It Security in Hospital Management

8/12/2019 It Security in Hospital Management

1/31


2/31

C ontents of the Volume

i.

Cop yright Notice

ii. Editorial Board Members

iii.

Chief Author and Dean

iv.

Table of Contents

v.

From the Chief Editors Desk

vi.

Research and Review Papers

1.

It Security in Hospital Management . 1 6

2.

Econ omical Way of GPRS Based Fully Automated Energy Metering System. 15

3.

IP TRACEBACK Scenarios. 1 7 2 3

vii.

Auxiliary Memberships viii.

Process

of

Submission of

Research Paper

ix.

Preferred Author Guidelines x.

Index

4. Multi Attacker Collision Analysis in MANETs using Conditional Likelihood .2 5 3 0
http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/http://0.0.0.0/


3/31

It Security in Hospital ManagementManoj Chopra

Keywords :

web filtering, e-mail filtering, systempatching, antivirus, secure wireless access, firewallconfiguration.

I.

I ntroduction

ecuring a

hospital network is challenging.

Doctors and physicians often require specialneeds, and external vendor systems requireagreements that pose restrictions on possible securitycontrols. In addition, hospitals have many of the samechallenges other organizations struggle with. Impropermanagement of systems and network defenses canexpose private information and credit card numbers toattackers. This can violate laws and regulations, causenegative publicity, impact the financial stability of thebusiness, and hinder the ability to provide care topatients.

Effective security requires many working parts in

an organization, not all of which are technical solutions.Defined process, skilled and well-managed personnel,and management support are vital aspects of security.Many hospitals fail to address one or more of theseaspects, leaving their network open from multiple attackvectors.

Security breaches may also hinder a hospital's

ability to adequately care for its patients, or admit newpatients. Viruses and

other attacks can cause medicalrecord systems to be disabled, forcing hospitals torevert to a paper system and decreasing efficiency. In

some cases, incidents can prevent hospitals fromproviding adequate care. In these cases, ambulancesmay have to be rerouted to other medical facilities in thearea, losing business and endangering those who needimmediate care.

II. D efining S ecurity

First, when we refer to security throughout thisresearch paper, we are referencing IT security, notphysical or some other type. Security is often defined asprotecting the confidentiality, integrity, and availability ofdata, but the interpretation and context of these aspects

will change from organization to organization. Rather than creating an overall definition of security, wewill define it in terms of several goals. When we refer tosecurity throughout this paper, we will meantechnology, processes, procedures, and organizationalstructures that:

Ensure the confidentiality, availability and integrity ofelectronic/digitized assets and data, especially PHI. Ensure the ability to provide quality care to hospitalpatients through the use of technology. Minimize the impact of security threats against theneeds of the business.

We hope to represent the flexible andintangible

nature of security, especially in a hospital environment,by defining security as a collection of goals, rather thanan absolute state. As we will show later, security eventscan be quantified in terms of risk, which must either beaccepted or not for each hospital dependent onindividual tolerance. Some hospitals may accept morerisk while defining themselves as secure, while otherswill accept less risk. It is not a term that can beabsolutely defined, and we make no attempt torepresent it as such. We simply present one usefuldefinition for our purposes here.

Many approaches to network and computersecurity focus purely on better technology. By increasingthe effectiveness of anti-virus, web proxies, intrusiondetection, and other technologies, attacks cantheoretically be prevented over the network. In reality,this is not the case. The true problem of network andcomputer security in hospitals is not with the currenttechnology solutions available on the market. Theproblem is with the way security is understood,accepted, and implemented by the people within thehospital. Communication between security teams and

S

20 13 Global Journals Inc. (US)

G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

1

(

)

r

2

b stractHospital IT security presents many uniquechallenges that must be solved by the entire organization.

Network and computer threats can cause thousands of dollarsin lost time and resources, legal repercussions, and damagedreputation. Despite warnings from a wealth of public breachnotifications, many hospitals are inadequately prepared todeal with today s computer-based attacks. This researchexplores the root causes of hospital network and computer insecurity, and addresses these problems with methodsimplemented in actual hospitals. A lack of comprehension ofmethods to assess and implement security measures byhospital IT security employees can hinder network visibility andprevent their ability to stop threats. In addition, these samepeople are unable to express security concerns in terms

management can understand, harming their credibility withinthe business as a whole. Without this support, organizationalchange is impossible. By addressing these concerns with acombination of people, process, and tools, we can solvecomplex problems, protect patient data, and ensure IToperations so hospitals can serve their community and savelives.

Author : Computer Science Department.E-mail : Manoj_19143@ rediffmail.com
mailto:[email protected]:[email protected]


4/31

upper-level management is a driving factor for thisproblem. As we will show, management support isrequired for any major change in an organization,because many security changes affect the entireorganization. If this support is missing, many changesare ineffective or incomplete. Our approach seeks toaddress both the technical issues as well as

communication issues. It meets the needs of theorganization while defending its most important assets.It provides the flexibility and resiliency to cope with thechanging world of computer and network security, andaddresses the complex factors involved in security for alarge organization. Our method contains multiplestages. First, hospitals must understand the specificchallenges they face. Next, specific methods will beused for assessing a hospital's security and risk posture.Once these are complete, other methods can be usedto consistently improve IT security in theseorganizations. In the final section, case studies willillustrate the success of the method. It was implementedin several hospitals who have all reached various levelsof maturity.

IV. H ospital S ecurity

a) Implementation As discussed previously, security within an

organization is a combination of people, process, andtools. Technical controls - tools - provide a means torestrict and regulate the network. Process definesstandards by which the organization implements andenforces security controls. Finally, the people, includingpolitics between departments, the culture of theorganization, and simply their communication, areultimately responsible for security. All three arenecessary to protect the hospital network. Theassessment phase helps the hospital understand itscurrent security posture. Using the data obtained,security exposures can be identified, and thencorrected. The methods described in this chapterinclude many specific technical controls that must beimplemented to provide a reasonable degree ofsecurity. Beyond these controls, most hospitals strugglewith communication and internal politics. Lower levelsecurity employees cannot communicate appropriately

with upper level management, which will allow them toobtain the support they need for security initiatives.

V. S pecific T echnical C ontrols

Every hospital must have a set of technicalcontrols to protect their network. They must also havethe proper personnel and management support to drivethe change necessary to implement and enforce thecontrols. A list of controls have been defined below thatwill drastically improve security for most hospitals. Eachof these controls can be implemented in many ways. Noparticular vendor or implementation is recommended,

although several are mentioned as examples. These aredetails that must be worked out for each individualhospital to solve their specific needs.

a) Web Filtering The majority of successful attacks today expose

vulnerabilities in web browsers. These can be attacksagainst the browser itself (such as Internet Explorer orMozilla Firefox), but they can also exploit other servicesutilized by the browser such as Java or Adobe Flash. Assuch, normal web browsing creates a large security riskfor any hospital. To help protect against these specificattacks, web filtering appliances can be purchased frommany vendors. It is also possible to use an open sourcetool, such as Snort, to create a custom web filter, butmost organizations opt to purchase a pre-built solution.

Control : All web browser traffic must be filteredthrough a web gateway or proxy appliance.

Web filters generally work using blacklists. Thisapproach blocks specific web traffic based on contentsignatures, DNS name, IP address, or other static rules.

Any traffic that does not specifically match is allowed bydefault. Some web filters act as an enterprise-wide anti-virus solution. For example, McAfee's Web Gateway[19]searches for content matching known viruses. Due tothe prominence of attacks originating from webbrowsing, a web filter is absolutely necessary for anyhospital.

b) Email Filtering The primary responsibility of an email filter is

often to reduce or eliminate spam for an organization,and minimize viruses and other threats. Email attackscan trick a user into opening a malicious web link orattachment, but they can also attempt to get a user todivulge sensitive information. To prevent most spam andmalicious emails, we can use a dedicated email filter,such as Cisco IronPort[9].

