Skip to Content
Find More Like This
Return to Search

Intrusion Detecting Using Secure Signatures

DOE Grant Recipients

Idaho National Laboratory

Contact GRANT About This Technology

Technology Marketing Summary

U.S. patent 8,850,583 issued on an invention from Idaho National Laboratory (INL) entitled, "Intrusion Detecting Using Secure Signatures “, which will reduce cyber security risks to our nation’s energy infrastructure.  The patent describes a novel method for detecting security vulnerabilities, while preventing the release of information on the vulnerability by using secure signatures of the vulnerabilities.  Current systems use public notice, patches, or a description of how to detect the security vulnerability, that may grant computer crackers information on the dangerous vulnerability. (DOE Case S-119,457).  (Mike Dobbs, Chicago Office, 630-252-2164)

Description

A method and device for intrusion detection using secure signatures comprising capturing network data.  A search hash value, value employing at least one one-way function, is generated from the captured network data using a first hash function.  The presence of a search hash value match in a secure signature table comprising search hash values and an encrypted rule is determined.  After determining a search hash value match, a decryption key is generated from the captured network data using a second hash function, a hash function different form the first hash function.  One or more of the encrypted rules of the secure signatures table having a hash value equal to the generated search hash value are then decrypted using the generated decryption key.  The one or more decrypted secure signature rules are then processed for a match and one or more user notifications are deployed if a match is identified.

Benefits

Secure Vulnerability Detection

 

Applications and Industries

SCADA Systems

 

Patents and Patent Applications
ID Number
Title and Abstract
Primary Lab
Date
Patent 8,850,583
Patent
8,850,583
Intrusion detection using secure signatures
A method and device for intrusion detection using secure signatures comprising capturing network data. A search hash value, value employing at least one one-way function, is generated from the captured network data using a first hash function. The presence of a search hash value match in a secure signature table comprising search hash values and an encrypted rule is determined. After determining a search hash value match, a decryption key is generated from the captured network data using a second hash function, a hash function different form the first hash function. One or more of the encrypted rules of the secure signatures table having a hash value equal to the generated search hash value are then decrypted using the generated decryption key. The one or more decrypted secure signature rules are then processed for a match and one or more user notifications are deployed if a match is identified.
09/30/2014
Issued
Technology Status
Technology IDDevelopment StageAvailabilityPublishedLast Updated
S-119,457PrototypeAvailable10/30/201410/30/2014

Contact GRANT About This Technology

To: Mike Dobbs<Mike.Dobbs@ch.doe.gov>