|
InfoSec Research
University of Louisville (U of L) is classified as a Research (Extensive) university by the National Science Foundation. This classification replaces the formerly known Carnegie classification for research. Information Security research at U of L is performed in the following departments: Computer Engineering Computer Science, Computer Information Systems, Accountancy, Mathematics, Justice Administration, and the Law School . The research focus in each of these departments is directed towards their specialty. The results are presented in international, national, and regional conferences.
A brief summary of the research work in Information Security that is done at U of L is given below. It shows the depth and breadth of research in this important area.
Mobile computing: Professors Anup Kumar and S. Srinivasan are leading the effort in this area with several masters and doctoral students in the Speed School of Engineering. Mobile ad hoc networks are infrastructure-free, pervasive, ubiquitous, and without any centralized authority. These unique characteristics, combined with security threats, demand solutions for securing ad hoc networks prior to their deployment in commercial and military applications. We study Heterogeneous Multi-hop Cellular IP (MCIP) network that integrates multi-hop communication with Cellular IP. We have designed and evaluated the secured macro/micro-mobility protocol (SM 3 P). In SM 3 P, mobile IP security has been extended for supporting micro-mobility through the process of multi-hop registration and authentication. We are also working on mobility management in the context of macro/micro mobility.
Bio-terrorism: Professor James Graham has been studying SCADA and how it could be exploited in a bio-terrorism attack. He and his doctoral students have developed models to identify such attacks.
Trusted computing: Professor Srinivasan is working in this area. Trust is an important aspect of security. The level to which one takes the security aspects will have a bearing on business functions. So, businesses have to balance the security level at a point that earns customer's trust. Several contributing factors for trust and security are studied. Even though trust can be viewed from many angles such as transaction, information content, product, technology and institution, we study primarily the transaction perspective. Our research involves the implications of trust for authentication, integrity, and non-repudiation.
Data mining: Professors Jozef Zurada and Mehmed Kantardzic are working in the area of data mining. Some of the applications that they are considering involve intrusion detection, usage patterns, and privacy.
Legal aspects: Professors John Cross, Lars Smith, and Thomas Hughes are working on various aspects of law and technology. One of the studies currently underway is based on the RFID technology and how it might violate privacy. Additional work in legal aspects involves computer forensics work.
Security controls: Professors Alan Levitan and Srinivasan are studying internal controls for protecting information systems. As part of this study they are looking at various tradeoffs necessary in order to protect the confidentiality and integrity of data.
Cryptography: Professor Udayan Darji is studying applications of cryptography with practical implications for national defense.
The following is a list of recent publications by U of L faculty in the area of Information Security:
| 1. |
B. Xie, A. Kumar, D. Agrawal, and S. Srinivasan Secured Macro/Micro-Mobility Protocol for Multi-hop Cellular IP, Pervasive and Mobile Computing Journal 2006 (to appear). (Special issue on Security in Wireless Mobile Computing Systems).
Abstract A Multi-hop Cellular IP (MCIP) network differentiates global and local domains in terms of macro/micro-mobility in heterogeneous multi-hop communication. However, a MCIP network is vulnerable to various attacks and compromises during macro/micro-mobility process in an adversarial environment. Existing MCIP protocol does not provide macro/micro-mobility security protection for mobile stations. In this paper, we introduce and evaluate a secure macro/micro-mobility protocol (SM 3 P). In the proposed SM 3 P, mobile IP security has been extended for supporting macro-mobility across local domains through the process of multi-hop registration and authentication. In a MCIP local domain, a certificate-based authentication achieves the effective routing and micro-mobility protection from a range of potential security threats. Our evaluation and simulation demonstrates the effectiveness of the SM 3 P.
|
|
|
| 2. |
J. Hieb and J. Graham, "Anomaly-Based Intrusion Monitoring Using A Dynamic Honeypot," Proc. 20th Intl. Conference on Computers and Their Applications, New Orleans, March 2005, 184-189.
