Publications

Refine Results

(Filters Applied) Clear All

DSKE: dynamic set key encryption

October 22, 2012
  |
Conference Paper
Author:
Galen E. Pickard
Published in:
7th LCN Workshop on Security in Communications, 22 October 2012, pp. 1006-13.
Topic:
cryptography
R&D area:
R&D group:

Summary

In this paper, we present a novel paradigm for studying the problem of group key distribution, use it to analyze existing key distribution schemes, and then present a novel scheme for group key distribution which we call "Dynamic Set Key Encryption," or DSKE. DSKE meets the demands of a tactical environment while relying only on standard cryptographic primitives. Our "set key" paradigm allows us to focus on the underlying problem of establishing a confidential communication channel shared by a group of users, without concern for related security factors like authenticity and integrity, and without the need to consider any properties of the group beyond a list of its members. This separation of concerns is vital to our development and analysis of DSKE, and can be applied elsewhere to simplify the analyses of other group key distribution schemes.
READ LESS

Summary

In this paper, we present a novel paradigm for studying the problem of group key distribution, use it to analyze existing key distribution schemes, and then present a novel scheme for group key distribution which we call "Dynamic Set Key Encryption," or DSKE. DSKE meets the demands of a tactical...

READ MORE
DSKE: dynamic set key encryption

HPC-VMs: virtual machines in high performance computing systems

September 10, 2012
  |
Journal Article
Author:
Albert I. Reuther
Published in:
HPEC 2012: IEEE Conf. on High Performance Extreme Computing, 10-12 September 2012.
Topic:
supercomputing
R&D area:
R&D group:

Summary

The concept of virtual machines dates back to the 1960s. Both IBM and MIT developed operating system features that enabled user and peripheral time sharing, the underpinnings of which were early virtual machines. Modern virtual machines present a translation layer of system devices between a guest operating system and the host operating system executing on a computer system, while isolating each of the guest operating systems from each other. In the past several years, enterprise computing has embraced virtual machines to deploy a wide variety of capabilities from business management systems to email server farms. Those who have adopted virtual deployment environments have capitalized on a variety of advantages including server consolidation, service migration, and higher service reliability. But they have also ended up with some challenges including a sacrifice in performance and more complex system management. Some of these advantages and challenges also apply to HPC in virtualized environments. In this paper, we analyze the effectiveness of using virtual machines in a high performance computing (HPC) environment. We propose adding some virtual machine capability to already robust HPC environments for specific scenarios where the productivity gained outweighs the performance lost for using virtual machines. Finally, we discuss an implementation of augmenting virtual machines into the software stack of a HPC cluster, and we analyze the affect on job launch time of this implementation.
READ LESS

Summary

The concept of virtual machines dates back to the 1960s. Both IBM and MIT developed operating system features that enabled user and peripheral time sharing, the underpinnings of which were early virtual machines. Modern virtual machines present a translation layer of system devices between a guest operating system and the...

READ MORE
HPC-VMs: virtual machines in high performance computing systems

Large scale network situational awareness via 3D gaming technology

September 10, 2012
  |
Conference Paper
Author:
Matthew Hubbell
Published in:
HPEC 2012: IEEE Conf. on High Performance Extreme Computing, 10-12 September 2012.
Topic:
supercomputing
R&D area:
R&D group:

Summary

Obtaining situational awareness of network activity across an enterprise presents unique visualization challenges. IT analysts are required to quickly gather and correlate large volumes of disparate data to identify the existence of anomalous behavior. This paper will show how the MIT Lincoln Laboratory LLGrid Team has approached obtaining network situational awareness utilizing the Unity 3D video game engine. We have developed a 3D environment of the physical plant in the format of a networked multi player First Person Shooter (FPS) to demonstrate a virtual depiction of the current state of the network and the machines operating on the network. Within the game or virtual world an analyst or player can gather critical information on all network assets as well as perform physical system actions on machines in question. 3D gaming technology provides tools to create an environment that is both visually familiar to the player as well display immense amounts of system data in a meaningful and easy to absorb format. Our prototype system was able to monitor and display 5000 assets in ~10% of the time of our network time window.
READ LESS

Summary

Obtaining situational awareness of network activity across an enterprise presents unique visualization challenges. IT analysts are required to quickly gather and correlate large volumes of disparate data to identify the existence of anomalous behavior. This paper will show how the MIT Lincoln Laboratory LLGrid Team has approached obtaining network situational...

