Madhusudhanan Chandrasekaran

Quantifying trust in mobile ad-hoc networks

This paper introduces a trust-domain based security architecture for mobile ad-hoc networks (MANETs). The aim of this architecture is twofold: to use trust as a basis to establish keys between nodes in a MANET, and to utilize trust as a metric for establishing secure distributed control in infrastructure-less MANETs. We define metrics for nodes to establish and manage trust, and use this mutual trust to make decisions on establishing group and pair-wise keys in the network. The impact of mobility of the nodes on trust establishment is considered and further its use as a means of propagating trust through the network is investigated. We introduce the concept of self-organizing trust-based physical-logical domains (PLDs) as a means of grouping nodes for distributed control in the network.

PHONEY: mimicking user response to detect phishing attacks

Phishing scams pose a serious threat to end-users and commercial institutions alike. Email continues to be the favorite vehicle to perpetrate such scams mainly due to its widespread use combined with the ability to easily spoof them. Several approaches, both generic and specialized, have been proposed to address this problem. However, phishing techniques, growing in ingenuity as well as sophistication, render these solutions weak. In this paper we propose a novel approach to detect phishing attacks using fake responses which mimic real users, essentially, reversing the role of the victim and the adversary. Our prototype implementation called PHONEY, sits between a users mail transfer agent (MTA) and mail user agent (MUA) and processes each arriving email for phishing attacks. Using live email data collected over a period of eight months we demonstrate data that our approach is able to detect a wider range of phishing attacks than existing schemes. Also, the performance analysis study shows that the implementation overhead introduced by our tool is very negligible

SpyCon: Emulating User Activities to Detect Evasive Spyware

The success of any spyware is determined by its ability to evade detection. Although traditional detection methodologies employing signature and anomaly based systems have had reasonable success, new class of spyware programs emerge which blend in with user activities to avoid detection. One of the latest anti-spyware technologies consists of a local agent that generates honeytokens of known parameters (e.g., network access requests) and tricks spyware into assuming it to be legitimate activity. In this paper, as a first step, we address the deficiencies of static honeytoken generation and present an attack that circumvents such detection techniques. We synthesize the attack by means of data mining algorithms like associative rule mining. Next, we present a randomized honeytoken generation mechanism to address this new class of spyware. Experimental results show that (i) static honeytokens are detected with near 100% accuracy, thereby defeating the state-of-the-art anti-spyware technique, (ii) randomized honeytoken generation mechanism is an effective anti-spyware solution.

Towards modeling trust based decisions: a game theoretic approach

Current trust models enable decision support at an implicit level by means of thresholds or constraint satisfiability. Decision support is mostly included only for a single binary action, and does not explicitly consider the purpose of a transaction. In this paper, we present a game theoretic model that is specifically tuned for decision support on a whole host of actions, based on specified thresholds of risk. As opposed to traditional representations on the real number line between 0 and +1, Trust in our model is represented as an index into a set of actions ordered according to the agents preference. A base scenario of zero trust is defined by the equilibrium point of a game described in normal form with a certain payoff structure. We then present the blind trust model, where an entity attempts to initiate a trust relationship with another entity for a one-time transaction, without any prior knowledge or recommendations. We extend this to the incentive trust model where entities can offer incentives to be trusted in a multi-period transaction. For a specified risk threshold, both models are analyzed by using the base scenario of zero trust as a reference. Lastly, we present some issues involved in the translation of our models to practical scenarios, and suggest a rich set of extensions of the generalized game theoretic approach to model decision support for existing trust frameworks.

Inferring Sources of Leaks in Document Management Systems

A document management system (DMS) provides for secure operations on a distributed repository of digital documents. This paper presents a two-phase approach to address the problem of locating the sources of information leaks in a DMS. The initial monitoring phase treats user interactions in a DMS as a series of transactions, each involving content manipulation by a user; in addition to standard audit logging, relevant contextual information and user-related metrics for transactions are recorded. In the detection phase, leaked information is correlated with the existing document repository and context information to identify the sources of leaks. The monitoring and detecting phases are incorporated in a forensic extension module (FEM) to a DMS to combat the insider threat.

A Novel Approach for Security and Robustness in Wireless Embedded Systems

Security and robustness are paramount in wireless embedded systems due to the vulnerability of the underlying communication medium. To institute security and reliability, most of the existing schemes perform periodic re-establishment of authentication credentials and share secrets among various participating nodes. However, such measures result in overheads in an energy-constrained wireless environment. To alleviate this problem, we propose a software approach that exploits the features of the underlying communication protocol and uses the concept of steganography and covert channels. The highlight of our approach is that it does not require any changes to the protocol and relies only on the modification of frame contents without degrading the protocol performance. We argue that our covert-channel based communication scheme provides security and robustness at low cost and it neither requires centralized authority nor does it disrupt the overall network operation. We evaluate the security benefits of our proposed method in terms of the difficulty of detecting the covert channel by the adversary and compare our technique with other existing schemes. Performance evaluation is done by determining the bandwidth efficiency of the channel, backward compatibility with the standard MAC as well as the ease of implementation.

AEGIS: A Proactive Methodology to Shield against Zero-Day Exploits

Given the large number of vulnerability instances disclosed in various bug-tracking communities, system administrators face an up-hill task of protecting their system/ network against zero-day exploits. In order to safeguard against such exploits, the present challenges come in two-fold: (i) there exists a compelling need to assimilate configuration specific vulnerability information from various bug-tracking diaspora; also (ii) there is a need to proactively generate policy specific signatures which act as a first line of defense. In this paper we propose an automated approach for determining vulnerabilities pertinent to the current network/ system configuration using the information aggregated from different bug tracking communities. Such vulnerability assessment and indication mechanisms significantly alleviate the system administrator¿s burden of manual content digging for vulnerabilities in his own configuration context. Furthermore, we propose an Extensible Defense Oriented Representation Schema (EDORS) for vulnerability representation, which is subsequently used by the policy engine to generate appropriate signatures. As a result, the generated signatures can be viewed as a preventive interim security measure against recently published threats until its patch is released. We have also evaluated our framework through a series of experiments.