iCAST First Year Project

Statement of Work (SOW)

Ø          One or more surveillance applications will also be prototyped.

Ø          One possible usage scenario may be demonstrated in a parking lot equipped with wireless surveillance nodes.  Whenever a car enters, leaves or moves in the parking lot, the vehicle should be detected and tracked using coordination among the surveillance nodes.  An acceptable quality video sequence of the moving car is desired.  The wireless surveillance nodes shall ideally be battery-powered.

The expected outcome:

Ø          Prototype of a micro surveillance sensor containing a communication module to form wireless sensor networks & a video processing module w/ video surveillance capabilities

Ø          Source code, documentation, & final report on the design of the micro surveillance sensor

2.2. (Project 303). Investigation on Advanced Remote Authentication Technologies

(w. Adrian Perrig and Mike Reiter)

l          Project Setting - information security needs from the pervasiveness

In today’s world, wireless communication is truly everywhere:

Ø          People bear devices with the computational power of top-end computers decades ago, all communicating wirelessly: cell phones, PDAs, palmtops, high-end MP3 players, and digicams.

Ø          Environment now saturates us with wireless signals such as Bluetooth, Zig Bee, Wi-Fi, . . .

Ø          Ubiquitous ambient services now offer many services such as climate information, geographical information, etc., using much less capable but specialized nodes.

l          Project Vision - Goals:

Ø          Establish trusted information with others we meet or communicate with.

Ø          Verify the integrity of environmental or infrastructure info.

Ø          Use trusted info to establish authenticated communication channels (via voice, IM, or email).

Ø          Exchange (or establish) a trusted crypto key with strangers (at least, untrusted party).

l          Year 1 Project Goals

Ø          To enable secure seamless communication among people, between people and infrastructure

Ø          Ideally, we could develop a system that leverages future communication environments to enable such secure communication for non-expert people. Clearly, the proposed approach must be very easy and if possible, should be fun to use!

The main research challenges that we anticipate to address in the first year include:

Ø          Establish trustworthy information between two people, such that both people have a strong level of assurance that they share authentic information.

Ø          Enable a user to discover trustworthy and authentic information about the environment.

Ø          Provide seamless integration with current applications, such that discovered trustworthy information can be used to secure applications in a seamless manner. For example, after discovering the authentic public key of another person, all communications with that person will automatically be encrypted under the recipient’s public key.

Ø          Provide strong cryptographic properties even if some of the participating devices have severe resource constraints, such as battery, computation, communication, or memory constraints.

l          Follow-up Project Goals for Years 2 & 3

The first-year project focuses on single-hop authentication: establishing trusted information between two individuals, or between an environment and an individual. In subsequent years, we extend this vision to include transitive authentication, i.e., to establish trusted information between people that are not currently in physical contact. In contrast to prior work in this area, for example the PGP web of trust, we will establish highly secure trusted information that does not deteriorate with multiple intermediate authentication entities.

We will need to provide strong cryptographic properties even if some of the participating devices have severe resource constraints, such as battery, computation, communication, or memory constraints. In subsequent years of the project, we will research and design novel cryptographic mechanisms that operate efficiently even on highly resource-constrained devices.

l           Project Milestones for First Year

We plan to accomplish the following tasks by 31 December 2006:

Ø          Plan for establishment of trustworthy information between two individuals.

Ø          Implementation of preliminary prototype.

Ø          Plan for enabling a user to discover trustworthy and authentic information about the environment.

We plan to accomplish the following tasks by 30 April 2007:

Ø          Prototype implementation that enables a user to discover trustworthy and authentic information about the environment.

Ø          Provide seamless integration with communication application, such that discovered trustworthy information is automatically employed by communication software, e.g., email, voice, IM.

The expected outcome:

l          Reports:

Ø          At least 1 academic report. (International Journal/Conference paper).

Ø          At least 1 technical report.

l          Build a prototype system implementation:

Ø          Enables a user to discover trustworthy and authentic information about the environment.

Provide seamless integration with communication application, such that discovered trustworthy information is automatically employed by communication software, e.g., email, voice, IM

2.3. (Project 304). Investigation on Intrusion Detection Techniques

(w. Tsuhan Chen)

The main goal of this project will be focused on developing an Intrusion Detection System (IDS) which can provide essential service for organizations with the need of constructing a security operations center (SOC). Other than the traditional IDS or software which usually provides the service with a “set of rules”, we are interested in an approach from a statistical viewpoint. We believe that such approach is not yet intensively studied in the security community. Practically, below are the subtasks belonging to building such a system.

•         Constructing the kernel of IDS. Several learning methods like support vector machine (SVM), graphical models (e.g., hidden Markov models), etc can be applied. The kernel should be robust enough to be effective and comprehensive enough so that the decision “rules” can be adjusted based on some expert knowledge.

•         Constructing a honey pot/net to acquire typical benchmarks for system training and test. The data may consist of labeled and unlabeled data. A successful honey pot/net should be built on a real machine instead of a virtual machine, also with an appropriate environment so that intruders can not distinguish the honey pot/net from regular hosts easily. By that, we can collect valuable intrusion data instead of those by the intruders with immature skills only.

•         Designing a strategy to trace the intruders to find the complete pattern of the attack. We would like to picture the whole image of intrusion and collect more information of the intrusion for further study.

•         Designing a strategy for a system to recover from attacks; e.g. the attack of distributed denial of service. We would like to study the effect and cost on a system after the system is attacked. Also, we need to set up the standard procedure to let the system recovered from the attack. Some approaches are performing backing-ups frequently, estimating the possibility of being attacked and the cost if being attacked for different machines/servers and setting the backing-up period accordingly, etc.