Control 2: All email must be filtered through a dedicatedemail server to remove spam and maliciousattachments.

c) System Patching Most virus-related incidents in hospitals can be

prevented with effective patch management. Mosthospitals have thousands of computing devices on theirnetwork, a large percentage of which are running someversion of Microsoft Windows. Many securityvulnerabilities are discovered each month for Windowsthat can allow an attacker to successfully exploit andcompromise a system. Because new vulnerabilities arediscovered at a high rate, it becomes equally important

G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2

20 13 Globa l Journa ls Inc. (US)

Y e a r

0 1 3

2

2

E

Like the web filter, this approach may not

prevent all attacks, but we can use it to help reduce theattack surface of the organization.


5/31

Figure 1 : Microsoft Bulletin - Count of likely exploitablevulnerabilities per month in 2010

Control 3:

Automatic patching must be implemented

and enforced for all computer systems on the network.Sensitive systems or systems that cannot utilize anautomatic syst em must have a patching procedure inplace.

Microsoft Windows is not the only attack surfacethat requires regular patching. Adobe products (Flash,

Acrobat Reader, Shockwave, etc.), Java, AppleQuicktime, and any other popular software are oftendiscovered

to have severe security vulnerabilities aswell. Other operating systems, such as many Linux

variants or Mac OS X release patches for newlydiscovered security vulnerabilities, although these areexploited less often due to a smaller user base. Finally,many medical system vendors prohibit hospitals frominstalling patches on their computer systems, even if thehospital owns the system. They instead require thehospital wait for the vendor to patch the system for newvulnerabilities. Unfortunately, many of

these systemsnever get patched once they are installed in the hospitalenvironment. To combat this, other controls mustprotect these systems, such as network segregationand strict policy surrounding their usage.

d)

Anti-Virus

Anti-virus is primarily the last defense against anattack. When all other con-

trols have failed, a local anti-

virus installation can detect and block malicious codebefore it is able to compromise and infect a system.When referring to `anti-virus' in this paper, it should beconsidered a program which tries to detect and preventany type of malicious attack on an end-point system.This can include Trojan Horses, viruses, worms, adware,spyware, and any type of attack normal enterprise anti-virus can detect and prevent. Anti-virus is

most useful on

Microsoft Windows computers. Solutions do exist forLinux and OS X, such as ClamAV[10] for Linux andSophos[33] for OS X, but they typically provide lessvalue to hospitals, who have a high number of Windowssystems in the network environment.

Control 4: Anti-virus must be installed and up-to-date on

end systems.

Anti-virus should be installed on any MicrosoftWindows system with adequate resources.

Administrators often forgo installing it on high loadservers for fear it will adversely impact performance.This is a risk that can be accepted provided othercontrols protect the system. Like system patching, manymedical system vendors prohibit hospitals frominstalling anti-virus solutions on their systems. Theirreasons include performance concerns and unintendedside effects. When this occurs, other controls mustadequately protect these systems. The hospital shouldensure that anti-virus is updated regularly to the latestsoftware versions. This includes the anti-virus installationitself, but it also includes virus signatures releasedregularly from the vendor. This ensures the system canbe protected from the latest known threats. Despiteproviding a valuable control, anti-virus is still limited byits signature definitions. It can only

detect and protect a

system from known threats. Polymorphic viruses andnew attacks will bypass anti-virus and are still capable ofcompromising a system.

e)

External Device Control

Any device capable of easily and physicallycarrying data inside or outside the hospital network canbe classified as an \external device". This includes bothhospital provided and personal laptops, and removablemedia such as USB ash drives or external hard drives.These devices can be connected to insecure networksoutside of hospital control, which can cause them tobecome infected with a virus or other malicioussoftware. Upon returning to the internal hospital network,the malicious code can then attack the internal networkand company resources. Hospitals should also beconcerned with data ex-

filtration. A laptop is capable of

carrying PHI outside the network, which can lead to asecurity incident if not adequately controlled.


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

3

(

)

r

2

that we are able to apply patches that correct thesevulnerabilities. Figure 4.1.3 shows the number ofvulnerabilities released per month for Microsoft productsthat were rated `Consistent Exploit Code Likely' by theirExploitability Index[20]. This rating means \analysis hasshown that exploit code could be created in such a waythat an attacker could consistently exploit that

vulnerability."[20] Also included is a tally of thosevulnerabilities that were being actively exploited on theInternet at the time Microsoft released the monthlybulletin announcing the vulnerabilities.[21] Thismeasurement shows that sometimes a vulnerability isbeing exploited before a patch is even available. Thisincreases the urgency for applying a patch to vulnerablesystems.


6/31

Control 5

: Only hospital provided and controlled PCsshould be allowed to connect to the internal network.USBs and other forms of removable media should betightly controlled, and ideally completely restricted.

While company policy can provide somemitigation of this threat, it may not be a strong deterrent

for many employees or other outside personnel(consultants, guests, etc.). Effective technical solutionstend to be expensive and difficult to implement. Oneexample is Cisco's Network Access Control (NAC),which is certainly expensive, but when configuredproperly can protect against external devices.

Laptops and other hospital resources (harddrives, USB sticks, etc.) carrying sensitive data must befully encrypted if they can be taken outside hospitalproperty. This is especially important for laptops or any

device that may be a target for thieves. Many HITECHbreach incidents[14] were related to stolen hard drives,USB sticks, or laptops containing personal data. In suchcases, companies must disclose the data loss to thepublic, and then pay for remediation. With encryption,the only loss is the physical hardware.

Control 6: External devices storing sensitive data mustbe encrypted.

f) Secure Wireless Access Wireless access points provide convenience for

hospital employees and outside guests. The signal foraccess points is broadcast over the air, which can allowanyone within range to view and attempt to connect tothe network. Without proper controls, an intruder couldgain access to sensitive resources or disrupt networkoperations. Primarily, employee wireless access shouldbe encrypted with enterprise WPA2 using a centralRADIUS (Remote Authentication Dial In User Ser- vice)or AAA (Authentication, Authorization, Accounting)server. This provides a strong level of encryption andallows employee access to be controlled with a centralserver. Guest wireless access is typically unencryptedand open in most hospitals. This allows anyone, even

attackers, to connect to the network. To prevent amalicious user from compromising the internal hospitalnetwork, the guest network should be on a completelyseparate network. Without restrictions on the guestwireless network, employees can also connect to thisopen network and bypass normal internal network filters(such as web filters or tight firewall rules). This can lead

to employees accessing Internet resources that shouldbe restricted. It is also possible external users candetect and attack an employee system connected in thisway. To prevent this, WPA/WPA2 encryption should beenabled on the guest network, even if it uses a simpleand publicly available encryption key. Employeesystems should also be denied access to this networkby using a network access control tool like Cisco NAC.

g) Firewall Configuration Numerous resources exist explaining how to

properly configure an enterprise firewall for security. Thisis only mentioned for posterity. Firewalls should be

configured as restrictively as possible. Internal systemsshould not have unrestricted access to the externalInternet. Direct access from the external Internet shouldbe prohibited to the internal hospital network. Ademilitarized zone (DMZ) should be designated forallowing external Internet access to resources hosted onthe hospital network. The DMZ must be restricted fromaccessing the internal network.

Control 7: Firewalls should be properly configured to beas restrictive as possible.

VI.

O ther C ontrols

Most hospitals struggle to implement andmaintain even

basic controls, and the broad range of

controls we listed above attempt to solve the mostcommon areas of exposure. They should beimplemented on any hospital network. However, manyother controls should be used to provide more granularprotections. As an

example, passwords should be

complex and changed regularly (as defined andaccepted by company policy). This is a minor controlthat can be implemented with Microsoft Active Directory,and its definition can change per individual hospital.There are different ways to provide authorization toresources, such as Active Directory for network shares,or specific configurations for individual systems.Generally, users should be given minimal access to theresources they need to do their jobs. External Internetaccess should be restricted, internal server resourcesshould be restricted, and individual workstation accessshould be restricted. By providing minimal access, welimit the exposure surface of the hospital computer andnetwork resources. Technical controls help protect thehospital network. However, they are only one aspect ofsecuring a network. The next section will discuss the

G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2


Y e a r

0 1 3

2

4

E

Ideally, in the case of an external laptop or othercomputer, a technical solution will detect an attempt toconnect to the network. It will then run through a seriesof checks before allowing the device to communicatewith the rest of the network. These checks can includesystem patch levels, anti-virus installation and version,and other software checks. If the system passes, it isallowed to connect. If not, it must correct the problemsbefore it can access the internal network. To correct theproblems, a separate VLAN is often utilized to allow theuser to download patches or other requirements.Software controls can be used to prevent users fromusing unauthorized external media. Super glue can alsophysically seal the USB drives of a computer, althoughwe do not recommend this.


