1 / 24

Prof. Ravi mukkamala Nov. 10. 2009 By Amgad Neematallah

A Collaborative Network Security Platform in P2P Networks. Computer and Network Security Concepts, Protocols, and Programming (CS772-872). Prof. Ravi mukkamala Nov. 10. 2009 By Amgad Neematallah. Outline. Collaborative Security Platforms

edison
Download Presentation

Prof. Ravi mukkamala Nov. 10. 2009 By Amgad Neematallah

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Collaborative Network Security Platform in P2P Networks Computer and Network Security Concepts, Protocols, and Programming (CS772-872) Prof. Ravi mukkamala Nov. 10. 2009 By Amgad Neematallah

  2. Outline • Collaborative Security Platforms • When does Centralized approach fail to proetct • Proposed Platform • Platform structure • System Operation • A packet filtering service example • Implemenation of the platform to detect SYN attack • Conclusion • References

  3. Collaborative Security Platforms • A platform in which different network resources integrate with each other to defense network security • It is not enough to make good protection at nodes or just set firewall or IDS (Intrusion Detection System) to protect edge networks from outside attacks • Even Distributed firewalls and packet filter switches that are working individually can not detect some kinds of attacks

  4. When does Centralized approach fail to proetct • To find attack origins, enhanced routers or nodes have to provide tracing services such as logging the passing packets or marking their address into them (IP traceback technique). • Defense against Distributed Denial of Service attacks (DDoS) • Detection of virus and worms spread

  5. Proposed platform • A collaborative network security platform based on P2P system • PCs are the main member of the proposed platform • The joining nodes can design defensible services like packets sniffing, forwarding, monitoring, and filtering services, and publish them for sharing among other peers

  6. Proposed platform • Platform Structure: • Bootstrap server • P2P hub nodes • P2P agents nodes: • Service Passive Agent (SPA) • Request Active Agent (RAA) • Publish Active Agent (PAA)

  7. Proposed platform • Bootstrap server • Maintains the authorities of • Joining nodes • The list of P2P hub nodes • Private/public keys for secure • information exchange

  8. Proposed platform • P2P hub nodes • Cluster leaders • Maintain the IP addresses of their • owned P2P agent nodes and • associated resources

  9. Proposed platform • P2P agent nodes • Service Passive Agent (SPA) • Provides services for RAA • Request Active Agent (RAA) • Issues the request to solve • network security problems • Publish Active Agent (PAA) • Publishes new defensible • services which will be • downloaded later and provided • by at least one of the SPAs

  10. Services can be delivered by agents PC-based Intrudion Detection System Anti virus Worm detection Encryption Authentication Packet Filtering

  11. System Operation • A bootstrap server is initialized first when the system starts. • A peer that wants to join the system will be SPA by default • The bootstrap server will send the SPA an ID and list of available hub nodes • SPA will choose the closest hub node to be one of its members • SPA can also nominate it self as a hub node if it is the first node or failed to find a close hub node with few number of nodes for load balancing • Hub nodes leaving the system has to be replaced by one of its neighbours or members • SPA can request the bootstrap server to be PPA or RAA

  12. Requesting a service • RAA requests a service using the following format: • ”RUN” <hop count> <service> <parameters list> • When a hub node gets a service request it makes the following: • If the hop count is 0, it discards the request Else • Checks the availability of the sevice in the platform at the different PAA and forwards it to its SPAs • Decrements hop count by one and forwards the message to neighbouring hub nodes • SPA’s catching the request, will respond to RAA • RAA can put a time constraint over the execution duration of the service at the agent using the message “Time limit” <number of minutes>

  13. Secure Message Exchange Symetric and A \ Symmetric keys are used to protect message exchange between peers and they are exchanged using public/private keys.

  14. How packet filtering service is applied • By a network switch with mirror functions • Packets can be copied and forwarded to an assigned mirror port which the defense node connects to. • Not all network switches support mirroring function!

  15. How packet filtering service is applied (2) • Cheating using ARP protocol • The defending SPA will be provided by a virtual gateway sevice. • This gateway will respond with the agent MAC when an ARP request come • And so all packet destined to the original RAA will be forwarded to the defending agent to apply the forwarding task

  16. Implemenation of the platform to detect SYN attack • Three LANs • P2P hub node is located in LAN1 • Two SPAs are located in LAN1 and LAN2 • A PAA and a victim RAA are located in LAN3

  17. Implemenation of the platform to detect SYN attack (2) • The four agents belong to the same P2P hub node • Four attackers distributed in three LANs sending the TCP SYN attack • to the victim for requesting TCP connections thirty times per ten • seconds

  18. Implemenation of the platform to detect SYN attack (4) • The packet filtering service to drop the SYN segments are published • by the PPA • The SPAs can then download the service from the PPA

  19. Implemenation of the platform to detect SYN attack (5) • The detecting program at the victim counts the number of TCP SYN • segments and if the number exceeds 100 the defending process start • by the following: • The victim sends the request message • ”RUN -1 packet filtering 140.126.130.41 80 TCP SYN; Time Limit 3”

  20. Implemenation of the platform to detect SYN attack (6) • When agents in different LANs receiving the request message • by P2P hub node, they will ty to be the virtual gateway in their LAN • If there exist one virtual ateway, agents will give up to be a virtual gate • way {No load balanace} • Each SPA acting as a virtual gateway will run the packet filtering service • over packets destined to the victim RAA

  21. Result of applying the P2P platform to detect the SYN attack The number of TCP SYN segment is received in the victim

  22. Conclusion To solve network security problems efficiently, it is not enough to make good protection at nodes or protect networks from outside attacks Many network security problems should be solved efficiently in collaborative approaches by integrating various resources over the internet Publish Active Agents collaborating with Service passive Agents can offer a complete secure platform for different type of attacks for other Agents in the networks

  23. References A Collaborative Network Security Platform in P2P Networks, Chun-Hsin Wang , Chun-Wei Huang, 2009 International Conference on New Trends in Information and Service Science, Beijing, China , June 30-July 02, ISBN: 978-0-7695-3687-3

  24. Questions and Discussion Question??

More Related