Abstract: In this paper we propose a network based intrusion detection approach using anomaly detection and achieving low configuration and maintenance costs. A honeypot is an emerging security tool that has several beneficial characteristics, one of which is that all traffic to it is anomalous. A dynamic honeypot reduces the configuration and maintenance costs of honeypot deployment. An anomaly based intrusion detection system with low configuration and maintenance costs can be constructed by simply observing the egress and ingress to a dynamic honeypot. This paper explores the design and implementation of a dynamic honeypot using a variety of publicly available tools. The main contributions of the design consist of a database containing network relevant information and a dynamic honeypot engine that generates the honeypot. |
|
|
| 3. |
S. Alampalayam, A. Kumar, and S. Srinivasan, Mobile Ad hoc Network (MANET) Security - a Taxonomy , Proceedings of the 7th ICACT Conference, South Korea, Feb. 2005, 839-844.
Abstract Mobile ad hoc networks are infrastructure-free, pervasive, ubiquitous and without any centralized authority. These unique characteristics, combined with security threats, demand solutions for securing ad hoc networks prior to their deployment in commercial and military applications. So far, the research in mobile ad hoc network has been primarily focused on routing and mobility aspects rather than securing the ad hoc network itself. Due to the ever-increasing security threats, there is a need to develop algorithms and protocols for a secured ad hoc network infrastructure. This paper surveys the prevailing mobile ad hoc network security threats and the existing solution scheme. |
|
|
| 4. |
B. Xie, A. Kumar, D. Cavalcanti, D. Agrawal, and S. Srinivasan, Mobility and Routing Management for Heterogeneous Multi-hop Wireless Networks, Proceedings of the IEEE International Workshop on Heterogeneous Multi-Hop Wireless and Mobile Networks 2005, Washington D.C.
Abstract This paper proposes a new Heterogeneous Multi-hop Cellular IP (MCIP) network that integrates multi-hop communication with Cellular IP. MCIP increases the coverage of the wireless network and improves the network robustness against adverse propagation phenomena by supporting communication in dead zones and areas with poor radio coverage. MCIP includes three components: location management, connection management and route reconfiguration. Location management is responsible for maintaining the location information for Mobile Stations (MSs) in a local domain. Connection management establishes an initial path for data transmission and a route reconfiguration mechanism is proposed to take advantage of various multi-hop connection alternatives available based on terminal interfaces, network accessibility and topology. Our simulation results show that MCIP performs well in networks of various sizes. |
|
|
| 5. |
S. Srinivasan, Design and Development of an Information Security Laboratory, Proceedings of the 9 th CISSE conference, Atlanta, GA, June 2005.
Abstract Information Security courses such as Network Security and Database Security require the need for students to test the concepts taught. In order to develop effective countermeasures the students must first learn about the effects of attacks on networks. In a live network of an academic institution it is impossible to provide such a facility for testing and development. A stand-alone Information Security Lab was envisioned for this purpose and was developed over the past two years. |
|
|
| 6. |
S. Srinivasan and A. Kumar, Database Security Curriculum in InfoSec Program, Proceedings of the InfoSec Curriculum Development Conference, Kennesaw State University, Kennesaw, GA, Sep. 2005.
Abstract Database Security course is an important part of the InfoSec curriculum. In many institutions this is not taught as an independent course. Parts of the contents presented in this paper are usually incorporated in other courses such as Network Security. The importance of database security concepts stems from the fact that a compromise of data at rest could expose an organization to a greater security threat than otherwise. Database vulnerabilities exposed recently in several high profile incidents would be a good reason to dedicate a full course to this important topic. |
|
|
| 7. |
A. Mader and S. Srinivasan, Development of Information Security Policies and Procedures, Proceedings of the InfoSec Curriculum Development Conference, Kennesaw State University, Kennesaw, GA, Sep. 2005.