7/31

human aspect of security, which must be successful inorder to meet the constantly changing security world.

VII. S ecurity P ersonnel

The technical controls in the previous sectionprovide strong protection against many forms of attack,but it is equally important to address the people side ofsecurity. Politics between differing groups andindividuals, as well as the culture of the organization,play a role in security. Individual knowledge and skill areimportant as well. Hospitals are no different than anyother organization in this manner. Low level securitypersonnel are essential for implementing andmaintaining security controls and providing creativesolutions to problems. In addition, management mustactively support and enforce security initiatives. Theinteraction between these groups has an effect on howsecurity is implemented within the hospital. In thissection, guidelines will be provided for structuring the

security of a hospital. Also, when groups within anorganization communicate effectively, they can solvesecurity problems.

VIII. S ecurity T eam

The security team is tasked with administeringand reviewing the security systems at the hospital. Notonly do members of the security team configure andmaintain appliances, systems, and security softwarethroughout the organization, but they must also reviewlogs and other reports for security incidents. They thinkand make decisions about security for the hospital,although final approval may defer to a manager ordirector. Members of the security team generallyadminister major security systems at the hospital suchas firewalls, web filtering appliances, email and spamfilters, IDS/IPS appliances, vulnerability scanning, centrallogging systems, anti-virus, and patch managementsystems. In many cases they will have otherresponsibilities that may or may not directly impact thesecurity of the organization. Hospitals often do not havethe resources to have dedicated security personnelwithout other responsibilities. In many cases, themembers of the security team will not be directlyresponsible for administering a system that has animpact on security. This could be a weaknessdiscovered from a vulnerability scan, a new web serverthat will be placed on the DMZ, or any number of IToperational items. When this occurs, members of thesecurity team must work with other members of theorganization to implement or maintain a system. Theycan provide advice on the security of the system, as wellas test it to ensure it functions as intended. Good inter-departmental relationships are vital for this to be asuccess. When dealing with another department thesecurity team will often rely on their manager or director.In some cases, a formal security team has not been

established for the hospital. If this is the case, a securityteam should be created. When selecting teammembers, choosing personnel who already administermany of the devices and systems mentioned above canbe a good idea. However, this selection is often decidedby an already existing IT manager. The members mustbe trustworthy and reasonably knowledgeable about

security. The team must also include a manager with theauthority to make decisions acting the networkinfrastructure of the organization, and he or she mustalso be able to raise concerns with higher levelmanagement when necessary. When a team isestablished, they can begin to discuss and handle manyof the responsibilities required of this team. Weeklymeetings are often worth- while to ensure that everyoneand the manager is on the same page. Formal policiesmust also be defined around this team and they mustwork with the organization to get these policies andresponsibilities accepted. The security team is alsoresponsible for thinking about and solving IT securityproblems for the hospital. Some problems may bedirectly solvable by members of the security team, whileothers must be delegated to outside groups throughmanagement. For example, a security team membermay be directly responsible for the management of thehospital firewall, and can make any adjustments asnecessary. This depends on the expertise of theindividual team members. In some cases, the securityteam may only need to provide recommendations toother groups within the hospital. The security teamshould meet regularly, usually once per week. In eachmeeting the security team should assess the current

state of computer and network security for the hospital,then address any new or ongoing initiatives. The teamshould always explore ways to improve the hospital'ssecurity, even if improvements are not forthcoming. It isthen the manager's responsibility to best utilize theresources at his disposal and drive the initiatives of thesecurity team.

IX. M anagement S upport

Strong and efficacious network security beginswith management support. The security manageroversees the security team and is responsible forensuring resources are focused where necessary. Thiscan be a balancing act between security responsibilitiesand normal IT responsibilities. The manager must alsoensure that team members are consistently reviewingsecurity data and reports so incidents are noticed andduly investigated. The security team must be supportedfurther by an executive at the director or higher position(like Chief Information Security Oficer). The director musthandle funding for the security program. They must alsounderstand IT security risk and be able to present thiseffectively to the rest of the organization. Mostimportantly, they must help the security team navigate


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

5

(

)

r

2


8/31

the politics and culture of the entire hospital. Withoutsupport from the rest of the organization at a high level,the security team will be hindered during investigationsand response, they will not be able to enforce policy,and they will not get proper funding. Managementsupport is required to get the resources necessary, bothin personnel and monetary, to efficiently and effectively

deal with security problems. Their support is alsoneeded for policy change and enforcement. "Those withthe power to allocate resources, both financial and thetime of employees, can control any change expressedfrom lower in the power structure.

Figure 2 : An example hospital organizational structure

X. C onclusion

Hospitals have many of the same IT securityproblems experienced by other organizations, but with

added complications from doctors, external vendorsystems, patient records, and specific legislation. Theyalso struggle with insufficient resources and often lackcomprehensive expertise to cover all areas of security.Ineffective communication between low level securitypersonnel and management can cause misplacedpriorities and misguided initiatives. Securing a hospitalnetwork requires a combination of technical controls,policies and processes, and responsibility among thepeople of the organization. By first understanding thehospital network and its resources, then by quantitativelymeasuring the IT security risk and understanding areasof exposure, a strong security strategy can be createdand supported by management, the security team, andthe rest of the organization. Finally, security must becontinually assessed and reassessed. With new andinnovative threats, effective security cannot remainstationary. It must constantly evolve to meet newchallenges. IT security for hospitals cannot be solvedwith a simple approach and a single piece oftechnology. It is an entire process among many peoplewithin the organization. By addressing these problemsas they are - complex and multi-tiered - theconfidentiality, integrity, and availability of computingresources will be ensured. This will allow the hospital to

function normally as a business and serve patientseffectively and with privacy.

A cknowledgements

A special thanks for Dr. G. K. IYER, He hasprovided valuable input and direction, and hassupported me throughout this entire process. He has

shown great patience while waiting for me to write,change direction, rewrite, slightly change direction,continue to write, and finish this research. Thanks to myparents for their unwavering love and support.

1. Affinity Press Release. url: https : / / www .affinityplan . org /uploadedFiles / Affinity _ Home /Who _ We _ Are / PressRelease _040510.pdf.

2. Carol Ag_ocs. \Institutionalized Resistance toOrganizational Change: Denial, Inaction andRepression". In: Journal of Business Ethics 16

(1997), pp. 917-931.3. Nessus Website. url: http://www.nessus.org.4. ntop. url: http://www.ntop.org/.5. OSSEC. url: http://www.ossec.net/. 6. Jeffrey Wheatman, Rob McMillan, and Andrew

Walls. \How to Build a Computer Security IncidentResponse Team". In: Gartner Research Group (June2010).

7. Microsoft Exploitability Index. url: http://technet.microsoft.com/en-us/security /cc998259.aspx.

G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2


Y e a r

0 1 3

2

6

E

R eferences R frences R eferencias

XI.
http://www.ossec.net/http://www.ossec.net/


9/31

Economical Way of GPRS Based Fully Automated Energy Metering System

Md. Abul Bashar , Maruf Ahmad , Sobuj Kumar Ray , Fahad Bin Sayed & Asif Ahmed

Abstract This paper presents a design of secure andeconomical low cost) way of GPRS based fully automatedenergy metering system that measures and transmits the totalelectrical energy consumption to main server using generalpacket radio service GPRS) technology provided by GSMnetworks and also present how the meter reading,disconnection and reconnection can be controlled from serverend. The proposed EGFAEM system consist of four mainparts: Energy Meters, Communication part over GPRS, Serverand Management part and consumer end for billing andpayment. A single phase energy meter prototype has beenimplemented to provide measurement up to 40A load currentand 230V line to neutral voltage. Communication part isimplemented by GPRS module and microcontroller, sever andconsumer end are implemented in web server.Keywords : energy meter, pre-paid energy meter,automatic meter reading, GPRS communication, UART,i 2 c, web server.