READ MORE
Large scale network situational awareness via 3D gaming technology

Creating a cyber moving target for critical infrastructure applications using platform diversity

January 28, 2012
  |
Journal Article
Author:
Hamed Okhravi
Published in:
Int. J. of Critical Infrastructure Protection, Vol. 5, No. 1, March 2012, pp. 30-39.
Topic:
systems architecture
R&D area:
R&D group:

Summary

Despite the significant effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits a running critical application to change its hardware platform and operating system, thus providing cyber survivability through platform diversity. TALENT uses containers (operating-system-level virtualization) and a portable checkpoint compiler to create a virtual execution environment and to migrate a running application across different platforms while preserving the state of the application (execution state, open files and network connections). TALENT is designed to support general applications written in the C programming language. By changing the platform on-the-fly, TALENT creates a cyber moving target and significantly raises the bar for a successful attack against a critical application. Experiments demonstrate that a complete migration can be completed within about one second.
READ LESS

Summary

Despite the significant effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits a running...

READ MORE
Creating a cyber moving target for critical infrastructure applications using platform diversity

A usable interface for location-based access control and over-the-air keying in tactical environments

November 7, 2011
  |
Conference Paper
Author:
Adam Petcher
Published in:
MILCOM 2011, IEEE Military Communications Conf., 7-10 November 2011, pp. 1480-1486.
Topic:
cryptography
R&D area:
R&D group:

Summary

This paper presents a usable graphical interface for specifying and automatically enacting access control rules for applications that involve dissemination of data among mobile tactical devices. A specific motivating example is unmanned aerial vehicles (UAVs), where the mission planner or operator needs to control the conditions under which specific receivers can access the UAV?s video feed. We implemented a prototype of this user interface as a plug-in for FalconView, a popular mission planning application.
READ LESS

Summary

This paper presents a usable graphical interface for specifying and automatically enacting access control rules for applications that involve dissemination of data among mobile tactical devices. A specific motivating example is unmanned aerial vehicles (UAVs), where the mission planner or operator needs to control the conditions under which specific receivers...

READ MORE
A usable interface for location-based access control and over-the-air keying in tactical environments

Dedicated vs. distributed: a study of mission survivability metrics

November 7, 2011
  |
Conference Paper
Author:
Hamed Okhravi
Published in:
MILCOM 2011, IEEE Military Communications Conf., 7-10 November 2011, pp. 1345-1350.
Topic:
systems analysis
R&D area:
R&D group:

Summary

A traditional trade-off when designing a mission critical network is whether to deploy a small, dedicated network of highly reliable links (e.g. dedicated fiber) or a largescale, distributed network of less reliable links (e.g. a leased line over the Internet). In making this decision, metrics are needed that can express the reliability and security of these networks. Previous work on this topic has widely focused on two approaches: probabilistic modeling of network reliabilities and graph theoretic properties (e.g. minimum cutset). Reliability metrics do not quantify the robustness, the ability to tolerate multiple link failures, in a distributed network. For example, a fully redundant network and a single link can have the same overall source-destination reliability (0.9999), but they have very different robustness. Many proposed graph theoretic metrics are also not sufficient to capture network robustness. Two networks with identical metric values (e.g. minimum cutset) can have different resilience to link failures. More importantly, previous efforts have mainly focused on the source-destination connectivity and in many cases it is difficult to extend them to a general set of requirements. In this work, we study network-wide metrics to quantitatively compare the mission survivability of different network architectures when facing malicious cyber attacks. We define a metric called relative importance (RI), a robustness metric for mission critical networks, and show how it can be used to both evaluate mission survivability and make recommendations for its improvement. Additionally, our metric can be evaluated for an arbitrarily general set of mission requirements. Finally, we study the probabilistic and deterministic algorithms to quantify the RI metric and empirically evaluate it for sample networks.
READ LESS

Summary

A traditional trade-off when designing a mission critical network is whether to deploy a small, dedicated network of highly reliable links (e.g. dedicated fiber) or a largescale, distributed network of less reliable links (e.g. a leased line over the Internet). In making this decision, metrics are needed that can express...

