Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

Abstract: Technology is described for generating a search index. Device information associated with a customer may be identified. A device attribute included in the device information may be identified. The device attribute may include an attribute name and an attribute value. Key-value pairs may be formed for device attribute included in the device information. The key-value pairs may include a first key-value pair for the attribute name and a second key-value pair for the attribute value. The search index may be generated to include the key-value pairs for the device attribute included in the device information.

Abstract: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

Abstract: A lightweight network protocol provides mutual authentication and encryption of a communication channel in environments where the amount of computing resources available to the networked devices is constrained. When a new device is added to a network, the device contacts a registration service and provides information that is published via a device directory. The network entity locates the device via information provided by the device directory, and establishes an encrypted network connection with the device. A shared secret is established between the device and the network entity using a key-exchange protocol. Consecutive messages that are sent or received are encrypted or decrypted with a sequence of cryptographic keys generated based at least in part on the shared secret. Key-exchange parameters are added to message exchanges between the device and the network entity to facilitate regenerating the shared secret.

Abstract: A lightweight network protocol provides mutual authentication and encryption of a communication channel in environments where the amount of computing resources available to the networked devices is constrained. When a new device is added to a network, the device contacts a registration service and provides information that is published via a device directory. The network entity locates the device via information provided by the device directory, and establishes an encrypted network connection with the device. A shared secret is established between the device and the network entity using a key-exchange protocol. Consecutive messages that are sent or received are encrypted or decrypted with a sequence of cryptographic keys generated based at least in part on the shared secret. Key-exchange parameters are added to message exchanges between the device and the network entity to facilitate regenerating the shared secret.

Abstract: Systems and methods are described to enable detection of network attacks in communication networks. An attack detection system receives information regarding network traffic occurring at nodes of a communication network, and analyzes the information for anomalous traffic patterns. The attack detection system can use multiple, parallel metric evaluation units programmed to detect specific types of anomalies within traffic patterns. In one instance, a metric evaluation unit is programmed to detect changes in entropy for the traffic, as distributed according to a characteristic such as source address, protocol, or country of origin. Where the entropy of a set of traffic differs from historical averages by a large amount, such as by many standard deviations, the attack detection system may flag the traffic as indicative of an attack, even when the absolute volume of traffic has not changed.

Abstract: This disclosure generally relates to the generation of a packet signature for packets determined to correspond to a network attack, such as a denial of service (“DoS”) attack. Specifically, a set of data packets captured during normal system operations can be analyzed to determine a set of baseline attributes. Additional packets captured during an attack can be compared to the baseline attributes, to determine, for individual packets, a probability that the packet forms a part of the attack. A packet signature can then be generated to identify attributes that are characteristic of the attack. That signature can then be used to filter out packets and mitigate the attack.

Abstract: This disclosure generally relates to the generation of a packet signature for packets determined to correspond to a network attack, such as a denial of service (“DoS”) attack. Specifically, a set of data packets captured during normal system operations can be analyzed to determine a set of baseline attributes. Additional packets captured during an attack can be compared to the baseline attributes, to determine, for individual packets, a probability that the packet forms a part of the attack. A packet signature can then be generated to identify attributes that are characteristic of the attack. That signature can then be used to filter out packets and mitigate the attack.

Abstract: A pattern recognition security system (“PRSS”) generates a packet signature from network traffic, including attack packets. The PRSS can utilize a statistical pattern recognition based approach to generate attack traffic signatures, such as for DDoS or DoS attacks. In some embodiments, the PRSS dynamically creates training sets from actual captured data, allowing the PRSS to adapt to changes in network attacks. For example, more sophisticated DDoS attacks commonly rotate through different attacking computers to vary the packet attributes of attack packets sent to a target system. However, as the PRSS can determine packet signatures based on the actual captured data packets, the PRSS can adapt to the changes in the attack. In some embodiments, the PRSS may determine packet signatures in real-time or near real time during an attack, allowing the PRSS to quickly react to changes in attack traffic.