I. I ntro duction

esigning and implementing of automatic systemhas been becoming a prominent feature in ourmodern life in commercial as well as industrial

systems. Due to enhancing automated networkingsystem and modern information technology, automaticmeter reading systems [1] and industrial sensornetworks are getting acquainting with multifariouscommunication media [2].

For conventional systems, meter reader has togo to meter to get reading then we have to put thereading from their reading books. Sometimes, the meterkeeps in lock then the meter reader cant get thereading.

Again, the operators put the wrong reading fromtheir record book of reading. Moreover for reconciliation,we have to entry the collection amount from paymentinformation of the consumer. This approach requires

human involvement and it is tiresome and timeconsuming.

By using PSTN network, we can get meterreading [3]. Again, automatic meter reading networksintroduced in [4], [5].

For high speed data control we have to usefiber optic communication but in rural area distributionsystem with more dispersed Distributed EnergyResources (DERs), it is not economical to deploy fiber-optic communication. Hence, wireless communicationtechnologies are more feasible. The protection, control,monitoring, and metering between Distribution

Automation Systems (DAS), and DERs have been

studied in reference [6].GPRS play an important role for transmittingdata at a favorable price from residential buildings tocentral billing centers and providing extra services forthe user. Due to highspeed, unlimited transmissionrange, GPRS is very appropriate for the powerapplications. This cellular network consists of cells,which are formed by many low power wirelesstransmitters. With the moment of mobile devices havingcellular modem, transmission of data is also exchangedbetween cells to cell, which facilitates non interrupteddata flow. This way it forms a point to point architecture.This technology offers extensive data coverage, nomaintains costs and network fully maintained bycarrier [7].

The user can obtain the status of the energyconsumption and the billed amount by sending thecorresponding commands from the mobile phone to theGSM modem. Then it sends the commands to themicrocontroller section and the required information issent to the user mobile through the GSM modem. Alsothey can obtain their consumption and billing statusfrom specific website which is provided by PowerDistributor Company. This increases the efficiency of thedistribution system.

II. T he S ystem A rchitecture

The system architecture of economical way ofGPRS based fully automated energy metering system isshown in figure 1.

D


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

7

(

)

r

2

Author : Dept. of Electrical and Electronic Engineering, IUBAT- International University of Business Agriculture and Technology Dhaka,Bangladesh.E-mails : [email protected], [email protected],[email protected]

Author : Assistant Manager, DESCO-Dhaka Electric SupplyCompany Limited. E-mail : [email protected],

Author : Dept. of Electrical and Electronic Engineering, IUB- Independent University of Bangladesh. E-mail : [email protected]


10/31

Figure 1 : System Architecture of EGFAEM System

The proposed EGFAEM system design consistof four main parts: Energy meters part, Communicationpart over GPRS, Server and Management part andconsumer end for billing and payment.

In this system a group of meters are connectedinto a GSM-GPRS module by three different techniqueswhich are shown in the figure 1. In the first system,group of meters are connected into a same bus through

UART of meter MCU which connection process is doneby I2C (Intrigued Inter Connection) system and thenconnected to GSM-GPRS controller MCU. In second

system, group of meters are connected into GSM-GPRScontroller MCU through TX-RX (Transmitter andReceiver) module. And the third one, group of meters isconnected into GSM-GPRS module via Zigbee or low-cost Wi-Fi module. In this paper

we will present only firstmethod of those systems.

a)

Metering

Part

Although a group of meters is used in thesystem but for example, a single phase energy meter isimplemented for this purpose.

Figure 2 : Block diagram of Energy Meter

G l o b a l J o

u r n a

l o f

C o m p u

t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2


Y e a r

0 1 3

2

8

E



11/31

The energy meter part consist of Energy MeterIC, Voltage and Current controlling unit, Microcontroller,relays, UART bus and Liquid Crystal Display (LCD).[8]

At first, supply mains are connected to the Voltageand Current regulating unit.This Voltage and Current regulating units feeds theactual voltage and current of the consumer load to

the Energy meter IC with a specific ratio.Energy meter IC produces electrical pulsesproportional to the power consumed by theconsumer supply and the power supply of thismetering system.The pulses of the energy meter chip are counted bythe Microcontroller internal counter and thenMicrocontroller calculates the energy consumed ofthe consumer. It also maintains the allcommunication, control and display process.


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

9

(

)

r

2


Microcontroller UART port (TXD and RXD pin) beconnected to the GSM-GPRS module through UARTbus for transmit the energy reading (KWh) data andreceive the command from the server end.Relay mainly performs the opening and closing of aconnection between energy meter and load throughsupply mains depending upon the command given

from the server end.Liquid Crystal Display shows the energyconsumption, date, time, etc. or any necessarymessage if the service center wants to give.

b) Communication Part The Communication part block diagram is

shown in figure 3.

Figure 3 : Block Diagram of Communication Part

The communication part consists of UART bus,Microcontroller and GSM-GPRS module.

GSM-GPRS module has been used to maintain thecommunication between meters and server thoughtits GSM and GPRS functions.

Microcontroller drives the GSM-GRPS module via AT command and it also keeps communication tothe Meters MCU though UART bus.

c) Server and Management Part The Collected power consumption reading is

sent to the computer server database where it is stored. As it is fully automated so, controlling or managing theconsumer power supply like disconnection-reconnection, reading collection is done by the servermanagerial system.

d) Consumer Part In this system, all consumer service like billing

information, power consumption (KWh) reading and

payment option is provided by specific website, SMS orby any other e-commerce system. So, that consumercan read and check unit consumption and pay their billfrom home.

III. H ardware D evelopment of E gfaemS yst em

The hardware development of EGFAEM systemcan be divided into three parts. This are circuit diagramof energy meter unit, circuit diagram of communicationunit and hardware development of management center.The description of these three parts is introduced asfollows.

a) Circuit Diagram of Energy Meter Unit The circuit diagram of energy meter unit is

shown in fig. 4. The energy consumption is measuredand calculated by energy meter IC and Microcontroller.


12/31

Figure 4 : Circuit Diagram of Energy Meter

In the following circuit diagram VDD representthe positive supply and GND represent the Ground. Thecircuit description is separately introduced as follows:

i.

Voltage and Current Transducer

In this scheme,

ii.

Energy Metering

IC

At this project we use AD7755 as an EnergyMetering IC. It is a high accuracy electrical energymeasurement IC. The part specifications surpass theaccuracy requirements as quoted in the IEC1036

standard. The only analog circuitry used in the AD7755is in the ADCs and reference circuit. All other signalprocessing (e.g., multiplication and filtering) is carriedout in the digital domain. This approach providessuperior stability and accuracy over extremes inenvironmental conditions and over time [9]. It has two

ADCs that digitalize the voltage signals from voltage andcurrent transducer. These ADCs are second ordersigma-delta converters and its over sample rate is 900KHz. The real power calculation is derived from theinstantaneous power signal which is generated by adirect multiplication of the current and voltage signals. Inorder to extract the real power component (i.e., the dccomponent), the instantaneous power signal is low-passfiltered. The low frequency output of this AD7755 isgenerated by accumulating this real power information.This low frequency inherently means a longaccumulation time between output pulses. The outputfrequency is therefore proportional to the average realpower. This average real power information can, in turn,be counted by a microcontroller counter to generate realenergy information.

iii.

