Projects per year
Abstract
Distributed sensor networks such as IoT deployments generate large quantities of measurement data. Often, the analytics that runs on this data is available as a web service which can be purchased for a fee. A major concern in the analytics ecosystem is ensuring the security of the data. Often, companies offer Information Rights Management (IRM) as a solution to the problem of managing usage and access rights of the data that transits administrative boundaries. IRM enables individuals and corporations to create restricted IoT data, which can have its flow from organisation to individual control - disabling copying, forwarding, and allowing timed expiry. We describe our investigations into this functionality and uncover a weak-spot in the architecture - its dependence upon the accurate global availability of time. We present an amplified denial-of-service attack which attacks time synchronisation and could prevent all the users in an organisation from reading any sort of restricted data until their software has been re-installed and re-configured. We argue that IRM systems built on current technology will be too fragile for businesses to risk widespread use. We also present defences that leverage the capabilities of Software-Defined Networks to apply a simple filter-based approach to detect and isolate attack traffic.
Original language | English |
---|---|
Title of host publication | ICDCN 2019 - Proceedings of the 2019 International Conference on Distributed Computing and Networking |
Place of Publication | New York |
Pages | 496-501 |
Number of pages | 6 |
ISBN (Electronic) | 9781450360944 |
DOIs | |
Publication status | Published - 4 Jan 2019 |
Event | 20th International Conference on Distributed Computing and Networking, ICDCN 2019 - Bangalore, India Duration: 4 Jan 2019 → 7 Jan 2019 |
Conference
Conference | 20th International Conference on Distributed Computing and Networking, ICDCN 2019 |
---|---|
Country/Territory | India |
City | Bangalore |
Period | 4/01/19 → 7/01/19 |
Keywords
- security
- SDN
- DRM
Fingerprint
Dive into the research topics of 'Do we have the time for IRM? Service denial attacks and SDN-based defences'. Together they form a unique fingerprint.Projects
- 1 Finished
-
Industrial CASE Account - University of Strathclyde 2017 | Shah, Ryan
Revie, C. (Principal Investigator), Ahmed, C. M. (Co-investigator) & Shah, R. (Research Co-investigator)
EPSRC (Engineering and Physical Sciences Research Council)
1/10/18 → 15/02/23
Project: Research Studentship Case - Internally allocated