Publications

Network-based intrusion detection systems (NIDSs) are one component of a comprehensive network security solution. The use of IPsec, which encrypts network traffic, renders network intrusion detection virtually useless unless traffic is decrypted at network gateways. Host-based intrusion detection systems (HIDSs) can provide some of the functionality of NIDSs but with limitations. HIDSs cannot perform a network-wide analysis and can be subverted if a host is compromised. We propose an approach to intrusion detection that combines HIDS, NIDS, and a version of IPsec that encrypts the header and the body of IP packets separately ("Two-Zone IPsec"). We show that all of the network events currently detectable by the Snort NIDS on unencrypted network traffic are also detectable on encrypted network traffic using this approach. The NIDS detects network-level events that HIDSs have trouble detecting and HIDSs detect application-level events that can't be detected by the NIDS.

Network-based intrusion detection systems (NIDSs) are one component of a comprehensive network security solution. The use of IPsec, which encrypts network traffic, renders network intrusion detection virtually useless unless traffic is decrypted at network gateways. One alternative to NIDSs, host-based intrusion detection systems (HIDSs), provides some of the functionality of NIDSs but with limitations. HIDSs cannot perform a network-wide analysis and can be subverted if a host is compromised. We propose an approach to intrusion detection that combines HIDS, NIDS, and a version of IPsec that encrypts the header and the body of IP packets separately. We refer to the latter generically as Two-Key IPsec. We show that all of the network events currently detectable by the Snort NIDS on unencrypted network traffic are also detectable on encrypted network traffic using this approach. The NIDS detects network-level events that HIDSs have trouble detecting and HIDSs detect application-level events that can't be detected by the NIDS.

We developed a new approach and designed a practical solution for securing communication of dynamic groups in dynamic network-centric environments, such as airborne and terrestrial on-the-move networks. The solution is called Public Key Group Encryption (PKGE). In this paper, we define the problem of group encryption, motivate the need for decentralized group encryption services, and explain our vision for designing such services. We then describe our solution, PKGE, at a high-level, and report on the prototype implementation, performance experiments, and a demonstration with GAIM/Jabber chat.

The Integrated Terminal Weather System (ITWS) development program was initiated by the Federal Aviation Administration (FAA) to produce a fully automated, integrated terminal weather information system to improve the safety, efficiency and capacity of terminal area aviation operations. The ITWS will acquire data from FAA and National Weather Service (NWS) sensors as well as from aircraft in flight in the terminal area. The ITWS will provide air traffic personnel with products that are immediately usable without further metorological interpretation. These products include current terminal area weather and short-term (0-30 minute) predictions of significant weather phenomena. The Terminal area-Local Analysis and Prediction System (T-LAPS) is being evaluated as a possible provider of the Terminal Winds Product for the ITWS. T-LAPS is a direct descendant of the Local Analysis and Prediction System (LAPS) developed at the National Oceanic and Atmospheric Administraiton's (NOAA's) Forecast Systems Laboratory (FSL). T-LAPS takes meteorological data from a wide variety of data sources as input and provides a gridded, three-dimensional (3-D) analysis of the state of the local atmosphere in the terminal area as output. For the 1992 system, the output was a gridded 3-D analysis of the horizontal winds. This information is intended to be used by the Terminal Air Traffic Control Automation (TATCA) program to estimate the effects of winds on aircraft in the terminal area. The 1993 and 1994 T-LAPS systems will incorporate more sophisticated wind analysis algorithms. The T-LAPS '92 demonstration at the Lincoln Laboratory Terminal Doppler Weather Radar (TDWR) FL-2CC field site in Kissimmee, Florida, during August and September was quite successful. The primary area of coverage was a 120 km by 120 km box centered on the Orlando International Airport. The T-LAPS system was able to utilize radar information from both the TDWR testbed and the operational NEXRAD/WSR-88D radar in Melbourne, Florida. This report documents the implementation of the T-LAPS system that was run during the 1992 summer demonstration and discusses the design and some implementation details of the system.