|
This project is developing the next generation of network measurement tools for penetration testers, digital forensics experts, and other cybersecurity professionals who sometimes need to know more about the Internet or a specific network. It is developing techniques based on TCP/IP side channel inferences, where it is possible to infer something about a remote machine's view of the network based on the use of shared, limited resources. Because of this, the tools being developed as part of this project are able to overcome fundamental limitations of existing tools such as traceroute and nmap. For example, traceroute cannot detect tunnels along a path because it can only see the network from the perspective of the machine on which traceroute is running, whereas the methods being developed here can infer maximum transmission units bidirectionally at every hop and thus provide some information about potential tunnels. This is important because criminals often use tunnels to hide their illicit online activities.
The research team plans to release all tools developed by this project under an open source license, so that there will be a paradigm shift in how cybersecurity practitioners conduct their jobs. TCP/IP side channels have the potential to change the science of Internet and network measurement in a fundamental way.
|
TWC: Small: Developing Advanced Digital Forensic Tools Based on Network Stack Side Channels