Richard Brooks

Clemson University Electrical and Computer Engineering


Lecture Information:
  • April 24, 2024
  • 12:16 PM
  • ECS: 241 (JCCL)

Speaker Bio

Dr. Brooks is an Associate Professor in the Holcombe Department of Electrical and Computer Engineering at Clemson University in South Carolina. Before coming to Clemson, he was head of the Pennsylvania State University Applied Research Laboratory’s (PSU/ARL) Distributed Systems Department for over seven years. Dr. Brooks has a Ph.D. in Computer Science from Louisiana State University, and a B. A. in Mathematical Sciences from The Johns Hopkins University. His research has been funded by ONR, AFOSR, ARO, DARPA, NIST, NSF, DoE, Dept. of State, and BMW Corporation.

Dr. Brooks has security research projects funded by AFOSR (analyzing network timing side-channel attacks), NSF (analyzing wired and wireless denial of service vulnerabilities), DoE (authentication and authorization of exa-scale storage systems), BMW Corporation (controlling dissemination of intellectual property), and the US State Department (Creating anonymous communications tools for civil society groups). Dr. Brooks was PI of the Mobile Ubiquitous Security Environment (MUSE) Project sponsored by ONR (PM: Frank Deckelman) as a Critical Infrastructure Protection University Research Initiative (CIP/URI). MUSE created survivable network infrastructures that combined peer-to-peer and mobile code technology. He is PI of ongoing security analysis of automotive information technology systems funded by BMW Manufacturing Corporation (PM: Hr. Fischer). Dr. Brooks was co-PI of a NIST project defining the security standards and protection profiles for the ISO BACNET networked building control systems standard. The BACNET market includes automated interfaces for building security systems and interfaces to the power grid. He has received ONR and ARO DURIP awards supporting study of networked systems interacting with the real world.

Dr. Brook’s research concentrates on information assurance, and C4ISR. His Ph. D. dissertation received an exemplary achievement certificate from the Louisiana State University graduate school. Dr. Brooks also did graduate study in Operations Research at the Conservatoire National des Arts et Metiers in Paris, France. He has a broad professional background with computer systems and networks. This includes being technical director of Radio Free Europe’s computer network. His consulting clients include the French stock exchange authority and the World Bank. While with the World Bank he expanded their internal network to sub-Saharan Africa, Eastern Europe and the Former Soviet Union.

Abstract

On-line distribution of information is replacing traditional print and broadcast media. For political and investigative journalism, where vested political interests have been able to censor traditional media outlets and limit access by the local population to inconvenient facts, on-line journalism is particularly important. Bloggers, citizen journalists and journalism professionals are using new media to circumvent traditional controls with results like the Arab Spring. This has lead to an increase in Internet censorship followed by an increase in the number of censorship circumvention tools, which is becoming an on-line arms race. We will concentrate primarily on the technical aspects of this arms race, but also give examples of its social impact.

In addition to IP and DNS address filtering, Denial of Service attacks have become an important tool in limiting discourse. Denial of Service (DoS) attacks disable network services for legitimate users. If the attacker uses multiple nodes to perform a DoS attack, it is called Distributed Denial of Service (DDoS) attack. These attacks can be performed by altering configuration files, physically damaging network components or consuming resources. Freely available Denial of Service (DoS) attack tools like Stacheldraht and Low Orbit Ion Cannon (LOIC) make it possible for unsophisticated users to perform these attacks.

Famous DDoS attacks include:
– Russian nationalists disabling the cyber-infrastructure of Estonia,
– Anonymous’ disabling on-line payment services in response to their refusal to support WikiLeaks,
– Russian military disabling Georgia’s military networks as a prelude to invasion, and
– Spammers disabling a spam tracking service.

The volume of some attacks have been large enough to disable the internet for entire countries. There is open debate about whether or not DDoS should be considered a legitimate form of protest. It is illegal under the Computer Fraud and Abuse Act with severe penalties.

Researchers have proposed many DoS/DDoS detection approaches. Most studies used simulated network background and attack traffic, scenario specific data sets, or simulated attacks on live traffic traces. In our study, we tested DDoS detection approaches using operational network background traffic and performing real DDoS attack without affecting the original network. Our results showed that; the detection approaches need to be optimized for operational networks by considering the network utilization and detection delay requirements.

Current DDoS mitigation approaches either use large cloud services or attempt to diffuse the attack traffic using web caches. We consider dynamically scaling web caching system and a game theoretical approach to address the DDoS mitigation problem. In the first approach web caches to give service from multiple points when necessary. In the second approach, we defined DDoS attack problem as a game between service provider (Player 1) and attacker (Player 2) on the network. If an attack is detected by the service provider, we use a method to choose the configuration which will give us the largest selection of next round configurations, among the all the candidate configurations while searching the “loopy” game.
We conclude by discussing our current initiative using censorship circumvention tools to support press and Internet freedom in West African states.