Microcontroller

It is a small computer on a single integratedcircuit containing a processor core, memory, and

programmable input-output peripherals. As its small sizeand low cost it is popularly used in automatic

control

system. In this scheme, ATmega8 Microcontroller isused. The number of pulses per second present at pinCF (pin 22) of Energy Meter IC is directly proportional tothe instantaneous real power information for a particularload and microcontroller counts this pulses that appearat counter pin (pin 1) of Microcontroller within every 20seconds [10]. The information such as power, energyand maximum demand are stored in the EEPROM of theMicrocontroller. Also Microcontrollers UART port (TXD

and RXD pin) be connected to the UART bus forcommunicating between Energy Meter and GSM-GPRSmodule controller MCU.

iv. Display Unit

In this scheme, a 16x2 LCD display module isused for this project. It is mainly used to display energyconsumption of the load and maximum demand of theconsumer.

v. Relay Control Unit

This is a very important part of the EnergyMeter. It provides the useful functionality of remotelydisconnect and reconnect the consumer power supplywhich is operated by Microcontroller. It consists of aprotective relay, breaker control circuit & line breaker.

vi. Power Supply Unit

As Energy Meter IC, Microcontroller, relay andLCD operate on 5 volts supply. Therefore, we used aconstant 5 volt DC power supply. This small energy istaken from consumer supply.

b)

Circuit Diagram of Communication Unit

The circuit diagram of communication unit isshown in fig. 5. It is mainly two part GSM-GPRS modulepart and microcontroller part. These are separatelydiscussed as follows.


G l o b a l J o

u r n a

l o f

C o m p u

t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2


Y e a r

0 1 3

2

10

E


13/31

Figure 5 : Circuit Diagram of Communication Unit

i.

GSM-GPRS Module

GSM stands for Global System for Mobile and

GPRS stands for General Packet Radio Service is widelyused in mobile communication architecture in most ofthe countries. In this scheme, we use SIM900 GSMmodule which is manufactured by SIMCON Limited.SIM900 is a Tri-band GSM/GPRS engine that works onfrequencies EGSM 900 MHz, DCS 1800 MHz andPCS1900 MHz It is designed with power savingtechnique, the current consumption to as low as 2.5mAin SLEEP mode. The SIM900 is integrated with theTCP/IP, HTTP, FTP and SMTP protocols; extended ATcommands are also developed for using these protocoleasily. We use a GSM-GPRS Arduino shield module inthe prototype implementation which has an on boardSIM holder to place the SIM card and also it has GSMantenna. The transmit pin (TXD1) of the microcontroller'sUART1 serial communication port is connected with thereceive pin (RX) of the GSM module [11]. The transmitpin (TX) of the GSM module is connected to receive pin(RXD1) of microcontroller's UART1

serial transmissionpin. Therefore the commands and their results aretransmitted and received in a triangular fashion [12]. Theserial communication protocol operate at the baud rateof 9600bps, one start bit, eight data bit, one parity bitand one stop bit. The AT (ATtension) commands areused to communicate with this module.

ii.

Microcontroller

In this scheme, we use ATmega162 as a GSM-GPRS Module operator microcontroller. It has twoUSART ports for this reason we have chosen this IC.One is used for operating the GSM-GPRS Module andother one (TXD0 and RXD0 pin) is used forcommunicating the Energy Meter through UART bus.

c)

Ha rdware Development of Management Center

In this prototype implementation, we use aninternet connected Server Computer with necessarycomputer application and software. Meter readingcollection, process and stored to the server databaseand reconnect and disconnect the consumer powersupply (if needed), billing information publish to the webportal and automatic bill collection by web portal is doneby this Server Computer of the Management Center.


IV. T he Software D evelopment ofEgfaem S ystem

In the meter and communication unit, thesystem software is implemented by C language and thedeveloped code is compiled and debugged by mikroCPRO for AVR compiler.


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

11

(

)

r

2


14/31

Figure 6 : Flowchart of

Meter Part

b)

Algorithm for Communication Unit

1.

Start.

2.

Initialize the device and switch on the GSM-GPRSModule.

3.

Set content type as GPRS parameters, set APN, setGPRS profile to use with HTTP, set the URL


a) Algorithm for Meter Part of EGFAEM System

1. Start.2. Initialize the device and display.3. Check whether the UART data ready or not. If the

receive data available of the UART port then go tonext or go to step 6.

4. Check the instruction command which is received

by the meter and sent by the communication unit. Isthe Meter ID of the instruction is matched to ID ofthe Meter then go to next or go to step 6.

5. Check the op-code (operation code), whether it isActive, Deactive or sending the meter statuscommand. If the command is Active then connectthe load with the supply mains and set active inspecific memory location for further determination orthe command is sending the meter status then sendmeter ID and reading status to the communicationunit Microcontroller via UART. After complete both

process then go to step 7. If the command isDeactive then disconnect the load from supplymains by triggering the relay then go to step 3.

6. At this stage meter will check its specific memorylocation, is it previously set by Active meanscontinuing supply to the load or Deactive meansdisconnecting the load from the supply. If yes then

go to step 7 otherwise go to step 3.7. Microcontroller internal counter count the pulseswhich are provided by AD7755 Energy Meter IC andCalculate power consumption, Energy and unituses.

8. Store the energy, power reading and units uses intothe EEPROM of ATmega8 Microcontroller for futureuse.

9. Display the reading status on LCD.10. Repeat the step 3.

direction from where it will take the instructioncommand. All this setting is done by specific ATcommand of the SIM900 module.

4. Connect with the HTTP server and check and readthe instruction command. If the module ID of the

G l o b a l J o

u r n a

l o f

C o m p u

t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2


Y e a r

0 1 3

2

12

E


15/31

read instruction command is matched with the ID ofthe Module then go to next or go to step 6.

5. At this stage, communication unit send the meter IDand op-code of the read instruction commandwhich is declared by the server. This instruction byteis send by the UART0 port of the microcontroller.

6. Check the UART0, whether any data is available? Ifyes, the read the data like Meter ID and MeterReading and write or upload this data to the serverdatabase through GPRS. If not then skip the readand write process.

7. Repeat step 4.

Figure 7 : Flowchart of the Communication Unit

V. E xperimental V iews

This experiment four energy meters with GPRSCommunication box are installed in Electrical Lab atIUBAT. Each meter contains 0.5KW load by 20 onehundred bulb each of 5. Then the meter reading andterminal on-off control are successfully tested. BelowFig.8 shows the control and management web portalwhere consumers unit (KWh) uses, bill info, controloption, current load etc can be shown.



G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

13

(

)

r

2


16/31

Figure 8 : Server Control Panel

Fig. 9 shows the consumer panel whereconsumer can check and read their billing information,unit (KWh) uses, billing history and also online payment

option are added so that consumer can pay their billfrom home.


Figure 9 : Consumer Panel

2


Y e a r

0 1 3

2

14

E

G l o b a l J o

u r n a

l o f

C o m p u

t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I


17/31

VI.

C onclusion

The economical way of GSM-GPRS based fullyautomated energy metering (EGFAEM) system hasdeveloped for efficient, secure and low cost automaticmeter reading, billing and control from managementcenter. As GSM network has covered all the housingand billing area which leads low infrastructureinstallation cost. This EGFAEM system can be use asboth the post-paid and pre-paid metering purpose. So,that distributor can customize their package for differenttypes of consumers which will ensure efficient businessplanning for the company. The management centergives automatic billing and payment system so, no manpower require for meter reading and billing collectionpurpose which reduce human operator meter readingoperation cost thats very efficient and economical forany power distribution company. Instant control(disconnection and reconnection of power supply) ofindividual consumer from management center gives

secure and reliable power distribution because if anyinconvenience situation occurred at any individualconsumer then distributor can quickly disconnect thatspecific individual consumer supply. Consider all thisthings, it can be stated that EGFAEM system can bringa great change in power distribution companies ofBangladesh if the distribution companies apply thissystem on their field.

R eferences R frences R eferencias

1.

Mahmood, M. Aamir, M. I. Anis, Design andImplementation of AMR Smart Grid Sytem, Electric

Power Conference, IEEE EPEC 2008, pp.

