Prof. Amir Herzberg is the Head of the Networking and Security Area in the Department of Computer Science.
Research in the Network Security Group focuses on improving the security of the Internet and other networks against different attacks.
The challenge is to develop secure yet practical and efficient solutions, which will be applicable to a wide variety of real networks and problems. The group applies analytical and experimental research methods in diverse areas including networking, cryptography, algorithms, usability (human-computer interaction), machine learning and more.
The Network Security Group investigates attacks and defenses designed for existing Internet protocols and infrastructure, as well as designs for future Internet technologies. Research of defenses for existing Internet protocols is challenging, due to the huge installed base. However, changes should provide significant value to early adopters.
The group deals with a diverse set of security goals, including confidentiality, integrity, and availability.
A small set of protocols, such as TCP, UDP, DNS and IP, are crucial to the operation of the Internet (and carry most of the traffic). These protocols were defined many years ago and are very well known, with numerous implementations.
However, there are several serious security vulnerabilities for these protocols. In a series of research projects, Herzberg and his group discovered some of the most important vulnerabilities. They are working on designing and implementing countermeasures, helping vendors, and designing and analyzing secure versions of the protocols.
Regular Internet service does not ensure availability as communication may be dropped or delayed. When guaranteed availability and Quality of Service (QoS) are required, (corporate) customers must pay the providers premium fees for private network connections.
Furthermore, Internet users often suffer from Denial of Service (DoS) attacks, preventing communication or other services. The Network Security Group investigates different DoS attacks as well as defense mechanisms. For example, in a recent work called QoSoDoS, they showed how to ensure Quality of Service (QoS) even during a Denial of Service (DoS) attack.
Recently there has been an alarming increase in the level of sophistication of network and malware attacks. Attackers now include knowledgeable, powerful adversaries such as terrorist and criminal organizations as well as government organizations. Existing mechanisms to detect and prevent such attacks may not suffice; furthermore, existing defenses often require highly competent staff (system administrators), which may not always be available.
The Network Security Group is developing advanced intrusion detection and prevention systems, designed to protect against such advanced network and malware attacks, and to be used by operators with widely available skills.
Existing financial services and networks are based on centralized trusted entities such as banks and clearinghouses. The Internet has greatly improved communication between customers and financial service providers; however, it has not resulted in significant changes in the structure, trust relationships and operational efficiencies of financial services. One reason for this is the lack of availability guarantees for the Internet (see above).
The Network Security group investigates innovative sets of security technologies, which may allow for new paradigms of financial services and networks with dramatic improvements in efficiency that will empower customers and reduce overhead and middlemen costs.