Network Security

Covert Channels in the HTTP Network Protocol: Channel Characterization and Detecting Man-in-the-Middle Attacks

Abstract

Network covert channels allow two entities to communicate stealthily. Hypertext Transfer Protocol (HTTP), accounting for approximately half of all traffic on the Internet (Burke, 2007), has become the de facto standard for hiding network covert channels. Proliferation of covert channels throughout the World Wide Web has brought both challenges and enhancements to the area of Information Warfare. This paper defines a set of common characteristics, then classifies and analyzes several known and new covert channels in HTTP with respect to these characteristics. Lastly, this paper proposes that there are beneficial applications of network covert channels, such as detecting Man-in-the-Middle attacks.

Tactics of Attack and Defense in Physical and Digital Environments: An Asymmetric Warfare Approach

Abstract

Asymmetric warfare is frequently described as a conflict between two parties where the ‘weaker’ party aims to offset its comparatively fewer resources by making use of particular tactical advantages. This paper develops a concept model that captures the leverage available to the ‘weaker’ party over the ‘stronger’ party simply because the former is attacking rather than defending.

Understanding the Application of Deception in Network Security

ABSTRACT

Deception techniques are often employed as part of a proactive and preventative measure of security. However, its application in security has seldom been expressed with a defining explanation of the actual deception. This paper will present a discourse on the existence of deceptions in nature to construct a model that has application to network deceptions. A model of deception will be developed with the intention of applying the delineated actions of deceit, deception, and deceiving to a wireless honeypot. In a future experiment, a research goal will be to establish associations between deceptions deployed and the attainment of network defense goals through implementation of the model of deception.

Biometric vs. Password Authentication: A User’s Perspective

ABSTRACT

This study investigates the main factors that affect adoption of biometric authentication. A purposive sample of 85 network users from the Philadelphia area was used for this study. A laboratory experiment was also carried out to assess false reject and false accept rates. The study found that a large majority (84%) of people would prefer biometric authentication. Privacy, cost, accuracy, and the perception of biometric technology are the main concerns that hinder adoption of this technology. False accept rate was found not to be high enough to cause concerns. Finally, the many benefits of using biometric authentication greatly outweigh those of password authentication.

A Case Study in the Security of Network-enabled Devices

ABSTRACT

It is becoming increasingly common for appliances and other electronic devices to be network-enabled for usability and automation purposes. There have been fears that malicious users can control such devices remotely. Since the installation base of such network-enabled household devices is still relatively small, we examine the types of vulnerabilities that another such appliance has, the network-enabled printer, which is commonly found in the education and business sector. In this paper we analyze the source of the vulnerabilities and present detailed threat scenarios. In addition, we examine four organizations in Australia and Europe. Based on the results of the case study, we draw conclusions on the effects of an information warfare attack using network-enabled devices as the medium.

Teaching Hands-On Network Security: Testbeds and Live Exercises

ABSTRACT

Teaching practical network security requires the use of tools and techniques to support the educational process and to evaluate the students’ newly achieved skills. Two fundamental tools that support a hands-on approach to network security are testbed networks and live exercises. Testbed networks provide a safe environment where the students can experiment with the techniques and security tools that they learn about. Live exercises represent a valuable tool to test the students’ newly acquired skills and to teach the students the dynamics of network-based attack and defense techniques. 

Detecting Computer Network Attacks Using a Multi-objective Evolutionary Programming Approach

ABSTRACT

Attacks against computer networks are becoming more sophisticated, with adversaries using new attacks or modifying existing attacks. This research uses two types of multi-objective approaches, lexicographic and Pareto-based, in a multi- objective evolutionary programming algorithm to develop a new method for detecting such attacks. The approach evolves finite state transducers to detect attacks; this approach may allow the system to detect attacks with features similar to known attacks. Initial testing shows the algorithm performs satisfactorily in generating finite state transducers capable of detecting simulated attacks.

Information Assurance Standards: A Cornerstone for Cyber Defense

ABSTRACT

NSA has a rich history of contributing to standards that enable cyber defense. This paper examines that history, tracing the evolution of NSA’s involvement in the development of early commercial encryption standards, through its more public contributions to network security protocols, to its current efforts to promote and create cyber standards that support the Department of Defense’s use of commercial products to protect classified information.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com