1-6, 2008.2.

V.C. Gungor, G.P. Hancke, Industrial WirelessSensor Networks: Challenges, Design Principles,and Technical Approaches, IEEE Trans. onIndustrial Electronics, vol. 56, no. 10, pp.

4258-4265, 2009.

proc.

of IEEE International Conference on IndustrialElectronics, Control, and Instrumentation, vol. 1.

4.

L. Hong and L. Ning. Design and Implementationof Remote Intelligent Management System for CityEnergy Resources based on Wireless Network,Study of Computer Application, no.12, pp. 237-239,2004. pp. 631636, 1996.

5.

C. Yin-kang, L. Xiang-yang and X. Jing. TheHardware Design of Concentrator for WirelessIntelligent Meter Reading System, Element and IC,no. 1, pp. 37-39, 2005.

7.

P.K. Lee, L. L. Lai, A Practical Approach to WirelessGPRS On-Line Power Quality Monitoring System,Proc. of the IEEE PES General Meeting, June 2007.

8.

Haque, Md. Mejbaul, et al., "Microcontroller BasedSingle Phase Digital Prepaid Energy Meter forImproved Metering and Billing System", InternationalJournal of Power Electronics and Drive System

(IJPEDS), Vol.1, No.2, December 2011, pp.139-147.

9.

Analog Devices, AD7755, Energy Meter IC withPhase output,

http://www.datasheetcatalog.org/dat

asheet/analogdevices/AD7755.pdf

10.

Microchip,

PIC16F72Datasheet,http://www.microchip.com

11.

GSM Module, SIM900 GSM-GPRS Module,http://wm.sim.com/producten.aspx?id=1019

12.

Quazi, Irfan, et al., Pre-paid Energy Meter based on AVR Microcontrolle, International Journal ofEngineering Research and Applications (IJERA),Vol. 1, Issue 4, pp.

1879-1884.


3. S.W. Lee, C.S. Wu, W. M.S. Chiou and K.T. Wu.Design of an Automatic Meter Reading System,

6. P.M. Kanabar, M.G. Kanabar, W. El-Khattam, T.S.Sidhu, and A. Shami, "Evaluation of CommunicationTechnologies for IEC 61850 Based Distribution

Automation System with Distributed EnergyResources", Proc. of the IEEE PES General Meeting,Calgary, July 26-30, 2009.


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

15

(

)

r

2


18/31

IP TRACEBACK ScenariosTenali. Naga Mani & Jyosyula. Bala Savitha

Abstract Internet Protocol IP) trace back is the enablingtechnology to control Internet crime. In this paper, we presentnovel and practical IP traceback systems which provide adefense system with the ability to find out the real sources ofattacking packets that traverse through the network. IPtraceback is to find the origin of an IP packet on the Internetwithout relying on the source IP address field. Due to thetrusting nature of the IP protocol, the source IP address of apacket is not authenticated. As a result, the source address inan IP packet can be falsified IP address spoofing). Spoof IPpackets can be used for different attacks. The problem offinding the source of a packet is called the IP tracebackproblem. IP Traceback is a critical ability for identifyingsources of attacks and instituting protection measures for the

Internet. Most existing approaches to this problem have beentailored toward DDoS attack detection.

I. I ntroduction

great amount of effort in recent years has beendirected to the network security issues. In thispaper, we address the problem of identifying the

source of the attack. We define the source of the attack

to be a device from which the flow of packets,constituting the attack, was initiated. This device can bea zombie, reflector, or a final link in a stepping stonechain. While identifying the device, from which the attackwas initiated, as well as the person(s), behind the attackis an ultimate challenge, we limit the problem ofidentifying the source of the offending packets, whoseaddresses can be spoofed. This problem is called the IPtraceback problem [1].IP spoofing occurs when ahacker inside or outside a network impersonates theconversations of a trusted computer [2]. A hackerchanges the routing table to point to the spoofed ipaddress, then the hacker can receive all the networkpackets that are addressed to the spoofed address andreply just as trusted users.

Figure 1 : A Scenario of DOS Attack

Several solutions to this problem have beenproposed. They can be divided in two groups. Onegroup of the solutions relies on Fig 1 A Scenario of DOS

Attack.The routers in the network to send their

identities to the destinations of certain packets, either

Author

: Asst. Professor, CSE Gudlavalleru Engineering College

Gudlavalleru, Krishna (D.t), A.P. E-mail : [email protected]

Author

:

B.Tech (3/4), IT Vijaya Institute of Technology Krishna (D.t), A.P.

encoding this information directly in rarely used bits ofthe IP header, or by generating a new packet to thesame destination. The biggest limitation of this type ofsolutions is that they are focused only on flood-based(Distributed) Denial of Service [DoS] attacks [3], andcannot handle attacks comprised of a small number ofpackets. The second type of solutions involvescentralized management, and logging of packetinformation on the network. Solutions of this type

A


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

17

(

)

r

2

introduce a large overhead, and are complex and notscalable.


19/31

IP traceback

is a name given to any method forreliably determining the origin of a packet on theInternet. Due to the trusting nature of the ip protocol, thesource IP address of a packet is not authenticated. As aresult, the source address in an IP packet can befalsified (IP address spoofing) allowing for [7]

Denial ofService attacks (DoS) or one-way attacks (where the

response from the victim host is so well known thatreturn packets need not be received to continue theattack). The problem of finding the source of a packet iscalled the IP traceback problem. IP Traceback

[9] is acritical ability for identifying sources of attacks andinstituting protection measures for the Internet. Mostexisting approaches to this problem have been tailoredtoward DoS attack detection. Such solutions requirehigh numbers of packets to converge on the attackpath(s).

II.

O verview

This section provides overview of IP header [2]and the current state of the art approaches to IP

traceback and evaluates. While sending data over theinternet the IP header contains above details

(Fig:

2).Such as type of service, its length,

from which sourceand destination address. Header checksum for errorcorrection and protocol-specifies the type of

protocoland set of rules in data exchange.

Figure 2 : IP Header

Overview of an ideal traceback system is given below.

Able to trace the attacker with a single packet.

Minimal processing overhead during traceback.

Classification based evaluation.

No packet transformed through that techniques.

Limited amount of additional memory requirementat the dedicated server and no additional memoryrequirement on network

High level of protection is preferred in a trace back.

Network overhead based evaluation.

Router overhead based evaluation.

Producing meaningful traces are limited to therange of deployment of the traceback system.

We are having different traceback schemes

exist. Among those FDPM provides innovative featuresto trace the source of IP packets and can obtain bettertracing capability than others. In particular, FDPMadopts a flexible mark length strategy to make itcompatible to different network environments; it alsoadaptively changes its marking rate according to theload of the participating router by a flexible flow-basedmarking scheme. Evaluations on both simulation andreal system implementation demonstrate that FDPMrequires a moderately

small number of packets tocomplete the traceback process; add little additionalload to routers and can trace a large number of sourcesin one traceback process with low false positive rates.The built-in overload prevention mechanism makes thissystem capable of achieving a satisfactory tracebackresult even when the router is heavily loaded. The

motivation of this traceback system is from DDoSdefense. It has been used to not only trace DDoSattacking packets but also enhance filtering attackingtraffic. It has a wide array of applications for othersecurity systems.

III.

C lassification of T racebackM ethods

Traceback methods can be broadly categorized

[2] as preventive and reactive. Preventive methods takeprecautionary steps in preventing DoS attacks. A wide

range of solutions has been proposed, however, thisproblem still remains as open one. The reactivemethods solutions aim at identifying the source of theattacks. This is very important because attackers spooftheir addresses, thus techniques are needed to traceback to the source to the source of the attack. Theevaluation is based the above two categorized methods.

a)

Preventive Methods

i.

