Showing papers by "Richard R. Brooks published in 2020"

Scrybe: A Second-Generation Blockchain Technology with Lightweight Mining for Secure Provenance and Related Applications

Abstract: The recent popularity of cryptocurrencies has highlighted the versatility and applications of a decentralized, public blockchain. Blockchain provides a data structure that can guarantee both the integrity and non-repudiation of data, as well as providing provenance pertaining to such data. Our novel Lightweight Mining (LWM) algorithm provides these guarantees with minimal resource requirements. Our approach to blockchain-based data provenance, paired with the LWM algorithm, provides the legal and ethical framework for key classes of provenance to be managed. Contributions of this paper include the following: first, we describe the Scrybe system, including the Lightweight mining algorithm. We then note principles of secure provenance and explain how to adapt Scrybe to a series of practical use cases, such as academic integrity, forensic management of evidence, and secure logging. Finally, we explain the key features of the Scrybe system that enable secure provenance for these use cases, and we describe resilience of the system to denial of service attacks and repudiation.

What is DDoS

Abstract: This chapter looks at the Distributed Denial of Service (DDoS) attack problem from an attacker's perspective and classify attacks based on how the attack is performed. It investigates DDoS attacks in five classes: Resource Saturation, Exploiting System and/or Network Vulnerabilities, Modification of Configurations, Misuse and Physical Destruction. The goal of resource saturation attacks is to consume as much of the victim's critical resources as possible. This resource can be a system resource such as CPU, memory and disk space or a network resource such as bandwidth. Since these kinds of DDoS attacks are easy to perform and difficult to stop, they are commonly used by the attackers. Network bandwidth is one of the popular targets during DDoS attacks. Attackers flood the victim with dummy traffic to disconnect it from the rest of the network. In asymmetric DDoS attacks, the attacker reflects attack traffic to conceal its identity and amplify the amount of attack traffic.

Global Internet Traffic Routing and Privacy

Abstract: Current Internet Protocol routing provides minimal privacy, which enables multiple exploits. The main issue is that the source and destination addresses of all packets appear in plain text. This enables numerous attacks, including surveillance, man-in-the-middle (MITM), and denial of service (DoS). The talk explains how these attacks work in the current network. Endpoints often believe that use of Network Address Translation (NAT), and Dynamic Host Configuration Protocol (DHCP) can minimize the loss of privacy.We will explain how the regularity of human behavior can be used to overcome these countermeasures. Once packets leave the local autonomous system (AS), they are routed through the network by the Border Gateway Protocol (BGP). The talk will discuss the unreliability of BGP and current attacks on the routing protocol. This will include an introduction to BGP injects and the PEERING testbed for BGP experimentation. One experiment we have performed uses statistical methods (CUSUM and F-test) to detect BGP injection events. We describe work we performed that applies BGP injects to Internet Protocol (IP) address randomization to replace fixed IP addresses in headers with randomized addresses. We explain the similarities and differences of this approach with virtual private networks (VPNs). Analysis of this work shows that BGP reliance on autonomous system (AS) numbers removes privacy from the concept, even though it would disable the current generation of MITM and DoS attacks. We end by presenting a compromise approach that creates software-defined data exchanges (SDX), which mix traffic randomization with VPN concepts. We contrast this approach with the Tor overlay network and provide some performance data.

Detecting Low-level Radiation Sources Using Border Monitoring Gamma Sensors

Abstract: We consider a problem of detecting a low-level radiation source using a network of Gamma spectral sensors placed on the periphery of a monitored region. We propose a computationally light-weight, correlation-based method which is primarily intended for systems with limited computing capacity. Sensor measurements are combined at the fusion by first generating decisions at each time step and then taking their majority vote within a time widow. At each time step, decisions are generated using two strategies: (i) SUM method based on a threshold decision on a correlation statistic derived from measurements from all sensors, and (ii) OR method based on logical-OR of threshold decisions based on correlations statistics of individual sensor measurements. We derive analytical performance bounds for false alarm rates of SUM and OR methods, and show that their performance is enhanced by the temporal smoothing of majority vote within a time window. Using measurements from a test campaign, we generate a border monitoring scenario with twelve 2" ×2" NaI Gamma sensors deployed on the periphery of 42 × 42 m2 outdoor region. A Cs-137 source is moved in a straight-line across this region, starting several meters outside and finally moving away from it. We illustrate the performance of both correlation-based detection methods, and compare their performances with each other and with a particle filter method. Overall, under small false-alarm conditions, the OR fusion is found to produce better detection performance.