Do we have the time for IRM?: Service denial attacks and SDN-based defences

12/28/2018
by   Ryan Shah, et al.
0

Distributed sensor networks such as IoT deployments generate large quantities of measurement data. Often, the analytics that runs on this data is available as a web service which can be purchased for a fee. A major concern in the analytics ecosystem is ensuring the security of the data. Often, companies offer Information Rights Management (IRM) as a solution to the problem of managing usage and access rights of the data that transits administrative boundaries. IRM enables individuals and corporations to create restricted IoT data, which can have its flow from organisation to individual control -- disabling copying, forwarding, and allowing timed expiry. We describe our investigations into this functionality and uncover a weak-spot in the architecture -- its dependence upon the accurate global availability of time. We present an amplified denial-of-service attack which attacks time synchronisation and could prevent all the users in an organisation from reading any sort of restricted data until their software has been re-installed and re-configured. We argue that IRM systems built on current technology will be too fragile for businesses to risk widespread use. We also present defences that leverage the capabilities of Software-Defined Networks to apply a simple filter-based approach to detect and isolate attack traffic.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/06/2018

A Policy based Security Architecture for Software Defined Networks

As networks expand in size and complexity, they pose greater administrat...
research
09/22/2020

ORACLE: Collaboration of Data and Control Planes to Detect DDoS Attacks

The possibility of programming the control and data planes, enabled by t...
research
06/05/2018

Enabling Cooperative IoT Security via Software Defined Networks (SDN)

Internet of Things (IoT) is becoming an increasingly attractive target f...
research
05/30/2019

SDN-based In-network Honeypot: Preemptively Disrupt and Mislead Attacks in IoT Networks

Detecting cyber attacks in the network environments used by Internet-of-...
research
07/07/2018

Gargoyle: A Network-based Insider Attack Resilient Framework for Organizations

`Anytime, Anywhere' data access model has become a widespread IT policy ...
research
10/25/2020

Exploring Network-Wide Flow Data with Flowyager

Many network operations, ranging from attack investigation and mitigatio...
research
01/14/2020

S3: A DFW-based Scalable Security State Analysis Framework for Large-Scale Data Center Networks

With an average network size approaching 8000 servers, datacenter networ...

Please sign up or login with your details

Forgot password? Click here to reset