Ingress Filtering

One way to address the problem of

anonymous attacks is to eliminate the ability to forgesource addresses. One such approach, frequently

called ingress filtering, is to configure routers to blockpackets that arrive with illegitimate source addresses.This requires a router with sufficient power to examinethe source address of every packet and sufficientknowledge to distinguish between legitimate andillegitimate addresses. Consequently ingress filtering ismost feasible in customer networks or at the border ofInternet Service Providers (ISPs) where addressownership is relatively unambiguous and traffic load islow. As traffic is aggregated from multiple ISPs into

G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2


Y e a r

0 1 3

2

18

E

IP TRACEBACK Scenarios

Correctly trace back attacks consisting of packetsthat undergo any number of transformations of anytype.

transit networks, there is no longer enough informationto unambiguously determine if a packet arriving on a


20/31

particular interface has a legal source address.Moreover, on many deployed router architectures theoverhead of ingress filter becomes prohibitive on high-speed links. The principal problem with ingress filteringis that its effectiveness depends on widespread, if not

universal, deployment. A secondary problem is thateven if ingress filtering were universally deployed at thecustomer to ISP level, attackers could still forgeaddresses from the hundreds or thousands of hostswithin a valid customer network.

Figure 3 : Ingress Filtering is used at router R4 to prohibit the attacker from using a source IP address residingoutside the 10.0.0.0/24 prefix

Ingress filtering restricts the routing of traffic thatoriginates from a downstream network to only well-known and advertised prefixes. Equivalently, a routermust drop any packet whose source address does notbelong to one of such advertised networks.

Figure 2 depicts a simple network whereingress filtering is used against source addressspoofing. For convenience, only IP addresses are used.With ingress filtering, router R4 drops any packetcoming from subnet work spoofed source addresses tothe victim V.[8] The spoofed source address, however,must reside inside the 10.0.0.0/24 prefix. For instance,the IP address of a neighbor machine could beused as the source address of attack packets. Inaddition, there is an undesirable dependency

between security of end hosts and universaldeployment of this technique. Since the filteringdirectly affects the routing process, inspecting thesource address of every packet may also requireadditional resources from routers. Further, sometechnologies, such as Mobile IP (Perkins, 2002),legitimately employ spoofed source addresses andcould also be affected.

A protection scheme has also beenproposed to protect a server from SYN floodingattacks (Belenky and Ansari, 2003). Basically, [7] thescheme keeps track of half-opened TCPconnections at a particular server. The tracking is notnecessarily implemented on end servers; it can alsobe implemented on routers and firewalls, for instance.When the number of these connections exceeds athreshold, either new connection requests areblocked, or old half-opened connections are closedin order to make room for new connections. Thisscheme, however, is specifically designed for thiskind of attack and does not provide any informationabout real perpetrators.

b) Reactive Methods

i. Link Testing

Most existing traceback techniques [2] startfrom the router closest to the victim and interactively testits upstream links until they determine which one is usedto carry the attackers traffic. Ideally, this procedure isrepeated recursively on the upstream router until thesource is reached. Below describe two varieties of linktesting schemes, input debugging and controlledflooding .

DisadvantageIt consumes huge amount of resources,

introduces additional traffic, and possibly causes denialof service when the number of sources needed to be

traced increases. Input Debugging Many routers include a feature called input

debugging[2],which allows an operator to filter particularpackets on some egress port and determine whichingress port they arrived on. This capability is used toimplement a trace as follows. First, the victim mustrecognize that it is being attacked and develop an attack signature that describes a common feature contained inall the attack packets. The most obvious problem withthe input debugging approach, even with automatedtools, is its considerable management overhead.

Communicating and coordinating with networkoperators at multiple ISPs requires the time, attentionand commitment of both the victim and the remotepersonnel many of whom have no direct economicincentive to provide aid.

Controlled Flooding Burch and Cheswick have developed a link-

testing traceback technique that does not require anysupport from network operators. We call this techniquecontrolled flooding [2] because it tests links by floodingthem with large bursts of traffic and observing how thisperturbs traffic from the attacker. Using a regenerated


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

19

(

)

r

2


a.

b.

c.


21/31

map of internet topology, the victim coerces selectedhosts along the upstream route into iteratively floodingeach incoming link on the router closest to the victim.Since router buffers are shared, packets traveling acrossthe loaded link including any sent by the attacker havean increased probability of being dropped.

c) Drawbacks of Input Debugging

1. A high management overhead. 2. It needs communication and coordination between

different ISPs, when the attacking packets traversedifferent ISPs networks.

3. This scheme works only for ongoing attacks. Thelast but not the least, it requires networkadministrators to have the appropriate technicalskills and capabilities.

i. Logging

An approach suggested is to log packets at keyrouters and then use data mining techniques[9] to

determine the path that the packets traversed. Thisscheme has the useful property that it can trace anattack long after the attack has completed. However, italso has obvious drawbacks, including potentiallyenormous resource requirements and a large scaleinterprovider database integration problem. We areunaware of any commercial organizations using a fullyoperational traceback approach based on logging.

ii. ICMP Traceback

Internet Control Message Protocol (ICMP) inneed of trace out full path of the attacks. This approachwas originally introduced by Bellovin. The principle idea

in these schemes is for every router to generate anICMP traceback message or iTrace directed to the samedestination as the selected packet. The iTrace messageitself consists of the next and previous hop informationand a time stamp

As packets travel through the network,

they gather and store information about the routers theytraverse.

Figure 4 : Packet Marking

A router creates an ICMP traceback message,which contains part of a traversing IP packet, and sendsthe message to the packets destination. We can identifythe traversed router by looking for the correspondingICMP traceback message and checking its source IPaddress. Because creating an ICMP traceback message

each router creates ICMP traceback messages for thepackets it forwards .If an attacker sends many packetsthe target network can collect enough ICMP tracebackmessages to identify its attack path.

iii. Packet Marking Algorithm

In Packet Marking Algorithm [5] schemes, each

router in addition to forwarding a packet also inserts amark in the packet. This mark is a unique identifiercorresponding to this particular router.

As a result the victim can determine all theintermediate hops for each packet by observing theinserted marks. There are two variants to this markingscheme. First is the Deterministic Packet Marking

[5]

(DPM) scheme in which each router marks all thepackets passing through it with its unique identifier? Thisscheme is thus similar to the IP record-route option. Thismakes the reconstruction of the attack path at the victimtrivial. But the downside to this scheme is that routersare slowed down as they have to perform additionalfunctionality. An attacker who controls a trusted routercan forge any path up to that router unless some furtherauthentication scheme is used. A router that trusts datafrom an attacker effectively allows that attacker to actlike a compromised router. Authentication methodscould be used, but these add significant cost in the formof processing time and space in the marked packets. Adownside of this scheme is that some packets will notbe overwritten by any of the routers. The attacker cantherefore write bogus information in all the packetsknowing that some of these packets will get through andconfuse the victim. This method also does not work wellfor DoS attacks that can work without a lot of packets asit requires a large number of packets to converge. Thesecond instances is probabilistic packet marking[10](PPM), DoS attacks can be prevented if the spoofedsource IP address is traced back to its origin whichallows assigning penalties to the offending party orisolating the compromised hosts and domains from therest of the network.

Recently IP traceback mechanisms based onprobabilistic packet marking have been proposed forachieving traceback of DoS attacks.

In this paper, we

show that probabilistic packet marking of interest due to

its efficiency and implement ability vis--vis deterministicpacket marking and logging or messaging basedschemes suffers under spoofing of the marking field inthe IP header by the attacker which can impedetraceback by the victim . Attacks on PPM: Attacksinvolving spoofed traceback data are described in. Ingeneral the two major problems in PPM reliability are theprobabilistic nature of the algorithm causes somepackets not to be marked by cooperating routers andthese retain whatever marks are given them by thesenders. Attackers can simply mark their originalpackets to intentionally mislead the tracebackmechanism. In DPM routers mark all forwarded packets

G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2


Y e a r

0 1 3

2

20

E


for every packet increases network traffic, however,


22/31

with link identifying data. With PPM, multiple routers onthe paths overwrite the same data, and each packetidentifies at most one link. With DPM, each co-operatingrouter adds link identifying data to the packet and eachpacket ends up with data that identifies all of the links(under universal co-operation) that it traversed.

