Infrastructure-Level Protection to Ensure Critical Communications

 

Supported by NSF 0649950, $198K, Project Period, 09/2006 to 08/2008.

http://orovillerelicensing.water.ca.gov/graphics/p_theramalito%20power%20plant2.gifstatic photo:  Monticello Hydroelectric Powerplant http://www.power-technology.com/projects/shoaiba/images/shoaiba2.jpg

 

The availability of critical services and systems such as water and power control systems becomes an extraordinary urgent and important issue, as we see more and sophisticated cyber attacks aiming at disrupting these critical services and systems. In this project, we will address this fundamental issue and investigate strong protection schemes for critical communications on the nation’s information infrastructure. We will examine the limitations of the current mechanisms and the main challenges in addressing these problems. As the first step to address these issues, we focus on bandwidth flood attacks and propose a bandwidth reservation framework at the infrastructure level to assure the service quality of critical communications under flood attacks.

 

The current Internet does not provide hard guarantees for mission critical communications. Although quality-of-service (QoS) has been extensively examined in the past decade and many QoS schemes have been proposed, we have not seen a practical QoS solution broadly deployed on the Internet, especially across different administrative domains.

 

To address this issue, we will develop a security framework that provides infrastructure-level protection for the communications of mission-critical systems by incorporating secure bandwidth reservation and management with Trusted-Computing (TC) platforms. We will emphasize the following research issues: (1) We will examine the limitations of current approaches, and present a promising practical framework to address these limitations. (2) We will investigate and design secure highly-available mechanisms and algorithms to assure the service quality for critical systems, which support provable guarantees for critical systems against denial-of-service on the Internet. (3) We will develop the prototype design of the proposed framework, evaluate its security and performance strength, and explore the tradeoffs among security, availability, and efficiency. The experiences to be gained in this project will validate the proposed framework, and guide us to develop a complete system for large-scale experiments and simulations in our next phase investigation.

 

People

Yingfei Dong

Xiaojiang Liu

Jiang Li

Qi Zhang

 

Selected Publication

 

·       Y Dong and X Liu. Novel dynamic delay allocation adjustment for improving bandwidth efficiency. Elsevier Computer Communications 33(4), pages 463-476, 2010.

·       Y Dong, D Du, and F Cao. Infrastructure-level trust-based protection for security-concerned systems and their communications. In IEEE Mission Critical Networks (MCN), 2008.

·       X Liu and Y Dong. Intelligently balancing per-hop delay allocation to improve network utilization. In IEEE ICC Communications QoS, Reliability, and Performance Modeling Symposium, 2008.

 

Thesis

·       Qi Zhang, “Fast Response Schemes for Trusted-based Resource Management,” 2009

·       Jiang Li, "Global Multi-hop Scheduling for Improving Network Utilization and Qos," 2008.

·       Xiaojiang Liu, "Maximizing System Utilization through Dynamic Delay Allocation Adjustment," 2007.