Combating against Hacks on Encrypted Procedures by using DTRAB through Strategically Distribution Monitoring Stub
Citation
C.Mani, V.Santhoshkumar"Combating against Hacks on Encrypted Procedures by using DTRAB through Strategically Distribution Monitoring Stub", International Journal of Computer & organization Trends (IJCOT), V6(1):28-34 Jan - Feb 2016, ISSN:2249-2593, www.ijcotjournal.org. Published by Seventh Sense Research Group.
Abstract The unbridled development of the Internet and the network-based applications has contributed to enormous security leaks. Even the cryptographic procedures, which are used to provide secure communication, are often targeted by diverse hacks. Intrusion detection systems (IDSs) are often employed to monitor network traffic and host activities that may lead to unauthorized accesses and hacks against vulnerable services. Most of the conventional misuse-based and anomaly-based IDSs are ineffective against hacks targeted at encrypted procedures since they heavily rely on inspecting the payload contents. To combat against hacks on encrypted procedures, we propose an anomaly-based detection system by using strategically distributed monitoring stubs (MSs). We have categorized various hacks against cryptographic protocols. The MSs, by sniffing the encrypted traffic, extract features for detecting these hacks and construct normal usage behaviour profiles. Upon detecting suspicious activities due to the deviations from these normal profiles, the MSs notify the victim servers, which may then take necessary actions. In addition to detecting hacks, the MSs can also trace back the originating network of the attack. We call our unique approach DTRAB since it focuses on both Detection and TRACE Back in the MS level. The effectiveness of the proposed detection and trace back methods are verified through extensive simulations and Internet datasets.
References
[1] C. E. Landwehr and D. M. Goldschlag, “Security issues in networks with internet access,” Proc. IEEE, vol. 85, no. 12, pp. 2034–2051, Dec. 1997.
[2] D. Bleichenbacher, “Chosen Ciphertext hacks against procedures based on the RSA encryption standard PKCS #1,” in Proc. 18th Annu. Int. Cryptol. Conf., Santa Barbara, CA, Aug. 1998, pp. 1–12.
[3] D. Brumley and D. Boneh, “Remote timing hacks are practical,” in Proc. 12th USENIX Security Symp., Washington, DC, Aug. 2003, p1.
[4] “Open SSH PAM timing hacks,” 2006 [Online]. Available: http://se-curityvulns.com/news2789.html
[5] S. P. Joglekar and S. R. Tate, “ProtoMon: Embedded monitors for cryp-tographic procedure intrusion detection and prevention,” J. Universal Comput. Sci., vol. 11, no. 1, pp. 83–103, Jan. 2005.
[6] Z. M. Fadlullah, T. Taleb, N. Ansari, K. Hashimoto, Y. Miyake, Y. Nemoto, and N. Kato, “Combating against hacks on encrypted pro-tocols,” in Proc. IEEE ICC, Glasgow, Scotland, Jun. 24–28, 2007, pp. 1211–1216.
[7] H. Wang, D. Zhang, and G. Shin, “Change-point monitoring for the detection of Denial attack hacks,” IEEE Trans. Depend. Secure Comput., vol. 1, no. 4, pp. 193–208, Oct.–Dec. 2004.
[8] J. P. Anderson, Computer Security Threat Monitoring and Surveil-lance. Fort Washington, PA: Anderson, 1980.
[9] A. Bivens, C. Palagiri, R. Smith, B. Szymanski, and M. Embrechts, “Network-based intrusion detection using neural networks,” in Proc. ANNIE, St. Louis, MO, Nov. 2002, pp.
[10] “Smurf IP denial-of-service hacks,” CERT Advisory CA-1998-01, 1998 [Online]. Available: http://www.cert.org/advisories/CA-1998-01. html
[11] “Pingofdeath,”1997[Online]. Available: http://insecure.org/sploits/ ping-o-death.html
[12] B. Canvel, A. Hiltgen, S. Vaudenay, and M. Vuagnoux, “Password interception in a SSL/TLS channel,” in Proc. Crypto 2003, Santa Barbara, CA, Feb. 2003, vol. 2729, LNCS, pp. 583–599.
Keywords
Computer security, encrypted procedure (crypto-graphic procedure), intrusion detection system (IDS).