use of cloud-based infrastructure may have performance implications. In this paper, we measure the performance impact and perception of a residential SDN using a cloud-based controller through two measurement studies. First, we recruit 270 residential users located across the United States to measure residential latency to cloud providers. Our measurements suggest the cloud controller architecture provides 90% of end-users with acceptable performance with judiciously selected public cloud locations. When evaluating web page loading times of popular domains, which are particularly latency-sensitive, we found an increase of a few seconds at the median. However, optimizations could reduce this overhead for top websites in practice.