•         Designing a strategy to combine the work of intrusion detection and intrusion prevention to enhance the performance of the joint framework. The most successful strategy to deal with intrusion is no better than intrusion prevention. When a well-developed IDS is ready, we can focus on how the system can perform the detection efficiently so that the service can be done on-line rather than off-line. On the other hand, the IDS should work closely with the intrusion prevention system, also the intrusion defense on the network should be considered jointly with the intrusion defense on the servers.

•         Developing an intelligent and prospective system for intrusion detection; e.g., detecting unknown viruses or new types of intrusion. Finally, our goal is to deliver a real application for intrusion detection. The system needs to be robust and flexible enough to be applied to common organizations. Some adaptive strategy can be adopted for the system to fit to the customized situations.

The expected outcome:

            Academic report (with joined authorship - CMU & iCAST): at least 1

            Technique report (with joined authorship - CMU & iCAST): at least 1

                                    Patent

                                    IDS System Prototype

2.4. (Project 305). Software Modularity and Security

(w. Edmund M. Clarke, Peter Lee)

We aim to investigate issues of program correctness and software safety from the perspective of modular software construction. Modern high-level programming languages, e.g., Java and ML, have built-in language constructs that support modular programming. The interface/class constructs in Java, as well as the signature/structure constructs in ML, encourage a modular approach to software development. The interface of a module is specified separately from its implementation, and an implementation is always checked against its interface at compile-time for type safety.

However, for software safety properties that go beyond type safety, the modularity of a software system usually plays a less important role. Without adequate methodological and tool support, one typically would need to analyze the entire source code of an application at once in order to verify its overall safety properties. That is, each program module would have to be replaced by its implementation before the analysis can start. Modularity should be elevated to the level of property encapsulation, enabling the designer to easily extend or compose software modules in a correct and safe manner. There has been progress in formal verification methods that are more compositional. Unfortunately, these current methods have not fully exploited possible assistance offered by modular language constructs.

We see model checkers and proof-assistance systems as two major tools in studying software modularity and safety. A model checker verifies a logic formula pertaining to certain safety property of a program against the program's all possible execution traces. Model checking can be automatic but often requires substantial computational resources for large systems. A proof assistant helps ensure certain safety property of a program by checking that its safety proof is sound. The proof can be constructed manually or automatically if the program has been properly annotated. A possible way to approach modular safety property is to use model checking at the component level, and to employ proof checking at the system level.

This research project as outlined above will be coordinated by Edmund M. Clarke and Peter Lee at Carnegie Mellon University, by Tyng-Ruey Chuang and Bow-Yaw Wang at the Institute of Information Science, Academia Sinica, and by Yih-Kuen Tsay at the Department of Information

Management, National Taiwan University.

The expected outcome:

            Surveys, technical reports, and joint workshops.

2.5. (Project 306). Network Security and Forensics Research

(w. Hui Zhang)

The following are tentatively identified as an area of immediate interest

‧    Architectures, protocols and management for collaborative or federated forensic investigation in multi-administrative domain environment as the Internet

‧    Effective schemes for coordinated high-speed network traffic recording and trace

‧    Advanced theory and implementation techniques for forensic analysis

‧    Advanced techniques for proactive network security in forensic investigation

‧    Realization of high speed IDS expert system

‧    Build a prototype Internet attack trace repository system

Items of interest in the First year (2006)

‧    Architectures, protocols and management for collaborative or federated forensic investigation in multi-administration domains environment or the Internet

The first main issue here is to address the administrative structure of today’s Internet and design the architecture and protocols to facilitate the collaboration in terms of operation, administration and management involving in Internet forensic investigations. Second, one must address the privacy, participation incentives and incremental deployment issues in collaborative network security investigation and analysis.

‧    Effective schemes for coordinated high-speed network traffic recording and trace

Main challenges in traffic recording and trace building are to a) determine which packets to trace to provide sufficient and necessary information for post-mortem analysis; b) maintain privacy; and c) minimize costs in traffic tracking at routers and the storage.

‧    Realization of high speed IDS expert system

We will focus on a) the rule-based approach to provide timely identification of malicious activity and ad hoc intrusion; b) efficient implementation of the stateful intrusion detection for high speed networks; c) the study of the fundamental functions of stateful protocol analysis and packet content scan to enhance intrusion detection capability and improve processing speed.

The expected outcome:

‧    Academic report: at least 1

‧    Technique report: at least 1

2.6. (Project 306). Risk Assessment and Prediction Technology Developing and Personnel Training Project for M-SOC

Please note that this project is specific designed training project and will not be detailed in this memorandum.

        i.      Develop and Analyze Taxonomy of Attacks (w. Doug Tygar)

Develop a full taxonomy of attack types, including DDoS attacks, infrastructure attacks, worm attacks, etc. The taxonomy will be annotated with examples of each type of attack and an informal risk assessment of the various types of attacks.

      ii.      DETER Testbed Experiment and Simulation ( w. Anthony Joseph)

Learn how to interact with the DETER testbed and how to use DETER. By test developed software tools of security assessment in the testbed environment, researchers will have practical experience of interacting with DETER. Besides, TRUST will provide information of how to duplicate the testbed and also help III to get software system/tools of testbed control framework.

    iii.      IDS/IPS Resiliency Probing (w. Vern Paxson)

Pursue the development of tools for assessing the degree to which network intrusion detection/prevention systems are vulnerable to (or are robust against) different forms of evasions.  The hope is to develop a metric or benchmark which might be used to compare different such systems to provide visibility into their resiliency to evasion and (for commercial systems) market incentives to improve their resiliency.

Prototypes of the tools/benchmarks will be tested against IDS/IPS (such as Bro).  In addition, the project will include assessment of what changes m