Disadvantages of Packet Marking 1. Mark Length: It cannot adjust the length of marking

field according to the network protocols deployed.2. Marking Rate is not flexible according to the load of

the participating router.3. Number of Packets required is comparatively more.4. False Positive rate is large.5. Tracing Capability is less.6. The path reconstruction process requires high

computational work, especially when there are manysources. For example, a 25-source pathreconstruction will take days, and thousands of falsepositives could happen.

7. When there are a large number of attack sources,the possible rebuilt path branches are actuallyuseless to the victim because of the high falsepositives.

iv. FDPM TracebackFlexible Deterministic Packet Marking [6]

(FDPM) is the optimized version of DPM. This schemeprovide more flexible features to trace the IP packetsand can obtain better tracing capabilities over otherprevious IP traceback mechanisms, such as Linktesting, logging, ICMP traceback, probability packetmarking (PPM) and Deterministic packet marking

(DPM).In FDPM schemes, the Types of Services (ToS)fields will be used to store the mark under somecircumferences. The two fields in the IP header areexploited, one is fragment ID and other is Reversed flag.

An identifying value is assigned to the ID field by thesender to aid in assembling the fragments of adatagram. Given that less than0.25%of all internet trafficis fragments, this field can be safely overloaded withoutcausing serious compatibility problems. FDPMreconstruction process includes two steps: markrecognition and address recovery. Compared to DPM[5], the reconstruction process is simpler and moreflexible. When each packet that is used to reconstructthe source IP address arrives at the victim, it is put into acache, because in some cases the processing speed islower than the arrival speed of the incoming packets.

Figure 5 : IP (darkened) headers utilized in FDPM

The source IP addresses are stored in themarking fields. The mark will not be overwritten byintermediate routers when the packet traverses thenetwork. At any point within the network, e.g., the victimhost, the source IP addresses can be reconstructedwhen required. Processing packets consume resourcessuch as memory and CPU time of a participating router.Therefore, it is possible for a router to be overloadedwhen there are a large number of arrival packets waitingfor FDPM to mark them.

The flow-based marking scheme is proposed tosolve the overload problem. When the load of a routerexceeds a threshold, the router will discern the mostpossible attacking packets from other packets thenselectively mark these packets. The aim is to alleviatethe load of the router while still maintaining the markingfunction.

Advantages 1. Easy to find out packet loss and Duplicate packets.2. Reduces the network traffic.3. Bandwidth consumption is less.4. Flexible mark length: The length of marking field can

be adjusted according to the network protocolsdeployed.

5. Flexible mark rate: The marking rate can bechanged adaptively according to the load of theparticipating router.

6. Low false Positive rate.7. Number of packets required is comparatively less.8. Better Tracing Capability.9. It has Different probabilities that a router marks the

attack packets.v. TBPM Method

Topology [9] aware single packet IP tracebacksystem is namely TOPO. It is based on the bloom filterwhich utilizes routers local topology information, i.e., itsimmediate predecessor information, to traceback.TOPO can significantly reduce the number and scope ofunnecessary queries and thus, significantly decreasethe false attributions to innocent nodes. The main goalsof TOPO as follows:


G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

21

(

)

r

2


a.

a.

The FDPM [6] scheme utilizes various bits(called marks) in the IP header. The mark has flexiblelengths depending on the network protocols used,which is called flexible mark length strategy. When an IPpacket enters the protected network, it is marked by theinterface close to the source of the packet on an edgeingress router.


23/31

1. To design a single packet IP traceback system, thishas fewer unnecessary query messages and fewerfalse attributions to innocent nodes.

2. To design a single packet IP traceback system thisneeds not to be fully deployed in the entire network.

3. To design a mechanism which helps achieve thebest performance of Bloom filters by adaptively

adjust using parameter.Topology Based Packet Marking (TBPM) hasbeen a new approach in Anti-IP spoofing techniques.

TBPM builds on the strengths of the packetmarking principal; however it focuses not merely on thesource, but also the path traversed by a datagram. Wehave pointed out how a route discovery method can bemore effective, especially during DoS attacks whereedge routers that mark packets may themselves beunavailable as a result of the attack. Embeddedtopological information may enable DoS attacks to beprevented even by intermediate routers. TBPM alsoenables the source to be identified using a singlemarked packet; unlike previous techniques that requiremultiple packets. TBPM techniques are compatible withboth IPv4 and IPv6; unlike present packet markingtechniques that cannot be effectively implemented inIPv6 networks.

IV. T echnologies for P reventingN etwork A ttacks

Current technologies for protecting networksagainst attacks focus on access control and attackdetection [2]. Although some methods can find the

attackers identity, they are unsuccessful when theattackers true IP address is hidden or unknown.

a) FirewallsFirewalls are widely used to protect networks

against attacks, especially those coming from theInternet. Usually, firewalls control access based onsource IP address, destination IP address, protocoltype, source port number, and destination port number.For example, we can configure a firewall to deny anyaccess to a WWW server except for WWW access usingHTTP (destination port number 80). If an attackerattempts to exploit the WWW server using HTTP,

however, the firewall cannot prevent it.b) Intrusion Detection

An intrusion detection system (IDS) detectsnetwork attacks to a computer system. One majormethod currently implemented in IDS products ismisuse detection. In this method, the IDS compare theattack signatures, which are features of known attacks,with the contents of packets on the network or log dataon the host computer. When the packet content or logdata matches an attack signature, the systemrecognizes that an attack has occurred. IDSs still poseaccuracy problems for site managers, however. In

practice, IDSs detect possible attacks, which sitemanagers must examine to determine whether it is a realattack.

c) Intrusion Source IdentificationUsing IDSs, we can detect certain attacks and

find the attack packets source IP addresses. Becausethe IP address is not enough to identify the attacksource, however, we typically run a DNS inverse queryto check the fully qualified domain name (FQDN),or lookup the database in a WHOIS server to find the sourceidentity (for example, organization name and e-mailaddress). If the attacks purpose is penetration orreconnaissance, most attackers will hardly disguise thesource IP address because they must receive aresponse from the target.

An attacker who aims for denial of service(DoS), however, does not need to receive packets fromthe target and can therefore forge its source IP address.Ingress filtering deals with forged addresses.1 in this

method, a router compares an incoming packetssource IP address with a routers routing table anddiscards packets with inconsistent source addresses ashaving been forged. This method is effective for manyspoofed DoS attacks, but it fails if an attacker changesits source IP address to one that belongs to the samenetwork as the attackers host.

V. Limitation and O pen I ssues

IP traceback has several limitations [1], such asthe problem with tracing beyond corporate firewalls. Toaccomplish IP traceback, we need to reach the host

where the attack originated. It is difficult, however, totrace packets through firewalls into corporate intranetsthe last- traced IP address might be the firewallsaddress. Knowing the IP address of the organizationsnetwork entry point, however, allows us to obtaininformation about the organization where the attackershost is located, such as the organizations name and thenetwork administrators e-mail address. If we canidentify the organization from which the attackoriginated, the organization can often identify the userwho launched the attack.

Another limitation relates to the deployment oftraceback systems. Most traceback techniques requirealtering the network, including adding router functionsand changing packets. To promote tracebackapproaches, we need to remove any drawbacks toimplementing them.

Moreover, even if IP traceback reveals anattacks source, the source itself might have been usedas a stepping-stone in the attack. IP traceback methodscannot identify the ultimate source behind the stepping-stone; however, techniques to trace attacks exploitingstepping-stones are under study. Some operationalissues must also be solved before IP traceback can bewidely deployed. To trace an attack packet through

G l o b a l J o

u r n a

l o f

C o m p u t e r

S c i e

n c e a n

d T

e c h n

o l o g y

V o l u m e

X I I I I s

s u e

I I I

V e r s i o n

I

2


Y e a r

It Security in Hospital Management

Documents

Transcript of It Security in Hospital Management