The EXata+Cyber package is a bundle of the EXata simulation/emulation platform plus the Cyber Behavior Model Library (Cyber Library). All of the capabilities of EXata are available, providing the same advantages and benefits. The addition of the Cyber Library allows you to evaluate communications models for their resiliency or vulnerability to cyber attack.
The Cyber Library implements a broad range of attack characteristics which can be focused in a variety of ways against a software virtual network. Dynamically launch cyber warfare features on a model, including eavesdropping, radio jamming attacks, distributed denial of service (DDoS) attacks, and a variety of attacks detectable with 3rd party network intrusion detection software (NIDS) like snort. Attacks can be targeted on specialized networks like wireless, wired, mobile ad-hoc (MANET) and tactical networks. Users can then analyze their impact on the network itself, the applications and the end-users.
EXata+Cyber implements the following cyber behavior models:
- IPSec: At the Network Layer, EXata+Cyber provides support for IP Security (IPSec), which provides a cryptographically based security for IPv4 and IPv6
- WEP/CCMP: At the link layer, EXata+Cyber provides support for Wired Equivalent Privacy (WEP) and its secured successor, Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). WEP is a MAC Layer security protocol intended to provide security for the wireless LAN equivalent to the security provided in a wired LAN. CCMP is an IEEE 802.11i encryption protocol designed to replace WEP.
- Certificate Model: The Certificate model simulates the generation of certificates for unique network addresses
- Firewall Model: The firewall model in EXata+Cyber is a packet-based stateless software firewall. That is, the firewall model is a software process that inspects each packet to determine if the packet should be allowed or denied access.
- Information Assurance Hierarchical Encryption Protocol (IAHEP): IAHEP is an encryption protocol that allows two or more secure enclaves to exchange data over an untrusted network
- Internet Security Association and Key Management Protocol with Internet Key Exchange (ISAKMP-IKE): ISAKMP-IKE combines the security concepts of authentication, key management, and security associations to establish secure communications on the Internet. Internet Key Exchange (IKE) is a hybrid protocol to obtain authenticated keying material for use with ISAKMP and for other security associations.
- Public Key Infrastructure (PKI): A PKI is an infrastructure that uses digital certificates as an authentication mechanism and is built to better manage certificates and their associated keys. A digital certificate is itself a way to reliably identify the user or computer claiming to be the owner of a specific public key.
- Secure Neighbor Model: The Secure Neighbor model simulates the authentication by a node of each of its one-hop neighbors’ identity and location, in a mobile environment.
- Adversary Model: The Adversary model can simulate two types of attacks: Active (or Wormhole) attack, in which an adversary carries information traveling faster than the speed of light, and Passive (or Eavesdrop) attack, in which wireless traffic is intercepted by an eavesdrop entity.
- Anonymous On-Demand Routing (ANODR): ANODR provides a net-centric anonymous and untraceable routing scheme for mobile ad-hoc networks. The protocol provides mobile anonymity and data confidentiality.
- Denial of Service (DOS) Attack Model: A Denial-of-Service (DOS) attack is the act of overwhelming the resources of a victim computer or network so that the victim cannot service requests from other clients. The clients, therefore, are denied service from the victim computer or network.
- Signal Intelligence (SIGINT) Attack Model: Signals Intelligence is an act of gathering information by intercepting and analyzing the signals. No attempt is made to decode the signal. Only the characteristics of signals, such as frequency range, power of transmission, RF signatures, etc., are determined.
- Virus Attack Model: In EXata+Cyber, a virus attack is modeled as the attacker node sending packets with payloads that contain signatures of some well-known attacks. Note that these packets do not contain any actual virus payload, only their signatures. It is expected that any Intrusion Detection Systems (IDS) or Anti-Virus Software can detect the signature of these packets and classify them as malicious.
- Wireless Eavesdropping Model: Eavesdropping is a passive attack where an intruder node attempts to capture private information from a network. In wireless eavesdropping, the intruder node configures its radio to be on the same channel as the victim network and promiscuously listens for broadcast transmissions that are destined for member nodes of the network.
- Wireless Jamming Model: Jamming is transmission of radio signals at sufficiently high energy to cause disruption of communication for nearby radios. The signals transmitted by jammers interfere with other legitimate signals in the vicinity of the jammer, causing the signal to noise ratio of the latter signals to drop significantly and resulting in corruption of those signals.
- CPU and Memory Resource Model: The CPU and Memory Resource Model monitors the allocation, consumption, and depletion of resources for a node. This model is used in conjunction with the DOS attack model. The DOS attack model attempts to consume the resources at the victim node, causing the victim node to fail when the resources are completely depleted.