Paper performing a RINA threat analysis accepted for publication at IEEE Systems


We are happy to report that a PRISTINE paper lead by the Thales team has been accepted for publication at the IEEE Systems journal! The paper, entitled “Identification of Threats and Security Risk Assessments for Recursive Internet Architecture” performs a threat analysis of RINA at the architecture level applying the SecRAM security risk assessment methodology.

Abstract

There are several types of attacks on network communications such as disrupting or blocking communication, intercepting, injecting fabricated packets, accessing and modifying the information. Here, for the first time the SecRAM, a recent security risk assessment methodology, is proposed to be systematically applied in a different context, i.e., to the network systems, specifically to an emerging recursive network architecture called RINA. It is used for identifying run-time threats, assessing the risks involved, and defining measures to mitigate them. The risk assessment is performed to: assess the impact and likelihood of occurrence of attacks relevant to the identified threats; evaluate the RINA design principles; and validate the built-in security enablers and the mitigation actions that are devised to combat such attacks. Resulting from this assessment, specific measures are proposed to further improve the cyber resiliency of the RINA network system, in securing its layers and components. The enhancement prevails through the utilization of multi-layered security controls or the increase in strength of security controls that are established for implementation purposes. We also demonstrate formal analysis of some of the security properties of RINA network architecture using ProVerif tool and the developed RINA Simulator. We apply the tool to create a formal model of a RINA network and the selected attacks that can be mitigated. The results of analysis are also provided.