17-09-2012, 02:38 PM
Self Defending & Counter Attacking Intelligent Optical Network
Self Defencing Network.docx (Size: 1.65 MB / Downloads: 33)
ABSTRACT
Communication networks and information integrity are recently challenged by unauthorized eavesdroppers and intruders. End devices are typically responsible for the integrity of information using strong cryptographic algorithms with symmetric or asymmetric keys. Conversely, networks are responsible for transporting information with the expected quality of service, timely and securely. Although quality of service and timeliness are addressed by network architecture and communication protocols, network security has not been adequately addressed. Traditionally, network intruders tap the medium or the node of the network to eavesdrop or cause malevolent network behavior. Therefore, the next generation intelligent network should be able to detect intrusions and also be able to protect itself and the service it provides. Intrusion detection in real-time has been previously presented. In this paper, we extend network intelligence to also include for the first time intrusion self-defense and intruder counter-attacking.
INTRODUCTION
Modern communication networks are fiber based and able to transport a humongous aggregate bandwidth that exceeds Tbps per fiber or billions of simultaneous conversations and data files, many of which contain personal and sensitive data. As a consequence, information integrity and network security of optical networks is of concern.
End devices are typically responsible for the integrity of information using strong cryptographic algorithms with symmetric or asymmetric keys, so that the man-in-the middle cannot crack the cryptographic code. End devices are part of the access network. Security of the access network is also of concern, wireless and wired, but in this case the amount of information is limited to one or few channels, and therefore we will not be addressed this in this paper.
Conversely, networks are responsible for transporting information with the expected quality of service, timely and securely. Although quality of service and timeliness are addressed by network architecture and communication protocols, network security has not been adequately addressed. Network intruders have the opportunity to tap the link medium, equipment in the outside plant or the node of the network in order to eavesdrop or cause malevolent network behavior. Network nodes are located in protected and guarded buildings. Similarly, equipment in the outside plant that handle keys and cryptographic algorithms are in cabinets that comply with the FIPS PUB 140-2 and Annex AD or part thereof. However, the many kilometers long medium is exposed and typically unguarded and thus easier accessible. Therefore, the next generation intelligent network should be able to differentiate between natural degradations and intrusions, monitor and detect intrusions, and also are able to protect itself and the service it provides.
COUNTER-ATTACKING NETWORKS
Network counter-attacking is an idea that to the best of our knowledge has not been explored yet. As in the previous section, we also consider two-fiber DWDM links, one fiber per direction.
In this section we assume that Evan, the bad actor, is equipped with sophisticated computer based equipment when he attacks the medium and his purpose is to copy data, inject data and break codes, and also that our network is more intelligent and sleuth. In such case,
• The attack is detected in real-time and with no service interruption. As soon as the attack is detected (and within milliseconds) the nodes at either side of the link using the outlined protocol initiate a countermeasure strategy; that is, sensitive data is moved to another secure channel whereas decoy data are being transmitted over the attacked channel. It is important to notice that decoy messages are only received by Evan and not by the link receiver; in fact, the receiver kills the decoy messages so that Evan’s malware does not propagate the network.
• However, the decoy messages contain hidden viruses and Trojan horses, which although not destructive to the link receiver, they are destructive to Evan’s computer. This countermeasure strategy gives rise to a brand new area in aggressively secure networks, which is beyond self-defending and which we call Counter-Attacking Networks (CAN). Thus, the network in its own way counterattacks the attacker. In a different scenario, malware injected in Evan’s computer may not contain viruses by its purpose is to lead Evan to wrong keys, or to decipher the wrong text, or to make him believe that he has been successful when he is not, and so on.
CONCLUSION
Communication networks and information integrity have been challenged by unauthorized intruders. Traditionally, information security is the responsibility of end users and it is addressed by cryptography. However, at the exception of firewalls and passwords used in data networks,
telecommunications network security has not been adequately addressed thusly providing the opportunity to network attackers to tap the medium or the node of the network in order to eavesdrop or cause malevolent network behavior. In this paper we presented countermeasures strategies that are based on a statistical estimation method of channel performance vector in-service and in real-time. Two network countermeasure strategies presented for the first time herein are self-defending networks and counter-attacking networks. To the best of our knowledge, these strategies are novel and have not been presented by others. Our research in counter-attacking networks continues to identify more aggressive strategies