Scholarly Works, Hume Center for National Security and Technology
Permanent URI for this collection
Browse
Browsing Scholarly Works, Hume Center for National Security and Technology by Content Type "Article"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
- Application of Cybernetics and Control Theory for a New Paradigm in CybersecurityAdams, Michael D.; Hitefield, Seth D.; Hoy, Bruce; Fowler, Michael C.; Clancy, Thomas Charles III (Virginia Tech, 2013-11-01)A significant limitation of current cyber security research and techniques is its reactive and applied nature. This leads to a continuous ‘cyber cycle’ of attackers scanning networks, developing exploits and attacking systems, with defenders detecting attacks, analyzing exploits and patching systems. This reactive nature leaves sensitive systems highly vulnerable to attack due to un-patched systems and undetected exploits. Some current research attempts to address this major limitation by introducing systems that implement moving target defense. However, these ideas are typically based on the intuition that a moving target defense will make it much harder for attackers to find and scan vulnerable systems, and not on theoretical mathematical foundations. The continuing lack of fundamental science and principles for developing more secure systems has drawn increased interest into establishing a ‘science of cyber security’. This paper introduces the concept of using cybernetics, an interdisciplinary approach of control theory, systems theory, information theory and game theory applied to regulatory systems, as a foundational approach for developing cyber security principles. It explores potential applications of cybernetics to cyber security from a defensive perspective, while suggesting the potential use for offensive applications. Additionally, this paper introduces the fundamental principles for building non-stationary systems, which is a more general solution than moving target defenses. Lastly, the paper discusses related works concerning the limitations of moving target defense and one implementation based on non-stationary principles.
- Towards Optimal Secure Distributed Storage Systems with Exact RepairTandon, Ravi; Amuru, SaiDhiraj; Clancy, Thomas Charles III; Buehrer, R. Michael (IEEE, 2016-06)Distributed storage systems in the presence of a wiretapper are considered. A distributed storage system (DSS) is parameterized by three parameters (𝑛, 𝑘, 𝑑), in which a file stored across n distributed nodes, can be recovered from any 𝑘 out of 𝑛 nodes. This is called as the reconstruction property of a DSS. If a node fails, any 𝑑 out of (𝑛-1) nodes help in the repair of the failed node so that the regeneration property of the DSS is preserved. For such a (𝑛, 𝑘, 𝑑)-DSS, two types of wiretapping scenarios are investigated: (a) Type-I (node) adversary which can wiretap the data stored on any 𝑙< 𝑘 nodes; and a more severe (b) Type-II (repair data) adversary which can wiretap the contents of the repair data that is used to repair a set of l failed nodes over time. The focus of this work is on the practically relevant setting of exact repair regeneration in which the repair process must replace a failed node by its exact replica. We make new progress on several non-trivial instances of this problem which prior to this work have been open. The main contribution of this paper is the optimal characterization of the secure storage-vs-exact-repair-bandwidth tradeoff region of a (𝑛, 𝑘, 𝑑)-DSS, with 𝑛 ≤ 4 and any 𝑙 < 𝑘 in the presence of both Type-I and Type-II adversaries. While the problem remains open for a general (𝑛, 𝑘, 𝑑)-DSS with 𝑛 > 4, we present extensions of these results to a (𝑛, 𝑛-1, 𝑛-1)-DSS, in presence of a Type-II adversary that can observe the repair data of any 𝑙 = (𝑛-2) nodes. The key technical contribution of this work is in developing novel information theoretic converse proofs for the Type-II adversarial scenario. From our results, we show that in the presence of Type-II attacks, the only efficient point in the storage-vs-exact-repair-bandwidth tradeoff is the MBR (minimum bandwidth regenerating) point. This is in sharp contrast to the case of a Type-I attack in which the storage-vs-exactrepair-bandwidth tradeoff allows a spectrum of operating points beyond the MBR point.
- Vulnerability of LTE to Hostile InterferenceLichtman, Marc; Reed, Jeffrey H.; Clancy, Thomas Charles III; Norton, Mark (IEEE, 2013-01-01)LTE is well on its way to becoming the primary cellular standard, due to its performance and low cost. Over the next decade we will become dependent on LTE, which is why we must ensure it is secure and available when we need it. Unfortunately, like any wireless technology, disruption through radio jamming is possible. This paper investigates the extent to which LTE is vulnerable to intentional jamming, by analyzing the components of the LTE downlink and uplink signals. The LTE physical layer consists of several physical channels and signals, most of which are vital to the operation of the link. By taking into account the density of these physical channels and signals with respect to the entire frame, as well as the modulation and coding schemes involved, we come up with a series of vulnerability metrics in the form of jammer to signal ratios. The “weakest links” of the LTE signals are then identified, and used to establish the overall vulnerability of LTE to hostile interference.