Change to survive: a Moving Target Defense approach to secureresource-constrained distributed devices
作者: Alessandra De Benedictis
关键词:
摘要: This doctoral thesis has been developed with the aim of defining a design methodology for monitoring architectures composed resource-constrained devices (sensor nodes, FPGAs, smartphones...), able to take into account both functional and non-functional requirements. Even if our primary focus was on security, activity aimed at identifying holistic approach meet even other quality requirements, such as performance energy consumption, they are fundamental in real world applications. Security, consumption requirements closely related one another often conflicting, typically complex real-world scenarios change over time, thus requiring ability adapt dynamically. These features make definition comprehensive very challenging constrained networks, require introduction more flexible strategy achieve security while preserving overall system. In order cope these issues, we proposed reconfiguration based Moving Target Defense paradigm, an emergent technique continuously changing system's attack surface thwarting attacks. Such mechanisms increase uncertainty, complexity, cost attackers, limit exposure vulnerabilities, ultimately resiliency, result decreasing probability. We defined model generic embedded node, some possible reconfigurable parameters -- namely firmware, APIs cryptosystem adopted secure exchanged data characterized strategy, choosing new configuration activate given In do that, introduced coverage-based metric quantitatively measure level provided by each system configuration; metric, along commonly metrics, is used identify that best meets current requirements. In show feasibility applications, considered Wireless Sensor Networks (WSNs) case study. We two different cryptosystems, Elliptic Curve Cryptography (ECC), layer, firmware versions physical layer. We implemented ad-hoc perform security-level physical-level reconfiguration, conducted specific analyses layer how can help increase, or least control, system. At this aim, first analyzed performance, intrinsic then theoretical experimental evaluations effective increasing complexity attacker. Current MTD designs lack quantitative metrics effectiveness terms enhanced security. probability indirectly capable reducing successful attacks, compared baseline scenario where configurations static.
sci-hub.st 参考文章(48)
David Evans, Anh Nguyen-Tuong, John Knight, Effectiveness of Moving Target Defenses Moving Target Defense. pp. 29- 48 ,(2011) , 10.1007/978-1-4614-0977-9_2
Shahin Farahani, ZigBee Wireless Networks and Transceivers ,(2008)
Todd Jackson, Babak Salamat, Andrei Homescu, Karthikeyan Manivannan, Gregor Wagner, Andreas Gal, Stefan Brunthaler, Christian Wimmer, Michael Franz, Compiler-Generated Software Diversity Moving Target Defense. pp. 77- 98 ,(2011) , 10.1007/978-1-4614-0977-9_4
P. Levis, S. Madden, J. Polastre, R. Szewczyk, K. Whitehouse, A. Woo, D. Gay, J. Hill, M. Welsh, E. Brewer, D. Culler, TinyOS: An Operating System for Sensor Networks ambient intelligence. pp. 115- 148 ,(2005) , 10.1007/3-540-27139-2_7
Simon N. Foley, William Fitzgerald, Stefano Bistarelli, Barry O’Sullivan, Mícheál Ó Foghlú, Principles of secure network configuration: towards a formal basis for self-configuration ip operations and management. pp. 168- 180 ,(2006) , 10.1007/11908852_15
P.J. Marron, A. Lachenmann, D. Minder, J. Hahner, R. Sauter, K. Rothermel, TinyCubus: a flexible and adaptive framework sensor networks international conference on embedded wireless systems and networks. pp. 278- 289 ,(2005) , 10.1109/EWSN.2005.1462020
Dan Boneh, Ben Lynn, Hovav Shacham, Short Signatures from the Weil Pairing international conference on the theory and application of cryptology and information security. pp. 514- 532 ,(2001) , 10.1007/3-540-45682-1_30
G. Padmavathi, D. Shanmugapriya, A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks arXiv: Cryptography and Security. ,(2009)
Alexander Becher, Zinaida Benenson, Maximillian Dornseif, Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks Security in Pervasive Computing. pp. 104- 118 ,(2006) , 10.1007/11734666_9
Xiaokang Xiong, Duncan S. Wong, Xiaotie Deng, TinyPairing: A Fast and Lightweight Pairing-Based Cryptographic Library for Wireless Sensor Networks 2010 IEEE Wireless Communication and Networking Conference. pp. 1- 6 ,(2010) , 10.1109/WCNC.2010.5506580