Abstract Policies and procedures communicate and control access to information assets and other resources. Developing effective policies and procedures involves understanding the environment within which one is working. They should encompass multiple layers. The level of trust needed for various levels of the organization must be determined. Policies are developed for accomplishing the business objectives and the procedures then support how they will be enforced. Internal control is established through design of sound policies and procedures. This paper aims to define the difference, basis, and types of specific policies and procedures that are necessary for organizations and how they could be designed and administered effectively. |
|
|
| 8. |
E. Leon, O. Nasraoui, and J. Gomez, Network Intrusion Detection Using Genetic Clustering. In Proceedings of Genetic and Evolutionary Computation Conference, Seattle, WA, June 2004.
Abstract We apply the Unsupervised Niche Clustering (UNC), a genetic niching technique for robust and unsupervised clustering, to the intrusion detection problem. Using the normal samples, UNC generates clusters sumarizing the normal space. These clusters can be characterized by fuzzy membership functions, that are later aggregated to determine a level of normality. Anomalies are identied by their low normality levels. |
|
|
| 9. |
E. Leon, O. Nasraoui, and J. Gomez, Anomaly Detection Based on Unsupervised Niche Clustering with Application to Network Intrusion Detection, Proceedings of IEEE Conference on Evolutionary Computation (CEC), Portland, OR, June 2004.
Abstract We present a new approach to anomaly detection based on the Unsupervised Niche Clustering (UNC). The UNC is a genetic niching technique for clustering that can handle noise, and is able to determine the number of clusters automatically. The UNC uses the normal samples for generating a profile of the normal space (clusters). Each cluster can later be characterized by a fuzzy membership function that follows a Gaussian shape demanded by the evolved cluster centers and radii. The set of memberships are aggregated using a max-or fuzzy operator in order to determine the normalcy level of a data sample. Experiments on synthetic and real data sets, including a network intrusion detection data set, are performed and some results are analyzed and reported. |
|
|
| 10. |
J. Gomez, D. Dasgupta, and O. Nasraoui, A New Gravitational Clustering Algorithm, Proceedings of the SIAM Conference on Data Mining, San Francisco, CA, April 2003.
Abstract This paper presents a novel unsupervised clustering technique based on the gravitation Low and the second law of Newton 's motion Law. The technique automatically determines the number of clusters in the target data set. The proposed technique is robust to noise, can be used to generate a partition of data set at multiple resolution levels and can also be used to extract seeds to form a good summary of the Data. Experiments with synthetic and real data were conducted to show the performance of the proposed clustering approach. |
|
|
| 11. |
S. Srinivasan, Role of Trust in E-business Success, Information Management and Computer Security, 12(1), March 2004, 66-72.
Abstract Success of an e-business rests on many factors. One of the important contributors is trust. Trust is something that an e-business must strive to achieve over a period of time. Acquiring customer trust depends on many things that an e-business controls. However, customer's trust as such is not under the control of the e-business. Some contributing factors for gaining customer trust are: appeal of the website, product or service offerings, branding, quality of service and trusted seals. Trust can be viewed from many angles such as transaction, information content, product, technology and institution. This paper analyses the role of trust from the transaction perspective and highlights the things that an e-business could do for building customer trust. |
|
|
| 12. |
S. Srinivasan, and A. Levitan, Secure and Practical Smart Card Applications, Information Systems Control Journal, 5, 2003, 27-31.
