Email: norden at lucent dot com
 

Research Interests

• Wireless Security in 3G1x and UMTS Networks
• VoIP and IMS Security

Security for VoIP in Wireless Networks (1xEV-DO, UMTS): For VoIP to be widely deployed, the security of packetized calls must be at least equivalent to the conventional circuit-switched telephony. However, security in wireless networks is enabled at the expense of performance due to the limited resources of wireless networks. We are building a Secure VoIP test-bed that would enable us to explore the performance-security tradeoff at multiple layers (Network, Transport, Application). We are evaluating the right set of current security mechanisms that enables wireless performance optimizations such as header compression, down-sampling, transcoding, while providing the desired level of security to VoIP subscribers, as well as protection against DoS attacks. As part of this work, we are proposing extensions to SIP to allow communication with commercial firewalls for better protection against malicious DoS traffic. Also, we are looking at ways to make SIP security more efficient (in terms of key exchange, redundant security mechanisms at different layers). Additionally, we are developing mechanisms that would enable value-added features such as secure conferencing and secure call forwarding. Furthermore, we are also investigating policing and monitoring issues for peering VoIP providers. Finally, an additional investigation is being done on IMS security.

Defending against DoS attacks in wireless networks: This work is aimed at analyzing security issues unique to wireless networks. Our focus is to enhance the 3G wireless networks to be more resilient to Denial of Service (DoS) attacks. Our research finds that current 3G networks are vulnerable to DoS attacks that are unique to wireless networks. These attacks stem from critical vulnerabilities of wireless networks such as scarce wireless link bandwidth, increased signaling overhead, and battery-powered mobiles with limited lifetimes in a 3G network. In our ongoing wireless security work, we have proposed an Architecture for Wireless Attack REsistance (AWARE) that uses wireless state information and user/network profiling in order to detect abnormal patterns in network/user behavior.

For more information on other projects as well as group members, please refer to my department home page.

Patents

• With Tian Bu and Thomas Woo. "Network Architecture And Related Methods For Countering Denial of Service Attacks", Patent Pending (2004).
   
• With Tian Bu and Thomas Woo. "Defending against a novel signaling DoS attack in wireless networks", Patent Pending (2005).
   
• With Tian Bu and Thomas Woo. "Defending against a novel battery DoS attack in wireless networks", Patent Pending (2005).
   

Selected Publications

• Samphel Norden. "Inter-domain Routing: Algorithms for QoS guarantees", Accepted at Computer Networks Journal, 2005.

• Samphel Norden. "Analyzing the performance of deferred reservations" Computer Networks Journal, Volume 47, Issue 3, 21 February 2005, Pages 327-349.

• with Tian Bu and Thomas Woo. "Defending against novel DoS attacks in Wireless Networks", Accepted at 3rd ACM Workshop on Wireless Security (WiSe), October 2004.

• With Tian Bu and Thomas Woo. "Trading Resiliency for Security: Model and Algorithms" ICNP'04, October 2004.

• With Milind Buddhikot, Marcel Waldvogel and Subhash Suri. "Routing Bandwidth Guaranteed Paths with Restoration in Label Switched Networks, Computer Networks (short version accepted at ICNP '01), 7 October 2004, 46(2):197-218.

• With G. Manimaran and C. S. Murthy. "Dynamic Planning based Protocols for Real-time Communication in LAN and Switched LAN Environments", Computer Communications, vol. 24, no. 13, pp. 1256-1271, 2001.

• With Sandeep Sikka and Tuomas Sandholm. "Algorithms for Optimizing Leveled Commitment Contracts", Proceedings of the Sixteenth International Joint Conference on Artificial Intelligence (IJCAI), pp 535-541, 1999.

Internet Drafts

• Norden S., et. al. "Securely Enabling Intermediary-based Transport Services" , draft-blumenthal-intermediary-transport-01.txt, October 27, 2003

Some of the areas I've worked on in the past include:

• QoS Routing across domains
• Resource Reservation techniques
• Real-time scheduling
• Programmable Networks

Education

• Ph.D. in Computer Science, Washington University in St Louis, 2002.

Thesis: "Improving Network Performance using QoS Routing and Deferred Reservations"
Advisor: Jonathan Turner
 
• Bachelor of Technology in Computer Science and Engineering, Indian Institute of Technology, Madras (INDIA), 1998.