READ MORE
Dedicated vs. distributed: a study of mission survivability metrics

Efficient transmission of DoD PKI certificates in tactical networks

November 7, 2011
  |
Conference Paper
Author:
Sean R. O'Melia
Published in:
MILCOM 2011, IEEE Military Communications Conf., 7-10 November 2011, pp. 1739-1747.
Topic:
cryptography
R&D area:
R&D group:

Summary

The DoD vision of real-time information sharing and net-centric services available to warfighters at the tactical edge is challenged by low-bandwidth and high-latency tactical network links. Secured tactical applications require transmission of digital certificates that contribute a major portion of data in most secure sessions, which further increases response time for users and drains device power. In this paper we present a simple and practical approach to alleviating this problem. We develop a dictionary of data common across DoD PKI certificates to prime general-purpose data compression of certificates, resulting in a significant reduction (about 50%) of certificate sizes. This reduction in message size translates in to faster response times for the users. For example, a mutual authentication of a client and a server over the Iridium satellite link is expected to be sped up by as much as 3 sec. This approach can be added directly to tactical applications with minimal effort, or it can be deployed as part of an intercepting network proxy, completely transparent to applications.
READ LESS

Summary

The DoD vision of real-time information sharing and net-centric services available to warfighters at the tactical edge is challenged by low-bandwidth and high-latency tactical network links. Secured tactical applications require transmission of digital certificates that contribute a major portion of data in most secure sessions, which further increases response time...

READ MORE
Efficient transmission of DoD PKI certificates in tactical networks

Achieving cyber survivability in a contested environment using a cyber moving target

May 1, 2011
  |
Journal Article
Author:
Hamed Okhravi
Published in:
High Frontier, Vol. 7, No. 3, May 2011, pp. 9-13.
Topic:
cyber security
R&D area:
R&D group:

Summary

We describe two components for achieving cyber survivability in a contested environment: an architectural component that provides heterogeneous computing platforms and an assessment technology that complements the architectural component by analyzing the threat space and triggering reorientation based on the evolving threat level. Together, these technologies provide a cyber moving target that dynamically changes the properties of the system to disadvantage the adversary and provide resiliency and survivability.
READ LESS

Summary

We describe two components for achieving cyber survivability in a contested environment: an architectural component that provides heterogeneous computing platforms and an assessment technology that complements the architectural component by analyzing the threat space and triggering reorientation based on the evolving threat level. Together, these technologies provide a cyber moving...

READ MORE
Achieving cyber survivability in a contested environment using a cyber moving target

Creating a cyber moving target for critical infrastructure applications

March 19, 2011
  |
Conference Paper
Author:
Hamed Okhravi
Published in:
5th IFIP Int. Conf. on Critical Infrastructure Protection, ICCIP 2011, 19-21 March 2011.
Topic:
systems architecture
R&D area:
R&D group:

Summary

Despite the significant amount of effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits a running critical application to change its hardware platform and operating system, thus providing cyber survivability through platform diversity. TALENT uses containers (operating-system-level virtualization) and a portable checkpoint compiler to create a virtual execution environment and to migrate a running application across different platforms while preserving the state of the application (execution state, open files and network connections). TALENT is designed to support general applications written in the C programming language. By changing the platform on-the-fly, TALENT creates a cyber moving target and significantly raises the bar for a successful attack against a critical application. Experiments demonstrate that a complete migration can be completed within about one second.
READ LESS

Summary

Despite the significant amount of effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits...

READ MORE
Creating a cyber moving target for critical infrastructure applications

Information security for situational awareness in computer network defense

January 1, 2011
  |
Book Chapter
Author:
Uri Blumenthal
Published in:
Chapter Six, Situational Awareness in Computer Network Defense: Principles, Methods, and Applications, 2011, pp. 86-103.
Topic:
cryptography
R&D area:
R&D group:

Summary

Situational awareness - the perception of "what's going on" - is crucial in every field of human endeavor, especially so in the cyber world where most of the protections afforded by physical time and distance are taken away. Since ancient times, military science emphasized the importance of preserving your awareness of the battlefield and at the same time preventing your adversary from learning the true situation for as long as possible. Today cyber is officially recognized as a contested military domain like air, land, and sea. Therefore situational awareness in computer networks will be under attacks of military strength and will require military-grade protection. This chapter describes the emerging threats for computer SA, and the potential avenues of defense against them.
READ LESS

Summary

Situational awareness - the perception of "what's going on" - is crucial in every field of human endeavor, especially so in the cyber world where most of the protections afforded by physical time and distance are taken away. Since ancient times, military science emphasized the importance of preserving your awareness...

READ MORE
Information security for situational awareness in computer network defense
111-120 of 132