Mohsen Rezvani

Secure Data Aggregation Technique for Wireless Sensor Networks in the Presence of Collusion Attacks

Due to limited computational power and energy resources, aggregation of data from multiple sensor nodes done at the aggregating node is usually accomplished by simple methods such as averaging. However such aggregation is known to be highly vulnerable to node compromising attacks. Since WSN are usually unattended and without tamper resistant hardware, they are highly susceptible to such attacks. Thus, ascertaining trustworthiness of data and reputation of sensor nodes is crucial for WSN. As the performance of very low power processors dramatically improves, future aggregator nodes will be capable of performing more sophisticated data aggregation algorithms, thus making WSN less vulnerable. Iterative filtering algorithms hold great promise for such a purpose. Such algorithms simultaneously aggregate data from multiple sources and provide trust assessment of these sources, usually in a form of corresponding weight factors assigned to data provided by each source. In this paper we demonstrate that several existing iterative filtering algorithms, while significantly more robust against collusion attacks than the simple averaging methods, are nevertheless susceptive to a novel sophisticated collusion attack we introduce. To address this security issue, we propose an improvement for iterative filtering techniques by providing an initial approximation for such algorithms which makes them not only collusion robust, but also more accurate and faster converging.

A robust iterative filtering technique for wireless sensor networks in the presence of malicious attacks

In this paper we introduce a novel sophisticated collusion attack scenario against a number of existing iterative filtering algorithms. To address this security issue, we propose an improvement for iterative filtering techniques by providing an initial approximation for such algorithms which makes them not only collusion robust, but also more accurate and faster converging.

Analyzing and resolving anomalies in firewall security policies based on propositional logic

Firewalls are essential components in network security solutions. In order to implement correct security policy, the anomalies in firewall rules should be analyzed carefully, especially in enterprise network. In this paper, we present a new formal framework for analysis and resolution of anomalies in firewall rules. First of all, a formal model based on propositional logic is presented to specify rules. Then we specify all anomalies that identified in the latest researches based on our model. Current studies for analysis of anomalies are based on one to one rule anomalies, but we identify total version of anomalies based on one to many relationship of rules. Furthermore we have designed and implemented a tool based on theorem proving for verification of the specified anomalies. In addition, we present two algorithms for resolving anomalies in a rule database based on our formal model. These algorithms minimize the number of rules without changing the policy. Experimental results indicate that our algorithms for discovery single and total anomalies run in 2–3 seconds for a very large firewall with thousands of rules.

MalwareMonitor: An SDN-based Framework for Securing Large Networks

Large high-speed networks such as in campuses and enterprises teem with malware infections; current solutions are either incapable of coping with the high data rates, or lacking in effective and speedy threat detection and mitigation. This work presents an early architecture for MalwareMonitor, a security framework that leverages SDN technology to address these limitations. We propose elastically partitioning network traffic to enable distributing detection load across a range of detectors; further, a centralized SDN controller allows for network-wide threat correlation as well as speedy control of malicious flows.

Provenance-aware security risk analysis for hosts and network flows

Detection of high risk network flows and high risk hosts is becoming ever more important and more challenging. In order to selectively apply deep packet inspection (DPI) one has to isolate in real time high risk network activities within a huge number of monitored network flows. To help address this problem, we propose an iterative methodology for a simultaneous assessment of risk scores for both hosts and network flows. The proposed approach measures the risk scores of hosts and flows in an interdependent manner; thus, the risk score of a flow influences the risk score of its source and destination hosts, and also the risk score of a host is evaluated by taking into account the risk scores of flows initiated by or terminated at the host. Our experimental results show that such an approach not only effective in detecting high risk hosts and flows but, when deployed in high throughput networks, is also more efficient than PageRank based algorithms.