Abstract Smart Card technology is evolving rapidly with the growth of E-commerce. Smart Cards are an improvement over the existing magnetic striped credit cards. The credit cards have limited storage capacity in the magnetic stripe - only 125 bytes of storage. Smart Cards are designed to overcome this memory crunch. There are three basic types of Smart Cards - memory card, CPU card, and contactless card. With the advancements in wireless communications technology, a new breed of contactless cards has been introduced which enable the motorists to pay toll on the go without stopping at the tollbooth. Likewise, passengers in a busy subway system keep moving through the check points without stopping to swipe the contactless card. Applications such as these and others are moving the society towards paperless processing. The accounting field has a lot to gain in the form of speedier well-controlled paperless processing. In this paper we will explore several potential applications in the accounting field that could use the Smart Cards in a secure way while providing an audit trail and multiple levels of control. |
|
|
| 13. |
J. Graham and S. Patel, Security Issues in SCADA Systems, DIAS Technology Review, Vol. 1, No. 2, Oct. 2004, 51-57.
Abstract Supervisory Control and Data Acquisition (SCADA) networks control critical infrastructure of many countries. They perform vital functions for utility companies including electricity, natural gas, oil, water, sewage, and railroads. The SCADA networks can be easy targets for unauthorized intrusions that can result in devastating attacks by terrorists. This research identifies threats faced by SCADA and investigates cost-efficient methods to enhance its security in the light of DNP3 protocols, which has become a de facto industry standard protocol for implementing the SCADA technology. We propose cost-effective implementation alternatives including SSL/TLS, IPsec, object security, encryption, and message authentication object. The paper evaluates implementation details of these solutions, and analyzes and compares these approaches. Finally, we provide new research directions to more adequately secure SCADA networks and the protocols over the long term. |
|
|
| 14. |
Y. Yu and J. Graham, Soft Computing for Masquerader Detection Based Upon Artificial Immunity Model, Proc. 8th World Conference on Systemics, Cybernetics and Informatics (SCI 2004) Orlando, FL, July 2004, Vol. 17, 85-90.
Abstract Despite extensive efforts during recent years within the technical community to improve computer security, serious problems of computer security continue to receive increasing coverage in both the popular and technical media. A large part of the problem is that current techniques are external, and not internal. In biological systems, natural internal immune system responses identify and protect the organism. A key mechanism in this immunity process is to distinguish between self (i.e. normal organisms or behaviors) and non-self (i.e. abnormal or anomalous behavior). To deal with the ambiguities in the process of anomaly detection for computer system security, we introduce a hierarchical fuzzy inference system to capture normal behavior deviations. Fully logic has been widely used in control systems, decision-making, information retrieval, and many other applications. In this paper, we explore its capability in the area of computer security threat evaluation modeling and anomaly detection. Initial studies of command sequences indicate promising results for this approach. |
|
|
| 15. |
Y. Yu and J. Graham, Computer Immunology and Neural Network Models for Masquerader Detection from User Command Sequences, Proc. 17th Intl. Conference on Computer Applications in Industry and Engineering (CAINE-2004), Orlando, FL, Nov. 2004, 1-6.
Abstract A computer immunology model based on finite automata technique is presented in this study to detect masqueraders and identify different users from truncated commands without arguments and enriched commands with arguments. The key mechanism in this immunity process is to distinguish between self and non-self. Also, probabilistic neural network is applied to classify users into normal or anomalous by converting the user commands sequence into numerical input feature vectors to the network. Experimental evaluation shows promising results for these two different approaches.
|
|
|
| 16. |
S. Patel and J. Graham, Security Considerations in DNP3 SCADA Systems, Proceedings of the 17th International Conference on Computer Applications in Industry and Engineering (CAINE-2004), Orlando, FL, Nov. 2004, 73-78.
Abstract Supervisory Control and Data Acquisition (SCADA) networks are used by many utility companies that form critical infrastructure. SCADA networks can be easy targets for unauthorized intrusions that can result in devastating attacks by terrorists. This research identifies threats faced by SCADA and investigates effective methods to enhance security of DNP3 protocols, which are widely used for SCADA implementations. We propose implementation alternatives including SSL/TLS, IPSec, object security, encryption, and message authentication object. The paper analyzes and compares these approaches. In addition, it also evaluates implementation details of these solutions, which can be in the form of an open source toolkits or necessary changes to DNP3. Finally, we provide new research directions to more adequately secure SCADA and DNP3. |
|
