Indrajit Ray

Rakesh Podder, Turgay Caglar, Shadaab Kawnain Bashir et al.

Graph-based frameworks are often used in network hardening to help a cyber defender understand how a network can be attacked and how the best defenses can be deployed. However, incorporating network connectivity parameters in the attack graph, reasoning about the attack graph when we do not have access to complete information, providing system administrator suggestions in an understandable format, and allowing them to do what-if analysis on various scenarios and attacker motives is still missing. We fill this gap by presenting SPEAR, a formal framework with tool support for security posture evaluation and analysis that keeps human-in-the-loop. SPEAR uses the causal formalism of AI planning to model vulnerabilities and configurations in a networked system. It automatically converts network configurations and vulnerability descriptions into planning models expressed in the Planning Domain Definition Language (PDDL). SPEAR identifies a set of diverse security hardening strategies that can be presented in a manner understandable to the domain expert. These allow the administrator to explore the network hardening solution space in a systematic fashion and help evaluate the impact and compare the different solutions.

Diptendu M. Kar, Indrajit Ray

Identity-Based signature schemes are gaining a lot of popularity every day. Over the last decade, there has been a lot of schemes that have been proposed. Several libraries are there that implement identity-based cryptosystems that include identity-based signature schemes like the JPBC library which is written in Java and the charm-crypto library written in python. However, these libraries do not contain all of the popular schemes, rather the JPBC library contains only one identity-based signature scheme and the charm-crypto contains three. Furthermore, the implemented schemes are designed to work on one particular pairing curve. In pairing-based cryptosystems, even for a given signature scheme, the size of the signature and the performance i.e. the time to sign and verify depends on the chosen pairing curve. There are many applications in which the signature size is of more importance than the performance and similarly other applications where the performance is of more importance than signature size. In this work, we describe the popular signature schemes and their implementation using the JPBC library and describe how different pairing curves affect the signature size and performance. We also provide two methods to further shorten the signature size which is not present in the libraries by default.

Pin-Yu Chen, Sutanay Choudhury, Luke Rodriguez et al.

Lateral movement attacks are a serious threat to enterprise security. In these attacks, an attacker compromises a trusted user account to get a foothold into the enterprise network and uses it to attack other trusted users, increasingly gaining higher and higher privileges. Such lateral attacks are very hard to model because of the unwitting role that users play in the attack and even harder to detect and prevent because of their low and slow nature. In this paper, a theoretical framework is presented for modeling lateral movement attacks and for proposing a methodology for designing resilient cyber systems against such attacks. The enterprise is modeled as a tripartite graph capturing the interaction between users, machines, and applications, and a set of procedures is proposed to harden the network by increasing the cost of lateral movement. Strong theoretical guarantees on system resilience are established and experimentally validated for large enterprise networks.

Bruhadeshwar Bezawada, Maalvika Bachani, Jordan Peterson et al.

The Internet-of-Things (IoT) has brought in new challenges in, device identification --what the device is, and, authentication --is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or scalability problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform device behavioral fingerprinting that can be employed to undertake device type identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device types. We validate our approach using five-fold cross validation; we report a identification rate of 86-99% and a mean accuracy of 99%, across all our experiments. Our approach is successful even when a device uses encrypted communication. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different device types having similar functionality.

Mahantesh Halappanavar, Sutanay Choudhury, Emilie Hogan et al.

Networks-of-networks (NoN) is a graph-theoretic model of interdependent networks that have distinct dynamics at each network (layer). By adding special edges to represent relationships between nodes in different layers, NoN provides a unified mechanism to study interdependent systems intertwined in a complex relationship. While NoN based models have been proposed for cyber-physical systems, in this position paper we build towards a three-layered NoN model for an enterprise cyber system. Each layer captures a different facet of a cyber system. We present in-depth discussion for four major graph- theoretic applications to demonstrate how the three-layered NoN model can be leveraged for continuous system monitoring and mission assurance.