Publications
Tagged As
Information security for situational awareness in computer network defense
Summary
Summary
Situational awareness - the perception of "what's going on" - is crucial in every field of human endeavor, especially so in the cyber world where most of the protections afforded by physical time and distance are taken away. Since ancient times, military science emphasized the importance of preserving your awareness...
Secure channel establishment in disadvantaged networks: optimizing TLS using intercepting proxies
Summary
Summary
Transport Layer Security (TLS) is a secure communication protocol that is used in many secure electronic applications. In order to establish a TLS connection, a client and server engage in a handshake, which usually involves the transmission of digital certificates. In this paper we present a practical speedup of TLS...
GROK: a practical system for securing group communications
Summary
Summary
We have designed and implemented a general-purpose cryptographic building block, called GROK, for securing communication among groups of entities in networks composed of high-latency, low-bandwidth, intermittently connected links. During the process, we solved a number of non-trivial system problems. This paper describes these problems and our solutions, and motivates and...
ASE: authenticated statement exchange
Summary
Summary
Applications often re-transmit the same data, such as digital certificates, during repeated communication instances. Avoiding such superfluous transmissions with caching, while complicated, may be necessary in order to operate in low-bandwidth, high-latency wireless networks or in order to reduce communication load in shared, mobile networks. This paper presents a general...
GROK secure multi-user chat at Red Flag 2007-03
Summary
Summary
This paper describes the GROK Secure Chat experimental activity performed by MIT Lincoln Laboratory at USAF Red Flag 2007-03 exercises and its results.
Tuning intrusion detection to work with a two encryption key version of IPsec
Summary
Summary
Network-based intrusion detection systems (NIDSs) are one component of a comprehensive network security solution. The use of IPsec, which encrypts network traffic, renders network intrusion detection virtually useless unless traffic is decrypted at network gateways. Host-based intrusion detection systems (HIDSs) can provide some of the functionality of NIDSs but with...
Making network intrusion detection work with IPsec
Summary
Summary
Network-based intrusion detection systems (NIDSs) are one component of a comprehensive network security solution. The use of IPsec, which encrypts network traffic, renders network intrusion detection virtually useless unless traffic is decrypted at network gateways. One alternative to NIDSs, host-based intrusion detection systems (HIDSs), provides some of the functionality of...
Securing communication of dynamic groups in dynamic network-centric environments
Summary
Summary
We developed a new approach and designed a practical solution for securing communication of dynamic groups in dynamic network-centric environments, such as airborne and terrestrial on-the-move networks. The solution is called Public Key Group Encryption (PKGE). In this paper, we define the problem of group encryption, motivate the need for...
A wide area network simulation of single-round group membership algorithms
Summary
Summary
A recent theoretical result proposed Sigma, a novel GM protocol that forms views using a single-round of message exchange. Prior GM protocols have required more rounds in the worst-case. In this paper, we investigate how well Sigma performs in practice. We simulate Sigma using WAN connectivity traces and compare its...
Robust collaborative multicast service for airborne command and control environment
Summary
Summary
RCM (Robust Collaborative Multicast) is a communication service designed to support collaborative applications operating in dynamic, mission-critical environments. RCM implements a set of well-specified message ordering and reliability properties that balance two conflicting goals: a)providing low-latency, highly-available, reliable communication service, and b) guaranteeing global consistency in how different participants perceive...