Interdependent Security Risk Analysis of Hosts and Flows

Detection of high risk hosts and flows continues to be a significant problem in security monitoring of high throughput networks. A comprehensive risk assessment method should consider the risk propagation among risky hosts and flows. In this paper, this is achieved by introducing two novel concepts. First, an interdependency relationship among the risk scores of a network flow and its source and destination hosts. On the one hand, the risk score of a host depends on risky flows initiated by or terminated at the host. On the other hand, the risk score of a flow depends on the risk scores of its source and destination hosts. Second, which we call flow provenance, represents risk propagation among network flows which considers the likelihood that a particular flow is caused by the other flows. Based on these two concepts, we develop an iterative algorithm for computing the risk score of hosts and network flows. We give a rigorous proof that our algorithm rapidly converges to unique risk estimates, and provide its extensive empirical evaluation using two real-world data sets. Our evaluation shows that our method is effective in detecting high risk hosts and flows and is sufficiently efficient to be deployed in the high throughput networks.

Specification and Verification of Security Policies in Firewalls

Rules are used as a way of managing and configuring firewalls to fulfill security requirements in most cases. Managers have to specify their organizational security policies using low level and order-dependent rules. Furthermore, dependency of firewalls to the network topology, frequent changes in network topology (specially in dynamic networks), and lack of a method for analysis and verification of specified security policy may reduce to inconsistencies and security holes. Existence of a higher level environment for security policy specification can rectify part of the problems.In this paper we present a language for high level and formal specification of security policy in firewalls.Using the language, a security manager can configure its firewall based on his required security policy independent of the network topology. The language is used as a framework for analysis and verification of security policies. We designed and implemented a tool based on theorem proving for detecting inconsistencies, coverage, as well as applying a query on the specified policy. Results of analysis can be used to detect security vulnerabilities.

Method for providing secure and private fine-grained access to outsourced data

Outsourcing data to the cloud for computation and storage has been on rise in recent years. In this paper we investigate the problem of supporting write operation on the outsourced data for clients using mobile devices. We consider the Attribute-based Encryption (ABE) scheme as it is well suited to support access control in outsourced cloud environment. Currently there is a gap in the literature on providing write access on the data encrypted with ABE. Moreover, since ABE is computationally expensive, it imposes processing burden on resource constrained mobile devices. Our work has two fold advantages. Firstly, we extend the single authority Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme to support write operations. Secondly, in achieving this goal, we move some of the expensive computations to a manager and remote cloud server by exploiting their high-end computational power. Our security analysis demonstrates that the security properties of system are not compromised.

Light Weight Write Mechanism for Cloud Data

Outsourcing data to the cloud for computation and storage has been on the rise in recent years. In this paper we investigate the problem of supporting write operation on the outsourced data for clients using mobile devices. We consider the Ciphertext-Policy Attribute-based Encryption (CP-ABE) scheme as it is well suited to support access control in outsourced cloud environments. One shortcoming of CP-ABE is that users can modify the access policy specified by the data owner if write operations are incorporated in the scheme. We propose a protocol for collaborative processing of outsourced data that enables the authorized users to perform write operation without being able to alter the access policy specified by the data owner. Our scheme is accompanied with a light weight signature scheme and simple, inexpensive user revocation mechanism to make it suitable for processing on resource-constrained mobile devices. The implementation and detailed performance analysis of the scheme indicate the suitability of the proposed scheme for real mobile applications. Moreover, the security analysis demonstrates that the security properties of the system are not compromised.

Anomaly-free policy composition in software-defined networks

Software Defined Networking (SDN) provides considerable simplification of design and deployment of various network applications for large networks. Each application has its own view of network policy and sends its policy to a network hypervisor in which a composed policy is generated from the application policies and deployed into the data plane. A significant challenge for the hypervisor is to detect and resolve both intra and inter policy anomalies during the policy composition. However, current SDN compilers do not consider the policy anomalies well and generate large number of unnecessary rules for the data plane. This leads to a considerable inefficiency in both policy composition and policy deployment. In this paper, we propose a novel framework for policy composition in a SDN hypervisor which takes into account both inter and intra policy anomalies. Moreover, we augment the framework with an efficient insertion transformation mechanism which allows the applications to issue rule insertion and priority change updates. Our evaluation shows that our method is several orders of magnitude more efficient than the state of the art in both policy composition and compiling the rule insertion updates.