Volker Fusenig

Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems

Our work proposes a generic architecture for runtime monitoring and optimization of IDS based on the challenge insertion. The challenges, known instances of malicious or legitimate behavior, are inserted into the network traffic represented by NetFlow records, processed with the current traffic and the systems response to the challenges is used to determine its effectiveness and to fine-tune its parameters. The insertion of challenges is based on the threat models expressed as attack trees with attached risk/loss values. The use of threat model allows the system to measure the expected undetected loss and to improve its performance with respect to the relevant threats, as we have verified in the experiments performed on live network traffic.

Verification of Data Location in Cloud Networking

Cloud computing aims to provide services and resources on a pay-as you-use basis with additional possibilities for efficient adaptation of the required resources to the actual needs. Cloud networking extends this approach by providing more flexibility in the placement, movement, and interconnection of these virtual resources. Depending on the use, customers however require the data to be located under a certain jurisdiction. To ensure this without the need of trusting the cloud operator, we propose a geolocation approach based on network coordinate systems and evaluate the accuracy of three prevalent systems. Even if the cloud operator uses supplemental measures like traffic relaying to hide the resource location, a high probability of location disclosure is achieved by the means of supervised classification algorithms.

Threat-model-driven runtime adaptation and evaluation of intrusion detection system

We present a mechanism for autonomous self-adaptation of a network-based intrusion detection system (IDS). The system is composed of a set of cooperating agents, each of which is based on an existing network behavior analysis method. The self adaptation mechanism is based on the insertion of a small number of challenges, i.e. known instances of past legitimate or malicious behavior. The response of individual system components to these challenges is used to measure and eventually optimize the system performance in terms of accuracy. In this work we show how to choose the challenges in a way such that the IDS attaches more importance to the detection of attacks that cause much damage.

Acimn protocol: A protocol for anonymous communication in multi hop wireless networks

Summary form only given. Anonymity is the state of not being identifiable within a set of subjects. Different strategies exist for assuring anonymity in computer networks, such as the dining cryptographers network and mix networks. But these strategies were designed for wired networks requiring direct communication links or fixed infrastructure. Therefore they are not applicable to multi hop wireless networks without modification. The Acimn protocol bases on the combination of these two main strategies enabling nodes to communicate anonymously among each other. Every node of the network acts as a mix so that the Mix approach can be used to hide the multi hop communication. By using this technique only one message overhead per communication path is generated because of the key establishment among the nodes on the path. During following communications only little computational power is needed by every node on the path to decrypt the messages before forwarding them to the next node. Additionally every one hop communication is kept anonymously by using the DC-net protocol. Therefor the nodes are arranged in groups of at most three members that are in communication range of each other. Sending of messages takes place in rounds where in every round only one group member is able to transmit information but every member has to send data. Because of the maximal group size of three there can be maximally three times more messages compared to the sending without the DC-net approach. By utilizing the combination of both techniques neither non participating eavesdropper nor nodes on the communication path are able to track the communication partners while the overhead is kept small.

Unlinkable Communication

In this paper we present a protocol for unlinkable communication, i.e. where an attacker cannot map the sender and receiver node of a communication. Existing anonymity protocols either do not guarantee unlinkability (e.g. Tor and Mix networks), or produce huge overhead -- the dining cryptographers network causes quadratic number of messages. Our protocol needs only a linear number of messages while it still guarantees unlinkability. We introduce a measure of unlinkability and show that our protocol offers the highest possible degree of unlinkability. We show how to use the protocol in practice by adapting it to Internet and ad hoc communication.

Mobility diversifies Trust: Introducing TrustRings

Summary form only given. In this paper, we focus on trust establishment in mobile wireless networks and introduce the idea of TrustRings. The concept of TrustRings facilitates the calculation of trust-values for nodes in mobiity networks based on an egocentric network model. Each node concentrates autonomously on the establishment of its own TrustRings by placing itself as the centric node in the middle of the network. Then, it starts building 3-dimensional spheres using the multiple of its own transmission range as the radius of each sphere. The innermost sphere is generated by exactly the transmission range of each node. By further iterating this process, the second sphere is created by using the doubled transmission range and so on. Furthermore, each node maintains a trust-value-database to store the initial-trust-value of other network participants, which results from positive and negative experiences with network participants only within the nodes direct transmission range. After a node has located its communication partner in a specific TrustRing, the initial-trust-value offers the foundation for calculating the nodes trust-values within a specific TrustRing. The main advantage of the proposed model is that it takes the characteristics of mobile networks, such as uncertainty of reliable communication, into account and provides the opportunity to deploy a sophisticated trust model.

Trust-decisions on the base of maximal information of recommended direct-trust

Nowadays the concept of trust in computer communications starts to get more and more popular. While the idea of trust in human interaction seems to be obvious and understandable it is very difficult to find adequate and precise definitions of the trust-term. Even more difficult is the attempt to find computable models of trust, particularly if one tries to keep all psycho-sociological morality from the real life out of the model. But, apart from all these problems, some approaches have been introduced more or less successful.In this paper, we do not create a new definition of trust. Like many others we start with the simplest definition of trust as a probability of expected positive behaviour. Our focus lies on the question, how far recommended trust-information is suitable to be the base of a trust-decision.Our concept is based on the definition, that individual experiences are essential for a directional direct-trust relation between an entity and an opposite entity. Recommendation-trust is a special direct-trust-relation. In order to be able to make trust-decisions on the base of recommended trust-information, our solution does not try to condense the chains of recommendation to only one value, but keeps the information untouched. We introduce trust-decisions as the final step of a randomly chosen path in a decision-tree where the weighted edges of the tree consist of recommended trust-values or the new introduced certainty-values, and of leafs with direct-trust-values or sections of total inexperience. A trust-decision is positive when a trust-threshold is exceeded by the determined value of the process. The calculation of the new introduced certainty-values, indicating the probability of the procedure to reach a direct-trust-value inside a sub-tree, plays a big part in this approach.One advantage of the procedure to induce the trust-decisions on the base of randomness lies in the higher resistance against false information from malicious entities because with a probability, paths through the tree will be chosen which exclude information of these entities.Besides the new approach of trust-decisions on the base of recommended trust-information, we show how far (meaning with how many recommenders) it is reasonable to recommend trust-information. We will give suggestions how to optimize the tree of recommendation, certainty, and direct-trust, so that in an adequate time trust-decisions are possible and we show the influence of bad and malicious entities on the results of the trust-decision.